Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth
US7613193B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 3, 2006 |
| Grant date | Nov 3, 2009 |
| Priority date | — |
| Expiry date | Oct 7, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/126
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for operating a firewall includes: in response to the firewall receiving a TCP SYN request packet that is sent towards a first node from a second node, the TCP SYN request packet comprising a sequence value (“seq”), sending to the second node a SYN|ACK packet, the SYN|ACK packet comprising a seq and an ack_sequence value (“ack_seq”), where ack_seq of the SYN|ACK packet is not equal to the TCP SYN request packet's seq+1; and in response to the firewall receiving a TCP RST packet from the second node, verifying that the seq in the TCP RST packet matches the ack_seq of the SYN|ACK packet and, if it does, designating the connection with the second node as an authorized connection.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.