Process to thwart denial of service attacks on the internet
US7627677B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 6, 2007 |
| Grant date | Dec 1, 2009 |
| Priority date | — |
| Expiry date | Jul 6, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Coordinated SYN denial of service (CSDoS) attacks are reduced or eliminated by a process that instructs a switch to divert SYN rackets destined to a server to a TCP proxy which, when subject to a CSDoS attack, will not successfully establish a TCP connection with a host. CSDoS attacks are reduced or eliminated by a process that includes forwarding a sampling of packets destined to a server to a processor and, when packets in the sampling indicate an attack, arranging the switch to divert all packets destined to the server to the processor. CSDoS attacks are reduced or eliminated in a system including a switch, a server, and a processor, where the processor is adapted to control the network switch to divert all SYN packets destined to the server to the processor based on monitoring a number of timed-out connections between the processor and one or more clients.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.