System and method for mitigation of malicious network node activity
US7640338B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 18, 2005 |
| Grant date | Dec 29, 2009 |
| Priority date | — |
| Expiry date | Nov 15, 2026 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Malicious network node activity and, in particular, denial of service attacks, may be mitigated by one or more practical mitigation mechanisms and mitigation mechanism combinations. Suitable protocol messages may be challenged with a challenge probe. A response to the challenge probe may be utilized to determine if received protocol messages are illegitimate, that is, originated by a malicious network node. Received protocol messages may be classified as questionable protocol messages. For efficiency, protocol message challenges may be limited to protocol message classified as questionable. A sequence number limit may be calculated as a function of receive window size. Transmission control protocol messages may be determined to be illegitimate by comparing the acknowledgement number field with the calculated sequence number limit. Randomized selection of source port numbers for transmission control protocol connections may also mitigate malicious network node activity by resulting in legitimate protocol message field values that are less predictable.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.