Preventing denial-of-service attacks employing broadcast packets

Assignees

• Marvell International Ltd. · BM
• Marvell Israel (M.I.S.L) Ltd. · IL

Inventors

• Nafea Bishara · San Jose, US
• Tsahi Daniel · Palo Alto, US
• David Melman · Jerusalem, IL
• Nir Arad · Snoqualmie, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1458
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network device including a processor having an internet protocol (IP) address, and a processor port configured to communicate exclusively with the processor. The network device also includes a plurality of network ports configured to communicate with network nodes external to the network device. In addition, the network device includes a forwarding engine configured to selectively transfer packets (i) among the plurality of network ports, and (ii) between the processor port and the plurality of network ports; receive a broadcast packet from one of the plurality of network ports, the broadcast packet including a target IP address; and forward the broadcast packet to the processor, via the processor port, only when both (i) the broadcast packet is a control packet, and (ii) the target IP address of the broadcast packet matches the IP address of processor.