Managing a DDoS attack

Assignee

• International Business Machines Corporation · US

Inventors

• Robert Danford · Raleigh, US
• Terry Dwain Escamilla · Boulder, US
• Kevin D. Himberger · Durham, US
• Clark Debs Jeffries · Durham, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY02D10/00
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method, system, and/or computer program product manages a distributed denial of service attack in a multiprocessor environment. A determination is made of (a) a first upper threshold for a normal number of packets from the multiprocessor environment to multiple destination addresses, (b) a second upper threshold for a normal ratio of the packets from the multiprocessor environment to a single destination address compared to the packets from the multiprocessor environment to the multiple destination addresses, and (c) a third upper threshold for a normal ratio of packets from the multiprocessor environment to a single port at a single destination address compared to packets from the multiprocessor environment to the multiple destination addresses. In response to the first and second thresholds being exceeded, a specific port is monitored to determine if the third upper threshold is being exceeded at that port, thus indicating an apparent distributed denial of service attack.