×

Thwarting connection-based denial of service attacks

  • US 20020103916A1
  • Filed: 09/05/2001
  • Published: 08/01/2002
  • Est. Priority Date: 09/07/2000
  • Status: Active Grant
First Claim
Patent Images

1. A method of defending a server against SYN flood attacks executed on a device, the method comprises:

  • during a connection setup initiated by sending a SYN packet from a client to a server;

    forwarding a received SYN ACK packet from the server to the client and immediately sending a ACK packet to the server;

    maintaining the connection open for a variable timeout period and if an ACK packet does not arrive from the client to server, sending a RST to the server to cause the server to close the connection; and

    if the ACK packet does arrive from the client to the server, forwarding the ACK to the server and maintain the connection.

View all claims
  • 22 Assignments
Timeline View
Assignment View
    ×
    ×