Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators

1. Method for recognizing and refusing attacks on server systems of network providers and operators by means of an electronic device to be implemented in a computer network, this device contains a computer program characterized by the components and the steps of procedures:

• defense against DoS and DDoS attacks (flood attacks) whereas each IP SYN (IP connection request) is registered and answered with a SYN ACK for preservation of time restrictions (timeouts) defined in the IP protocol while the registered SYN packet is checked for validity and available services in the target system and the connection to the target system is initialized and the received data packet is forwarded to the target system for further processing if the verification was successful and the expected ACK as well as a consecutively following valid data packet was received from the requesting external system in the meantime, and/or link level security whereas the data packets which have to be checked are received directly from the OSI layer 2 (link level), and/or examination of valid IP headers whereas the structure of each IP packet is checked for validity before it is forwarded to the target system and each invalid packet is rejected, and/or examination of the IP packet by especially checking the length and the checksum for conformity of the values in the TCP or IP header with the structure of the IP packet and/or TCP/IP fingerprint protection whereas the answering outgoing data traffic from the secured systems to the requesting external systems is neutralized by using default protocol identifiers, and/or blocking of each UDP network packet for avoiding attacks at the secured systems via the network protocol UDP (user datagram protocol), by selectively registering and unblocking services required to be reached via UDP whereas for these UDP ports messages are explicitly admitted and the other UDP ports stay closed, and/or length restrictions of ICMP packets (Internet control message protocol) whereas only ICMP messages with a predefined maximal length are identified as valid data and others are rejected, and/or exclusion of specific external IP addresses from the communication with the target system, and/or packet-level firewall function whereas incoming and outgoing IP packets are examined by freely definable rules and because of these rules are rejected or forwarded to the target system, and/or protection of reachable services of the target system by exclusion of specific services and/or users and/or redirection of service requests to other servers.