System for controlling client-server connection requests
First Claim
1. A method for controlling connections from an IP entity, having a source IP address, to a server comprising the steps of:
- configuring a limit count representing a number of concurrently allowable connections between the IP entity and the server;
receiving an incoming IP packet;
processing the packet to determine said source IP address and a destination IP address for the packet;
creating an entry in a limit table for the IP entity, if no entry for that IP entity exists in the table;
determining, by reference to the limit count and the entry in the limit table, whether a pending connection should be allowed for the packet;
allowing the connection, and incrementing the limit count for the entry if the attempted connection would not exceed the limit count for the IP entity; and
blocking the packet if the attempted connection would exceed the limit count for the IP entity.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for controlling connections from an IP entity to a server. Initially, a limit count, representing a number of concurrently allowable connections between the IP entity and the server, is determined. When an incoming IP packet is received, the packet is processed to determine the source and destination IP addresses for the packet. An entry is then created in a limit table for the IP entity, if no entry for that IP entity exists in the table. A determination is made as to whether a pending connection should be allowed for the packet, by referring to the limit count and the entry in the limit table. The connection is allowed, and the limit count for the entry is incremented, if the attempted connection would not exceed the limit count for the IP entity; otherwise, the packet is blocked if the attempted connection would exceed the limit count for the IP entity.
76 Citations
30 Claims
-
1. A method for controlling connections from an IP entity, having a source IP address, to a server comprising the steps of:
-
configuring a limit count representing a number of concurrently allowable connections between the IP entity and the server;
receiving an incoming IP packet;
processing the packet to determine said source IP address and a destination IP address for the packet;
creating an entry in a limit table for the IP entity, if no entry for that IP entity exists in the table;
determining, by reference to the limit count and the entry in the limit table, whether a pending connection should be allowed for the packet;
allowing the connection, and incrementing the limit count for the entry if the attempted connection would not exceed the limit count for the IP entity; and
blocking the packet if the attempted connection would exceed the limit count for the IP entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for filtering packets sent from e-mail clients to an SMTP server comprising the step of:
limiting the number of concurrently active connections between a particular one of the clients and a TCP port for a specific said SMTP server, by restricting the number of concurrent connections from specific ones of the clients to a pre-configured limit count. - View Dependent Claims (17, 18)
-
19. A method for controlling connections from an IP entity to a server comprising the steps of:
-
configuring a rule table including a set of rules indicating a maximum number of concurrently allowable connections between the IP entity and the server;
receiving an incoming IP packet;
processing the packet to determine the source and destination IP addresses for the packet;
creating an entry in a limit table for the IP entity, if no entry for that IP entity exists in the limit table;
determining whether an incoming packet matches one of the rules in the rule table;
determining, by reference to the rule table and the entry in the limit table, whether a pending connection should be allowed for the packet;
allowing the connection, and incrementing the limit count for the entry if the attempted connection would not exceed the limit count for the IP entity;
blocking the packet if the attempted connection would exceed the maximum number of concurrently allowable connections for the IP entity;
wherein the set of rules includes a default rule that identifies all other clients not identified by any other said rules in the set of rules; and
wherein the default rule subjects said other clients to a pre-configured limit count. - View Dependent Claims (20, 21, 22)
-
-
23. A system for controlling connections from clients to a server comprising:
-
a processor and associated memory;
a rule table, stored in said memory, including rules specifying a range of source and destination addresses and destination ports, and a maximum number of concurrently allowable said connections between a particular client source IP address and a destination server IP address;
a limit table, stored in said memory, for storing a number of present connections established between each of the clients and the server; and
a filter, executed on the processor, including a connection limit checking function that uses said rules to determine the maximum number of concurrently allowable said connections for each one of said clients having a pending connection request;
wherein the pending connection request is blocked if the total number of said present connections would exceed the maximum number for the source IP address, if the pending connection request were allowed; and
wherein client IP addresses not having a corresponding rule in the rule table are assigned a default;
individual limit for the maximum number of concurrently allowable connections. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A system for controlling connections from an IP entity, having an IP address, to a server comprising the steps of:
-
a rule table containing a set of rules indicating a number of concurrently allowable connections between the IP entity and the server;
means for receiving an incoming IP packet;
means for processing the packet to determine the source and destination IP addresses for the packet;
means for creating an entry in a limit table for the IP entity, if no entry for that IP entity exists in the limit table;
means for determining whether an incoming packet matches one of the rules in the rule table;
means for determining, by reference to the rule table and the entry in the limit table, whether a pending connection should be allowed for the packet;
means for allowing the connection and incrementing the limit count for the entry if the attempted connection would not exceed the limit count for the IP entity;
means for blocking the packet if the attempted connection would exceed the limit count for the IP entity;
wherein the set of rules includes a default rule that identifies all other clients not identified by any other said rules in the set of rules; and
wherein the default rule subjects said other clients to a pre-configured limit count.
-
-
30. A software product comprising instructions, stored on computer-readable media, wherein the instructions, when executed by a computer, perform steps for controlling connections from an IP entity to a server, comprising:
-
configuring a rule table indicating a number of concurrently allowable connections between the IP entity and the server;
receiving an incoming IP packet;
processing the packet to determine the source and destination IP addresses for the packet;
creating an entry in a limit table for the IP entity, if no entry for that IP entity exists in the limit table;
determining whether an incoming packet matches one of the rules in the rule table;
determining, by reference to the rule table and the entry in the limit table, whether a pending connection should be allowed for the packet;
allowing the connection, and incrementing the limit count for the entry if the attempted connection would not exceed the limit count for the IP entity;
blocking the packet if the attempted connection would exceed the limit count for the IP entity;
wherein the set of rules includes a default rule that identifies all other clients not identified by any other said rules in the set of rules; and
wherein the default rule subjects said other clients to a pre-configured limit count.
-
Specification