System, method and program product to identify a distributed denial of service attack
First Claim
1. A method for detecting a denial of service attack on a plurality of computers, said method comprising the steps of:
- making records of source IP addresses of requests sent to each of said computers;
totaling said records of requests sent to said plurality of computers per source IP address; and
determining if the total for a source IP address exceeds a predetermined threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
System, method and computer program product for detecting a denial of service attack on a plurality of computers. Records are made of source IP addresses of requests sent to each of the computers. The records of requests sent to the plurality of computers are totalled per source IP address and/or per range of source IP addresses. A determination is made if the total for a source IP address and/or range of source IP addresses exceeds a respective, predetermined threshold. If so, a denial of service attack is suspected or determined, and a firewall can be notified to block subsequent requests from the source IP address and/or range of source IP addresses, and an administrator can be notified to investigate the situation. Records can also be made of requests sent to each of the computers for a file or access to an application. These records of requests sent to the plurality of computers are totalled per file or application access. A determination is made if the total for a file or application access exceeds a predetermined threshold. If so, a denial of service attack is suspected or determined, and an administrator can be notified to investigate the situation.
116 Citations
17 Claims
-
1. A method for detecting a denial of service attack on a plurality of computers, said method comprising the steps of:
-
making records of source IP addresses of requests sent to each of said computers;
totaling said records of requests sent to said plurality of computers per source IP address; and
determining if the total for a source IP address exceeds a predetermined threshold. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for detecting a denial of service attack on a plurality of computers, said system comprising:
-
means for making records of source IP addresses of requests sent to each of said computers;
means for totaling said records of requests sent to said plurality of computers per source IP address; and
means for determining if the total for a source IP address exceeds a predetermined threshold. - View Dependent Claims (7, 8, 9)
-
-
10. A method for detecting a denial of service attack on a plurality of computers, said method comprising the steps of:
-
making records of source IP addresses of requests sent to each of said computers;
totaling said records of requests sent to said plurality of computers per range of source IP addresses; and
determining if the total for said range of source IP addresses exceeds a predetermined threshold. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for detecting a denial of service attack on a plurality of computers, said method comprising the steps of:
-
making records of requests sent to each of said computers for a file or access to an application;
totaling said records of requests sent to said plurality of computers per file or application access; and
determining if the total for a file or application access exceeds a predetermined threshold. - View Dependent Claims (16, 17)
-
Specification