System and method of responding to a flood attack on a data processing system

US 20060282508A1
Filed: 06/09/2005
Published: 12/14/2006
Est. Priority Date: 06/09/2005
Status: Abandoned Application

First Claim

Patent Images

1. A data processing system comprising:

a processor;

an interconnect; and

as system memory, coupled to said processor via said interconnect, wherein said system memory stores a connection manager, wherein in response to receiving a notification that a connection request includes a false IP address, said connection manager, independently of any time delay, removes said connection request from a list of pending connection requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of responding to a flood attack on a data processing system is disclosed. The present invention mitigates the affects of SYN attacks with false IP addresses by immediately removing the associated embryonic connection from the system upon receiving notification that the IP address in the original SYN request is false. Immediate removal of the connection request will mitigate the effects of the flood attack by not requiring the system to devote resources to servicing a connection request from a false IP address, which could result in denial of service for legitimate clients. Immediate removal of the connection request will mitigate the effects of the flood attack by not requiring the system to devote resources to servicing a connection request from a false IP address, which could result in denial of service for legitimate clients.

8 Citations

View as Search Results

12 Claims

1. A data processing system comprising:
- a processor;
  
  an interconnect; and
  
  as system memory, coupled to said processor via said interconnect, wherein said system memory stores a connection manager, wherein in response to receiving a notification that a connection request includes a false IP address, said connection manager, independently of any time delay, removes said connection request from a list of pending connection requests.
- View Dependent Claims (2, 3, 4)
- - 2. The data processing system according to claim 1, wherein said notification is an ICMP “
    - Host/Network Unreachable”
      
      message corresponding to said connection request.
  - 3. The data processing system according to claim 1, wherein said connection manager immediately removes said connection request from said list of pending connection requests to mitigate effects of a flood attack.
  - 4. The data processing system according to claim 1, wherein said connection manager frees resources devoted to processing said connection request in response to removing said connection request from said list of pending connection requests.

5. A method comprising:
- receiving a connection request;
  
  queuing said connection request and sending a response to said connection request; and
  
  in response to receiving a notification that said connection request includes a false IP address, removing, independent of any time delay, said connection request from a list of pending connection requests.
- View Dependent Claims (6, 7, 8)
- - 6. The method according to claim 5, wherein said notification is an ICMP “
    - Host/Network Unreachable”
      
      message corresponding to said connection request.
  - 7. The method according to claim 5, wherein said immediately removing said connection request further comprises:
    - immediately removing said connection request from said list of pending connection requests to mitigate effects of a flood attack.
  - 8. The method according to claim 5 further comprises:
    - freeing resources devoted to processing said connection request in response to removing said connection request from said list of pending connection requests.

9. A computer-readable medium for storing a computer program product that comprises instructions for:
- receiving a connection request;
  
  queuing said connection request and sending a response to said connection request; and
  
  in response to receiving a notification that said connection request includes a false IP address, removing, independent of any time delay, said connection request from a list of pending connection requests.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-readable medium according to claim 9, wherein said notification is an ICMP “
    - Host/Network Unreachable”
      
      message corresponding to said connection request.
  - 11. The computer-readable medium according to claim 9, wherein said immediately removing said connection requests further comprises:
    - immediately removing said connection request from said list of pending connection requests to mitigate effects of a flood attack.
  - 12. The computer-readable medium according to claim 9 further comprises:
    - freeing resources devoted to processing said connection request in response to removing said connection request from said list of pending connection requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Venkatsubra, Venkat, Youngman, Richard Perry

Application Number

US11/149,185
Publication Number

US 20060282508A1
Time in Patent Office

Days
Field of Search
US Class Current

709/217
CPC Class Codes

H04L 63/1458 Denial of Service

System and method of responding to a flood attack on a data processing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

System and method of responding to a flood attack on a data processing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others