System and method for detection and mitigation of distributed denial of service attacks
First Claim
Patent Images
1. A method for detecting and mitigating denial of service attacks, comprising:
- initiating a small computer communication session on a communication network;
executing in a router a set of permit rules for permitting flow of communication packets for user-initiated sessions through said router, said permit rules including a default rule for discarding all packets with respect to said small computer in traffic not pertaining to sessions initiated by said user.
1 Assignment
0 Petitions
Accused Products
Abstract
A router includes a relatively low bandwidth communication connection to a small computer, a relatively high bandwidth communication connection to a communication network; and a processing unit for executing in the router a set of permit rules for permitting flow of communication packets with respect to the connections for user initiated sessions, the permit rules including a default rule for discarding all packets with respect to the small computer in traffic not pertaining to sessions initiated by the small computer.
53 Citations
24 Claims
-
1. A method for detecting and mitigating denial of service attacks, comprising:
-
initiating a small computer communication session on a communication network;
executing in a router a set of permit rules for permitting flow of communication packets for user-initiated sessions through said router, said permit rules including a default rule for discarding all packets with respect to said small computer in traffic not pertaining to sessions initiated by said user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A router for detecting and mitigating denial of service attacks on a small computer, comprising:
-
a relatively low bandwidth communication connection to said small computer;
a relatively high bandwidth communication connection to a communication network;
a processing unit for executing in said router a set of permit rules for permitting flow of communication packets with respect to said connections for user initiated sessions, said permit rules including a default rule for discarding all packets with respect to said small computer in traffic not pertaining to sessions initiated by said user. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program product for detecting and mitigating denial of service attacks, said computer program product comprising:
-
a computer readable medium;
first program instructions to a initiate a small computer communication session through a router on a communication network; and
second program instructions to execute in said router a set of permit rules for permitting flow of communication packets for user-initiated sessions through said router, said permit rules including a default rule for discarding all packets with respect to said small computer in traffic not pertaining to sessions initiated by said user; and
whereinsaid first and second program instructions are recorded on said medium. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification