System and method for an adaptive TCP SYN cookie with time validation
First Claim
1. A system for TCP SYN cookie validation at a host server comprising:
- a session SYN packet receiver for receiving a session SYN packet;
a transition cookie generator for generating a transition cookie, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender for sending the transition cookie in response to the received session SYN packet;
a session ACK packet receiver for receiving a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, for determining whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
4 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.
90 Citations
25 Claims
-
1. A system for TCP SYN cookie validation at a host server comprising:
-
a session SYN packet receiver for receiving a session SYN packet;
a transition cookie generator for generating a transition cookie, the transition cookie comprising a time value representing the actual time;
a session SYN/ACK packet sender for sending the transition cookie in response to the received session SYN packet;
a session ACK packet receiver for receiving a session ACK packet, the session ACK packet including a candidate transition cookie; and
a transition cookie validator, for determining whether the candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for TCP SYN cookie validation comprising:
a host server comprising a processor and memory, the processor configured for;
receiving a session SYN packet;
generating a transition cookie, the transition cookie comprising a time value representing the actual time;
sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet;
receiving a session ACK packet; and
determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
16. A method for TCP SYN cookie validation comprising:
-
receiving a session SYN packet by a TCP session setup module;
generating a transition cookie by the TCP session setup module, the transition cookie comprising a time value representing the actual time;
sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet;
receiving a session ACK packet; and
determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification