METHOD FOR MINIMIZING DENIAL OF SERVICE ATTACKS ON NETWORK SERVERS
First Claim
Patent Images
1. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:
- prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;
sending an acknowledgement from said server to said client in response to a client request received at said initial port, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client;
determining a dynamically-variable open port duration based upon a computed round-trip latency between said client and said server, and sending said open port duration to said server at said initial port;
closing said initial port and opening a second port of said server corresponding to said random port address; and
if a session is not complete when said open port duration elapses, closing said second port and opening another port at another randomly generated port address.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for providing communications network security can include receiving a round-trip network latency for a client specifying an open port duration. A port can be opened to receive a request from the client. The port can be closed when an amount of time at least as great as the open port duration has passed since the opening of the port.
27 Citations
12 Claims
-
1. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:
-
prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;
sending an acknowledgement from said server to said client in response to a client request received at said initial port, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client;
determining a dynamically-variable open port duration based upon a computed round-trip latency between said client and said server, and sending said open port duration to said server at said initial port;
closing said initial port and opening a second port of said server corresponding to said random port address; and
if a session is not complete when said open port duration elapses, closing said second port and opening another port at another randomly generated port address. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:
-
prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;
determining a dynamically-variable open port duration based upon a computed one-way latency between said client and server;
opening said initial port of said server corresponding to said initial port address;
sending an acknowledgement from said server to said client, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client; and
closing said initial port and, when said open port duration elapses, opening another port corresponding to said random port address. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification