METHOD FOR MINIMIZING DENIAL OF SERVICE ATTACKS ON NETWORK SERVERS

US 20080104262A1
Filed: 12/21/2007
Published: 05/01/2008
Est. Priority Date: 08/23/2002
Status: Active Grant

First Claim

Patent Images

1. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:

prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;

sending an acknowledgement from said server to said client in response to a client request received at said initial port, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client;

determining a dynamically-variable open port duration based upon a computed round-trip latency between said client and said server, and sending said open port duration to said server at said initial port;

closing said initial port and opening a second port of said server corresponding to said random port address; and

if a session is not complete when said open port duration elapses, closing said second port and opening another port at another randomly generated port address.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing communications network security can include receiving a round-trip network latency for a client specifying an open port duration. A port can be opened to receive a request from the client. The port can be closed when an amount of time at least as great as the open port duration has passed since the opening of the port.

27 Citations

View as Search Results

12 Claims

1. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:
- prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;
  
  sending an acknowledgement from said server to said client in response to a client request received at said initial port, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client;
  
  determining a dynamically-variable open port duration based upon a computed round-trip latency between said client and said server, and sending said open port duration to said server at said initial port;
  
  closing said initial port and opening a second port of said server corresponding to said random port address; and
  
  if a session is not complete when said open port duration elapses, closing said second port and opening another port at another randomly generated port address.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The machine-readable storage of claim 1, further comprising:
    - scaling said open port duration by a predetermined value.
  - 3. The machine-readable storage of claim 1, wherein said round-trip latency specifies a time said client sends a request and a time said client receives a response from said server.
  - 4. The machine-readable storage of claim 1, further comprising:
    - replacing said open port duration with a second open port duration.
  - 5. The machine-readable storage of claim 1, further comprising:
    - determining an updated open port duration from a subsequent round-trip latency; and
      
      providing said updated open port duration to said client to synchronize said client and said server.
  - 6. The machine-readable storage of claim 5, further comprising:
    - scaling said updated open port duration by a predetermined value.

7. A machine-readable storage, having stored thereon a computer program having a plurality of code sections executable by a machine for causing the machine to perform the steps of:
- prior to initiating a communications session between a client and said server, securely communicating to said client an address of an initial port of said server available for initial client-server synchronization and an open port duration for said initial port;
  
  determining a dynamically-variable open port duration based upon a computed one-way latency between said client and server;
  
  opening said initial port of said server corresponding to said initial port address;
  
  sending an acknowledgement from said server to said client, the acknowledgement containing a random seed to generate a random port address based upon a random pattern generator shared by said server and said client; and
  
  closing said initial port and, when said open port duration elapses, opening another port corresponding to said random port address.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The machine-readable storage of claim 7, further comprising:
    - scaling said open port duration by a predetermined value.
  - 9. The machine-readable storage of claim 7, said step of determining an open port duration using a one-way latency comprising:
    - receiving from a client a packet that is time stamped with a send time;
      
      noting a receive time when said packet is received; and
      
      calculating a difference between said send time and said receive time.
  - 10. The machine-readable storage of claim 7, further comprising the step:
    - replacing said open port duration with a second open port duration.
  - 11. The machine-readable storage of claim 7, further comprising:
    - determining an updated open port duration from a subsequent one-way latency; and
      
      providing said updated open port duration to said client to synchronize said client and said server.
  - 12. The machine-readable storage of claim 11, further comprising:
    - scaling said updated open port duration by a predetermined value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Katz, Neil, Moore, Victor

Granted Patent

US 7,685,299 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/1458 Denial of Service

METHOD FOR MINIMIZING DENIAL OF SERVICE ATTACKS ON NETWORK SERVERS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR MINIMIZING DENIAL OF SERVICE ATTACKS ON NETWORK SERVERS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links