Handling of DDoS attacks from NAT or proxy devices
First Claim
Patent Images
1. A method for authenticating communication traffic, comprising:
- receiving an initial incoming message, sent over a network from a source address to a destination address;
in reply to the initial incoming message, sending an outgoing message to the client containing an encoded token;
receiving a number of further incoming messages from the source address containing the encoded token; and
inhibiting delivery of one or more of the further incoming messages to the destination address when the number exceeds a predetermined threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving an initial incoming message, sent over a network from a source address to a destination address. In reply to the initial incoming message, an outgoing message containing an encoded token is sent to the client. Upon receiving a number of further incoming messages from the source address containing the encoded token, delivery of one or more of the further incoming messages to the destination address is inhibited when the number exceeds a predetermined threshold.
92 Citations
20 Claims
-
1. A method for authenticating communication traffic, comprising:
-
receiving an initial incoming message, sent over a network from a source address to a destination address; in reply to the initial incoming message, sending an outgoing message to the client containing an encoded token; receiving a number of further incoming messages from the source address containing the encoded token; and inhibiting delivery of one or more of the further incoming messages to the destination address when the number exceeds a predetermined threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Apparatus for authenticating communication traffic, comprising:
-
a network interface, which is arranged to communicate with a network; and a guard processor, which is coupled to the network interface and is arranged to receive an initial incoming message sent over the network from a source address, to send an outgoing message to the client containing an encoded token, to receive a number of further incoming messages from the source address containing the encoded token, and to inhibit delivery of one or more of the further incoming messages to the destination address when the number exceeds a predetermined threshold. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification