SYSTEMS AND METHODS FOR TRANSPARENTLY MONITORING NETWORK TRAFFIC FOR DENIAL OF SERVICE ATTACKS
First Claim
1. A computer-implemented method for monitoring network connections by a mitigation service, the mitigation service monitoring network traffic in one direction between a client computer and a server computer, the method comprising:
- receiving, from the client computer, a connection request that is configured to establish a network connection between the client computer and the server computer, wherein the connection request comprises at least one parameter corresponding to the network connection;
sending, to the client computer, a response that is configured to cause a reply by the client computer, wherein the response comprises a sequence number that is within a range of sequence numbers received in the connection request and wherein the sequence number does not interrupt the establishment of the network connection between the client computer and the server computer and does not complete the establishment of the network connection between the client computer and the server computer;
determining whether the reply is received from the client computer; and
in response to determining that the reply is received from the client computer;
sending the connection request to the server computer without altering an identification of the client computer in the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A mitigation service can monitor network traffic in one direction between a client computer and a server computer. The mitigation service can receive a request from a client computer to establish a network connection with a server computer. The mitigation service can reply to the client computer with an acknowledgment that is configured to cause the client computer to issue a request to reset the connection. The acknowledgement is configured not to affect the establishment of the network connection with the server computer. The mitigation service can compare the details of the reset request with the request to establish the network connection. If the details match, the mitigation service can forward the request to establish the network connection to the server computer.
26 Citations
27 Claims
-
1. A computer-implemented method for monitoring network connections by a mitigation service, the mitigation service monitoring network traffic in one direction between a client computer and a server computer, the method comprising:
-
receiving, from the client computer, a connection request that is configured to establish a network connection between the client computer and the server computer, wherein the connection request comprises at least one parameter corresponding to the network connection; sending, to the client computer, a response that is configured to cause a reply by the client computer, wherein the response comprises a sequence number that is within a range of sequence numbers received in the connection request and wherein the sequence number does not interrupt the establishment of the network connection between the client computer and the server computer and does not complete the establishment of the network connection between the client computer and the server computer; determining whether the reply is received from the client computer; and in response to determining that the reply is received from the client computer; sending the connection request to the server computer without altering an identification of the client computer in the request. - View Dependent Claims (2, 3, 4, 5, 6, 27)
-
-
7. A computer-implemented method for monitoring network traffic by a mitigation service, the mitigation service monitoring network traffic in one direction between a client computer and a server computer, the method comprising:
-
receiving, from the client computer, a TCP synchronization (SYN) packet that is configured to establish a TCP connection with the server computer, wherein the TCP SYN packet comprises one or more parameters corresponding to the TCP connection; determining a network address corresponding to the client computer; sending, to the client computer, a TCP acknowledgement (ACK) packet, wherein the TCP ACK comprises a sequence number that is the same as a sequence number corresponding to the TCP SYN packet to initiate a reply by the client computer without interrupting the establishment of the TCP connection with the server computer and does not complete the establishment of the TCP connection between the client computer and the server computer; receiving a TCP reset (RST) packet, wherein the TCP RST packet comprises one or more parameters; determining an origination network address corresponding to the TCP RST packet; comparing the origination network address and at least one of the one or more parameters of the ISP RST packet respectively to the network address corresponding to the client computer and at least one of the parameters corresponding to the TCP connection of the TCP SYN packet; determining whether the TCP RST packet originated from the client computer based on the comparison; and in response to determining that the TCP RST packet originated from the client computer; sending the TCP SYN packet to the server computer without altering an identification of the client computer in the TCP SYN. - View Dependent Claims (8, 10, 11, 12, 13)
-
-
9. (canceled)
-
14. A computer-implemented method for monitoring network traffic by a mitigation service, the mitigation service monitoring network traffic in one direction between a client computer and a server computer, the method comprising:
-
receiving, from the client computer, a TCP synchronization (SYN) packet that is configured to establish a TCP connection with the server computer, wherein the TCP SYN packet comprises one or more parameters corresponding to the TCP connection; determining a network address corresponding to the client computer that sent the TCP SYN packet; sending, to the client computer, a TCP acknowledgement (ACK) packet, wherein the TCP ACK comprises a sequence number that is the same as a sequence number corresponding to the TCP SYN packet to initiate a reply by the client computer without interrupting the establishment of the TCP connection with the server computer and does not complete the establishment of the TCP connection between the client computer and the server computer; determining whether a TCP reset (RST) packet is received from the client computer, wherein the TCP RST packet comprises one or more parameters; and in response to determining that a TCP RST packet is received; allowing the network traffic in the one direction between the client computer and the server computer. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer readable storage medium comprising instructions that cause one or more processors to perform a method for monitoring network connections by a mitigation service, the mitigation service monitoring network traffic in one direction between a client computer and a server computer, the method comprising:
-
receiving, from the client computer, a connection request that is configured to establish a network connection between the client computer and the server computer, wherein the connection request comprises at least one parameter corresponding to the network connection; sending, to the client computer, a response that is configured to cause a reply by the client computer, wherein the response comprises a sequence number that is within a range of sequence numbers received in the connection request and wherein the sequence number does not interrupt the establishment of the network connection between the client computer and the server computer and does not complete the establishment of the network connection between the client computer and the server computer; determining whether the reply is received from the client computer; and in response to determining that the reply is received from the client computer; sending the connection request to the server computer without altering an identification of the client computer In the request. - View Dependent Claims (20, 21, 22)
-
-
23. A system for monitoring network traffic in one direction between a client computer and a server computer, comprising:
-
one or more memory devices storing instructions; and one or more processors coupled to the memory devices and configured to execute the instructions to perform a method comprising; receiving, from the client computer, a connection request that is configured to establish a network connection between the client computer and the server computer, wherein the connection request comprises at least one parameter corresponding to the network connection; sending, to the client computer, a response that is configured to cause a reply by the client computer, wherein the response comprises a sequence number that is within a range of sequence numbers received in the connection request and wherein the sequence number does not interrupt the establishment of the network connection between the client computer and the server computer and does not complete the establishment of the network connection between the client computer and the server computer; determining whether the reply is received from the client computer; and in response to determining that the reply is received from the client computer; sending the connection request to the server computer without altering an identification of the client computer in the request. - View Dependent Claims (24, 25, 26)
-
Specification