TECHNIQUES FOR PROTECTING AGAINST DENIAL OF SERVICE ATTACKS
First Claim
Patent Images
1. A method comprising:
- extracting, by a network device, one or more values from a Transmission Control Protocol (TCP) ACK packet sent by a client device, the one or more values encoding TCP option information;
decoding, by the network device, the one or more values to determine the TCP option information;
embedding, by the network device, the decoded TCP option information into the TCP ACK packet; and
forwarding, by the network device, the TCP ACK packet with the embedded TCP option information to a server.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for protecting against denial of service attacks are provided. In one embodiment, a network device can extract one or more values from a Transmission Control Protocol (TCP) ACK packet sent by a client device, where the one or more values encode TCP option information. The network device can further decode the one or more values to determine the TCP option information and embed the TCP option information into the TCP ACK packet. The network device can then forward the TCP ACK packet with the embedded TCP option information to a server.
-
Citations
24 Claims
-
1. A method comprising:
-
extracting, by a network device, one or more values from a Transmission Control Protocol (TCP) ACK packet sent by a client device, the one or more values encoding TCP option information; decoding, by the network device, the one or more values to determine the TCP option information; embedding, by the network device, the decoded TCP option information into the TCP ACK packet; and forwarding, by the network device, the TCP ACK packet with the embedded TCP option information to a server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A network device comprising:
-
a processor; and a non-transitory computer readable medium having stored thereon executable program code which, when executed by the processor, causes the processor to; extract a one or more values from a TCP ACK packet sent by a client device, the one or more values encoding TCP option information; decode the one or more values to determine the TCP option information; embed the decoded TCP option information into the TCP ACK packet; and forward the TCP ACK packet with the embedded TCP option information to a server. - View Dependent Claims (14)
-
-
15. A non-transitory computer readable medium having stored thereon program code executable by a processor, the program code comprising:
-
code that causes the processor to extract one or more values from a TCP ACK packet sent by a client device, the one or more values encoding TCP option information; code that causes the processor to decode the one or more values to determine the TCP option information; code that causes the processor to embed the decoded TCP option information into the TCP ACK packet; and code that causes the processor to forward the TCP ACK packet with the embedded TCP option information to a server.
-
-
16. A method comprising:
-
identifying, by a server, a received TCP ACK packet as including TCP option information; extracting, by the server, the TCP option information from the TCP ACK packet; and establishing a TCP session based on the TCP option information. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer system comprising:
-
a processor; and a non-transitory computer readable medium having stored thereon executable program code which, when executed by the processor, causes the processor to; identify a received TCP ACK packet as including TCP option information; extract the TCP option information from the TCP ACK packet, without performing any SYN cookie validation; and establish a TCP session based on the TCP option information.
-
-
24. A non-transitory computer readable medium having stored thereon program code executable by a processor, the program code comprising:
-
code that causes the processor to identify a received TCP ACK packet as including TCP option information; code that causes the processor to extract the TCP option information from the TCP ACK packet, without performing any SYN cookie validation; and code that causes the processor to establish a TCP session based on the TCP option information.
-
Specification