Method for protecting a network from data packet overload
First Claim
1. In a communication system having an internal network which receives, via a communication link, data packets from packet sources in an external network for further transmission to users in the internal network, a method for protecting the users from receiving an excessive number of data packets originating from the packet sources, comprising:
- a) establishing a data packet gate in the communication link and, at the data packet gate;
b) receiving a data packet and identifying its packet source;
c) incrementing a packet count for the identified packet source;
d) rejecting the data packet if the packet count exceeds a threshold; and
e) passing the data packet to the internal network if the packet count is below the threshold, wherein a data packet includes a source address and further including establishing an address table that stores source addresses, and comparing the source address of a received data packet to the source addresses stored in the address table, and wherein if the source address of a received data packet does not match an address stored in the address table, and if the address table does not have room to accept another source address, then the received data packet is rejected; and
wherein if the source address of a received data packet does not match an address stored in the address table, and if the address table has room to accept another source address, then the source address of the received data packet is stored in the address table.
4 Assignments
0 Petitions
Accused Products
Abstract
An internal network (16) is protected from being overloaded by an excessive number of data packets that originate from a source in an external network (10). In a preferred embodiment, data packet gate (20) receives each incoming data packet and determines whether it came from a trusted source. If it was not from a trusted source, and the number of data packets received recently from the same source exceeds a threshold, then data packets from that source are rejected. Preferably, when incoming data packets from all non-trusted sources exceed another threshold, additional data packets from all non-trusted sources are rejected.
48 Citations
3 Claims
-
1. In a communication system having an internal network which receives, via a communication link, data packets from packet sources in an external network for further transmission to users in the internal network, a method for protecting the users from receiving an excessive number of data packets originating from the packet sources, comprising:
-
a) establishing a data packet gate in the communication link and, at the data packet gate;
b) receiving a data packet and identifying its packet source;
c) incrementing a packet count for the identified packet source;
d) rejecting the data packet if the packet count exceeds a threshold; and
e) passing the data packet to the internal network if the packet count is below the threshold, wherein a data packet includes a source address and further including establishing an address table that stores source addresses, and comparing the source address of a received data packet to the source addresses stored in the address table, and wherein if the source address of a received data packet does not match an address stored in the address table, and if the address table does not have room to accept another source address, then the received data packet is rejected; and
wherein if the source address of a received data packet does not match an address stored in the address table, and if the address table has room to accept another source address, then the source address of the received data packet is stored in the address table.
-
-
2. In a communication system having an internal network which receives, via a communication link, data packets from racket sources in an external network for further transmission to users in the internal network, a method for protecting the users from receiving an excessive number of data packets originating from the packet sources, comprising:
-
a) establishing a data packet gate in the communication link and, at the data packet gate;
b) receiving a data packet and identifying its packet source;
c) incrementing a packet count for the identified packet source;
d) rejecting the data packet if the packet count exceeds a threshold;
e) passing the data packet to the internal network if the packet count is below the threshold, wherein the packet count for an identified packet source is incremented as data packets are received during predetermined time cycles, and between predetermined time cycles each packet count is reduced by a predetermined factor, and f) establishing an address table that stores source addresses from which data packets have been received, and wherein if a reduced packet count for a source address is below a release threshold, the source address is removed from the address table.
-
-
3. In a system having a communication network which receives, via a communication link, data packets from Internet sources for further transmission to receivers within the communication network, a method for protecting the receivers from receiving an excessive number of data packets originating from the Internet sources, comprising:
-
a) establishing a data packet gate in the communication link and, at the data packet gate;
b) receiving a data packet having an Internet source address;
c) incrementing a first packet count associated with the Internet source address;
d) incrementing a second packet count representing a total count of data packets received from at least some Internet source addresses; and
e) rejecting the data packet if either the first packet count exceeds a first threshold, or the second packet count exceeds a second threshold, wherein the packet count for each identified packet source is incremented as data packets are received during predetermined time cycles, and between predetermined time cycles each packet count is reduced by a predetermined factor; and
f) establishing an address table that stores addresses from which data packets have been received, and wherein if a reduced packet count for a source address is below a release threshold, the source address is removed from the address table.
-
Specification