×

Network protection for denial of service attacks

  • US 6,725,378 B1
  • Filed: 04/15/1999
  • Issued: 04/20/2004
  • Est. Priority Date: 04/15/1998
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method, comprising:

  • monitoring TCP connection status from an untrusted network to a number of destination hosts operatively coupled to the untrusted network to reduce a performance degradation caused by SYN flooding from the untrusted network;

    classifying a TCP connection source address in a good address state when an ACK packet or a RST packet is received from the untrusted network with the source address;

    reclassifying the source address from the good address state to a new address state after a first predetermined time period passes without receiving the ACK packet or the RST packet from the untrusted network;

    reclassifying the source address from the new address state to a bad address state after a second predetermined time period passes without receiving the ACK packet or the RST packet from the untrusted network; and

    sending a RST packet to a corresponding one of the destination hosts to close a respective connection after the source address is classified in the bad address state.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×