Method for blocking denial of service and address spoofing attacks on a private network
First Claim
1. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
- receiving a request to establish a communication connection between an endpoint of a public network and an endpoint of a private network;
requesting an acknowledgment from the endpoint of the public network;
determining whether an acknowledgment has been received within a predetermined amount of time;
if an acknowledgment is received, comparing the request to establish a communication connection with existing connections; and
if an existing communication connection between the endpoint of the public network and the endpoint of the private network already exists, denying the request to establish a communication connection.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).
-
Citations
16 Claims
-
1. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
-
receiving a request to establish a communication connection between an endpoint of a public network and an endpoint of a private network;
requesting an acknowledgment from the endpoint of the public network;
determining whether an acknowledgment has been received within a predetermined amount of time;
if an acknowledgment is received, comparing the request to establish a communication connection with existing connections; and
if an existing communication connection between the endpoint of the public network and the endpoint of the private network already exists, denying the request to establish a communication connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
comparing a source address of the request for connection with known internal addresses of the private network;
determining if the source address matches a known internal address; and
refusing to process the request for connection if there is a match.
-
-
16. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
-
receiving a request for connection from an initiator, over the public network;
requesting an acknowledgment from the initiator of the request;
determining whether the acknowledgment has been received within a predetermined denying the request if the acknowledgment is not received within the predetermined comparing the request for connection with existing connections to determine if there is a match; and
if there is a match, denying the request for connection.
-
Specification