Apparatus and method for using a network processor to guard against a “denial-of-service” attack on a server or server cluster
First Claim
Patent Images
1. Apparatus comprising:
- a network resource server having at least one computer system comprising a central processing unit and server memory; and
a network processor coupled to said network resource server comprising;
a plurality of interface processors;
instruction memory for storing instructions accessibly to said interface processors;
data memory for storing data passing through said network processor to and from said network resource server accessibly to said interface processors; and
a plurality of input/output ports;
one of said input/output ports adapted for exchanging data passing through said network processor with an external network under the direction of said interface processors;
at least one other of said input/output ports adapted for exchanging data passing through said network processor with said network resource server;
said network processor and said network resource server cooperating in directing the exchange of data between said input/output ports and the flow of data through said data memory to and from said network resource server in response to execution by said interface processors of instructions loaded into said instruction memory;
said network processor further comprising at least one rate monitor for monitoring the rate of data flow addressed from any source to said network resource server, at least one of said interface processors comprising a component for computing a derivative of data flow rate over time to determine the rate of change of data flow, and at least one modifier for modifying the instructions loaded into said instruction memory in response to the determined rate of change.
1 Assignment
0 Petitions
Accused Products
Abstract
A system comprising a network resource server or a server farm formed by a plurality of computer systems and a network processor which transfers data exchanged with an external network supported by the server farm at a data rate substantially the same as the data flow rate of the network and related method. The network processor protects the network resource server against attacks such as a denial of service attack by monitoring data flow, computing a derivative of the data flow over time to determine the rate of change of data flow, and modifying instructions for the discarding of packets in response to rates of change which are outside predetermined boundaries.
-
Citations
28 Claims
-
1. Apparatus comprising:
-
a network resource server having at least one computer system comprising a central processing unit and server memory; and a network processor coupled to said network resource server comprising; a plurality of interface processors; instruction memory for storing instructions accessibly to said interface processors; data memory for storing data passing through said network processor to and from said network resource server accessibly to said interface processors; and a plurality of input/output ports; one of said input/output ports adapted for exchanging data passing through said network processor with an external network under the direction of said interface processors; at least one other of said input/output ports adapted for exchanging data passing through said network processor with said network resource server; said network processor and said network resource server cooperating in directing the exchange of data between said input/output ports and the flow of data through said data memory to and from said network resource server in response to execution by said interface processors of instructions loaded into said instruction memory; said network processor further comprising at least one rate monitor for monitoring the rate of data flow addressed from any source to said network resource server, at least one of said interface processors comprising a component for computing a derivative of data flow rate over time to determine the rate of change of data flow, and at least one modifier for modifying the instructions loaded into said instruction memory in response to the determined rate of change. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in an apparatus comprising:
-
a network resource server comprising at least one computer system which has a central processing unit and server memory; and a network processor coupled to said network resource server and comprising; a plurality of interface processors; instruction memory for storing instructions accessibly to said interface processors; data memory for storing data passing through said network processor to and from said network resource server accessibly to said interface processors; and a plurality of input/output ports; one of said input/output ports adapted for exchanging data passing through said network processor with an external network under the direction of said interface processors; at least one other of said input/output ports adapted for exchanging data passing through said network processor with said network resource server; said method comprising the steps of; said network processor cooperating with said network resource server in directing the exchange of data between said input/output ports and the flow of data through said data memory to and from said network resource server in response to execution by said interface processors of instructions loaded into said instruction memory; monitoring the rate of data flow inbound toward said network resource server from all data sources, and at least one of said interface processors computing a derivative of data flow rate over time to determine the rate of change of data flow from all data sources to said network resource server, and said at least one modifier modifying the instructions loaded into said instruction memory in response to the determined rate of change. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A program storage device, readable by machine, tangibly embodying a program of instructions executable by the machine to, in an apparatus comprising a network resource server having at least one computer system comprising at least a central processing unit and server memory;
- and a network processor coupled to said network resource server comprising;
A plurality of interface processors; Instruction memory for storing instructions accessible to said interface processors; Data memory for storing data passing through said network processor to and from said network resource server accessibly to said interface processors; and A plurality of input/output ports; One of said input/output ports adapted for exchanging data passing through said network processor with an external network under the direction of said interface processors; At least one other of said input/output ports adapted for exchanging data passing through said network processor with said network resource server; Said method comprising the steps of; Said network processor cooperating with said network resource server in directing the exchange of data between said input/output ports and the flow of data through said data memory to said network resource server in response to execution by said interface processors of instructions loaded into said instruction memory; Said network processor monitoring the rate of data flow to said network resource server, computing a derivative of data flow rate over time to determine the rate of change of data flow, and modifying the instructions loaded into said instruction memory in response to the determined rate of change. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- and a network processor coupled to said network resource server comprising;
-
28. A network processor coupled to at least one network resource server and an external network comprising:
-
a plurality of interface processors; instruction memory for storing instructions accessibly to said interface processors; data memory for storing data passing through said network processor to and from said network resource server accessibly to said interface processors; and a plurality of input/output ports; one of said input/output ports adapted for exchanging data passing through said network processor with an external network under the direction of said interface processors; at least one other of said input/output ports adapted for exchanging data passing through said network processor with said network resource server; said network processor and said network resource server cooperating in directing the exchange of data between said input/output ports and the flow of data through said data memory to and from said network resource server in response to execution by said interface processors of instructions loaded into said instruction memory; said network processor further comprising at least one rate monitor for monitoring the rate of data flow addressed to said network resource server from all data sources, at least one of said interface processors comprising a component for computing a derivative of data flow rate over time to determine the rate of change of data flow, and at least one modifier for modifying the instructions loaded into said instruction memory in response to the determined rate of change.
-
Specification