Technique of defending against network connection flooding attacks

US 7,137,144 B1
Filed: 02/11/2000
Issued: 11/14/2006
Est. Priority Date: 02/11/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:

recognizing a particular host connecting to the port number on the server;

calculating a number of connections to the port attributed to the host;

determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, and, if so, denying the request for a connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention prevents server overload and possible server crippling due to a flooding of connect requests caused by intentional attack or otherwise. In response to a connection request from a host for a specified port, the number of connections to the port that are assigned to the host are determined. If this number exceeds a first threshold, the request is denied. It is possible to override this denial if a quality of service parameter pertaining to the host permits such an override. However, if the number of available connections to the port is less than a second threshold, the connection request is denied in any event.

31 Citations

View as Search Results

16 Claims

1. A method of preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
- recognizing a particular host connecting to the port number on the server;
  
  calculating a number of connections to the port attributed to the host;
  
  determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, and, if so, denying the request for a connection.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 in which denying the request further comprises:
    - overriding the denial and allowing the request if a quality of service parameter pertaining to the requesting host permits the override.
  - 3. The method of claim 2 wherein a connection request is denied in any event if the number of available connections to the port are less than a constrained threshold.
  - 4. The method of claim 1 or claim 2 or claim 3 further comprising:
    - calculating the prescribed threshold by multiplying a percentage P by the number of available connections remaining for the port.

5. Apparatus for preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
- means for recognizing a particular host connecting to the port number on the server;
  
  means for calculating a number of connections to the port attributed to the host;
  
  means for determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, andmeans responsive to the determining means for denying the request for a connection.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5 in which means for denying further comprises:
    - means responsive to a quality of service parameter pertaining to the requesting host for overriding a request denial and allowing the request.
  - 7. The apparatus of claim 6 further comprising:
    - means for denying a connection request in any event if the number of available connections to the port are less than a constrained threshold.
  - 8. The apparatus of claim 5 or claim 6 or claim 7 further comprising:
    - means for calculating the prescribed threshold by multiplying a percentage P by the number of available connections remaining for the port.

9. A storage media containing program code segments for preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
- a first code segment activated to recognize a particular host connecting to the port number on the server;
  
  a second code segment to calculate a number of connections to the port attributed to the host;
  
  a third code segment activated in response to a request from the host for a connection to the port for determining if the number of connections to the port attributed to the host exceeds a prescribed threshold, anda fourth code segment responsive to the third code segment for denying the request for a connection.
- View Dependent Claims (10, 11, 12)
- - 10. The media of claim 9 in which the second code segment further comprises:
    - a fifth code segment for overriding the denial and allowing the request if a quality of service parameter pertaining to the requesting host permits the override.
  - 11. The media of claim 10 further comprising a sixth code segment for denying a connection request in any event if the number of available connections to the port are less than a constrained threshold.
  - 12. The media of claim 9 or claim 10 or claim 11 further comprising:
    - a seventh code segment for calculating the prescribed threshold by multiplying a percentage P by the number of available connections remaining for the port.

13. A carrier wave containing program code segments for preventing a flooding attack on a network server in which a large number of requests are received for connection to a port number on the server, comprising:
- a first code segment activated to recognize a particular host connecting to the port number on the server;
  
  a second code segment to calculate a number of connections to the port attributed to the host;
  
  a third code segment activated in response to a request from the host for a connection to the port for determining if the number of connections to the port attributed to the host exceeds a prescribed threshold, anda fourth code segment responsive to the third code segment for denying the request for a connection.
- View Dependent Claims (14, 15, 16)
- - 14. The carrier wave of claim 13 in which the second code segment further comprises:
    - a fifth code segment for overriding the denial and allowing the request if a quality of service parameter pertaining to the requesting host permits the override.
  - 15. The carrier wave of claim 14 further comprising a sixth code segment for denying a connection request in any event if the number of available connections to the port are less than a constrained threshold.
  - 16. The carrier wave of claim 13 or claim 14 or claim 15 further comprising:
    - a seventh code segment for calculating the prescribed threshold by multiplying a percentage P by the number of available connections remaining for the port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Attwood, Kira Sterling, Overby, Jr., Linwood Hugh, Sun, Chien-En
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/502,478
Time in Patent Office

2,468 Days
Field of Search

713/201, 709/205, 709/225, 709/219, 709/203, 709/235, 708/203, 726/13, 726/11, 726/22
US Class Current

726/13
CPC Class Codes

H04L 2101/663   Transport layer addresses, ...

H04L 61/00   Network arrangements, proto...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

Technique of defending against network connection flooding attacks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Technique of defending against network connection flooding attacks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links