Technique of defending against network connection flooding attacks
First Claim
1. A method of preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
- recognizing a particular host connecting to the port number on the server;
calculating a number of connections to the port attributed to the host;
determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, and, if so, denying the request for a connection.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention prevents server overload and possible server crippling due to a flooding of connect requests caused by intentional attack or otherwise. In response to a connection request from a host for a specified port, the number of connections to the port that are assigned to the host are determined. If this number exceeds a first threshold, the request is denied. It is possible to override this denial if a quality of service parameter pertaining to the host permits such an override. However, if the number of available connections to the port is less than a second threshold, the connection request is denied in any event.
31 Citations
16 Claims
-
1. A method of preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
-
recognizing a particular host connecting to the port number on the server; calculating a number of connections to the port attributed to the host; determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, and, if so, denying the request for a connection. - View Dependent Claims (2, 3, 4)
-
-
5. Apparatus for preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
-
means for recognizing a particular host connecting to the port number on the server; means for calculating a number of connections to the port attributed to the host; means for determining, in response to a request from the host for a connection to the port, if the number of connections to the port attributed to the host exceeds a prescribed threshold, and means responsive to the determining means for denying the request for a connection. - View Dependent Claims (6, 7, 8)
-
-
9. A storage media containing program code segments for preventing a flooding attack on a network server in which a large number of requests are received for connection to a particular port number on the server, comprising:
-
a first code segment activated to recognize a particular host connecting to the port number on the server; a second code segment to calculate a number of connections to the port attributed to the host; a third code segment activated in response to a request from the host for a connection to the port for determining if the number of connections to the port attributed to the host exceeds a prescribed threshold, and a fourth code segment responsive to the third code segment for denying the request for a connection. - View Dependent Claims (10, 11, 12)
-
-
13. A carrier wave containing program code segments for preventing a flooding attack on a network server in which a large number of requests are received for connection to a port number on the server, comprising:
-
a first code segment activated to recognize a particular host connecting to the port number on the server; a second code segment to calculate a number of connections to the port attributed to the host; a third code segment activated in response to a request from the host for a connection to the port for determining if the number of connections to the port attributed to the host exceeds a prescribed threshold, and a fourth code segment responsive to the third code segment for denying the request for a connection. - View Dependent Claims (14, 15, 16)
-
Specification