Method and apparatus for deflecting flooding attacks
First Claim
1. Method for regulating the passage of packets between a host system and a client system in a network computing environment, said method comprising the steps of:
- receiving a first packet from the client system, wherein said first packet contains information representative of a request for start of connection;
recording packet information of said first packet;
passing said first packet to the host system;
receiving a second packet from the host system, wherein said second packet contains information representative of an acknowledgement by the host system of said request for start of connection;
passing said second packet to the client system;
monitoring a response by the client system to said second packet for occurrence within a timer threshold;
sending a reset signal to the host system for shutting down a half-open connection if said response by the client system to said second packet is not received within said timer threshold;
receiving a delayed response from the client system to said second packet after said elapse of said timer threshold; and
raising said timer threshold to be more lenient to the client system that previously forwarded said delayed response.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for deflecting connection flooding attacks. Specifically, the stateful firewall allows all connection attempts to flow into the destination host, but monitors the connection attempts to ensure that only legitimate connections are allowed. If the firewall detects that a connection is half-open for longer than a certain timer threshold, it will instruct the destination host to tear down the half-open connection, thereby freeing up resources in the destination host for other connection attempts. The timer threshold can be dynamically adjusted if a connection flooding attack is detected.
-
Citations
25 Claims
-
1. Method for regulating the passage of packets between a host system and a client system in a network computing environment, said method comprising the steps of:
-
receiving a first packet from the client system, wherein said first packet contains information representative of a request for start of connection; recording packet information of said first packet; passing said first packet to the host system; receiving a second packet from the host system, wherein said second packet contains information representative of an acknowledgement by the host system of said request for start of connection; passing said second packet to the client system; monitoring a response by the client system to said second packet for occurrence within a timer threshold; sending a reset signal to the host system for shutting down a half-open connection if said response by the client system to said second packet is not received within said timer threshold; receiving a delayed response from the client system to said second packet after said elapse of said timer threshold; and raising said timer threshold to be more lenient to the client system that previously forwarded said delayed response. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Method for regulating the passage of packets between a host system and a client system in a network computing environment, said method comprising the steps of:
-
receiving a first packet from the client system, wherein said first packet contains information representative of a request for start of connection; recording packet information of said first packet; passing said first packet to the host system; receiving a second packet from the host system, wherein said second packet contains information representative of an acknowledgement by the host system of said request for start of connection; passing said second packet to the client system; monitoring a response by the client system to said second packet for occurrence within a timer threshold; sending a reset signal to the host system for shutting down a half-open connection if said response by the client system to said second packet is not received within said timer threshold; receiving a third packet from the client system as a delayed response to said second packet after said elapse of said timer threshold; generating a fourth packet on behalf of the client system, wherein said fourth packet contains information representative of a request for start of connection and is based on information stored from said first packet; and passing said fourth packet to the host system. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. Method for regulating the passage of packets between a host system and a client system in a network computing environment, said method comprising the steps of:
-
receiving a first packet from the client system, wherein said first packet contains information representative of a request for start of connection; recording packet information of said first packet; passing said first packet to the host system; receiving a second packet from the host system, wherein said second packet contains information representative of an acknowledgement by the host system of said request for start of connection; passing said second packet to the client system; monitoring a response by the client system to said second packet for occurrence within a timer threshold; sending a reset signal to the host system for shutting down a half-open connection if said response by the client system to said second packet is not received within said timer threshold; receiving a delayed response from the client system to said second packet after said elapse of said timer threshold; receiving a third packet from the client system as a delayed response to said second packet after said elapse of said timer threshold; generating a fourth packet on behalf of the client system, wherein said fourth packet contains information representative of a request for start of connection; and passing said fourth packet to the host system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer readable storage medium holding code that when executed causes a computing device to transact a validated application session in a networked computing environment by performing the steps of:
-
receiving a first packet from the client system, wherein said first packet contains information representative of a request for start of connection; recording packet information of said first packet; passing said first packet to the host system; receiving a second packet from the host system, wherein said second packet contains information representative of an acknowledgement by the host system of said request for start of connection; passing said second packet to the client system; monitoring a response by the client system to said second packet for occurrence within a timer threshold; sending a reset signal to the host system for shutting down a half-open connection if said response by the client system to said second packet is not received within said timer threshold; receiving a delayed response from the client system to said second packet after said elapse of said timer threshold; receiving a third packet from the client system as a delayed response to said second packet after said elapse of said timer threshold; generating a fourth packet on behalf of the client system, wherein said fourth packet contains information representative of a request for start of connection; and passing said fourth packet to the host system.
-
Specification