Systems and methods for detecting and tracing denial of service attacks
First Claim
Patent Images
1. A method comprising:
- receiving an initialization packet from a network source on a network having a network protocol,sending an initialization acknowledgement packet in response to the initialization packet;
caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time;
receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time;
comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and
if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time then indicating a potential denial-of-service attack.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and tracing a denial-of-service attack are disclosed. One aspect of the systems and methods includes providing a plurality of attack detection modules and a plurality of broker modules operable to communicably couple to a network. The attack detection modules operate to detect a potential denial-of-service attack on network segment. An attack signature for the potential denial of service attack may be forwarded to one or more broker modules on the network segment. The broker modules collectively analyze the data in order to determine a source or sources for the attack.
82 Citations
6 Claims
-
1. A method comprising:
-
receiving an initialization packet from a network source on a network having a network protocol, sending an initialization acknowledgement packet in response to the initialization packet; caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time; receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time; comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time then indicating a potential denial-of-service attack. - View Dependent Claims (2, 3)
-
-
4. A machine-readable storage medium having machine executable instructions to perform a method for detecting a denial-of-service attack, the method comprising:
-
receiving an initialization packet from a network source on a network having a network protocol; sending an initialization acknowledgement packet in response to the initialization packet; caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time; receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time; comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time the indicating a potential denial-of-service attack. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsGovindarajan, Priya, Chiu, Chun-Yang
-
Primary Examiner(s)Moise; Emmanuel L.
-
Assistant Examiner(s)POPHAM, JEFFREY D
-
Application NumberUS10/335,197Publication NumberTime in Patent Office1,715 DaysField of Search726 22- 25US Class Current726/22CPC Class CodesH04L 2463/141 Denial of service attacks a...H04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/1458 Denial of Service
