Systems and methods for detecting and tracing denial of service attacks
First Claim
Patent Images
1. A method comprising:
- receiving an initialization packet from a network source on a network having a network protocol,sending an initialization acknowledgement packet in response to the initialization packet;
caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time;
receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time;
comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and
if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time then indicating a potential denial-of-service attack.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting and tracing a denial-of-service attack are disclosed. One aspect of the systems and methods includes providing a plurality of attack detection modules and a plurality of broker modules operable to communicably couple to a network. The attack detection modules operate to detect a potential denial-of-service attack on network segment. An attack signature for the potential denial of service attack may be forwarded to one or more broker modules on the network segment. The broker modules collectively analyze the data in order to determine a source or sources for the attack.
82 Citations
6 Claims
-
1. A method comprising:
-
receiving an initialization packet from a network source on a network having a network protocol, sending an initialization acknowledgement packet in response to the initialization packet; caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time; receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time; comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time then indicating a potential denial-of-service attack. - View Dependent Claims (2, 3)
-
-
4. A machine-readable storage medium having machine executable instructions to perform a method for detecting a denial-of-service attack, the method comprising:
-
receiving an initialization packet from a network source on a network having a network protocol; sending an initialization acknowledgement packet in response to the initialization packet; caching information regarding the initialization acknowledgement packet, said information including an initialization acknowledgement packet time; receiving an acknowledgement packet from the network source, said packet having an acknowledgement arrival time; comparing the acknowledgement arrival time with the initialization acknowledgement packet time; and if the acknowledgement arrival time is after the initialization packet and before the initialization acknowledgement packet time the indicating a potential denial-of-service attack. - View Dependent Claims (5, 6)
-
Specification