System and method for defeating SYN attacks
First Claim
1. A server operating on an Internet Protocol (IP) network and running Transport Control Protocol to allow the establishment of one or more TCP connections with one or more clients, the server being configured to defeat a SYN flood attack, comprising:
- a network interface card (NIC) receiving packets over the network and inserting the packets into at least one queue; and
a TCP/IP stack processing packets from the at least one queue, wherein the TCP/IP stack intentionally drops SYN packets at a SYN drop rate that is at least partly dependent upon a load on the server, the load being determined based on packet processing on the NIC.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for defeating SYN attacks are provided. When the number of packets received by a server is above the capacity of the server, the server assumes that a SYN attack is in progress. The server randomly drops SYN packets without processing them. The percentage of SYN packets dropped is increased while the load on the server exceeds capacity, and decreased while the load on the server does not exceed capacity. Under attack conditions, a percentage of TCP connections are still maintained.
102 Citations
30 Claims
-
1. A server operating on an Internet Protocol (IP) network and running Transport Control Protocol to allow the establishment of one or more TCP connections with one or more clients, the server being configured to defeat a SYN flood attack, comprising:
-
a network interface card (NIC) receiving packets over the network and inserting the packets into at least one queue; and a TCP/IP stack processing packets from the at least one queue, wherein the TCP/IP stack intentionally drops SYN packets at a SYN drop rate that is at least partly dependent upon a load on the server, the load being determined based on packet processing on the NIC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for defeating a SYN flood attack on a server, operating on an Internet Protocol (IP) network and running Transport Control Protocol to allow the establishment of one or more TCP connections with one or more clients, comprising:
-
receiving a plurality of packets, the packets including SYN packets and non-SYN packets; determining a load on the server the load being determined based on packet processing on a Network Interface Card (NIC); adjusting a SYN packet drop rate according to the load on the server, wherein the SYN packet drop rate determines how many SYN packets are dropped while processing TCP/IP packets on the server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium having computer-executable instructions for performing the steps comprising:
-
receiving a plurality of packets over a network, the packets including SYN packets and non-SYN packets; determining a load on the server, the load being determined based on packet processing on a Network Interface Card (NIC); and adjusting a SYN packet drop rate according to the load on the server, wherein the SYN packet drop rate determines how many SYN packets are dropped by a TCP/IP stack. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification