×

Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth

  • US 7,613,193 B2
  • Filed: 02/03/2006
  • Issued: 11/03/2009
  • Est. Priority Date: 02/04/2005
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method comprising:

  • in response to a firewall receiving a transport control protocol synchronization (TCP SYN) request packet that is sent towards a first node from a second node, said TCP SYN request packet comprising a sequence value (“

    seq”

    ), sending to the second node an acknowledgement and synchronization (SYN|ACK) packet, said SYN|ACK packet comprising a seq and an ack_sequence value (“

    ack_seq”

    ), where ack_seq of the SYN|ACK packet is not equal to the TCP SYN request packet'"'"'s seq+1, wherein the ack_seq of the SYN|ACK packet is determined by a function that utilizes a secret value known to the firewall, IP address information, and a HASH function, wherein the secret value is not known to the second node;

    in response to receiving a transport control protocol reset (TCP RST) packet from the second node, verifying that the seq in the TCP RST packet matches the ack_seq of the SYN|ACK packet and, if it does, designating the connection with the second node as an authorized connection;

    sending an additional transport control protocol (TCP) packet to the second node, where the additional TCP packet does not have a SYN or ACK flag but does comprise a sequence value (“

    seq”

    ) equal to the seq of the TCP SYN request packet;

    after designating the connection with the second node as an authorized connection, using the seq of an additional received TCP RST packet to construct a synchronization (SYN) packet similar to the original TCP SYN request packet; and

    sending the constructed SYN packet to the first node to further enable a secure connection.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×