×

Method and apparatus for limiting denial of service attack by limiting traffic for hosts

  • US 7,640,591 B1
  • Filed: 04/22/2005
  • Issued: 12/29/2009
  • Est. Priority Date: 04/22/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for controlling a denial of service attack on a host comprising:

  • receiving a plurality of packets from a network;

    identifying an attacking host based on a severity level of the denial of service (DOS) attack from the network;

    automatically re-configuring, in response to the identifying, a classifier to forward each of the plurality of packets associated with the attacking host to a temporary data structure associated with the severity level of the DOS attack, wherein the classifier is located on a physical network interface card operatively connected to the host, wherein the temporary data structure is one of a plurality of temporary data structures on the host, wherein each of the plurality of temporary data structures is associated with one of a plurality of severity levels, and wherein the attacking host is identified using an identifying attack characteristic;

    identifying, by the classifier, each of the plurality of packets associated with the identifying attack characteristic;

    forwarding each of the identified plurality of packets associated with the identifying attack characteristic to the temporary data structure;

    requesting, by the host, a number of packets from the temporary data structure to be placed in a virtual serialization queue, wherein the virtual serialization queue is associated with the temporary data structure;

    forwarding the number of packets to the virtual serialization queue; and

    creating a virtual network stack prior to receiving the plurality of packets from the network, wherein the virtual serialization queue is associated with a virtual network stack matching the severity level;

    wherein creating the virtual network stack comprises;

    creating the virtual serialization queue;

    binding the virtual serialization queue to a central processing unit;

    binding the virtual serialization queue to a packet destination;

    creating a virtual network interface card (NIC);

    binding the virtual serialization queue to the virtual NIC and a virtual protocol stack to obtain the virtual network stack; and

    specifying the severity level associated with the virtual serialization queue.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×