×

Network and application attack protection based on application layer message inspection

  • US 7,725,934 B2
  • Filed: 12/07/2004
  • Issued: 05/25/2010
  • Est. Priority Date: 12/07/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method of preventing a network and application denial-of-service attack, the method comprising the computer-implemented steps of:

  • accepting one or more specified criteria at a network element after receiving and routing one or more previous data packets at the network element, wherein the one or more specified criteria comprise a set of denial-of-service attack detection criteria;

    receiving, at the network element, one or more data packets that collectively contain an application layer message;

    determining the application layer message, at the network element, from one or more payload portions of the one or more data packets;

    determining whether the application layer message satisfies one or more specified criteria; and

    if the application layer message satisfies the one or more specified criteria, then preventing the one or more data packets from being received by an application for which the application layer message was intended, wherein the application is at a different network element from the network element;

    wherein determining whether the application layer message satisfies the one or more specified criteria comprises;

    determining an application layer protocol according to which the application layer message was communicated;

    selecting, from among a plurality of firewall mechanisms, a particular firewall mechanism that is mapped to the application layer protocol;

    applying the particular firewall mechanism to the application layer message;

    determining whether a particular class of messages is being used to mount an attack;

    in response to detecting that a particular class of messages is being used to mount an attack, configuring another firewall mechanism, in another network element external to the network element, that allows or denies messages based on header attributes of layer 4 or below;

    wherein the method is performed by one or more computing processors.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×