Securing an access provider
First Claim
Patent Images
1. A method of monitoring access requests to access providers comprising:
- observing, using an intermediary device other than an access providing host that assigns resources responsive to inbound access requests, information identifying a requestor based on receipt of the requestor'"'"'s submission of an access request to a first access providing host;
accessing, using the intermediary device, stored information identifying previous requestors, of the first access providing host as well as of other access providing hosts, that are determined to have submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request;
comparing, using the intermediary device, the observed information identifying the requestor to the stored information identifying previous requestors; and
when the comparison reveals that the requestor has submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request, denying, using the intermediary device, the access request submitted by the requestor while denying passage of the access request to the first access providing host,wherein the intermediary device is a switch capable of performing load balancing for the first access providing host as well as the other access providing hosts.
10 Assignments
0 Petitions
Accused Products
Abstract
To secure an access provider, communications to/from the access provider are monitored for a partially-completed connection transaction. Detected partially-completed connection transactions are terminated when they remain in existence for a period of time that exceeds a threshold period of time. The monitoring may include detecting partially-completed connection transactions initiated by an access requestor, measuring the period of time that a partially-completed connection transaction remains in existence, comparing the period of time with the threshold period of time, and resetting a communication port located on the access provider.
120 Citations
35 Claims
-
1. A method of monitoring access requests to access providers comprising:
-
observing, using an intermediary device other than an access providing host that assigns resources responsive to inbound access requests, information identifying a requestor based on receipt of the requestor'"'"'s submission of an access request to a first access providing host; accessing, using the intermediary device, stored information identifying previous requestors, of the first access providing host as well as of other access providing hosts, that are determined to have submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request; comparing, using the intermediary device, the observed information identifying the requestor to the stored information identifying previous requestors; and when the comparison reveals that the requestor has submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request, denying, using the intermediary device, the access request submitted by the requestor while denying passage of the access request to the first access providing host, wherein the intermediary device is a switch capable of performing load balancing for the first access providing host as well as the other access providing hosts. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A networking device, other than an access providing host that assigns resources responsive to inbound access requests, comprising:
-
a processor; and a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising; observing information identifying a requestor based on receipt of the requestor'"'"'s submission of an access request to a first access providing host; accessing stored information identifying previous requestors, of the first access providing host as well as of other access providing hosts, that are determined to have submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request; comparing the observed information identifying the requestor to the stored information identifying previous requestors; and when the comparison reveals that the requestor has submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request, denying the access request submitted by the requestor while denying passage of the access request to the first access providing host, wherein the networking device is a switch capable of performing load balancing for the first access providing host as well as the other access providing hosts. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A storage medium encoded with instructions that, when executed by a processing device, operate to cause the processing device to perform operations comprising:
-
observing, using an intermediary device other than an access providing host that assigns resources responsive to inbound access requests, information identifying a requestor based on receipt of the requestor'"'"'s submission of an access request to a first access providing host; accessing, using the intermediary device, stored information identifying previous requestors, of the first access providing host as well as of other access providing hosts, that are determined to have submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request; comparing, using the intermediary device, the observed information identifying the requestor to the stored information identifying previous requestors; and when the comparison reveals that the requestor has submitted a previous access request that has timed out prior to submission of an acknowledgement corresponding to the previous access request, denying, using the intermediary device, the access request submitted by the requestor while denying passage of the access request to the first access providing host, wherein the intermediary device is a switch capable of performing load balancing for the first access providing host as well as the other access providing hosts. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of handling connection transactions, the method comprising:
-
receiving, at an intermediary device, a connection transaction request from a requestor device that requests access to an access providing host; using information identifying requestor devices, of other access providing hosts, that previously submitted a partially-completed connection transaction request to determine whether to block the connection transaction request to the access providing host; and blocking, at the intermediary device, the connection transaction request in response to a determination to block the connection transaction request, wherein the intermediary device is a switch capable of performing load balancing for the access providing host as well as the other access providing hosts. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A networking device comprising:
-
a processor; and a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising; receiving a connection transaction request from a requestor device that requests access to an access providing host; using information identifying requestor devices, of other access providing hosts, that previously submitted a partially-completed connection transaction request to determine whether to block the connection transaction request to the access providing host; and blocking the connection transaction request in response to a determination to block the connection transaction request, wherein the networking device is a switch capable of performing load balancing for the access providing host as well as the other access providing hosts. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification