Router based defense against denial of service attacks using dynamic feedback from attacked host
First Claim
1. A method for processing packets, comprising:
- receiving a first packet from a network by an edge device, wherein the edge device comprises a first list and a second list, wherein first list is associated with a first queue, the second list is associated with a second queue, and wherein the first packet is directed to a first host;
analyzing, by the edge device, the first packet to obtain first packet information used to determine to which temporary data structure to forward the first packet, wherein the first packet information identifies a source of the first packet;
in response to determining that the first list does not specify the source;
forwarding, by the edge device, the first packet to the second queue,processing the first packet from the second queue, wherein processing the first packet from the second queue comprises;
sending a message to the first host operatively connected to the edge device to send a first test to the source;
sending the first test to the source by the first host using the packet information,obtaining an unsuccessful response to the first test by the host;
forwarding, by the host, the unsuccessful response to the edge device; and
placing the first packet information on the second list based on the unsuccessful response to the first test;
receiving a second packet from the network by the edge device, wherein the second packet is directed to a second host;
after receiving the second packet;
analyzing, by the edge device, the second packet to obtain second packet information, wherein the second packet information identifies that the second packet was received from the source; and
in response to determining that the second list comprises the source, dropping the second packet by the edge device.
2 Assignments
0 Petitions
Accused Products
Abstract
An edge device including a first list and a second list, a first queue and a second queue configured to receive packets, wherein packet information for each of the packets forwarded to the first queue is on a first list and packet information for each of the packets forwarded to the second queue is not on the first list. The edge device is configured to, for each of the packets stored in the second queue, send a message to a host to send a first test to a source of the packet, wherein the host is operatively connected to the edge device, obtain a response to the first test from the host, place the packet information on the first list, if a successful response to the first test is received, and place the packet information on a second list, if an unsuccessful response to the first test is received.
-
Citations
20 Claims
-
1. A method for processing packets, comprising:
-
receiving a first packet from a network by an edge device, wherein the edge device comprises a first list and a second list, wherein first list is associated with a first queue, the second list is associated with a second queue, and wherein the first packet is directed to a first host; analyzing, by the edge device, the first packet to obtain first packet information used to determine to which temporary data structure to forward the first packet, wherein the first packet information identifies a source of the first packet; in response to determining that the first list does not specify the source; forwarding, by the edge device, the first packet to the second queue, processing the first packet from the second queue, wherein processing the first packet from the second queue comprises; sending a message to the first host operatively connected to the edge device to send a first test to the source; sending the first test to the source by the first host using the packet information, obtaining an unsuccessful response to the first test by the host; forwarding, by the host, the unsuccessful response to the edge device; and placing the first packet information on the second list based on the unsuccessful response to the first test; receiving a second packet from the network by the edge device, wherein the second packet is directed to a second host; after receiving the second packet; analyzing, by the edge device, the second packet to obtain second packet information, wherein the second packet information identifies that the second packet was received from the source; and in response to determining that the second list comprises the source, dropping the second packet by the edge device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An edge device, comprising:
-
a first list and a second list comprising packet information; a first queue configured to receive packets, wherein packet information for each of a plurality of packets forwarded to the first queue is on a first list; a second queue configured to receive packets, wherein packet information for each of the plurality of packets forwarded to the second queue is not on the first list; wherein the edge device is configured to; receive a first packet of the plurality of packets from a network, wherein the first packet is directed to a first host; analyze the first packet to determine that packet information of the first packet is not in the first list, wherein the packet information of the first packet identifies a source of the first packet; forward the first packet to the second queue based on the source not being specified in the first list; process the first packet from the second queue, wherein processing the first packet comprises; sending a message to the first host to send a first test to the source, wherein the first host is operatively connected to the edge device, and wherein the host obtains, in response to the first test, an unsuccessful response from the source; obtaining the unsuccessful response to the first test from the host; and placing the first packet information on the second list based on the unsuccessful response to the first test; receive a second packet of the plurality of packets from the network, wherein the second packet is directed to a second host; after receiving the second packet; analyze the second packet to obtain packet information of the second packet, wherein the packet information of the second packet identifies that the second packet was received from the source; and in response to determining that the second list comprises the source, dropping the second packet by the edge device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable medium, comprising instructions stored thereon for:
-
receiving a first packet from a network by an edge device, wherein the edge device comprises a first list and a second list, wherein the first list is associated with a first queue, wherein the second list is associated with a second queue, and wherein the first packet is directed to a first host; analyzing, by the edge device, the first packet to obtain first packet information used to determine to which temporary data structure to forward the first packet, wherein the packet information identifies a source of the first packet; in response to determining that the first list does not specify the source; forwarding, by the edge device, the first packet to the second queue, processing the first packet from the second queue, wherein processing the first packet from the second queue comprises; sending a message to the first host operatively connected to the edge device to send a first test to the source; sending the first test to the source by the first host using the packet information, obtaining an unsuccessful response to the first test by the host; forwarding, by the host, the unsuccessful response to the edge device; and placing the first packet information on the second list based on the unsuccessful response to the first test; receiving a second packet from the network by the edge device, wherein the second packet is directed to a second host; after receiving the second packet; analyzing, by the edge device, the second packet to obtain second packet information, wherein the second packet information identifies that the second packet was received from the source; and in response to determining that the second list comprises the source, dropping the second packet by the edge device. - View Dependent Claims (20)
-
Specification