Method and system for addressing attacks on a computer connected to a network
First Claim
Patent Images
1. A method for addressing attacks on a computer connected to a network comprising:
- receiving at a router a TCP SYN request to be screened;
comparing the received TCP SYN request to be screened to at least one stored tuple representative of one or more SYN requests previously received at the router and determining that the received TCP SYN request to be screened matches the stored tuple; and
in response to the determination that the received TCP SYN request to be screened matches the stored tuple, incrementing a counter associated with the stored tuple; and
in response to the counter reaching a threshold;
preventing the router from sending a TCP SYN+ACK response in response to the TCP SYN request to be screened;
dropping the TCP SYN request to be screened; and
preventing the router from allocating a transmission control block (TCB) for the TCP SYN request to be screened.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for addressing attacks on a computer connected to a network includes receiving at a router a TCP SYN request to be screened. The method also includes comparing the received TCP SYN request to be screened to at least one stored tuple representative of one or more SYN requests previously received at the router and determining that the received TCP SYN request to be screened matches the stored tuple. In response to determining that the received TCP SYN request to be screened matches the stored tuple, the TCP SYN+ACK response is prevented from being sent by the router in response to the TCP SYN request to be screened.
16 Citations
42 Claims
-
1. A method for addressing attacks on a computer connected to a network comprising:
-
receiving at a router a TCP SYN request to be screened; comparing the received TCP SYN request to be screened to at least one stored tuple representative of one or more SYN requests previously received at the router and determining that the received TCP SYN request to be screened matches the stored tuple; and in response to the determination that the received TCP SYN request to be screened matches the stored tuple, incrementing a counter associated with the stored tuple; and in response to the counter reaching a threshold; preventing the router from sending a TCP SYN+ACK response in response to the TCP SYN request to be screened; dropping the TCP SYN request to be screened; and preventing the router from allocating a transmission control block (TCB) for the TCP SYN request to be screened. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for addressing attacks on a computer connected to a network comprising:
-
a non-transitory computer-readable medium; a first cache; and a computer program stored in the non-transitory computer readable medium operable to; receive a TCP SYN request to be screened; compare the received TCP SYN request to be screened to at least one tuple stored in the first cache that is representative of one or more SYN requests previously received at the system and determine that the received TCP SYN request to be screened matches the stored tuple; and in response to the determination that the received TCP SYN request matches the stored tuple, increment a counter associated with the stored tuple; and in response to the counter reaching a threshold; prevent the system from sending a TCP SYN+ACK response in response to the TCP SYN request to be screened; drop the TCP SYN request to be screened; and prevent the system from allocating a transmission control block (TCB) for the TCP SYN request to be screened. - View Dependent Claims (13, 14, 15, 16, 17, 19, 20, 21)
-
-
18. The system of Clam 12, and further comprising a second cache and wherein the computer program is operable to move the at least one tuple into the first cache from a second cache in response to determining that a plurality of TCP SYN requests matching the at least one tuple have been received by the system and retained in the second cache.
-
22. Logic encoded in a non-transitory computer readable medium configured, when executed, to:
-
receive a TCP SYN request to be screened; compare the received TCP SYN request to be screened to at least one stored tuple representative of one or more SYN requests previously received and determine that the received TCP SYN request to be screened matches the stored tuple; and in response to the determination that the received TCP SYN request matches the stored tuple, increment a counter associated with the stored tuple; and in response to the counter reaching a threshold; prevent sending a TCP SYN+ACK response in response to the TCP SYN request to be screened; drop the TCP SYN request to be screened; and prevent allocating a transmission control block (TCB) for the TCP SYN request to be screened. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A router comprising:
-
a routing unit configured to receive and transmit packets; a first cache; and an attack mitigator configured to; receive a TCP SYN request to be screened; compare the received TCP SYN request to be screened to at least one tuple stored in the first cache that is representative of one or more SYN requests previously received at the router and determine that the received TCP SYN request to be screened matches the stored tuple; and in response to the determination that the received TCP SYN request matches the stored tuple, increment a counter associated with the stored tuple; and in response to the counter reaching a threshold; prevent the router from sending a TCP SYN+ACK response in response to the TCP SYN request to be screened; drop the TCP SYN request to be screened; and prevent the router from allocating a transmission control block (TCB) for the TCP SYN request to be screened. - View Dependent Claims (34, 35, 36, 37, 38, 40, 41)
-
-
39. The router of Clam 33, and further comprising a second cache and wherein an attack mitigator is configured to move the at least one tuple into the first cache from a second cache in response to determining that a plurality of TCP SYN requests matching the at least one tuple have been received by the system and retained in the second cache.
-
42. A system for addressing attacks on a computer connected to a network comprising:
-
means for receiving at a router a TCP SYN request to be screened; means for comparing the received TCP SYN request to be screened to at least one stored tuple representative of one or more SYN requests previously received at the router and for determining that the received TCP SYN request to be screened matches the stored tuple; and means for incrementing a counter associated with the stored tuple; and in response to the counter reaching a threshold; means for preventing the router from sending a TCP SYN+ACK response in response to the TCP SYN request to be screened; means for dropping the TCP SYN request to be screened; and means for preventing the router from allocating a transmission control block (TCB) for the TCP SYN request to be screened.
-
Specification