Technique of defending against network flooding attacks using a connectionless protocol

US 7,873,991 B1
Filed: 02/11/2000
Issued: 01/18/2011
Est. Priority Date: 02/11/2000
Status: Active Grant

First Claim

Patent Images

1. A method of preventing a flooding attack on a network server in which a large number of connectionless datagrams are received for queuing to a port on the network server, comprising:

determining, in response to the arrival of a connectionless datagram from a host for a port on the network server, if the number of connectionless datagrams already queued to the port from the host exceeds a prescribed threshold, further comprising calculating the prescribed threshold by multiplying a percentage by the number of available queue slots for the port;

discarding the datagram, if the number of connectionless datagram already queued to the port from the host exceeds the prescribed threshold; and

queuing the connectionless datagram to a queue slot of the port, if the number of connectionless datagrams already queued to the port from the host does not exceed the prescribed threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention prevents server overload and possible server crippling due to a flooding of connectionless datagrams caused by intentional attack or otherwise. In response to a datagram from a host for a specified port, the number of datagrams already queued to the port from the host is determined. If this number exceeds a first threshold, the datagram is discarded. In the preferred embodiment, the threshold is determined by multiplying a percentage P by the number of available queue slots remaining for the port.

12 Citations

View as Search Results

9 Claims

1. A method of preventing a flooding attack on a network server in which a large number of connectionless datagrams are received for queuing to a port on the network server, comprising:
- determining, in response to the arrival of a connectionless datagram from a host for a port on the network server, if the number of connectionless datagrams already queued to the port from the host exceeds a prescribed threshold, further comprising calculating the prescribed threshold by multiplying a percentage by the number of available queue slots for the port;
  
  discarding the datagram, if the number of connectionless datagram already queued to the port from the host exceeds the prescribed threshold; and
  
  queuing the connectionless datagram to a queue slot of the port, if the number of connectionless datagrams already queued to the port from the host does not exceed the prescribed threshold.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - configuring a maximum number of connectionless datagrams allowed to be queued at the port.
  - 3. The method of claim 2 wherein the configuring step further includes configuring a controlling percentage of available queue slots remaining for the port;
    - and wherein the prescribed threshold is based on the controlling percentage of available queue slots remaining for the port.
  - 4. The method of claim 1 wherein the port comprises a plurality of queue slots, the method further comprising:
    - maintaining a number of available queue slots of the plurality of queue slots for the port.

5. An apparatus for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the server, comprising:
- means for determining, in response to a datagram from a host for the port on the network server, if the number of datagrams queued on the port by the host exceeds a prescribed threshold, further comprising means for calculating the prescribed threshold by multiplying a percentage by a number of available queue slots for the port;
  
  means for discarding the datagram, if the number of datagrams queued on the port by the host exceeds the prescribed threshold; and
  
  means for queuing the datagram to a queue slot of the port, if the number of datagrams queued on the port by the host does not exceed the prescribed threshold.
- View Dependent Claims (6, 7)
- - 6. The apparatus of claim 5 further comprising:
    - a means for configuring a maximum number of connectionless datagrams allowed to be queued at the port.
  - 7. The apparatus of claim 6 wherein the means for configuring further comprises means for configuring a controlling percentage of available queue slots remaining for the port.

8. A storage media containing program code that is operable by a computer for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the network server, the program code including instructions for causing the computer to execute the steps of:
- calculating a prescribed threshold by multiplying a percentage by a number of available queue slots for the port;
  
  determining, in response to receiving a datagram from a host for the port on the network server, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold,discarding the datagram, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold; and
  
  queuing the datagram to a queue slot of the port, if the number of datagrams already queued to the port from the host does not exceed the prescribed threshold.
- View Dependent Claims (9)
- - 9. The storage media of claim 8 wherein the computer is the network server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sun, Chien-En, Attwood, Kira Sterling, Overby, Linwood Hugh Jr.
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US09/503,608
Time in Patent Office

3,994 Days
Field of Search

395200-280, 370113-501, 370/229, 370/429, 704 50-250, 710 52- 57, 711/100, 380/4, 380/25, 709/225, 709/229, 713/200, 713/201, 713/190, 714/4, 714/18, 726/22, 726/23
US Class Current

726/11
CPC Class Codes

H04L 47/30   in combination with informa...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

Technique of defending against network flooding attacks using a connectionless protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Technique of defending against network flooding attacks using a connectionless protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links