Technique of defending against network flooding attacks using a connectionless protocol
First Claim
Patent Images
1. A method of preventing a flooding attack on a network server in which a large number of connectionless datagrams are received for queuing to a port on the network server, comprising:
- determining, in response to the arrival of a connectionless datagram from a host for a port on the network server, if the number of connectionless datagrams already queued to the port from the host exceeds a prescribed threshold, further comprising calculating the prescribed threshold by multiplying a percentage by the number of available queue slots for the port;
discarding the datagram, if the number of connectionless datagram already queued to the port from the host exceeds the prescribed threshold; and
queuing the connectionless datagram to a queue slot of the port, if the number of connectionless datagrams already queued to the port from the host does not exceed the prescribed threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention prevents server overload and possible server crippling due to a flooding of connectionless datagrams caused by intentional attack or otherwise. In response to a datagram from a host for a specified port, the number of datagrams already queued to the port from the host is determined. If this number exceeds a first threshold, the datagram is discarded. In the preferred embodiment, the threshold is determined by multiplying a percentage P by the number of available queue slots remaining for the port.
12 Citations
9 Claims
-
1. A method of preventing a flooding attack on a network server in which a large number of connectionless datagrams are received for queuing to a port on the network server, comprising:
-
determining, in response to the arrival of a connectionless datagram from a host for a port on the network server, if the number of connectionless datagrams already queued to the port from the host exceeds a prescribed threshold, further comprising calculating the prescribed threshold by multiplying a percentage by the number of available queue slots for the port;
discarding the datagram, if the number of connectionless datagram already queued to the port from the host exceeds the prescribed threshold; andqueuing the connectionless datagram to a queue slot of the port, if the number of connectionless datagrams already queued to the port from the host does not exceed the prescribed threshold. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the server, comprising:
-
means for determining, in response to a datagram from a host for the port on the network server, if the number of datagrams queued on the port by the host exceeds a prescribed threshold, further comprising means for calculating the prescribed threshold by multiplying a percentage by a number of available queue slots for the port; means for discarding the datagram, if the number of datagrams queued on the port by the host exceeds the prescribed threshold; and means for queuing the datagram to a queue slot of the port, if the number of datagrams queued on the port by the host does not exceed the prescribed threshold. - View Dependent Claims (6, 7)
-
-
8. A storage media containing program code that is operable by a computer for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the network server, the program code including instructions for causing the computer to execute the steps of:
-
calculating a prescribed threshold by multiplying a percentage by a number of available queue slots for the port; determining, in response to receiving a datagram from a host for the port on the network server, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold, discarding the datagram, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold; and queuing the datagram to a queue slot of the port, if the number of datagrams already queued to the port from the host does not exceed the prescribed threshold. - View Dependent Claims (9)
-
Specification