×

Preventing network denial of service attacks by early discard of out-of-order segments

  • US 8,074,275 B2
  • Filed: 02/01/2006
  • Issued: 12/06/2011
  • Est. Priority Date: 02/01/2006
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • establishing a connection between a first network node and a second network node using a transport-layer network protocol;

    creating a dynamically-sized reassembly queue for the connection between the first network node and the second network node, the dynamically-sized reassembly queue having a size based on a buffer size of an input interface with which the connection is associated;

    receiving a segment on the connection;

    determining whether the received segment is an out-of-order segment;

    in response to determining that the received segment is not an out-of-order segment, then performing normal processing on the received segment;

    in response to determining that the received segment is an out-of-order segment, then prior to performing processing of the received segment on the connection other than error check processing, determining whether the dynamically-sized reassembly queue is full;

    in response to determining that the dynamically-sized reassembly queue is full, then determining, based upon one or more enlargement factors, whether the dynamically-sized reassembly queue should be enlarged, wherein the one or more enlargement factors include one or more of an amount of system load, an amount of available memory, a number of connections on the interface, and information from one or more other attack detection applications;

    in response to determining both that the dynamically-sized reassembly queue is full and that the dynamically-sized reassembly queue should be enlarged based upon the one or more enlargement factors, then dynamically enlarging the dynamically-sized reassembly queue to create an enlarged dynamically-sized reassembly queue and queuing the received segment to the enlarged dynamically-sized reassembly queue, andin response to determining that the received segment is an out-of-order segment, that the dynamically-sized reassembly queue is full and that the dynamically-sized reassembly queue should not be enlarged based upon the one or more enlargement factors, then prior to performing processing of the received segment on the connection other than error check processing, discarding the received segment.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×