×

Methods and system for DMA based distributed denial of service protection

  • US 8,769,681 B1
  • Filed: 08/11/2008
  • Issued: 07/01/2014
  • Est. Priority Date: 08/11/2008
  • Status: Active Grant
First Claim
Patent Images

1. A method for protection against denial of service attacks to a server the method comprising:

  • receiving one or more TCP/IP packets over the network, at a network management device, wherein the packets are directed to a server;

    determining, by the network management device, a presence of a SYN parameter within each of the received one or more TCP/IP packets;

    assigning, by the network management device, the received one or more TCP/IP packets with the determined presence of the SYN parameter to a lower priority buffer and the received one or more TCP/IP packets without the determined presence of the SYN parameter to a higher priority buffer; and

    prioritizing, by the network management device, service of the received one or more TCP/IP packets assigned to the higher priority buffer over the received one or more TCP/IP packets assigned to the lower priority bufferreading, by the network management device, source data associated with the received one or more TCP/IP .packets, the source data comprising a network address of a computer sending the received one or more TCP/IP packets;

    determining, by the network management device, whether the assigned TCP/IP packets with the determined presence of SYN parameter requesting the new connection with the server are associated with a network address of the computer previously requesting the new connection;

    assigning, by the network management device, the assigned one or more TCP/IP packets with the determined presence of SYN parameter requesting the new connection from the lower priority buffer to a least priority buffer when the assigned one or more TCP/IP packets with the determined presence of SYN parameter are determined to be associated with the network address of the computer previously requesting the new connection andprioritizing, by the network management device, service of the assigned one or more TCP/IP packets assigned to the lower priority buffer over the assigned one or more TCP/IP packets assigned to the least priority buffer.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×