Securing an access provider

US 8,850,046 B2
Filed: 01/30/2012
Issued: 09/30/2014
Est. Priority Date: 08/24/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A networking device that routes communications between an access requestor and an access provider, the networking device comprising:

a processor; and

a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising;

routing, to the access provider, an access request received from the access requestor, the access request causing the access provider to open a communication port for the access requestor;

after routing the access request, measuring a period of time that starts when an indication that the access provider opened the communication port for the access requester is received from the access provider;

determining that the measured period of time meets a threshold period of time and that a response from the access requestor has not been received in the measured period of time; and

based on the determination, resetting the communication port that is located on the access provider and that was opened for the access requestor.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To secure an access provider, communications to/from the access provider are monitored for a partially-completed connection transaction. Detected partially-completed connection transactions are terminated when they remain in existence for a period of time that exceeds a threshold period of time. The monitoring may include detecting partially-completed connection transactions initiated by an access requestor, measuring the period of time that a partially-completed connection transaction remains in existence, comparing the period of time with the threshold period of time, and resetting a communication port located on the access provider.

128 Citations

16 Claims

1. A networking device that routes communications between an access requestor and an access provider, the networking device comprising:
- a processor; and
  
  a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising;
  
  routing, to the access provider, an access request received from the access requestor, the access request causing the access provider to open a communication port for the access requestor;
  
  after routing the access request, measuring a period of time that starts when an indication that the access provider opened the communication port for the access requester is received from the access provider;
  
  determining that the measured period of time meets a threshold period of time and that a response from the access requestor has not been received in the measured period of time; and
  
  based on the determination, resetting the communication port that is located on the access provider and that was opened for the access requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The networking device of claim 1, wherein determining that a response from the access requestor has not been received within a threshold period of time comprises determining that an acknowledgement in a connection transaction has not been received from the access requestor within a threshold period of time.
  - 3. The networking device of claim 1, wherein determining that a response from the access requestor has not been received within a threshold period of time comprises detecting that the access requestor has engaged in a partially-completed connection transaction.
  - 4. The networking device of claim 1, wherein the operations further comprise monitoring communications with several access providers to detect partially-completed connection transactions.
  - 5. The networking device of claim 1, wherein the operations further comprise measuring, across multiple access providers, a period of time used in determining whether to terminate connections.
  - 6. The networking device of claim 1, wherein resetting the communication port that is located on the access provider and that was opened for the access requestor comprises making the communication port available for use in response to a new access request.
  - 7. The networking device of claim 1, wherein the networking device is a switch connected to multiple access providers.
  - 8. The networking device of claim 7, wherein the switch routes access requests to the multiple access providers using hashing techniques to reduce the likelihood of overwhelming any particular access provider.

9. A method of handling communication between an access requestor and an access provider, the method comprising:
- routing, to an access provider and by a networking device that routes communications between an access requestor and the access provider, an access request received from the access requestor, the access request causing the access provider to open a communication port for the access requestor;
  
  after routing the access request, measuring, by the networking device, a period of time that starts when an indication that the access provider opened the communication port for the access requester is received from the access provider;
  
  determining, by the networking device, that the measured period of time meets a threshold period of time and that a response from the access requestor has not been received in the measured period of time; and
  
  based on the determination, resetting, by the networking device, the communication port that is located on the access provider and that was opened for the access requestor.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein determining that a response from the access requestor has not been received within a threshold period of time comprises determining that an acknowledgement in a connection transaction has not been received from the access requestor within a threshold period of time.
  - 11. The method of claim 9, wherein determining that a response from the access requestor has not been received within a threshold period of time comprises detecting that the access requestor has engaged in a partially-completed connection transaction.
  - 12. The method of claim 9, further comprising monitoring, by the networking device, communications with several access providers to detect partially-completed connection transactions.
  - 13. The method of claim 9, further comprising measuring, across multiple access providers by the networking device, a period of time used in determining whether to terminate connections.
  - 14. The method of claim 9, wherein resetting the communication port that is located on the access provider and that was opened for the access requestor comprises making the communication port available for use in response to a new access request.
  - 15. The method of claim 9, wherein the networking device is a switch connected to multiple access providers.
  - 16. The method of claim 15, wherein the switch routes access requests to the multiple access providers using hashing techniques to reduce the likelihood of overwhelming any particular access provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AOL Inc. (Apollo Global Management, Inc.), Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
AOL Inc. (Apollo Global Management, Inc.), Foundry Networks LLC (Broadcom, Inc.)
Inventors
Wright, Christopher J., Hufford, Patrick, Rolon, Terry, Robertson, Jonathan K., Stehnach, Thomas, Jalan, Rajkumar
Primary Examiner(s)
SHINGLES, KRISTIE D

Application Number

US13/361,765
Publication Number

US 20120131671A1
Time in Patent Office

974 Days
Field of Search

709/224, 709/225, 709/227, 709/229
US Class Current

709/229
CPC Class Codes

H04L 45/50   using label swapping, e.g. ...

H04L 47/822   Collecting or measuring res...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

Securing an access provider

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Securing an access provider

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links