SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
First Claim
1. A method for processing network traffic content, comprising:
- receiving, via a network communication interface, a packet associated with a new network traffic session;
identifying one or more Internet Protocol (IP) addresses the new network traffic session;
determining a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session;
when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than a concurrent IP address session threshold, performing flooding attack mitigation processing.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.
119 Citations
12 Claims
-
1. A method for processing network traffic content, comprising:
-
receiving, via a network communication interface, a packet associated with a new network traffic session; identifying one or more Internet Protocol (IP) addresses the new network traffic session; determining a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than a concurrent IP address session threshold, performing flooding attack mitigation processing. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
a processor; a communication interface for communicating over a network; a memory device including instructions stored thereon which when executed by the processor, cause the system to; receive, via the communication interface, a packet associated with a new network traffic session; identify one or more Internet Protocol (IP) addresses the new network traffic session; determine a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than a concurrent IP address session threshold, perform flooding attack mitigation processing. - View Dependent Claims (6, 7, 8)
-
-
9. A computer-readable storage device including a set of instructions stored thereon which when executed by a processor of a computer cause the computer to:
-
receive, via a network communication interface, a packet associated with a new network traffic session; identify one or more Internet Protocol (IP) addresses the new network traffic session; determine a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than a concurrent IP address session threshold, perform flooding attack mitigation processing. - View Dependent Claims (10, 11, 12)
-
Specification