SERVER WITH MECHANISM FOR CHANGING TREATMENT OF CLIENT CONNECTIONS DETERMINED TO BE RELATED TO ATTACKS

US 20150040221A1
Filed: 10/22/2014
Published: 02/05/2015
Est. Priority Date: 10/04/2012
Status: Active Grant

First Claim

Patent Images

1-24. -24. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.

Citations

47 Claims

1-24. -24. (canceled)

25. A method executed by a server interacting with a client over one or more computer communications networks, the method comprising:
- establishing a connection with a client over one or more computer communications networks;
  
  receiving at least one message over the connection from the client;
  
  during the time the connection is open, determining that any of the client and the connection exhibits one or more attack characteristics;
  
  as a result of the determination, the server changing its treatment of the connection such that the server thereafter;
  
  (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and(ii) does not send a response to application-layer messages received from the client.
- View Dependent Claims (26, 27, 28, 29, 31, 32, 33, 34, 35)
- - 26. The method of claim 25, wherein subsequently any of (i) the server closes the connection and (ii) the server receives a message from the client that closes the connection.
  - 27. The method of claim 25, wherein the determination is based on at least one of client attributes, connection attributes, and client behavior during the connection.
  - 28. The method of claim 25, wherein as a result of said determination, the server transitions responsibility for handling messages arriving via the connection from a first program to a second program, while keeping the connection open.
  - 29. The method of claim 28, wherein the second program (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and (ii) does not send a response to application-layer messages received from the client.
  - 31. The method of claim 28, wherein the second program sends at least one message to the client over the connection after said transfer.
  - 32. The method of claim 28, wherein the first program comprises an HTTP server application.
  - 33. The method of claim 28, wherein the second program comprises any of an operating system kernel module and a user-space application.
  - 34. The method of claim 28, wherein the second program comprises a packet filter in an operating system kernel executing in the server.
  - 35. The method of claim 25, wherein the connection comprises a TCP connection.

30. (canceled)

36. A server, comprising:
- circuitry forming one or more processors that execute computer-readable instructions;
  
  memory holding computer-readable instructions for execution by the one or more processors;
  
  the computer-readable instructions, when executed by the one or more processors, causing the server to;
  
  establish a connection with a client over one or more computer communications networks;
  
  receive at least one message over the connection from the client;
  
  during the time the connection is open, determine that any of the client and the connection exhibits one or more attack characteristics;
  
  as a result of the determination, the server changing its treatment of the connection such that the server thereafter;
  
  (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and(ii) does not send a response to application-layer messages received from the client.
- View Dependent Claims (37, 38, 39, 40, 42, 43, 44, 45, 46)
- - 37. The server of claim 36, wherein subsequently any of (i) the server closes the connection and (ii) the server receives a message from the client that closes the connection.
  - 38. The server of claim 36, wherein the determination is based on at least one of client attributes, connection attributes, and client behavior during the connection.
  - 39. The server of claim 36, wherein as a result of said determination, the server transitions responsibility for handling messages arriving via the connection from a first program to a second program, while keeping the connection open.
  - 40. The server of claim 39, wherein the second program (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and (ii) does not send a response to application-layer messages received from the client.
  - 42. The server of claim 39, wherein the second program sends at least one message to the client over the connection after said transfer.
  - 43. The server of claim 39, wherein the first program comprises an HTTP server application.
  - 44. The server of claim 39, wherein the second program comprises any of an operating system kernel module and a user-space application.
  - 45. The server of claim 39, wherein the second program comprises a packet filter in an operating system kernel executing in the server.
  - 46. The server of claim 36, wherein the connection comprises a TCP connection.

41. (canceled)

47-55. -55. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Akamai Technologies, Inc.
Inventors
Mishra, Sudhin, Ludin, Stephen L., Lisiecki, Philip A., Nygren, Erik, Dilley, John A., Hallin, Karl-Eliv J., Hunt, Joshua

Granted Patent

US 9,525,701 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 47/22   Traffic shaping

H04L 47/70   Admission control; Resource...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/1458   Denial of Service

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/56   Provisioning of proxy servi...

SERVER WITH MECHANISM FOR CHANGING TREATMENT OF CLIENT CONNECTIONS DETERMINED TO BE RELATED TO ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

SERVER WITH MECHANISM FOR CHANGING TREATMENT OF CLIENT CONNECTIONS DETERMINED TO BE RELATED TO ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links