SERVER WITH MECHANISM FOR CHANGING TREATMENT OF CLIENT CONNECTIONS DETERMINED TO BE RELATED TO ATTACKS
1 Assignment
0 Petitions
Accused Products
Abstract
According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.
-
Citations
47 Claims
-
1-24. -24. (canceled)
-
25. A method executed by a server interacting with a client over one or more computer communications networks, the method comprising:
-
establishing a connection with a client over one or more computer communications networks; receiving at least one message over the connection from the client; during the time the connection is open, determining that any of the client and the connection exhibits one or more attack characteristics; as a result of the determination, the server changing its treatment of the connection such that the server thereafter; (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and (ii) does not send a response to application-layer messages received from the client. - View Dependent Claims (26, 27, 28, 29, 31, 32, 33, 34, 35)
-
-
30. (canceled)
-
36. A server, comprising:
-
circuitry forming one or more processors that execute computer-readable instructions; memory holding computer-readable instructions for execution by the one or more processors; the computer-readable instructions, when executed by the one or more processors, causing the server to; establish a connection with a client over one or more computer communications networks; receive at least one message over the connection from the client; during the time the connection is open, determine that any of the client and the connection exhibits one or more attack characteristics; as a result of the determination, the server changing its treatment of the connection such that the server thereafter; (i) sends at least one transport-layer message to the client over the connection to keep the connection open, and (ii) does not send a response to application-layer messages received from the client. - View Dependent Claims (37, 38, 39, 40, 42, 43, 44, 45, 46)
-
-
41. (canceled)
-
47-55. -55. (canceled)
Specification