Systems and methods for detecting and preventing flooding attacks in a network environment
First Claim
Patent Images
1. A method for processing network traffic content, comprising:
- receiving, via a network communication interface, a packet associated with a new concurrent network traffic session;
identifying one or more Internet Protocol (IP) addresses of the new concurrent network traffic session;
determining a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session;
identifying a concurrent IP address session threshold that is IP address, time of day the received packet was created, and packet type specific based on a type of the received packet, a current time of day, and at least one of the one or more IP addresses associated with the new concurrent network traffic session;
when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than the identified concurrent IP address session threshold, performing flooding attack mitigation processing.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.
33 Citations
12 Claims
-
1. A method for processing network traffic content, comprising:
-
receiving, via a network communication interface, a packet associated with a new concurrent network traffic session; identifying one or more Internet Protocol (IP) addresses of the new concurrent network traffic session; determining a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; identifying a concurrent IP address session threshold that is IP address, time of day the received packet was created, and packet type specific based on a type of the received packet, a current time of day, and at least one of the one or more IP addresses associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than the identified concurrent IP address session threshold, performing flooding attack mitigation processing. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
a processor; a communication interface for communicating over a network; a memory device including instructions stored thereon which when executed by the processor, cause the system to; receive, via the communication interface, a packet associated with a new concurrent network traffic session; identify one or more Internet Protocol (IP) addresses of the new concurrent network traffic session; identify a concurrent IP address session threshold that is IP address, time of day, and packet type specific based on a type of the received packet, a current time of day the received packet was created, and at least one of the one or more IP addresses associated with the new concurrent network traffic session; determine a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than the concurrent IP address session threshold, perform flooding attack mitigation processing. - View Dependent Claims (6, 7, 8)
-
-
9. A computer-readable storage device including a set of instructions stored thereon which when executed by a processor of a computer cause the computer to:
-
receive, via a network communication interface, a packet associated with a new concurrent network traffic session; identify one or more Internet Protocol (IP) addresses of the new concurrent network traffic session; determine a number of concurrent sessions associated with at least one of the one or more IP address associated with the new concurrent network traffic session; identify a concurrent IP address session threshold that is IP address, time of day the received packet was created, and packet type specific based on a type of the received packet, a current time of day, and at least one of the one or more IP addresses associated with the new concurrent network traffic session; when the number of concurrent sessions associated with the at least one of the one or more IP addresses associated with the new concurrent network traffic session is greater than the concurrent IP address session threshold, perform flooding attack mitigation processing. - View Dependent Claims (10, 11, 12)
-
Specification