Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2008-07-22
2008-07-22
Zand, Kambiz (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
C370S392000, C713S188000
Reexamination Certificate
active
07404210
ABSTRACT:
A Distributed Denial-of-Service (DDoS) attack by a TCP stateless hog is defeated with use of an enhancement to the keep-alive mechanism provided by RFC 1122. A TCP server receives a new TCP connection request from a possible attacker and sends a keep-alive probe packet back thereto using an “invalid” sequence number. Illustratively, this “invalid” sequence number comprises a random number selected to be reasonably distant from the actual current sequence number. When a responsive packet is received from the potential attacker, the TCP server verifies the accuracy of the acknowledgement number in the received packet, thereby determining whether the potential attacker may be a TCP stateless hog.
REFERENCES:
patent: 2006/0230129 (2006-10-01), Swami et al.
“More information on RST cookies” Clavister [Knowledge Base Article #1006], Published: Jun. 4, 2006, [on line] Interact: http://www.clavister.com/sup—port/kb/100061.
Bernstein, D.J., “SYN Cookies,” http://cr.yp.to/syncookies.html.
CERT Coordination Center, “TCP SYN Flooding And IP Spoofing Attacks,” Sep. 1996. http://www.cert.org/advisories/CA-1996-21.html.
Lemon, J. “Resisting SYN Flood DoS Attacks With A SYN Cache,” USENIX BSDCon 2002 Conference, San Francisco, CA. http://people.freebsd.org/˜jlemon/papers/syncache.pdf.
Lin, D., “Internet Congestion Control: Cooperative End-System And Gateway Algorithms,” Ph.D Thesis, Harvard University, 1998. http://www.eecs.harvard.edu/˜dong/lin-thesis.ps.
“Transmission Control Protocol,” prepared for Defense Advanced Research Projects Agency by Information Sciences Institute, J. Postel, Editor, Request for Comments (RFC) 793, Sep. 1981. http://www.faqs.org/rfcs/rfc793.html.
RAZOR Security Team, “The Naptha DoS Vulnerabilities,” Nov. 2002. http://razor.bindview.com/publish/advisories/adv—NAPTHA.html.
“Requirements For Internet Hosts—Communication Layers,” Internet Engineering Task Force, R. Braden, Editor, Network Working Group, Request for Comments (RFC) 1122, Section 4.2.3.6, Oct. 1989. http://www.faqs.org/rfcs/rfc1122.html.
Brown Kenneth M.
Lipman Jacob
Lucent Technologies - Inc.
Zand Kambiz
LandOfFree
Method and apparatus for defending against distributed... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for defending against distributed..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for defending against distributed... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2809578