Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Packet header designating cryptographically protected data
Reexamination Certificate
2007-05-15
2007-05-15
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Packet header designating cryptographically protected data
C713S161000, C713S165000, C713S166000
Reexamination Certificate
active
10674208
ABSTRACT:
A SYN packet bandwidth Distributed Denial-of-Service (DDoS) attack is defended against by intercepting and identifying SYN packets in a “DDoS gateway” advantageously positioned at the edge of the network to be protected (e.g., one hop upstream from the protected link), and by queuing these intercepted SYN packets in a separate queue from other TCP packet queues. Edge per-flow queuing is employed to provide isolation among individual TCP connections sharing the link. A fair scheduling algorithm such as round robin scheduling is used to ensure that SYN packets (such as those generated as part of a SYN bandwidth attack) cannot overwhelm the egress link in the presence of other TCP packets.
REFERENCES:
U.S. Appl. No. 10/668,952, filed Sep. 23, 2003, Lin, D.
Bemstein, D.J., “SYN Cookies,” http://cr.yp.to/syncookies.html.
CERT Coordination Center, “TCP SYN Flooding And IP Spoofing Attacks,” Sep. 1996. http://www.cert.org/advisories/CA-1996-21.html.
Lemon, J. “Resisting SYN Flood DoS Attacks With A SYN Cache,” USENIX BSDCon 2002 Conference, San Francisco, CA. http://people.freebsd.org/˜jlemon/papers/syncache.pdf.
Lin, D., “Internet Congestion Control: Cooperative End-System And Gateway Algorithms,” Ph.D Thesis, Harvard University, 1998. http://www.eecs.harvard.edu/˜dong/lin-thesis.ps.
“Transmission Control Protocol,” prepared for Defense Advanced Research Projects Agency by Information Sciences Institute, J. Postel, Editor, Request for Comments (RFC) 793, Sep. 1981. http://www.faqs.org/rfcs/rfc793.html.
RAZOR Security Team, “The Naptha DoS Vulnerabilities,” Nov. 2000. http://razor.bindview.com/publish/advisories/adv—NAPTHA.html.
“Requirements For Internet Hosts—Communication Layers,” Internet Engineering Task Force, R. Braden, Editor, Network Working Group, Request for Comments (RFC) 1122, Section 4.2.3.6, Oct. 1989. http://www.faqs.org/rfcs/rfc1122.html.
Brown Kenneth M.
Lucent Technologies - Inc.
Peeso Thomas R.
LandOfFree
Method and apparatus for defending against SYN packet... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for defending against SYN packet..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for defending against SYN packet... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3812442