Method and apparatus for preventing denial of service attacks

Information security – Access control or authentication – Network

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S023000, C713S189000, C370S229000

Reexamination Certificate

active

07058974

ABSTRACT:
A method and apparatus for preventing denial of service type attacks on data networks is described. The method involves scanning the contents of the data packets flowing over the data network using a traffic flow scanning engine. The data packets are reordered and reassembled and then the payload contents are scanned to determine whether they conform to predetermined requirements. Data packets which do not reorder or reassemble correctly or which do not conform to the predetermined requirements may be dropped. Dropping packets which do not reorder or reassemble correctly or which do not conform to the predetermined requirements prevent denial of service attack which exploit bugs in the TCP/IP implementation or shortcomings in the TCP/IP specification The traffic flow scanning engine is further operable to determine whether the data packets are associated with validated traffic flows. Those data packets associated with validated traffic flows are assigned to a higher priority while those not associated with a validated traffic flow are assigned to a low priority, which may occupy no more that a predetermined maximum of the available bandwidth. Assigning data packets associated with a non-validated traffic flow to a low priority prevent brute force type denial of service attacks designed to clog networks.

REFERENCES:
patent: 5813001 (1998-09-01), Bennett
patent: 6477669 (2002-11-01), Agarwal et al.
patent: 6598034 (2003-07-01), Kloth
patent: 6636512 (2003-10-01), Lorrain et al.
patent: 6654373 (2003-11-01), Maher et al.
patent: 6735219 (2004-05-01), Clauberg

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and apparatus for preventing denial of service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and apparatus for preventing denial of service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for preventing denial of service attacks will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3631209

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.