Patent
Technique of defending against network flooding attacks using a connectionless protocol
| العنوان: | Technique of defending against network flooding attacks using a connectionless protocol |
|---|---|
| Patent Number: | 7,873,991 |
| تاريخ النشر: | January 18, 2011 |
| Appl. No: | 09/503608 |
| Application Filed: | February 11, 2000 |
| مستخلص: | The invention prevents server overload and possible server crippling due to a flooding of connectionless datagrams caused by intentional attack or otherwise. In response to a datagram from a host for a specified port, the number of datagrams already queued to the port from the host is determined. If this number exceeds a first threshold, the datagram is discarded. In the preferred embodiment, the threshold is determined by multiplying a percentage P by the number of available queue slots remaining for the port. |
| Inventors: | Attwood, Kira Sterling (Chapel Hill, NC, US); Overby, Jr., Linwood Hugh (Raleigh, NC, US); Sun, Chien-En (Chapel Hill, NC, US) |
| Assignees: | International Business Machines Corporation (Armonk, NY, US) |
| Claim: | 1. A method of preventing a flooding attack on a network server in which a large number of connectionless datagrams are received for queuing to a port on the network server, comprising: determining, in response to the arrival of a connectionless datagram from a host for a port on the network server, if the number of connectionless datagrams already queued to the port from the host exceeds a prescribed threshold, further comprising calculating the prescribed threshold by multiplying a percentage by the number of available queue slots for the port; discarding the datagram, if the number of connectionless datagram already queued to the port from the host exceeds the prescribed threshold; and queuing the connectionless datagram to a queue slot of the port, if the number of connectionless datagrams already queued to the port from the host does not exceed the prescribed threshold. |
| Claim: | 2. The method of claim 1 further comprising: configuring a maximum number of connectionless datagrams allowed to be queued at the port. |
| Claim: | 3. The method of claim 2 wherein the configuring step further includes configuring a controlling percentage of available queue slots remaining for the port; and wherein the prescribed threshold is based on the controlling percentage of available queue slots remaining for the port. |
| Claim: | 4. The method of claim 1 wherein the port comprises a plurality of queue slots, the method further comprising: maintaining a number of available queue slots of the plurality of queue slots for the port. |
| Claim: | 5. An apparatus for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the server, comprising: means for determining, in response to a datagram from a host for the port on the network server, if the number of datagrams queued on the port by the host exceeds a prescribed threshold, further comprising means for calculating the prescribed threshold by multiplying a percentage by a number of available queue slots for the port; means for discarding the datagram, if the number of datagrams queued on the port by the host exceeds the prescribed threshold; and means for queuing the datagram to a queue slot of the port, if the number of datagrams queued on the port by the host does not exceed the prescribed threshold. |
| Claim: | 6. The apparatus of claim 5 further comprising: a means for configuring a maximum number of connectionless datagrams allowed to be queued at the port. |
| Claim: | 7. The apparatus of claim 6 wherein the means for configuring further comprises means for configuring a controlling percentage of available queue slots remaining for the port. |
| Claim: | 8. A storage media containing program code that is operable by a computer for preventing a flooding attack on a network server in which a large number of datagrams are received for queuing to a port on the network server, the program code including instructions for causing the computer to execute the steps of: calculating a prescribed threshold by multiplying a percentage by a number of available queue slots for the port; determining, in response to receiving a datagram from a host for the port on the network server, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold, discarding the datagram, if the number of datagrams already queued to the port from the host exceeds the prescribed threshold; and queuing the datagram to a queue slot of the port, if the number of datagrams already queued to the port from the host does not exceed the prescribed threshold. |
| Claim: | 9. The storage media of claim 8 wherein the computer is the network server. |
| Current U.S. Class: | 726/11 |
| Patent References Cited: | 5878224 March 1999 Smith 6052788 April 2000 Wesinger et al. 6125397 September 2000 Yoshimura et al. 6182226 January 2001 Reid et al. 6219728 April 2001 Yin 6317786 November 2001 Yamane et al. 6515963 February 2003 Bechtolsheim et al. 6725378 April 2004 Schuba et al. 6735702 May 2004 Yavatkar et al. 09-218837 August 1997 2000-032056 January 2000 |
| Other References: | W. Richard Stevens, TCP/IP Illustrated, vol. 1 The Protocols, Addison-Wesley, Copyright 1994 pp. 33, 143-147. cited by examiner CERT Advisory CA-96.01: “Topic UDP Port Denial-of-Service Attack”; vom 24. Sep. 1997; CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University Pittsborugh Patentanspruch 15213-3890, USA. cited by other Farrow, R. “TCP SYN Flooding Attacks and Remedies”, Sep. 4, 1999. cited by other Shiral, Y. “Why Asking for Bandwidth Control Technology”, Computer & Network, OHM May 1, 199. cited by other |
| Primary Examiner: | Tran, Ellen |
| رقم الانضمام: | edspgr.07873991 |
| قاعدة البيانات: | USPTO Patent Grants |
| الوصف غير متاح. |