Method and apparatus for preventing denial of service attacks
作者: Victor A. Bennett , Robert Daniel Maher
DOI:
关键词: Brute force 、 Bandwidth (computing) 、 Denial-of-service attack 、 Out-of-order delivery 、 Payload (computing) 、 Computer network 、 Computer science 、 Exploit 、 Network packet 、 Traffic flow (computer networking)
摘要: A method and apparatus for preventing denial of service type attacks on data networks is described. The involves scanning the contents packets flowing over network using a traffic flow engine. are reordered reassembled then payload scanned to determine whether they conform predetermined requirements. Data which do not reorder or reassemble correctly requirements may be dropped. Dropping prevent attack exploit bugs in TCP/IP implementation shortcomings specification engine further operable associated with validated flows. Those flows assigned higher priority while those low priority, occupy no more that maximum available bandwidth. Assigning non-validated brute force designed clog networks.
lens.org 参考文章(6)
Corey Alan Garrow, Victor A. Bennett, Milton Andre Lie, Mark Warden Hervin, Aswinkumar Vishanji Rana, Kevin William Brandon, Robert Daniel Maher, Content aware network apparatus ,(2001)
Axel K. Kloth, Rule based ip data processing ,(1999)
Anil K. Agarwal, Dattakumar M. Chitre, Method and apparatus for adaptive control of forward error correction codes ,(1998)
Pascal Thubert, Jean Lorrain, Jean-Pierre Marce, System, method, and article of manufacture for increasing link bandwidth utilization in a high speed digital network ,(1999)