Unlock instant, AI-driven research and patent intelligence for your innovation.

Server protection for distributed denial-of-service attack

A technology for servers and service requests, applied in the direction of preventing errors, using return channels for error prevention/detection, digital transmission systems, etc., and can solve problems such as servers being attacked by DDoS

Active Publication Date: 2014-12-24
JUMIPER NETWORKS INC
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the example of a poisoned index table, an unintentional attack from a forged Internet Protocol (IP) address will appear to include the correct signature
So, in this case, the firewall will allow the TCP connection to reach the server, thus exposing the server to DDoS attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Server protection for distributed denial-of-service attack
  • Server protection for distributed denial-of-service attack
  • Server protection for distributed denial-of-service attack

Examples

Experimental program
Comparison scheme
Effect test

example

[0049] Figure 6 is a diagram showing an example of establishing a TCP connection between a client and a server. Such as Figure 6 As shown, assume a client wants to establish a TCP connection to a server, and the server is protected by a firewall. The client computer can generate a SYN data packet, and transmit the SYN data packet to the server (as shown in (1)). SYN packets can be intercepted by firewalls. The firewall can determine that the SYN packet is associated with a new TCP connection request. A firewall can initiate a SYN cookie operation to generate a special signature for the ISN. The firewall can generate a SYN / ACK packet including the ISN, and transmit the SYN / ACK packet to the client (as shown in (2)).

[0050] A client can receive a SYN / ACK and generate an ACK message. The client can send an ACK packet to the server. The ACK packet can be intercepted by the firewall (as shown in (3)). If the firewall determines that the server needs protection, the fire...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A network device connects between a client and a server. The network device is configured to store information regarding an application operating on the server; receive a first message, from the client, intended for the server; generate a second message in response to the first message; send the second message to the client; receive a third message from the client; generate, based on the information regarding the application on the server, a fourth message, that includes the information regarding the application operating on the server; send the fourth message to the client; receive a service request from the client in response to the fourth message; and establish, based on the service request, a connection between the client and the server.

Description

Background technique [0001] Servers that use Transmission Control Protocol (TCP) services to provide peer-to-peer (P2P) network services are generally vulnerable to various types of denial-of-service (DoS) attacks, including distributed denial-of-service (DDoS) attacks, from external hosts on the network. As the number of peers or clients in a P2P system increases—often to numbers exceeding tens of thousands—the risk of DDoS attacks also increases. In a typical DDoS attack, the attack client can poison the central index table in the central server of the P2P system. Alternatively, the attacking client can poison the distributed index table in the distributed server. Legitimate P2P clients use information from poisoned index tables to attack servers in the P2P system. [0002] In a specific type of attack known as "synchronous (SYN) flooding," an external host floods a server by sending it a constant stream of TCP connection requests, forcing the server to allocate resources ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08H04L1/16
CPCH04L63/1458H04L63/02H04L1/1671
Inventor 郭伟华陈田万潮华
Owner JUMIPER NETWORKS INC