| 主权项 |
1. A method for mitigating a denial of service attack, the method comprising:
receiving, by a processor, from a client, a request to initiate a secure session between the client and a server, wherein the secure session includes a Perfect Forward Secrecy (PFS) cypher; determining, by the processor, whether the client is on a whitelist; based on a determination that the client is absent from the whitelist, sending, by the processor, a pre-generated key to the client to establish the secure session; determining, by the processor, whether the secure session is valid based on further actions associated with the client, the further actions including whether a handshake phase is finished within a predetermined time frame; based on a determination that the secure session is valid, forcing, by the processor, a renegotiation of the secure session, the renegotiation comprising:
generating, by the processor, a new key using a method for securely exchanging cryptographic keys over a public channel; andsending, by the processor, the new key to the client; and based on a determination that the established secure session is invalid,
identifying the client as taking part in a denial of service attack; andbased on the identification, denying initiation of the secure session. |
