| 发明名称 |
Methods and apparatus for denial of service resistant policing of packets |
| 摘要 |
Methods and apparatus for supporting secure packet communications, e.g., sRTP/sRTCP, which are resistant to denial of service attacks are described. A received packet is identified to correspond to a particular stream being received, the stream having a current expected set of packet sequence numbers, e.g., a current window including a next expected packet sequence number and at least one packet sequence number in the expected packet window on each side of the expected packet sequence number. Unencrypted information from the received packet, e.g., a received packet sequence number, is used to determine at least one of: to drop the received packet, or to assign the packet to one of a plurality of policing levels. If the packet passes policing at its assigned policing level, the packet may undergo authentication and decryption to determine if it is a valid packet. |
| 申请公布号 |
US9154460(B1) |
申请公布日期 |
2015.10.06 |
| 申请号 |
US201414179248 |
申请日期 |
2014.02.12 |
| 申请人 |
SONUS NETWORKS, INC. |
发明人 |
Bharrat Shaun Jaikarran;Li Shiping |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Straub Stephen T.;Straub Ronald P.;Straub Michael P. |
| 主权项 |
1. A communications method, the method comprising:
receiving a packet including a packet sequence number; determining whether to pass or drop said packet based on said packet sequence number and an expected range of packet sequence numbers, said expected range of packet sequence numbers including a next expected packet sequence number, at least a preceding packet sequence number and at least a subsequent packet sequence number, said preceding packet sequence number preceding said next expected packet sequence number in said expected range of packet sequence numbers, said subsequent packet sequence number following said next expected packet sequence number in said expected range of packet sequence numbers; and wherein said determining whether to pass or drop said packet based on said packet sequence number and an expected range of packet sequence numbers includes:
determining a packet policing level to apply based on the value of said packet sequence number, said determining a packet policing level to apply including assigning the received packet to a first policing level when said sequence number is the next expected packet sequence number or a gap packet sequence number, said gap packet sequence number being a packet sequence number within said expected range of packet sequence numbers for which a packet has not yet been passed, said gap packet sequence number being behind said next expected packet sequence number; anddetermining to drop and dropping said packet if said sequence number is a repeat of a sequence number of a previously passed valid packet. |
| 地址 |
Westford MA US |
