PROTECTING COMPUTING ASSETS FROM SEGMENTED HTTP ATTACKS

摘要

A method and system for managing data traffic and protecting computing assets. The method and system includes analyzing HTTP requests to determine if the HTTP requests are overly segmented, and, if the HTTP request is overly segmented, blocking and/or black-listing the malevolent communications and computing device. The analysis to determine if an HTTP request is overly segmented includes comparing the packet's size to a threshold, identifying the packet's content or lack thereof, identifying whether the packet is the last packet in a communication, and identifying whether the packet ends with the “/n” ASCII character.

主权项

1. A computer-implemented method of detecting a Denial of Service (DoS) attack comprising:
analyzing a plurality of segmented HTTP packets that comprise a communication; and determining whether the HTTP packets are a DoS attack on a server, wherein the determination is at least partly based on a size of the HTTP packets.