发明名称 | Systems and methods for HTTP-Body DoS attack prevention with adaptive timeout | ||
摘要 | The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold. | ||
申请公布号 | US9055100(B2) | 申请公布日期 | 2015.06.09 |
申请号 | US201313858008 | 申请日期 | 2013.04.06 |
申请人 | CITRIX SYSTEMS, INC. | 发明人 | Iyengar Meghashree;Khanal Krishna;Annamalaisami Saravana;Nanjundaswamy Shashidhara |
分类号 | H04L29/06 | 主分类号 | H04L29/06 |
代理机构 | Foley & Lardner LLP | 代理人 | Foley & Lardner LLP ;McKenna Christopher J. |
主权项 | 1. A method for changing an application layer transaction timeout to prevent Denial of Service (DOS) attacks, the method comprising: (a) receiving, by a device intermediary to a client and a server, via a transport layer connection between the device and the client, a packet of an application layer transaction, the transport layer connection having a maximum segment size; (b) incrementing, by the device, an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of the maximum segment size for the transport layer connection, the device decrementing the attack counter by a predetermined decrement for each packet that has a size greater than the predetermined fraction of the maximum segment size; (c) incrementing, by the device, the attack counter for the transport layer connection by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time; and (d) changing, by the device, a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold. | ||
地址 | Fort Lauderdale FL US |