发明名称 |
Systems and methods for detecting and preventing flooding attacks in a network environment |
摘要 |
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. |
申请公布号 |
US9049220(B2) |
申请公布日期 |
2015.06.02 |
申请号 |
US201314067575 |
申请日期 |
2013.10.30 |
申请人 |
Fortinet, Inc. |
发明人 |
Wei Shaohong;Duan Gang;Chen Zhong Qiang;Xie Bing |
分类号 |
G06F12/14;H04L29/06;H04L12/24;H04L1/18;H04L12/26 |
主分类号 |
G06F12/14 |
代理机构 |
Schwegman Lundberg & Woessner, P.A. |
代理人 |
Schwegman Lundberg & Woessner, P.A. |
主权项 |
1. A method for processing network traffic data comprising:
receiving a packet to initiate a new session from an Internet Protocol (IP) address; determining a concurrent session counter N for active concurrent sessions associated with the IP address; comparing the concurrent session counter N for active concurrent sessions associated with the IP address with a prescribed concurrent session threshold T; allowing the packet to pass when the concurrent session counter N for active concurrent sessions associated with the IP address is less than the prescribed concurrent session threshold T (N<T); and classifying the packet as possibly associated with a flooding attack when the concurrent session counter N for active concurrent sessions associated with the IP address is greater than or equal to the prescribed concurrent session threshold T (N>=T). |
地址 |
Sunnyvale CA US |