| 发明名称 |
METHOD FOR DEFENDING AGAINST DENIAL-OF-SERVICE ATTACK ON THE IPV6 NEIGHBOR CACHE |
| 摘要 |
A method of defending against a denial-of-service (DoS) attack on an IPv6 neighbor cache includes steps of determining a number of neighbor cache entries currently stored in the neighbor cache and then determining whether the number of entries exceeds a neighbor cache threshold that is less than a neighbor cache limit defining a maximum capacity of the neighbor cache. When the number of entries in the neighbor cache exceeds the neighbor cache threshold, stateless neighbor resolution is triggered. Stateless neighbor resolution entails sending a neighbor solicitation to resolve an address for an incoming packet without logging a corresponding entry in the neighbor cache. Additional techniques that complement the above method involve purging of neighbor cache entries designated as incomplete, prioritization of the entries based on trustworthiness, shortening the incomplete-status timer to less than 3 seconds, and curtailing the number of retransmissions of the neighbor solicitations. |
| 申请公布号 |
US2015058989(A1) |
申请公布日期 |
2015.02.26 |
| 申请号 |
US201414505119 |
申请日期 |
2014.10.02 |
| 申请人 |
Bockstar Technologies LLC |
发明人 |
LAHTI Patrik;AALDERS Michael |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of mitigating a denial-of-service attack against an IPv6 network node, the method comprising effecting a control procedure to prioritize Neighbor Discovery Protocol (NDP) activities. |
| 地址 |
Wilmington DE US |
