| 发明名称 |
SESSION INITIATION PROTOCOL DENIAL OF SERVICE ATTACK THROTTLING |
| 摘要 |
In one implementation, the number of half open session initiation protocol (SIP) sessions per-destination (e.g., SIP device) or globally is limited by SIP application layer gateway (ALG) as a SIP DoS/DDoS countermeasure. Compared with traditional SIP DoS/DDoS countermeasures, the proposed solution is simple to implement and, thus, less likely to degrade SIP ALG performance. Moreover, this solution automatically adapts to DoS/DDoS attack arrival rate, while at the same time not degrading legal SIP traffic even if throttling is enforced for the SIP device. |
| 申请公布号 |
US2015026793(A1) |
申请公布日期 |
2015.01.22 |
| 申请号 |
US201313944156 |
申请日期 |
2013.07.17 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Li Xin;Wang Yin;Zhang Yibin |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving, at a gateway device of a computer network, a session initiation protocol (SIP) request destined for a SIP device of the computer network; forwarding the SIP request to the SIP device; starting a first timer for the SIP request; designating the SIP request as a new half open session when a response to the SIP request is not received from the SIP device within a first period of the first timer; comparing a number of half open sessions, including the new half open session, for the SIP device to a threshold; and removing an oldest half open session from the half open sessions when the number is greater than or greater than and equal to the threshold, and otherwise maintaining the half open sessions. |
| 地址 |
San Jose CA US |
