摘要 |
A system and a method for mitigating denial-of-service attacks on communication appliances are provided to monitor packets coming into the communication appliance and select a rule base subset of a packet-classification rule base from plural rule base subsets on the basis of the current operating state of the communication appliance when conditions, indicating the denial-of-service attack, exist, thereby protecting the communication appliances from the denial-of-service attacks. A method for effectively preventing or restricting denial-of-service attacks comprises the following steps of: monitoring packets coming into the communication appliance, in order to determine whether conditions indicating the denial-of-service attack exist(S102); and selecting a rule base subset of a packet-classification rule base from plural rule base subsets on the basis of a current one of plural operating states of the communication appliance when the conditions indicating the denial-of-service attack are determined to be present(S114).
|