发明名称 |
PREVENTING NETWORK RESET DENIAL OF SERVICE ATTACKS |
摘要 |
Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value. |
申请公布号 |
WO2005070098(A3) |
申请公布日期 |
2006.07.20 |
申请号 |
WO2005US00551 |
申请日期 |
2005.01.05 |
申请人 |
CISCO TECHNOLOGY, INC.;DALAL, MITESH;KHARE, AMOL;STEWART, RANDALL |
发明人 |
DALAL, MITESH;KHARE, AMOL;STEWART, RANDALL |
分类号 |
G06F11/00;G06F11/22;G06F11/30;G06F11/32;G06F11/34;G06F11/36;G06F12/14;G06F12/16;G06F15/18;G08B23/00;H04L1/16;H04L9/00;H04L29/06 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|