首页>
外国专利>
System and method for enhancing a server's ability to withstand a “SYN flood” denial of service attack
System and method for enhancing a server's ability to withstand a “SYN flood” denial of service attack
展开▼
机译:用于增强服务器抵御“ SYN Flood”拒绝服务攻击的能力的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method of enhancing a server's ability to withstand a SYN flood type denial of service attack is presented. Modifications to the TCP/IP layer of a server reduce the amount of system resources that are allocated, and the amount of CPU overhead that is required to process a connection request until the TCP/IP three-way handshake is completed to verify the presence of a legitimate client. Specifically, the TCP/IP layer allocates a small TCP control block (TCB) of a size sufficient only to service the connect request upon receipt of the SYN packet. A full TCB is not allocated until the connection is completed. Further, the TCP/IP layer delays notification to the socket layer of the receipt of the SYN packet until after the connection is completed. Finally, the route information of the connection is not cached until after the connection is completed.
展开▼