首页>
外国专利>
Method and apparatus for defending against SYN packet bandwidth attacks on TCP servers
Method and apparatus for defending against SYN packet bandwidth attacks on TCP servers
展开▼
机译:在TCP服务器上防御SYN包带宽攻击的方法和装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
A SYN packet bandwidth Distributed Denial-of-Service (DDoS) attack is defended against by intercepting and identifying SYN packets in a “DDoS gateway” advantageously positioned at the edge of the network to be protected (e.g., one hop upstream from the protected link), and by queuing these intercepted SYN packets in a separate queue from other TCP packet queues. Edge per-flow queuing is employed to provide isolation among individual TCP connections sharing the link. A fair scheduling algorithm such as round robin scheduling is used to ensure that SYN packets (such as those generated as part of a SYN bandwidth attack) cannot overwhelm the egress link in the presence of other TCP packets.
展开▼