Invention Grant
- Patent Title: Detection of a denial of service attack on an internet server
- Patent Title (中): 检测互联网服务器上的拒绝服务攻击
-
Application No.: US11735556Application Date: 2007-04-16
-
Publication No.: US08429742B2Publication Date: 2013-04-23
- Inventor: William Maupin Stockdell
- Applicant: William Maupin Stockdell
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Martin & Associates LLC
- Agent Bret J. Petersen
- Main IPC: G06F11/30
- IPC: G06F11/30
Abstract:
An apparatus and method to detect a denial of service attack on an internet server by a hacker or malevolent software while effectively distinguishing an attack from a spike in demand by legitimate users of the server. In preferred embodiments, the kernel's TCP implementation is modified to hold back sending a reset (RST) to terminate the connection and to make an entry into a dead connection list when a connection attempt is dropped off of an overflowing accept queue. The entries are removed from the dead connection list when they become stale or an ACK is received corresponding to the entry. Additional TCP kernel parameters include a monitor enable to turn on or off the DoS monitor, a monitor threshold to determine when to send an alarm, and a stale time that is a timeout value to determine when to remove entries from the dead connection list.
Public/Granted literature
- US20080256632A1 APPARATUS AND METHOD FOR DETECTION OF A DENIAL OF SERVICE ATTACK ON AN INTERNET SERVER Public/Granted day:2008-10-16
Information query
