发明申请
US20050157647A1 Metering packet flows for limiting effects of denial of service attacks
有权
计费数据包流,限制拒绝服务攻击的影响
- 专利标题: Metering packet flows for limiting effects of denial of service attacks
- 专利标题(中): 计费数据包流,限制拒绝服务攻击的影响
-
申请号: US10760277申请日: 2004-01-21
-
公开(公告)号: US20050157647A1公开(公告)日: 2005-07-21
- 发明人: Jason Sterne , Adrian Grah , Shay Nahum , Predrag Kostic , Herman Liu
- 申请人: Jason Sterne , Adrian Grah , Shay Nahum , Predrag Kostic , Herman Liu
- 申请人地址: FR Paris
- 专利权人: Alcatel
- 当前专利权人: Alcatel
- 当前专利权人地址: FR Paris
- 主分类号: H04L1/00
- IPC分类号: H04L1/00 ; H04L29/06
摘要:
The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.
公开/授权文献
信息查询