发明申请
- 专利标题: Hardware filtering support for denial-of-service attacks
- 专利标题(中): 硬件过滤支持拒绝服务攻击
-
申请号: US10811195申请日: 2004-03-26
-
公开(公告)号: US20050213570A1公开(公告)日: 2005-09-29
- 发明人: John Stacy , Trevor Garner , Martin Hughes , William Lee
- 申请人: John Stacy , Trevor Garner , Martin Hughes , William Lee
- 主分类号: H04L12/56
- IPC分类号: H04L12/56 ; H04L29/06
摘要:
A system and method is provided for automatically identifying and removing malicious data packets, such as denial-of-service (DoS) packets, in an intermediate network node before the packets can be forwarded to a central processing unit (CPU) in the node. The CPU's processing bandwidth is therefore not consumed identifying and removing the malicious packets from the system memory. As such, processing of the malicious packets is essentially “off-loaded” from the CPU, thereby enabling the CPU to process non-malicious packets in a more efficient manner. Unlike prior implementations, the invention identifies malicious packets having complex encapsulations that can not be identified using traditional techniques, such as ternary content addressable memories (TCAM) or lookup tables.
公开/授权文献
- US07411957B2 Hardware filtering support for denial-of-service attacks 公开/授权日:2008-08-12