-
公开(公告)号:US08250650B2
公开(公告)日:2012-08-21
申请号:US10937695
申请日:2004-09-09
IPC分类号: G06F21/00
CPC分类号: H04L63/1458
摘要: The present invention provides for protecting against denial of service attacks. A request is sent by a client, the request comprises client indicia. The request is received at a server. A request count is incremented by the server. A sequence number is assigned as a function of the client indicia. A problem is selected by the server. The problem is sent by the server to the client. A solution to the problem is sent to the server. It is determined if the solution by client is correct. If the solution is correct, a session is performed. If the solution is not correct, the request is discarded. This can substantially decrease the amount of attacks performed by a rogue client, as the session set-up time can be substantial.
摘要翻译: 本发明提供了防止拒绝服务攻击的保护。 请求由客户端发送,请求包括客户端标记。 服务器收到请求。 请求计数由服务器递增。 作为客户端标记的函数分配序列号。 服务器选择了一个问题。 该问题由服务器发送给客户端。 将问题的解决方案发送到服务器。 确定客户端的解决方案是否正确。 如果解决方案是正确的,则执行会话。 如果解决方案不正确,请求将被丢弃。 这可以显着减少流氓客户端执行的攻击的数量,因为会话建立时间可能很大。
-
公开(公告)号:US20080273464A1
公开(公告)日:2008-11-06
申请号:US12174999
申请日:2008-07-17
申请人: James Johnson Allen , Brian Mitchell Bass , Gordon Taylor Davis , Clark Debs Jeffries , Jitesh Ramachandran Nair , Ravinder Kumar Sabhikhi , Michael Steven Siegel , Rama Mohan Yedavalli
发明人: James Johnson Allen , Brian Mitchell Bass , Gordon Taylor Davis , Clark Debs Jeffries , Jitesh Ramachandran Nair , Ravinder Kumar Sabhikhi , Michael Steven Siegel , Rama Mohan Yedavalli
IPC分类号: H04L12/24
摘要: The decision within a packet processing device to transmit a newly arriving packet into a queue to await further processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to a threshold. The outcome of the update is adjustment up or down of the transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value.
摘要翻译: 通过流控制方法和系统,在分组处理设备内决定将新到达的分组发送到队列中等待进一步处理或丢弃相同的分组。 流量控制以由存储和流量限制确定的恒定周期进行更新。 该更新包括将当前队列占用率与阈值进行比较。 更新的结果是传输概率值的上调或下调。 该值存储在随后的流量控制周期中,并且在该时间段期间到达的分组经受使用该值的发送或丢弃决定。
-
公开(公告)号:US07430169B2
公开(公告)日:2008-09-30
申请号:US10161000
申请日:2002-06-03
申请人: James Johnson Allen, Jr. , Brian Mitchell Bass , Gordon Taylor Davis , Clark Debs Jeffries , Jitesh Ramachandran Nair , Ravinder Kumar Sabhikhi , Michael Steven Siegel , Rama Mohan Yedavalli
发明人: James Johnson Allen, Jr. , Brian Mitchell Bass , Gordon Taylor Davis , Clark Debs Jeffries , Jitesh Ramachandran Nair , Ravinder Kumar Sabhikhi , Michael Steven Siegel , Rama Mohan Yedavalli
IPC分类号: H04L12/54
摘要: The decision within a packet processing device to transmit a newly arriving packet into a queue to await further processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to a threshold. The outcome of the update is adjustment up or down of the transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value.
摘要翻译: 通过流控制方法和系统,在分组处理设备内决定将新到达的分组发送到队列中等待进一步处理或丢弃相同的分组。 流量控制以由存储和流量限制确定的恒定周期进行更新。 该更新包括将当前队列占用率与阈值进行比较。 更新的结果是传输概率值的上调或下调。 该值存储在随后的流量控制周期中,并且在该时间段期间到达的分组经受使用该值的发送或丢弃决定。
-
54.发明申请PRIORITY BASED BANDWIDTH ALLOCATION WITHIN REAL-TIME AND NON-REAL-TIME TRAFFIC STREAMS 失效实时和非实时交通流中基于优先级的带宽分配公开(公告)号:US20080232386A1
公开(公告)日:2008-09-25
申请号:US12114767
申请日:2008-05-03
申请人: Brahmanand Kumar Gorti , Marco Heddes , Clark Debs Jeffries , Andreas Kind , Michael Steven Siegel
发明人: Brahmanand Kumar Gorti , Marco Heddes , Clark Debs Jeffries , Andreas Kind , Michael Steven Siegel
IPC分类号: H04L12/28
CPC分类号: H04L47/6215 , H04L47/10 , H04L47/2416 , H04L47/2433 , H04L47/30 , H04L47/32 , H04L47/50 , H04L47/52 , H04L47/56
摘要: A method and system for transmitting packets in a packet switching network. Packets received by a packet processor may be prioritized based on the urgency to process them. Packets that are urgent to be processed may be referred to as real-time packets. Packets that are not urgent to be processed may be referred to as non-real-time packets. Real-time packets have a higher priority to be processed than non-real-time packets. A real-time packet may either be discarded or transmitted into a real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time queue congestion conditions. A non-real-time packet may either be discarded or transmitted into a non-real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time and non-real-time queue congestion conditions.
摘要翻译: 一种用于在分组交换网络中传送分组的方法和系统。 可以基于处理它们的紧急性来优先考虑由分组处理器接收的分组。 紧急处理的数据包可以称为实时数据包。 不紧急处理的数据包可能被称为非实时数据包。 实时数据包的优先级要高于非实时数据包。 可以根据其值优先级,该值优先级的最小和最大速率以及当前实时队列拥塞条件,将实时分组丢弃或传输到实时队列中。 可以基于其值优先级,该值优先级的最小和最大速率以及当前的实时和非实时队列拥塞将非实时分组丢弃或发送到非实时队列 条件。
-
55.发明授权Priority based bandwidth allocation within real-time and non-real-time traffic streams 失效实时和非实时业务流中基于优先级的带宽分配公开(公告)号:US07385997B2
公开(公告)日:2008-06-10
申请号:US10118493
申请日:2002-04-08
申请人: Brahmanand Kumar Gorti , Marco Heddes , Clark Debs Jeffries , Andreas Kind , Michael Steven Siegel
发明人: Brahmanand Kumar Gorti , Marco Heddes , Clark Debs Jeffries , Andreas Kind , Michael Steven Siegel
CPC分类号: H04L47/6215 , H04L47/10 , H04L47/2416 , H04L47/2433 , H04L47/30 , H04L47/32 , H04L47/50 , H04L47/52 , H04L47/56
摘要: A method and system for transmitting packets in a packet switching network. Packets received by a packet processor may be prioritized based on the urgency to process them. Packets that are urgent to be processed may be referred to as real-time packets. Packets that are not urgent to be processed may be referred to as non-real-time packets. Real-time packets have a higher priority to be processed than non-real-time packets. A real-time packet may either be discarded or transmitted into a real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time queue congestion conditions. A non-real-time packet may either be discarded or transmitted into a non-real-time queue based upon its value priority, the minimum and maximum rates for that value priority and the current real-time and non-real-time queue congestion conditions.
摘要翻译: 一种用于在分组交换网络中传送分组的方法和系统。 可以基于处理它们的紧急性来优先考虑由分组处理器接收的分组。 紧急处理的数据包可以称为实时数据包。 不紧急处理的数据包可能被称为非实时数据包。 实时数据包的优先级要高于非实时数据包。 可以根据其值优先级,该值优先级的最小和最大速率以及当前实时队列拥塞条件,将实时分组丢弃或传输到实时队列中。 可以基于其值优先级,该值优先级的最小和最大速率以及当前的实时和非实时队列拥塞将非实时分组丢弃或发送到非实时队列 条件。
-
公开(公告)号:US07224670B2
公开(公告)日:2007-05-29
申请号:US10160507
申请日:2002-06-03
IPC分类号: H04L12/26
摘要: The decision within a packet processing device to transmit a newly arriving packet into a queue to await processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to thresholds and also comparing present queue occupancy to previous queue occupancy. The outcome of the update is a new transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value.
摘要翻译: 通过流控制方法和系统来进行分组处理装置中将新到达的分组发送到队列中等待处理或丢弃相同分组的决定。 流量控制以由存储和流量限制确定的恒定周期进行更新。 该更新包括将当前队列占用率与阈值进行比较,还将当前队列占用率与先前队列占用率进行比较。 更新的结果是新的传输概率值。 该值存储在随后的流量控制周期中,并且在该时间段期间到达的分组经受使用该值的发送或丢弃决定。
-
公开(公告)号:US07107344B2
公开(公告)日:2006-09-12
申请号:US09931540
申请日:2001-08-16
IPC分类号: G06F15/16
CPC分类号: H04L69/16 , H04L67/14 , H04L69/163
摘要: A method and apparatus useful in network management which makes intelligent, high speed, connection allocation decisions, overcoming difficulties encountered heretofore and providing enhanced network services. During episodes of network congestion, some connection requests for a class of service of low value and with currently a high number of existing connections may be purposefully ignored (not acknowledged with an Acknowledge (ACK) packet) so that the processing capability of a device will not become overwhelmed, causing the dropping of new connection is to note the numbers of connections of different classes relative to their service-level contracts, to ignore abundant, low-value connection requests in accordance with value policies when and only when necessary, and to insure that valuable new connection requests that conform to their contract connection rates can be intelligently accommodated.
摘要翻译: 一种在网络管理中有用的方法和装置,其实现智能,高速,连接分配决策,克服迄今遇到的困难并提供增强的网络服务。 在网络拥塞发生期间,可以有目的地忽略一些低价值服务和当前具有大量现有连接的连接请求(未被确认(ACK)分组确认),使得设备的处理能力将 不会变得不堪重负,导致新连接的下降是注意到不同类别与其服务级别合同的连接数量,当且仅在必要时根据价值政策忽略丰富的低价值连接请求,并且 确保符合其合同连接率的有价值的新连接请求可以被智能地适应。
-
公开(公告)号:US07054855B2
公开(公告)日:2006-05-30
申请号:US09898253
申请日:2001-07-03
申请人: Claude Basso , Jean Louis Calvignac , Philippe Damon , Gordon Taylor Davis , Marco C. Heddes , Clark Debs Jeffries
发明人: Claude Basso , Jean Louis Calvignac , Philippe Damon , Gordon Taylor Davis , Marco C. Heddes , Clark Debs Jeffries
IPC分类号: G06F17/30
CPC分类号: G06F17/30985 , H04L29/12132 , H04L29/12594 , H04L61/1552 , H04L61/30 , Y10S707/99933 , Y10S707/99942
摘要: A method and system for performing a pattern match search for a data string having a plurality of characters separated by delimiters. In accordance with the method of the present invention a search key is constructed by generating a full match search increment comprising the binary representation of a data string element, wherein the data string element comprises all characters between a pair of delimiters. The search key is completed by concatenating a pattern search prefix to the full match search increment, wherein the pattern search prefix is a cumulative pattern search result of each previous full match search increment. A full match search is then performed within a lookup table utilizing the search key. In response to finding a matching pattern within the lookup table, the process returns to constructing a next search key. In response to not finding a matching pattern, the previous full match search result is utilized to process the data string.
-
59.发明授权Method and system for performing range rule testing in a ternary content addressable memory 失效在三元内容可寻址存储器中执行范围规则测试的方法和系统公开(公告)号:US06886073B2
公开(公告)日:2005-04-26
申请号:US10173994
申请日:2002-06-18
摘要: A method and system for storing and searching for prefixes for rules, such as filter rules, in a computer system is disclosed. The method and system include providing a ternary content addressable memory (TCAM). The filter rules use range(s) of values in at least one dimension and correspond to prefix(es). The range(s) are described by prefix(es). Some filter rules may intersect. The method and system include providing priorities for the filter rules. The priorities include at least one different priority for the filter rules that intersect. The method and system also include storing the prefixes in the TCAM in block(s) in an order based upon the priorities of the filter rules. In another aspect, the method and system include searching the TCAM for a longest prefix match for a key and searching an additional storage for an almost exact match for the key in parallel with the TCAM. In this aspect, the method and system include returning the longest prefix match having a lowest or a highest location if the longest prefix match is found in the TCAM and the almost exact match is not found in the additional storage.
摘要翻译: 公开了一种用于在计算机系统中存储和搜索诸如过滤规则的规则的前缀的方法和系统。 该方法和系统包括提供三元内容可寻址存储器(TCAM)。 过滤器规则使用至少一个维度中的值的范围,并对应于前缀(es)。 范围由前缀(es)描述。 一些过滤规则可能会相交。 该方法和系统包括为过滤规则提供优先级。 优先级至少包含与交叉的过滤规则的一个不同的优先级。 该方法和系统还包括基于过滤器规则的优先级按顺序将块中的前缀存储在块中。 在另一方面,所述方法和系统包括搜索TCAM对于密钥的最长前缀匹配,并且搜索附加存储器以与所述TCM并行的所述密钥几乎精确匹配。 在这方面,如果在TCAM中找到最长前缀匹配并且在附加存储器中找不到几乎精确的匹配,则该方法和系统包括返回具有最低或最高位置的最长前缀匹配。
-
60.发明授权Quality of service functions implemented in input interface circuit interface devices in computer network hardware 失效服务质量在计算机网络硬件的输入接口电路接口设备中实现公开(公告)号:US06870811B2
公开(公告)日:2005-03-22
申请号:US09764954
申请日:2001-01-18
申请人: Kenneth James Barker , Gordon Taylor Davis , Clark Debs Jeffries , Mark Anthony Rinaldi , Kartik Sudeep
发明人: Kenneth James Barker , Gordon Taylor Davis , Clark Debs Jeffries , Mark Anthony Rinaldi , Kartik Sudeep
摘要: The decision to discard or forward a packet is made by a flow control mechanism, upstream from the forwarding engine in the node of a communication network. The forwarding engine includes a switch with mechanism to detect congestion in the switch and return a binary signal B indicating congestion or no congestion. The flow control mechanism uses B and other network related information to generate a probability transmission table against which received packets are tested to determine proactively whether a packet is to be discarded or forwarded.
摘要翻译: 通过在通信网络的节点中的转发引擎的上游的流控制机制来进行丢弃或转发分组的决定。 转发引擎包括具有检测交换机拥塞的机制的交换机,并返回指示拥塞或不拥塞的二进制信号B. 流控制机制使用B和其他网络相关信息来生成概率传输表,对其接收到的分组进行测试,以主动确定分组是否被丢弃或转发。
-
-
-
-
-
-
-
-
-
搜索结果
89 条记录 (耗时 0.032 秒)