-
1.发明授权Method for managing of denial of service attacks using bandwidth allocation technology 失效使用带宽分配技术管理拒绝服务攻击的方法公开(公告)号:US08161145B2
公开(公告)日:2012-04-17
申请号:US10375799
申请日:2003-02-27
IPC分类号: G06F15/173
CPC分类号: H04L63/1458
摘要: A method for managing attacks in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of packets, which include a plurality of administrative packets. The method includes determining whether a congestion of the administrative packets exists. Congestion of the administrative packets indicates that a potential attack exists. The method also includes discarding a portion of the plurality of administrative packets if it is declared that the congestion of the administrative packets exists. The portion of the plurality of packets is sufficient to ensure that a remaining portion of the plurality of packets transmitted is not more than a maximum administrative packet bandwidth limit and, if the plurality of administrative packets present a sufficient offered load, not less than a minimum administrative packet bandwidth guarantee.
摘要翻译: 公开了一种用于管理计算机系统中的攻击的方法。 计算机系统用于发送,接收或发送和接收包括多个管理分组的多个分组。 该方法包括确定是否存在管理分组的拥塞。 拥塞管理包表示存在潜在的攻击。 如果声明存在管理分组的拥塞,则该方法还包括丢弃多个管理分组的一部分。 多个分组的部分足以确保所发送的多个分组的剩余部分不大于最大管理分组带宽限制,并且如果多个管理分组呈现足够的提供的负载,则不小于最小 管理包带宽保证。
-
公开(公告)号:US07349342B2
公开(公告)日:2008-03-25
申请号:US10390385
申请日:2003-03-17
CPC分类号: H04L47/20 , H04L43/00 , H04L43/0894 , H04L43/16 , H04L47/215 , H04L47/22 , H04L47/31
摘要: Methods and apparatus are provided for metering data packets having a plurality of different packet lengths in a data communications network. A token count TC is incremented at a token increment rate CIR subject to an upper limit CBS on the token count. On arrival of a packet of length L tokens, it is determined if both TC>0 and TC+n≧L, where n is a defined number of tokens. If so, the data packet is categorized as in profile and L tokens are subtracted from the token count TC. Otherwise the data packet is categorized out of profile. In some embodiments, n is set to a value in the range 0
摘要翻译: 提供了用于在数据通信网络中计量具有多个不同分组长度的数据分组的方法和装置。 令牌计数T C C以在令牌计数上受到上限CBS的令牌增量率CIR递增。 在长度为L个令牌的分组到达时,确定是否都有T个C 0和T C + n> = L,其中n是确定数量的令牌 。 如果是这样,则数据分组被归类为简档,并且从令牌计数T C C中减去L个令牌。 否则数据包将被分类出来。 在一些实施例中,将n设置为0
-
公开(公告)号:US06625773B1
公开(公告)日:2003-09-23
申请号:US09329101
申请日:1999-06-09
IPC分类号: H04L118
CPC分类号: H04L12/1868 , H04L1/1607 , H04L1/1809 , H04L45/04 , H04L45/16 , H04L45/34 , H04L2001/0093
摘要: A multicast communication system for small groups using a protocol to indicate to routers receiving a packet according to the protocol to perform the following process: (1) determining a next hop for each of the destination nodes listed in the packet received; (2) partitioning the destination nodes into groups according to the next hop determined for each destination node in the preceding step; (3) replicating the packet such that there is at least one copy of the packet for each of the next hops; (4) modifying the list of addresses for the destination nodes such that the list of addresses for each of the next hops includes only the addresses for the destination nodes to be routed in that next hop; and (5) transmitting the modified copies of the packet to the next hops found in the previous steps for routing to the addresses included in each packet.
摘要翻译: 一种用于使用协议的小组的组播通信系统,用于向根据协议接收分组的路由器指示以执行以下过程:(1)确定接收到的分组中列出的每个目的地节点的下一跳; (2)根据在前一步骤中为每个目的地节点确定的下一跳,将目的节点划分成组; (3)复制分组,使得每个下一跳具有至少一个分组副本; (4)修改目的地节点的地址列表,使得下一跳中的每一个的地址列表仅包括在该下一跳中要路由的目的地节点的地址; 以及(5)将所述分组的修改副本发送到在前述步骤中找到的下一跳,以路由到每个分组中包括的地址。
-
-
搜索结果
3 条记录 (耗时 0.024 秒)
