公开(公告)号：US10038715B1

公开(公告)日：2018-07-31

申请号：US15793569

申请日：2017-10-25

Applicant: Cloudflare, Inc.

Inventor： Marek Przemyslaw Majkowski ,  Gilberto Bertin ,  Christopher Philip Branch ,  John Graham-Cumming

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1466

Abstract: A server receives a SYN packet and generates a SYN packet signature from the SYN packet. The server generates multiple aggregate signatures for the SYN packet signature that each include a generalized value for at least one element, where each aggregate signature has a different level of specificity and corresponds with a different fingerprint table. The server sequentially iterates through the fingerprint tables starting with the most specific aggregate signature and the most specific fingerprint table until a match exceeding a counter threshold is found, if any. If an aggregate signature does not match a fingerprint in a fingerprint table, the aggregate signature is added to that fingerprint table and an initial value for the counter is set. A bytecode using an attack fingerprint as input is generated in a form understandable by a network filter, and installed in a network filter.