Invention Grant
US08688979B2 Means of mitigating denial of service attacks on IP fragmentation in high performance IPSEC gateways
失效
减轻高性能IPSEC网关IP分片拒绝服务攻击的手段
- Patent Title: Means of mitigating denial of service attacks on IP fragmentation in high performance IPSEC gateways
- Patent Title (中): 减轻高性能IPSEC网关IP分片拒绝服务攻击的手段
-
Application No.: US13040905Application Date: 2011-03-04
-
Publication No.: US08688979B2Publication Date: 2014-04-01
- Inventor: Craig Partridge , Walter Clark Milliken , David Patrick Mankins
- Applicant: Craig Partridge , Walter Clark Milliken , David Patrick Mankins
- Applicant Address: US NJ Basking Ridge US MA Cambridge
- Assignee: Verizon Corporate Services Group Inc.,Raytheon BBN Technologies Corp.
- Current Assignee: Verizon Corporate Services Group Inc.,Raytheon BBN Technologies Corp.
- Current Assignee Address: US NJ Basking Ridge US MA Cambridge
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.
Public/Granted literature
- US20110161664A1 MEANS OF MITIGATING DENIAL OF SERVICE ATTACKS ON IP FRAGMENTATION IN HIGH PERFORMANCE IPSEC GATEWAYS Public/Granted day:2011-06-30
Information query
