| US 7,458,097 B2 | ||
| Preventing network reset denial of service attacks | ||
| Mitesh Dalal, Santa Clara, Calif. (US); Amol Khare, Sunnyvale, Calif. (US); and Randall Stewart, Crystal Lake, Ill. (US) | ||
| Assigned to Cisco Technology, Inc., San Jose, Calif. (US) | ||
| Filed on Sep. 28, 2006, as Appl. No. 11/540,526. | ||
| Application 11/540526 is a continuation of application No. 10/755146, filed on Jan. 09, 2004, granted, now 7,203,961. | ||
| Prior Publication US 2007/0044150 A1, Feb. 22, 2007 | ||
| This patent is subject to a terminal disclaimer. | ||
| Int. Cl. G06F 11/00 (2006.01); G06F 15/16 (2006.01); H04L 1/00 (2006.01) | ||
| U.S. Cl. 726—22 [709/227; 370/235] | 20 Claims |
| 1. An apparatus, comprising:
one or more processors;
one or more network interfaces each coupled to the one or more processors and configured to communicate data to and from the
one or more processors;
a computer-readable storage medium coupled to the one or more processors and encoded with logic which, when executed by the
processor, causes the processor to perform:
receiving, from a remote end node, a packet of a data flow in which a Reset (RST) bit of a Transmission Control Protocol (TCP)
header is set;
determining whether a sequence value in the packet is within a range of allowed sequence values; and
when the sequence value is within the range of allowed sequence values, sending an acknowledgment message without closing
a TCP connection associated with the flow.
|