| US 7,472,416 B2 | ||
| Preventing network reset denial of service attacks using embedded authentication information | ||
| Anantha Ramaiah, Sunnyvale, Calif. (US); Shrirang Bage, Fremont, Calif. (US); Amol Khare, Sunnyvale, Calif. (US); and Mitesh Dalal, Santa Clara, Calif. (US) | ||
| Assigned to Cisco Technology, Inc., San Jose, Calif. (US) | ||
| Filed on May 06, 2004, as Appl. No. 10/842,015. | ||
| Prior Publication US 2005/0216954 A1, Sep. 29, 2005 | ||
| Int. Cl. G06F 11/00 (2006.01) | ||
| U.S. Cl. 726—22 [726/23] | 25 Claims |
| 1. A method of preventing an attack on a network, wherein the attack comprises sending one or more spurious transmission control
protocol (TCP) segments with a Reset (RST) bit set, the method comprising the computer-implemented steps of:
receiving, from a remote end node, a TCP segment in which a RST bit is set, as part of an established TCP connection;
in response to receiving the TCP segment, determining whether the TCP segment is a spurious TCP segment of the one or more
spurious TCP segments by determining whether the TCP segment contains valid authentication information, wherein the authentication
information is in a payload of the TCP segment;
accepting the TCP segment and closing the TCP connection only when the authentication information is valid.
|