1. Field of the Invention
The present invention relates to a network system between client computers and server computers, and more particularly to a server computer protection apparatus which protects a server computer from illicit access that intentionally hampers server computer operations.
2. Description of the Related Art
In recent years, client/server systems, which comprise unspecified or specified client computers connected to one or more server computers via networks such as wide area networks, for example, the Internet, or local area networks, have been utilized in order to supply data from the server in compliance with requests made by the clients.
Packets which include transmission data reconstructed into a predetermined size with destination information affixed thereto, are generally utilized as the format of data which flows through a network such as the Internet. The packet comprises a header and a data body. The header bears an IP (Internet Protocol) address, in the case of Internet, and Internet Protocol (IP) address, which indicates the computer which transmitted the packet, and an address, for example, and IP address, of a computer which is the destination of the packet.
Currently, any system connected to such network increasingly undergo attacks over the network. Such attacks are intend to cause systemic failures. One such attacking method is a Denial of Service (“DoS”) attack. A DoS attack is an attack whereby a large quantity of access requests are simultaneously made upon a server computer by one client. The large quantity of access requests hampers the availability of the server and makes service substantially impossible.
This attacking method is hard to distinguish from an access request made by a legal client which does not intend to attack the system. Therefore, it is difficult to avoid the attack on the server side. In some cases, the server undergoes DoS attacks from a plurality of clients. In this case, the DoS attack is called a Distributed Denial of Service attack or DDoS attack.
When a server receives a large quantity of requests which exceed the processing ability of the server, the server's resources for communication processing, for example, memory areas and line bandwidths, are successively reserved for the respective large quantity of requests until the server's resources finally become insufficient. As a result, the server fails to respond to the request from a legal client not intending interference, or communication between the client and server stagnates seriously.
Heretofore, a conventional server computer protection apparatus has been arranged between the server and the network in order to exclude the attacks. The server computer protection apparatus processes only access requests, which are repeated a number times, as a legal access request from a legal client. Alternatively, the server computer protection apparatus processes access requests from a client, which has already given legal access, as a legal access request, and annuls packets as to the other access requests made by example.
Such a method, however, has the problem that, in a case where the client, which intends the attack, makes a large quantity of similar access requests, the attack cannot be prevented by the conventional server computer protection apparatus.
Furthermore, even when the above problem has been solved, the conventional server computer protection apparatus is still unsatisfactory. For example, when a legal client makes a large quantity of access requests, the clients access requests are judged as a DoS attack. Thus, in the convention protection apparatus legal requests are sometimes regarded as illicit access in spite of being legal. In such a case, the legal client's connection is cut off, and hence, the client's business is impeded.