A technique is known wherein an access privilege, as to a server in which data and the like managed by a user is stored, is transferred to another (a third party's) application without a user ID and user password being shared. Open Authorization (OAuth) is an example of a protocol that utilizes such a technique.
With OAuth, a token is used for connection confirmation of an application. Here, the token is a unique key (a character string generated at random) to be used for a server confirming the access privilege of an application.
An example of this access privilege transfer processing will briefly be described.
First, a third party's application provides a request token obtained from a token server which issues tokens to the user.
The user informs the server, which provides a service, of providing access privilege as to the request token thereof. Thus, the third party's application may be allowed to access the server which provides a service.
For the sake of further safety, the third party's application may access, after sending an exchange request from the request token to an access token to the token server, the server using the exchanged access token.
Incidentally, a DoS (Denial of Service) attack is known wherein a service is prevented from being provided, by imposing a load on a network device or server being attacked by a malicious application.
A DoS attack includes, but is not restricted to, a Flood attack such as SYN Flooding attack or the like, a reload attack, and so forth.
For example, a SYN Flooding attack is an attack for preventing establishment of a new connection by executing a great amount of processing for suspending establishment of a TCP connection partway through as to a target being attacked to expend memory of the target being attacked, and so forth.
Also, the reload attack is an attack for increasing load of a target being attacked by transmitting a great number of normal requests to the target being attacked.
The above OAuth may include a case where the address (IP address, port number, a combination of an IP address and a port number, or the like) of a server to be accessed at the time of requesting a token server of issuance of a request token, or at the time of requesting a server which provides services of providing of a service is fixedly published. Therefore, the port of this address may be subjected to a DoS attack.
As a method for avoiding a DoS attack, there is known a method for dynamically changing the standby address of each server by disposing a firewall upstream from the server.
For example, there is known a method wherein the access situation of a port number of which the access is allowed is monitored to determine whether or not there is an attack, and in the event that there is an attack, the port number of which the access is allowed is switched, and the switched port number is informed to a client or server.
In general, a server has a function for rewriting the reception port number of this server which receives data from a client. However, installing this function at the server side has a problem in that the processing cost of the server along with rewriting of the port number increases (such as opening/closing of a TCP socket, etc.). Also, there may be cases where it is difficult to install this function at the server side.
Note that the problem of OAuth has been described as an example, but other protocols which perform access privilege transfer have similar problems. Further, other protocols which devise a countermeasure for the DoS attack also have similar problems.