1. The Field of the Invention
The present invention relates to computer networks. Specifically, the present invention relates to methods and system for preventing socket flooding during denial of service attacks.
2. The Prior State of the Art
Computer networks, and in particular the Internet, have transformed the way people communicate and do business. In these computer networks, computer systems may often communicate using a request/response protocol. For example, a requesting client computer system (“client”) will transmit a request for a service to a responding server computer system (“server”). The responding server then uses data from within the request in order to fulfill the request.
For example, a client may compose a request for a Web page. In such a request, there would typically be request data such as the Uniform Resource Locator (“URL”) identifying the Web page, the address of the client, and any other data that would be needed or helpful for the server to retrieve the Web page and transmit that Web page to the client. For each request, a typical server would allocate resources such as memory space, processing time or pooled function calls for receiving the request data. Upon processing of the request data, the server would then free up these allocated resources.
While the vast majority of individuals use computer networks in a responsible manner, there are a few individuals who maliciously desire to harm others using computer networks. One particular harmful scheme is to impair the operation of another's server. This may be accomplished by, for example, repeatedly transmitting requests to the server without sending any request data.
Unaware of the malicious nature of the attack, the server will unknowingly attempt to accommodate each request by allocating memory, processing time and/or pooled function calls for each request. However, in the described harmful scheme, since no request data is sent, the server cannot finish processing the request until it has received data from the client. Until it has finished processing the request, the allocated resources are tied up and unavailable for subsequent requests. The server will eventually time out the connection and reclaim the resources after a certain time, but the timeout period is relatively long compared to the time it takes an attacker to flood the computer with requests. Eventually, during this timeout period, the server will deplete its ability to allocate resources resulting in denials of service for subsequent legitimate requests during the timeout period. This effectively shuts down operation of the server during the timeout period resulting in a loss of service for legitimate requests.
Therefore, what are desired are methods and systems for reducing the incidence of service denials due to an attack in which requests are repeatedly made to the server without transmitting any request data.