Denial of Service attacks (DOS Attacks) represent a significant threat to server connectivity. In a type of DOS attack, a client attached to the Internet will send out multiple, false requests to connect to a targeted server causing the server to be unable to respond to other, legitimate connections. If done at a large enough scale, as in a Distributed DOS (DDOS) attack, these attacks are often successful in impacting server usefulness.
Many different ways of preventing DOS attacks have been designed, most being implemented at vulnerable hosts. These “server-side” countermeasures include sophisticated filtering, and measures to verify requests before allocating system resources.
Another potential site for preventing DOS attacks is on the “client-side.” DOS communications can be prevented before reaching the host by blocking them before they leave the malicious client. One way of attempting to block DOS communications on the client-side is to try to detect the improper communications as they pass from an infected client through a router, or other components, such as modems and switches. If the router detects a DOS attack, the router could perform different blocking functions (“blocking”), including disconnecting the client from communications with the Internet.
The router-blocking described above relies upon the reliable detection of improper traffic from a connected client. Especially because the result can be so dramatic—disconnection from the Internet—“erroneous detection” of improper traffic can cause significant problems for user experience and support costs.
Notwithstanding the significant effects that it can have on users, currently, some implementations of client-side blocking cannot be tuned or disabled by a user. For example, a user may unknowingly purchase a router and be surprised when the router disconnects the user from the Internet without warning—even when no malicious traffic is originating from the connected client. In these situations, erroneous detection and the resulting disconnection may only be remedied by waiting for the disconnection to time out, rebooting the problem hardware, or in the extreme, replacing the problem hardware.