A computer storage array, also called a disk array, is generally a data storage system to which a number of data storage devices, such as hard disk drives (HDDs) and solid-state disk drives (SSDs), are connected. Computer storage arrays are designed to be highly scalable and offer shared data access to multiple initiators, who may be endpoint clients, computer servers, and/or other data consumers.
Storage devices that support the Non-Volatile Memory Express over Fabrics (NVMe-oF) specification (hereinafter, “NVMe-oF devices” for convenience) are becoming more popular, especially for use in computer storage arrays, due to their high performance and scalability. NVMe-oF is a technology specification designed to enable NVMe message-based commands to transfer data between an initiator, such as a host computer, and an NVMe-oF device or system over a network such as Ethernet, Fibre Channel, and InfiniBand. Thus, an NVMe-oF device generally includes functions of both a networking device (e.g., has Ethernet controller(s)) and a storage device (e.g., has SSD(s)).
As a networking device, an NVMe-oF device is susceptible to cyber-attacks, such as a denial-of-service (DoS) attack. A DoS attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A DoS attack is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. When the flooding comes from multiple sources, the DoS attack is considered a distributed DoS (DDoS) attack.
A DoS attack is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. Thus, the objective of a typical DoS attack by itself is not to steal or expose confidential data stored on a computer server or storage array, but to simply overwhelm it with bogus traffic. However, a DoS attack has been known to be used as a distraction away from other more nefarious cyber-attacks.
In some cases, an NVMe-oF device whose firmware or software has been infected or compromised may become an unwitting participant in a DoS attack against other systems. Regardless of the scenario, detecting and countering DoS attacks often require companies to expend valuable resources. Moreover, the longer a DoS attack is prolonged, the more costly it may be to the company affected by the DoS attack.