(12) United States Patent ao) Patent No.: Us 7,818,795 Bi
Arad (45) Date of Patent: Oct. 19,2010
(54) PER-PORT PROTECTION AGAINST
DENIAL-OF-SERVICE AND DISTRIBUTED
DENIAL-OF-SERVICE ATTACKS
(75) Inventor: Nir Arad, Nesher (IL)
(73) Assignee: Marvell Israel (M.I.S.L) Ltd., Yokneam (IL)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 1045 days.
(21) Appl.No.: 11/209,083
(22) Filed: Aug. 22, 2005
Related U.S. Application Data
(60) Provisional application No. 60/669,457, filed on Apr. 7, 2005.
(51) Int. CI.
G06F 9/00 (2006.01)
(52) U.S. CI 726/13
(58) Field of Classification Search 726/13
See application file for complete search history.
(56) References Cited
U.S. PATENT DOCUMENTS 6,789,203 Bl 9/2004 Belissent
An apparatus having a corresponding method and computer program comprises one or more ports each to transmit and receive packets of data; a classifier to determine one or more attributes for each of the packets of data; one or more counters for each of the ports, wherein each counter counts a number of the packets of data passing through the respective one of the ports and having a predetermined attribute, wherein a respective counter threshold is associated with each of the counters; and a security circuit to cause each of the ports to perform at least one of a plurality of predetermined actions when a count of a respective one of the counters exceeds a respective counter threshold.
33 Claims, 3 Drawing Sheets
