| CPC H04L 63/1458 (2013.01) [H04L 63/1425 (2013.01); H04W 12/108 (2021.01); H04W 12/122 (2021.01); H04L 2463/141 (2013.01); H04W 12/00 (2013.01); H04W 12/10 (2013.01); H04W 12/102 (2021.01); H04W 12/30 (2021.01)] | 20 Claims |
|
1. A system, comprising:
a memory; and
a processor configured to:
identify one or more transport protocol heuristics that are to be applied to selective acknowledgement (SACK) messages received at a network adapter from a network node, the network adapter and the network node establishing at least a first transport protocol connection among a plurality of transport protocol connections;
apply the one or more transport protocol heuristics to the SACK messages received from the network node to determine whether at least one specified threshold value for one or more of the transport protocol heuristics has been reached, wherein the specified threshold value is specific to the first transport protocol connection, and wherein each transport protocol connection from among the plurality of transport protocol connections has a separate, specified set of threshold values; and
upon determining that at least one of the specified set of threshold values has been reached, designate the network node as a security threat.
|