	US 12,323,458 B2
	Thwarting SYN flood DDoS attacks
Andrei Vesnovaty, Petah Tikva (IL); Alexander Vesker, Kiryat Bialik (IL); and Muhammad Sammar, Tamra (IL)
Assigned to Mellanox Technologies, LTD., Yokneam (IL)
Filed by MELLANOX TECHNOLOGIES, LTD., Yokneam (IL)
Filed on Jan. 12, 2024, as Appl. No. 18/412,134.
Application 18/412,134 is a continuation of application No. 17/398,708, filed on Aug. 10, 2021, granted, now 11,909,762.
Prior Publication US 2024/0154999 A1, May 9, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 7/00 (2006.01); H04L 69/326 (2022.01)

CPC H04L 63/1458 (2013.01) [H04L 7/0008 (2013.01); H04L 69/326 (2013.01)]

17 Claims

1. A system for efficiently thwarting syn flood DDOS attacks on a target server including a CPU, the system comprising:

a. network controller hardware having a steering capability; and

b. a software application to create and to configure initial steering object/s which define a steering configuration of the network controller and monitor at least one opened connection to the server, including updating the steering configuration responsive to establishment of at least one connection to the server,

wherein the network controller hardware's steering capability is used to provide a SYN cookie value used for said thwarting, and to send at least one packet, modified, to the packet's source, wherein the network controller hardware uses said steering capability for redirecting said at least one packet to a different location by modifying said at least one packet, and wherein said modifying comprises swapping said at least one packet's source and destination addresses.