Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Prevention Of Network Overload By Autonomous Network Monitoring

IP.com Disclosure Number: IPCOM000024436D
Original Publication Date: 2004-Apr-02
Included in the Prior Art Database: 2004-Apr-02
Document File: 1 page(s) / 41K

Publishing Venue

IBM

Abstract

This article describes a method of autonomically managing network load to prevent a network being overloaded during a denial of service attack. The method is applicable in scenarios where malicious software has entered a corporate network and is installed on multiple machines generating spam messages.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Prevention Of Network Overload By Autonomous Network Monitoring

Network overload occurs at critical times including:
1. A malicious software attack is underway - e.g. a Worm attack.
2. A major application fault has resulted in a maelstrom - e.g. misconfiguration of automatic message forwarding software.
3. A significant business event is taking place leading to a legitimate increase in network traffic - e.g. launch of a new product or service.
4. Users experiencing problems with network access generating a large number of additional requests - e.g. repeatedly pressing "Send & Receive Mail".

    In such cases it is vital that network traffic can be reduced to ensure that the network remains operational for the critical services. In the case of malicious software attacks the loss of the network often prevents the dissemination of information and fixes required to stop the attack.

    This invention comprises a proxy deployed on all machines connected to the network. The proxy monitors the load on the network and regulates the traffic generated by the host machine to ensure that it's maximum contribution to network load remains within a pre-defined limit.

    The invention is installed as a proxy that is running whenever the machine is connected to the network and intercepts all requests for a network connection.

    The proxy monitors the performance of the network by pinging a series of machines around the network at regular intervals. Based on the response times from the pings the proxy determines the overall performance of the network.

    The proxy is configured with a priority code that indicates the im...