Netflix, Inc.
Attack mitigation in a packet-switched network

Abstract:

The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.