Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceed the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.

Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceed the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.

Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceeds the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.

Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.

Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.

Abstract: A method includes receiving a request from a network source to create a logical socket on a logical port. The method includes accessing a structure that indicates a plurality of logical socket allocation policies to select a first of the plurality of socket allocation policies that corresponds to the logical port. Each of the plurality of logical socket allocation policies governs logical socket allocation for one or more ports, wherein logical allocation policies govern at least one of 1) the number of logical sockets that are allocated to the one or more logical ports, 2) a maximum number of logical sockets shared between a grouping of two or more logical ports, and 3) a maximum number of logical sockets. The method includes determining if the first logical socket allocation policy allows for allocation of the logical socket for the network source to communicate. The method includes allocating a logical socket.

Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.

Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.

Abstract: A method includes receiving a request from a network source to create a logical socket on a logical port. The method includes accessing a structure that indicates a plurality of logical socket allocation policies to select a first of the plurality of socket allocation policies that corresponds to the logical port. Each of the plurality of logical socket allocation policies governs logical socket allocation for one or more ports, wherein logical allocation policies govern at least one of 1) the number of logical sockets that are allocated to the one or more logical ports, 2) a maximum number of logical sockets shared between a grouping of two or more logical ports, and 3) a maximum number of logical sockets. The method includes determining if the first logical socket allocation policy allows for allocation of the logical socket for the network source to communicate. The method includes allocating a logical socket.

Abstract: Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.

Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceeds the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.

Abstract: Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.

Abstract: The present invention provides a computer implemented method, apparatus, and data processing system for associating a private part of a keystore of a user with a user authentication process in an encrypting file system. A secure shell daemon server establishes the user authentication process with a secure shell client such that the user authentication process is associated with a user and the user is authenticated. The secure shell daemon server obtains an acknowledgment from the secure shell client. The secure shell daemon server accesses a user public key of the user from the keystore of the user, responsive to receiving the acknowledgment. The secure shell daemon obtains a public secure shell cookie associated with the user from the keystore of the user. The public secure shell cookie is an access key in encrypted form. The access key is based on the user's public key to form the public secure shell cookie. The secure shell daemon server obtains the access key from the secure shell client.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.