A way of reducing the impact of denial of service attacks is presented. For each
connection request received by a server, the server attempts to establish a connection
to accommodate the corresponding request. For each connection request that the
server cannot currently handle, the connection request is placed in a backlog queue
for future handling. If one or more of the backlog queues have entries, connection
sockets that have connections but no received request data are identified and disconnected.
Such connection sockets would be highly suspect of being generated as a result
of denial of service attacks. Upon disconnection, resources are freed for legitimate
requests thereby improving server performance even during denial of service attacks.
