A method of, system for, and product for managing a denial of service
attack in a multiprocessor environment comprising. The first step is
establishing normal traffic usage baselines in the multiprocessor
environment. Once the baseline is established the next step is monitoring
outgoing traffic to detect a high proportion of packets being sent to a
specific destination address, and a high number of outbound packets
compared to said baseline. Next is monitoring ports and protocols to
detect a high proportion of packets sent to a specific port, and a
consistent use of a protocol for all packets for that port. If there is
such consistent use of a protocol for all packets for that port as to
evidence a denial of service attack, blocking measures are started to
mitigate the apparent denial of service attack.