First, and not to toot my own horn, I recently sold a US Provisional Patent APPLICATION for some pretty decent money -- So, to those naysayers out there: It CAN be done.
True, I probably sold too cheap, but my time and energies ended up being too diluted with other projects. Oh well. The return was plenty fine. (Though I definitely would not recommend this as a career choice!)
Second - How does something this lame ever get a patent???!! See US Patent # 7,992,192 (Search it at USPTO.gov)
Here's the abstract: "Alerting as to Denial of Service Attacks" Note the Assignee is none other than eBay. !!
"A method and a system, wherein the system comprises a first server operatively coupled to a router, to receive a copy of network traffic processed by the router, a database operatively coupled to the first server, wherein the server records parsed network traffic information onto the database, and a device operatively coupled to the first server to receive alerts regarding possible denial-of-service attacks, the alerts based upon network traffic falling outside a standard deviation range. A method that comprises receiving a data packet from a network, parsing the data packet, storing data in the fields of the data packet into a database, comparing observed data set values with a historical data set values, sending an alert to a device based upon network traffic falling outside a standard deviation range, and updating the historical data set values by averaging the observed data set values with an old historical data set values."
So in other words, a computer compares current to historical traffic and alerts when traffic falls outside a predetermined standard deviation range. Unbelievable!
-mpm