AU2001287221A1 - System and process for defending against denial of service attacks on network nodes - Google Patents
System and process for defending against denial of service attacks on network nodesInfo
- Publication number
- AU2001287221A1 AU2001287221A1 AU2001287221A AU8722101A AU2001287221A1 AU 2001287221 A1 AU2001287221 A1 AU 2001287221A1 AU 2001287221 A AU2001287221 A AU 2001287221A AU 8722101 A AU8722101 A AU 8722101A AU 2001287221 A1 AU2001287221 A1 AU 2001287221A1
- Authority
- AU
- Australia
- Prior art keywords
- switch
- server
- malicious
- network nodes
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/351—Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/35—Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention is a network switch that maintains a relatively lightly loaded state, and at the same time protects the network servers from DOS and DDOS attacks. The switch maintains a very large table of IP addresses where it stores information such as the number of incompleted and completed connections from each address. Using this information, the switch classifies each address into a threat level: unknown, trusted, suspicious, and malicious. Each threat level is treated differently allowing the switch to provide efficient access to the server while maintaining security. Connection to the server is denied to clients classified as malicious while trusted clients are passed through to the server. Suspicious connections are proxied while unknown connection treatment may be set by the user.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US65304500A | 2000-09-01 | 2000-09-01 | |
US09653045 | 2000-09-01 | ||
PCT/US2001/041961 WO2002019661A2 (en) | 2000-09-01 | 2001-08-30 | System and process for defending against denial of service attacks on network nodes |
Publications (1)
Publication Number | Publication Date |
---|---|
AU2001287221A1 true AU2001287221A1 (en) | 2002-03-13 |
Family
ID=24619280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2001287221A Abandoned AU2001287221A1 (en) | 2000-09-01 | 2001-08-30 | System and process for defending against denial of service attacks on network nodes |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1319296B1 (en) |
JP (1) | JP2004507978A (en) |
AT (1) | ATE360319T1 (en) |
AU (1) | AU2001287221A1 (en) |
DE (1) | DE60127978T2 (en) |
WO (1) | WO2002019661A2 (en) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7073198B1 (en) | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
US6957348B1 (en) | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
US7032023B1 (en) | 2000-05-16 | 2006-04-18 | America Online, Inc. | Throttling electronic communications from one or more senders |
US7711790B1 (en) | 2000-08-24 | 2010-05-04 | Foundry Networks, Inc. | Securing an accessible computer system |
US7725587B1 (en) | 2000-08-24 | 2010-05-25 | Aol Llc | Deep packet scan hacker identification |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US9280667B1 (en) | 2000-08-25 | 2016-03-08 | Tripwire, Inc. | Persistent host determination |
JP3986871B2 (en) * | 2002-04-17 | 2007-10-03 | 株式会社エヌ・ティ・ティ・データ | Anti-profiling device and anti-profiling program |
JP3794491B2 (en) | 2002-08-20 | 2006-07-05 | 日本電気株式会社 | Attack defense system and attack defense method |
ATE540505T1 (en) * | 2002-08-26 | 2012-01-15 | Ibm | DETERMINING THE LEVEL OF THREAT ASSOCIATED WITH A NETWORK ACTIVITY |
KR100481614B1 (en) | 2002-11-19 | 2005-04-08 | 한국전자통신연구원 | METHOD AND APPARATUS FOR PROTECTING LEGITIMATE TRAFFIC FROM DoS AND DDoS ATTACKS |
US7269850B2 (en) * | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
US20040153665A1 (en) * | 2003-02-03 | 2004-08-05 | Logan Browne | Wireless network control and protection system |
GB2411799A (en) * | 2004-03-02 | 2005-09-07 | Vistorm Ltd | Virus checking devices in a test network before permitting access to a main network |
US7363513B2 (en) * | 2004-04-15 | 2008-04-22 | International Business Machines Corporation | Server denial of service shield |
US20080289004A1 (en) * | 2004-06-04 | 2008-11-20 | International Business Machines Corporation | Method and Module for Protecting Against Attacks in a High-Speed Network |
CN1968147B (en) * | 2006-11-27 | 2010-04-14 | 华为技术有限公司 | Service processing method, network device, and service processing system |
US7804774B2 (en) | 2006-12-01 | 2010-09-28 | Sonus Networks, Inc. | Scalable filtering and policing mechanism for protecting user traffic in a network |
US7940657B2 (en) * | 2006-12-01 | 2011-05-10 | Sonus Networks, Inc. | Identifying attackers on a network |
US7672336B2 (en) | 2006-12-01 | 2010-03-02 | Sonus Networks, Inc. | Filtering and policing for defending against denial of service attacks on a network |
KR101143497B1 (en) | 2010-10-26 | 2012-05-09 | 시큐아이닷컴 주식회사 | Defense module against sip flooding attacks for voip message communication proxy server and its method |
KR101144819B1 (en) | 2010-11-23 | 2012-05-11 | 한국과학기술정보연구원 | Apparatus and method for detection and protection of distributed denial of service attack |
US9137325B2 (en) * | 2011-02-11 | 2015-09-15 | Microsoft Technology Licensing, Llc | Efficiently isolating malicious data requests |
FI126032B (en) | 2013-03-07 | 2016-05-31 | Airo Finland Oy | Detection of a threat in a telecommunications network |
US10877951B2 (en) | 2014-01-22 | 2020-12-29 | International Business Machines Corporation | Network control software notification and invalidation of static entries |
US10419267B2 (en) | 2014-01-22 | 2019-09-17 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Network control software notification with advance learning |
US20150256431A1 (en) * | 2014-03-07 | 2015-09-10 | Cisco Technology, Inc. | Selective flow inspection based on endpoint behavior and random sampling |
RU2649290C1 (en) | 2017-04-28 | 2018-03-30 | Акционерное общество "Лаборатория Касперского" | SYSTEM AND METHOD OF TRAFFIC FILTRATION AT DDoS-ATTACK DETECTION |
DE102017219770B4 (en) | 2017-11-07 | 2019-06-19 | Continental Automotive Gmbh | Method for operating an Ethernet communication device and Ethernet communication device |
CN109347889B (en) * | 2018-12-24 | 2021-05-18 | 沈阳航空航天大学 | Hybrid DDoS attack detection method for software defined network |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5958053A (en) * | 1997-01-30 | 1999-09-28 | At&T Corp. | Communications protocol with improved security |
JP2002507025A (en) * | 1998-03-09 | 2002-03-05 | ニュートン,ファレル | Internet, intranet and other network communication protection system using entrance and exit keys |
US6738814B1 (en) * | 1998-03-18 | 2004-05-18 | Cisco Technology, Inc. | Method for blocking denial of service and address spoofing attacks on a private network |
JP2001057554A (en) * | 1999-08-17 | 2001-02-27 | Yoshimi Baba | Cracker monitor system |
-
2001
- 2001-08-30 AU AU2001287221A patent/AU2001287221A1/en not_active Abandoned
- 2001-08-30 EP EP01966736A patent/EP1319296B1/en not_active Expired - Lifetime
- 2001-08-30 JP JP2002523830A patent/JP2004507978A/en active Pending
- 2001-08-30 AT AT01966736T patent/ATE360319T1/en not_active IP Right Cessation
- 2001-08-30 DE DE60127978T patent/DE60127978T2/en not_active Expired - Lifetime
- 2001-08-30 WO PCT/US2001/041961 patent/WO2002019661A2/en active IP Right Grant
Also Published As
Publication number | Publication date |
---|---|
ATE360319T1 (en) | 2007-05-15 |
WO2002019661A3 (en) | 2002-04-18 |
DE60127978D1 (en) | 2007-05-31 |
WO2002019661A2 (en) | 2002-03-07 |
EP1319296A2 (en) | 2003-06-18 |
JP2004507978A (en) | 2004-03-11 |
DE60127978T2 (en) | 2008-01-17 |
EP1319296B1 (en) | 2007-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2001287221A1 (en) | System and process for defending against denial of service attacks on network nodes | |
Anagnostopoulos et al. | DNS amplification attack revisited | |
De Donno et al. | Analysis of DDoS-capable IoT malwares | |
Wang et al. | Honeypot detection in advanced botnet attacks | |
US7506360B1 (en) | Tracking communication for determining device states | |
Luo et al. | RPAH: Random port and address hopping for thwarting internal and external adversaries | |
ATE284557T1 (en) | DETERRENT SYSTEM AGAINST INTERCEPTION AND ABUSE | |
CN101621428B (en) | Botnet detection method, botnet detection system and related equipment | |
Thing et al. | A survey of bots used for distributed denial of service attacks | |
Schneider | The state of network security | |
Krylov et al. | DDoS attack and interception resistance IP fast hopping based protocol | |
Rajendran | DNS amplification & DNS tunneling attacks simulation, detection and mitigation approaches | |
Lukaseder et al. | An sdn-based approach for defending against reflective ddos attacks | |
Dissanayake | DNS cache poisoning: A review on its technique and countermeasures | |
Singh et al. | Analysis of Botnet behavior using Queuing theory | |
Krylov et al. | IP fast hopping protocol design | |
Salehi et al. | Increasing overall network security by integrating signature-based NIDS with packet filtering firewall | |
Krylov et al. | SDI defense against DDoS attacks based on IP Fast Hopping method | |
Rajkumar et al. | Evolution for a secured path using NexGen firewalls | |
MXPA04001360A (en) | Method, data carrier, computer system and computer programme for the identification and defence of attacks on server systems of network service providers and operators. | |
Najjar et al. | IPv6 change threats behavior | |
Leu et al. | Intrusion detection with CUSUM for TCP-based DDoS | |
Rodriguez et al. | FLF4DoS. Dynamic DDoS Mitigation based on TTL field using fuzzy logic. | |
Loui et al. | Virtualized dynamic port assignment and windowed whitelisting for securing infrastructure servers | |
Francois et al. | Tracking global wide configuration errors |