AU2001287221A1 - System and process for defending against denial of service attacks on network nodes - Google Patents

System and process for defending against denial of service attacks on network nodes

Info

Publication number
AU2001287221A1
AU2001287221A1 AU2001287221A AU8722101A AU2001287221A1 AU 2001287221 A1 AU2001287221 A1 AU 2001287221A1 AU 2001287221 A AU2001287221 A AU 2001287221A AU 8722101 A AU8722101 A AU 8722101A AU 2001287221 A1 AU2001287221 A1 AU 2001287221A1
Authority
AU
Australia
Prior art keywords
switch
server
malicious
network nodes
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2001287221A
Inventor
Krishna Narayanaswamy
Michael D. Paquette
Theodore L. Ross
Barry A. Spinney
Christopher L. Wright
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Top Layer Networks Inc
Original Assignee
Top Layer Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Top Layer Networks Inc filed Critical Top Layer Networks Inc
Publication of AU2001287221A1 publication Critical patent/AU2001287221A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention is a network switch that maintains a relatively lightly loaded state, and at the same time protects the network servers from DOS and DDOS attacks. The switch maintains a very large table of IP addresses where it stores information such as the number of incompleted and completed connections from each address. Using this information, the switch classifies each address into a threat level: unknown, trusted, suspicious, and malicious. Each threat level is treated differently allowing the switch to provide efficient access to the server while maintaining security. Connection to the server is denied to clients classified as malicious while trusted clients are passed through to the server. Suspicious connections are proxied while unknown connection treatment may be set by the user.
AU2001287221A 2000-09-01 2001-08-30 System and process for defending against denial of service attacks on network nodes Abandoned AU2001287221A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US65304500A 2000-09-01 2000-09-01
US09653045 2000-09-01
PCT/US2001/041961 WO2002019661A2 (en) 2000-09-01 2001-08-30 System and process for defending against denial of service attacks on network nodes

Publications (1)

Publication Number Publication Date
AU2001287221A1 true AU2001287221A1 (en) 2002-03-13

Family

ID=24619280

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2001287221A Abandoned AU2001287221A1 (en) 2000-09-01 2001-08-30 System and process for defending against denial of service attacks on network nodes

Country Status (6)

Country Link
EP (1) EP1319296B1 (en)
JP (1) JP2004507978A (en)
AT (1) ATE360319T1 (en)
AU (1) AU2001287221A1 (en)
DE (1) DE60127978T2 (en)
WO (1) WO2002019661A2 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073198B1 (en) 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US6957348B1 (en) 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US7032023B1 (en) 2000-05-16 2006-04-18 America Online, Inc. Throttling electronic communications from one or more senders
US7711790B1 (en) 2000-08-24 2010-05-04 Foundry Networks, Inc. Securing an accessible computer system
US7725587B1 (en) 2000-08-24 2010-05-25 Aol Llc Deep packet scan hacker identification
US7181769B1 (en) 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US9280667B1 (en) 2000-08-25 2016-03-08 Tripwire, Inc. Persistent host determination
JP3986871B2 (en) * 2002-04-17 2007-10-03 株式会社エヌ・ティ・ティ・データ Anti-profiling device and anti-profiling program
JP3794491B2 (en) 2002-08-20 2006-07-05 日本電気株式会社 Attack defense system and attack defense method
ATE540505T1 (en) * 2002-08-26 2012-01-15 Ibm DETERMINING THE LEVEL OF THREAT ASSOCIATED WITH A NETWORK ACTIVITY
KR100481614B1 (en) 2002-11-19 2005-04-08 한국전자통신연구원 METHOD AND APPARATUS FOR PROTECTING LEGITIMATE TRAFFIC FROM DoS AND DDoS ATTACKS
US7269850B2 (en) * 2002-12-31 2007-09-11 Intel Corporation Systems and methods for detecting and tracing denial of service attacks
US20040153665A1 (en) * 2003-02-03 2004-08-05 Logan Browne Wireless network control and protection system
GB2411799A (en) * 2004-03-02 2005-09-07 Vistorm Ltd Virus checking devices in a test network before permitting access to a main network
US7363513B2 (en) * 2004-04-15 2008-04-22 International Business Machines Corporation Server denial of service shield
US20080289004A1 (en) * 2004-06-04 2008-11-20 International Business Machines Corporation Method and Module for Protecting Against Attacks in a High-Speed Network
CN1968147B (en) * 2006-11-27 2010-04-14 华为技术有限公司 Service processing method, network device, and service processing system
US7804774B2 (en) 2006-12-01 2010-09-28 Sonus Networks, Inc. Scalable filtering and policing mechanism for protecting user traffic in a network
US7940657B2 (en) * 2006-12-01 2011-05-10 Sonus Networks, Inc. Identifying attackers on a network
US7672336B2 (en) 2006-12-01 2010-03-02 Sonus Networks, Inc. Filtering and policing for defending against denial of service attacks on a network
KR101143497B1 (en) 2010-10-26 2012-05-09 시큐아이닷컴 주식회사 Defense module against sip flooding attacks for voip message communication proxy server and its method
KR101144819B1 (en) 2010-11-23 2012-05-11 한국과학기술정보연구원 Apparatus and method for detection and protection of distributed denial of service attack
US9137325B2 (en) * 2011-02-11 2015-09-15 Microsoft Technology Licensing, Llc Efficiently isolating malicious data requests
FI126032B (en) 2013-03-07 2016-05-31 Airo Finland Oy Detection of a threat in a telecommunications network
US10877951B2 (en) 2014-01-22 2020-12-29 International Business Machines Corporation Network control software notification and invalidation of static entries
US10419267B2 (en) 2014-01-22 2019-09-17 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Network control software notification with advance learning
US20150256431A1 (en) * 2014-03-07 2015-09-10 Cisco Technology, Inc. Selective flow inspection based on endpoint behavior and random sampling
RU2649290C1 (en) 2017-04-28 2018-03-30 Акционерное общество "Лаборатория Касперского" SYSTEM AND METHOD OF TRAFFIC FILTRATION AT DDoS-ATTACK DETECTION
DE102017219770B4 (en) 2017-11-07 2019-06-19 Continental Automotive Gmbh Method for operating an Ethernet communication device and Ethernet communication device
CN109347889B (en) * 2018-12-24 2021-05-18 沈阳航空航天大学 Hybrid DDoS attack detection method for software defined network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958053A (en) * 1997-01-30 1999-09-28 At&T Corp. Communications protocol with improved security
JP2002507025A (en) * 1998-03-09 2002-03-05 ニュートン,ファレル Internet, intranet and other network communication protection system using entrance and exit keys
US6738814B1 (en) * 1998-03-18 2004-05-18 Cisco Technology, Inc. Method for blocking denial of service and address spoofing attacks on a private network
JP2001057554A (en) * 1999-08-17 2001-02-27 Yoshimi Baba Cracker monitor system

Also Published As

Publication number Publication date
ATE360319T1 (en) 2007-05-15
WO2002019661A3 (en) 2002-04-18
DE60127978D1 (en) 2007-05-31
WO2002019661A2 (en) 2002-03-07
EP1319296A2 (en) 2003-06-18
JP2004507978A (en) 2004-03-11
DE60127978T2 (en) 2008-01-17
EP1319296B1 (en) 2007-04-18

Similar Documents

Publication Publication Date Title
AU2001287221A1 (en) System and process for defending against denial of service attacks on network nodes
Anagnostopoulos et al. DNS amplification attack revisited
De Donno et al. Analysis of DDoS-capable IoT malwares
Wang et al. Honeypot detection in advanced botnet attacks
US7506360B1 (en) Tracking communication for determining device states
Luo et al. RPAH: Random port and address hopping for thwarting internal and external adversaries
ATE284557T1 (en) DETERRENT SYSTEM AGAINST INTERCEPTION AND ABUSE
CN101621428B (en) Botnet detection method, botnet detection system and related equipment
Thing et al. A survey of bots used for distributed denial of service attacks
Schneider The state of network security
Krylov et al. DDoS attack and interception resistance IP fast hopping based protocol
Rajendran DNS amplification & DNS tunneling attacks simulation, detection and mitigation approaches
Lukaseder et al. An sdn-based approach for defending against reflective ddos attacks
Dissanayake DNS cache poisoning: A review on its technique and countermeasures
Singh et al. Analysis of Botnet behavior using Queuing theory
Krylov et al. IP fast hopping protocol design
Salehi et al. Increasing overall network security by integrating signature-based NIDS with packet filtering firewall
Krylov et al. SDI defense against DDoS attacks based on IP Fast Hopping method
Rajkumar et al. Evolution for a secured path using NexGen firewalls
MXPA04001360A (en) Method, data carrier, computer system and computer programme for the identification and defence of attacks on server systems of network service providers and operators.
Najjar et al. IPv6 change threats behavior
Leu et al. Intrusion detection with CUSUM for TCP-based DDoS
Rodriguez et al. FLF4DoS. Dynamic DDoS Mitigation based on TTL field using fuzzy logic.
Loui et al. Virtualized dynamic port assignment and windowed whitelisting for securing infrastructure servers
Francois et al. Tracking global wide configuration errors