ATE360319T1 - System und verfahren zur verteidigung gegen denial-of-service angriffe auf die netzwerkknoten - Google Patents

System und verfahren zur verteidigung gegen denial-of-service angriffe auf die netzwerkknoten

Info

Publication number
ATE360319T1
ATE360319T1 AT01966736T AT01966736T ATE360319T1 AT E360319 T1 ATE360319 T1 AT E360319T1 AT 01966736 T AT01966736 T AT 01966736T AT 01966736 T AT01966736 T AT 01966736T AT E360319 T1 ATE360319 T1 AT E360319T1
Authority
AT
Austria
Prior art keywords
switch
server
malicious
network nodes
address
Prior art date
Application number
AT01966736T
Other languages
English (en)
Inventor
Krishna Narayanaswamy
Barry A Spinney
Theodore L Ross
Michael D Paquette
Christopher L Wright
Original Assignee
Top Layer Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Top Layer Networks Inc filed Critical Top Layer Networks Inc
Application granted granted Critical
Publication of ATE360319T1 publication Critical patent/ATE360319T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
AT01966736T 2000-09-01 2001-08-30 System und verfahren zur verteidigung gegen denial-of-service angriffe auf die netzwerkknoten ATE360319T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US65304500A 2000-09-01 2000-09-01

Publications (1)

Publication Number Publication Date
ATE360319T1 true ATE360319T1 (de) 2007-05-15

Family

ID=24619280

Family Applications (1)

Application Number Title Priority Date Filing Date
AT01966736T ATE360319T1 (de) 2000-09-01 2001-08-30 System und verfahren zur verteidigung gegen denial-of-service angriffe auf die netzwerkknoten

Country Status (6)

Country Link
EP (1) EP1319296B1 (de)
JP (1) JP2004507978A (de)
AT (1) ATE360319T1 (de)
AU (1) AU2001287221A1 (de)
DE (1) DE60127978T2 (de)
WO (1) WO2002019661A2 (de)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073198B1 (en) 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US6957348B1 (en) * 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
US7032023B1 (en) 2000-05-16 2006-04-18 America Online, Inc. Throttling electronic communications from one or more senders
US7725587B1 (en) 2000-08-24 2010-05-25 Aol Llc Deep packet scan hacker identification
US7711790B1 (en) 2000-08-24 2010-05-04 Foundry Networks, Inc. Securing an accessible computer system
US7181769B1 (en) 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US9280667B1 (en) 2000-08-25 2016-03-08 Tripwire, Inc. Persistent host determination
JP3986871B2 (ja) * 2002-04-17 2007-10-03 株式会社エヌ・ティ・ティ・データ アンチプロファイリング装置およびアンチプロファイリングプログラム
JP3794491B2 (ja) 2002-08-20 2006-07-05 日本電気株式会社 攻撃防御システムおよび攻撃防御方法
CA2496779C (en) 2002-08-26 2011-02-15 Guardednet, Inc. Determining threat level associated with network activity
KR100481614B1 (ko) 2002-11-19 2005-04-08 한국전자통신연구원 서비스 거부와 분산 서비스 거부 공격으로부터 정상트래픽을 보호하는 방법 및 그 장치
US7269850B2 (en) * 2002-12-31 2007-09-11 Intel Corporation Systems and methods for detecting and tracing denial of service attacks
US20040153665A1 (en) * 2003-02-03 2004-08-05 Logan Browne Wireless network control and protection system
GB2411799A (en) * 2004-03-02 2005-09-07 Vistorm Ltd Virus checking devices in a test network before permitting access to a main network
US7363513B2 (en) * 2004-04-15 2008-04-22 International Business Machines Corporation Server denial of service shield
EP1658713A1 (de) * 2004-06-04 2006-05-24 International Business Machines Corporation Verfahren zum schutz vor angriffen in einem schnellen netzwerk
CN1968147B (zh) * 2006-11-27 2010-04-14 华为技术有限公司 业务处理方法、网络设备及业务处理系统
US7672336B2 (en) 2006-12-01 2010-03-02 Sonus Networks, Inc. Filtering and policing for defending against denial of service attacks on a network
US7804774B2 (en) 2006-12-01 2010-09-28 Sonus Networks, Inc. Scalable filtering and policing mechanism for protecting user traffic in a network
US7940657B2 (en) * 2006-12-01 2011-05-10 Sonus Networks, Inc. Identifying attackers on a network
KR101143497B1 (ko) 2010-10-26 2012-05-09 시큐아이닷컴 주식회사 인터넷 메시지 교환용 프록시 서버를 위한 공격 방어 장치 및 방법
KR101144819B1 (ko) 2010-11-23 2012-05-11 한국과학기술정보연구원 분산서비스거부 공격 탐지 및 방어 장치 및 그 방법
US9137325B2 (en) * 2011-02-11 2015-09-15 Microsoft Technology Licensing, Llc Efficiently isolating malicious data requests
FI126032B (en) 2013-03-07 2016-05-31 Airo Finland Oy Detection of a threat in a telecommunications network
US10419267B2 (en) 2014-01-22 2019-09-17 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Network control software notification with advance learning
US10877951B2 (en) 2014-01-22 2020-12-29 International Business Machines Corporation Network control software notification and invalidation of static entries
US20150256431A1 (en) * 2014-03-07 2015-09-10 Cisco Technology, Inc. Selective flow inspection based on endpoint behavior and random sampling
RU2649290C1 (ru) 2017-04-28 2018-03-30 Акционерное общество "Лаборатория Касперского" Система и способ фильтрации трафика при обнаружении DDoS-атаки
DE102017219770B4 (de) 2017-11-07 2019-06-19 Continental Automotive Gmbh Verfahren zum Betreiben einer Ethernet-Kommunikationseinrichtung und Ethernet-Kommunikationseinrichtung
CN109347889B (zh) * 2018-12-24 2021-05-18 沈阳航空航天大学 一种针对软件定义网络的混合型DDoS攻击检测的方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958053A (en) * 1997-01-30 1999-09-28 At&T Corp. Communications protocol with improved security
AU7797198A (en) * 1998-03-09 1999-09-27 Farrell Newton Internet, intranet and other network communication security systems utilizing entrance and exit keys
US6738814B1 (en) * 1998-03-18 2004-05-18 Cisco Technology, Inc. Method for blocking denial of service and address spoofing attacks on a private network
JP2001057554A (ja) * 1999-08-17 2001-02-27 Yoshimi Baba クラッカー監視システム

Also Published As

Publication number Publication date
EP1319296B1 (de) 2007-04-18
EP1319296A2 (de) 2003-06-18
DE60127978T2 (de) 2008-01-17
DE60127978D1 (de) 2007-05-31
AU2001287221A1 (en) 2002-03-13
JP2004507978A (ja) 2004-03-11
WO2002019661A3 (en) 2002-04-18
WO2002019661A2 (en) 2002-03-07

Similar Documents

Publication Publication Date Title
ATE360319T1 (de) System und verfahren zur verteidigung gegen denial-of-service angriffe auf die netzwerkknoten
Anagnostopoulos et al. DNS amplification attack revisited
US9667589B2 (en) Logical / physical address state lifecycle management
ATE284557T1 (de) Abschreckungssystem gegen aufschaltung und missbrauch
ATE548841T1 (de) Netzwerkbasiertes sicherheitssystem
Thing et al. A survey of bots used for distributed denial of service attacks
Arukonda et al. The innocent perpetrators: reflectors and reflection attacks
Dissanayake DNS cache poisoning: A review on its technique and countermeasures
CN105516073A (zh) 网络入侵防御方法
CN112688900A (zh) 一种防御arp欺骗和网络扫描的局域网安全防护系统及方法
Goutam The problem of attribution in cyber security
CN116471121A (zh) 安全防御方法、网关代理设备及存储介质
Vasilomanolakis et al. Did you really hack a nuclear power plant? An industrial control mobile honeypot
Krylov et al. IP fast hopping protocol design
MXPA04001360A (es) Procedimiento, portadores de datos, sistemas de ordenadores y programas de ordenadores para el reconocimiento de ataques de virus a sistemas de servidores de redes a sus usuarios.
Rajkumar et al. Evolution for a secured path using NexGen firewalls
Zhou et al. Protecting SIP server from CPU-based DoS attacks using history-based IP filtering
Marrison DNS as an attack vector–and how businesses can keep it secure
Liu Surviving distributed denial-of-service attacks
Leu et al. Intrusion detection with CUSUM for TCP-based DDoS
Rahman Mitigating information disclosure attacks in the cloud by blocking invalid user and figure out problems to solve ddos by analyzing stackoverflow questions
Li et al. Modeling and analyzing the spread of active worms based on P2P systems
Kuppusamy et al. An effective prevention of attacks using gI time frequency algorithm under dDoS
Rodrigues et al. Design and implementation of a low-cost low interaction IDS/IPS system using virtual honeypot approach
Yan Denial of service: Another example

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties