CN101536455B - 用于在一个或多个分组网络中恶意攻击期间递送控制消息的方法和设备 - Google Patents
用于在一个或多个分组网络中恶意攻击期间递送控制消息的方法和设备 Download PDFInfo
- Publication number
- CN101536455B CN101536455B CN2007800406066A CN200780040606A CN101536455B CN 101536455 B CN101536455 B CN 101536455B CN 2007800406066 A CN2007800406066 A CN 2007800406066A CN 200780040606 A CN200780040606 A CN 200780040606A CN 101536455 B CN101536455 B CN 101536455B
- Authority
- CN
- China
- Prior art keywords
- denounce
- central filter
- message
- detector
- filter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004458 analytical method Methods 0.000 claims abstract description 8
- 230000001360 synchronised effect Effects 0.000 claims description 10
- 230000008859 change Effects 0.000 claims description 9
- 230000004044 response Effects 0.000 abstract description 15
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 230000008569 process Effects 0.000 description 17
- 230000006870 function Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000000295 complement effect Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000027455 binding Effects 0.000 description 2
- 238000009739 binding Methods 0.000 description 2
- 230000008030 elimination Effects 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 241000406668 Loxodonta cyclotis Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000000518 rheometry Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000003892 spreading Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (10)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/592,726 | 2006-11-03 | ||
US11/592,726 US8914885B2 (en) | 2006-11-03 | 2006-11-03 | Methods and apparatus for delivering control messages during a malicious attack in one or more packet networks |
PCT/US2007/022446 WO2008063344A2 (en) | 2006-11-03 | 2007-10-23 | Methods and apparatus for delivering control messages during a malicious attack in one or more packet networks |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101536455A CN101536455A (zh) | 2009-09-16 |
CN101536455B true CN101536455B (zh) | 2013-01-02 |
Family
ID=39361195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007800406066A Expired - Fee Related CN101536455B (zh) | 2006-11-03 | 2007-10-23 | 用于在一个或多个分组网络中恶意攻击期间递送控制消息的方法和设备 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8914885B2 (zh) |
EP (1) | EP2095603B1 (zh) |
JP (2) | JP2010508760A (zh) |
KR (1) | KR20090094236A (zh) |
CN (1) | CN101536455B (zh) |
WO (1) | WO2008063344A2 (zh) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2915598A1 (fr) * | 2007-04-27 | 2008-10-31 | France Telecom | Procede de filtrage de flots indesirables en provenance d'un terminal presume malveillant |
US7962564B2 (en) * | 2008-02-25 | 2011-06-14 | International Business Machines Corporation | Discovery of a virtual topology in a multi-tasking multi-processor environment |
US8065279B2 (en) * | 2008-02-25 | 2011-11-22 | International Business Machines Corporation | Performance neutral heartbeat for a multi-tasking multi-processor environment |
US8762125B2 (en) * | 2008-02-25 | 2014-06-24 | International Business Machines Corporation | Emulated multi-tasking multi-processor channels implementing standard network protocols |
US8009589B2 (en) * | 2008-02-25 | 2011-08-30 | International Business Machines Corporation | Subnet management in virtual host channel adapter topologies |
US7949721B2 (en) * | 2008-02-25 | 2011-05-24 | International Business Machines Corporation | Subnet management discovery of point-to-point network topologies |
US20090216893A1 (en) * | 2008-02-25 | 2009-08-27 | International Business Machines Corporation | Buffer discovery in a parrallel multi-tasking multi-processor environment |
JP5605237B2 (ja) * | 2010-06-30 | 2014-10-15 | 沖電気工業株式会社 | 通信制御装置及びプログラム、並びに、通信システム |
US20120268271A1 (en) * | 2011-04-19 | 2012-10-25 | Mcmullin Dale Robert | Methods and systems for detecting compatibility issues within an electrical grid control system |
US8661522B2 (en) * | 2011-07-28 | 2014-02-25 | Arbor Networks, Inc. | Method and apparatus for probabilistic matching to authenticate hosts during distributed denial of service attack |
US20130094515A1 (en) * | 2011-08-31 | 2013-04-18 | Nils Gura | Systems, apparatus, and methods for removing duplicate data packets from a traffic flow of captured data packets transmitted via a communication network |
JP2014236461A (ja) * | 2013-06-05 | 2014-12-15 | 日本電信電話株式会社 | 遮断システム、遮断サーバ、遮断方法、およびプログラム |
EP2852118B1 (en) * | 2013-09-23 | 2018-12-26 | Deutsche Telekom AG | Method for an enhanced authentication and/or an enhanced identification of a secure element located in a communication device, especially a user equipment |
US9077639B2 (en) * | 2013-11-18 | 2015-07-07 | Arbor Networks, Inc. | Managing data traffic on a cellular network |
US9686077B2 (en) * | 2014-03-06 | 2017-06-20 | Microsoft Technology Licensing, Llc | Secure hardware for cross-device trusted applications |
JP6644141B2 (ja) * | 2016-06-08 | 2020-02-12 | シャープ株式会社 | 応答装置および応答装置の制御方法、制御プログラム |
US10868828B2 (en) * | 2018-03-19 | 2020-12-15 | Fortinet, Inc. | Mitigation of NTP amplification and reflection based DDoS attacks |
CN108494800A (zh) * | 2018-04-27 | 2018-09-04 | 广州西麦科技股份有限公司 | 一种数据包安全检测及处理方法、装置、p4交换机及介质 |
CN113395247B (zh) * | 2020-03-11 | 2023-01-13 | 华为技术有限公司 | 一种防止对SRv6 HMAC校验进行重放攻击的方法和设备 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1498368A (zh) * | 2001-03-20 | 2004-05-19 | ���˹���Ѷ��� | 使用虚拟专用网络抵抗IPQoS拒绝服务攻击的系统、方法和设备 |
CN1716868A (zh) * | 2004-06-29 | 2006-01-04 | 华为技术有限公司 | 一种抵御拒绝服务攻击的方法 |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6111894A (en) * | 1997-08-26 | 2000-08-29 | International Business Machines Corporation | Hardware interface between a switch adapter and a communications subsystem in a data processing system |
US6711166B1 (en) * | 1997-12-10 | 2004-03-23 | Radvision Ltd. | System and method for packet network trunking |
US6505254B1 (en) * | 1999-04-19 | 2003-01-07 | Cisco Technology, Inc. | Methods and apparatus for routing requests in a network |
TW453072B (en) * | 1999-08-18 | 2001-09-01 | Alma Baba Technical Res Lab Co | System for montoring network for cracker attacic |
JP4020576B2 (ja) * | 2000-09-14 | 2007-12-12 | 株式会社東芝 | パケット転送方法、移動端末装置及びルータ装置 |
JP2004260789A (ja) | 2003-02-04 | 2004-09-16 | Hitachi Kokusai Electric Inc | パケット通信装置 |
JP2004247955A (ja) | 2003-02-13 | 2004-09-02 | Toshiba Solutions Corp | 通信システムおよび通信方法 |
US7543051B2 (en) * | 2003-05-30 | 2009-06-02 | Borland Software Corporation | Method of non-intrusive analysis of secure and non-secure web application traffic in real-time |
JP3784799B2 (ja) * | 2003-11-13 | 2006-06-14 | 日本電信電話株式会社 | 攻撃パケット防御システム |
JP2005159922A (ja) | 2003-11-28 | 2005-06-16 | National Institute Of Information & Communication Technology | 通信装置、通信システム及び通信方法 |
US20060056403A1 (en) * | 2004-09-13 | 2006-03-16 | Pleasant Daniel L | System and method for robust communication via a non-reliable protocol |
JP2006109152A (ja) * | 2004-10-06 | 2006-04-20 | Matsushita Electric Ind Co Ltd | ネットワーク上で通信を行う接続要求機器、応答機器、接続管理装置、及び通信システム |
CN1906905B (zh) | 2004-10-12 | 2012-08-22 | 日本电信电话株式会社 | 拒绝服务攻击防御系统、拒绝服务攻击防御方法 |
US20060185008A1 (en) * | 2005-02-11 | 2006-08-17 | Nokia Corporation | Method, apparatus and computer program product enabling negotiation of firewall features by endpoints |
US8370638B2 (en) * | 2005-02-18 | 2013-02-05 | Emc Corporation | Derivative seeds |
US20060218636A1 (en) * | 2005-03-24 | 2006-09-28 | David Chaum | Distributed communication security systems |
JP2006270894A (ja) | 2005-03-25 | 2006-10-05 | Fuji Xerox Co Ltd | ゲートウェイ装置、端末装置、通信システムおよびプログラム |
US20060248588A1 (en) * | 2005-04-28 | 2006-11-02 | Netdevices, Inc. | Defending Denial of Service Attacks in an Inter-networked Environment |
US20070033650A1 (en) | 2005-08-05 | 2007-02-08 | Grosse Eric H | Method and apparatus for defending against denial of service attacks in IP networks by target victim self-identification and control |
US7590129B2 (en) * | 2005-12-07 | 2009-09-15 | Alcatel Lucent | Complementary residential gateway management |
US20080089433A1 (en) * | 2006-10-13 | 2008-04-17 | Jun Hyok Cho | Method and apparatus for adapting to dynamic channel conditions in a multi-channel communication system |
-
2006
- 2006-11-03 US US11/592,726 patent/US8914885B2/en not_active Expired - Fee Related
-
2007
- 2007-10-23 WO PCT/US2007/022446 patent/WO2008063344A2/en active Application Filing
- 2007-10-23 JP JP2009535274A patent/JP2010508760A/ja active Pending
- 2007-10-23 CN CN2007800406066A patent/CN101536455B/zh not_active Expired - Fee Related
- 2007-10-23 EP EP07867263.1A patent/EP2095603B1/en not_active Not-in-force
- 2007-10-23 KR KR1020097009126A patent/KR20090094236A/ko active Search and Examination
-
2011
- 2011-12-22 JP JP2011280852A patent/JP2012109996A/ja active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1498368A (zh) * | 2001-03-20 | 2004-05-19 | ���˹���Ѷ��� | 使用虚拟专用网络抵抗IPQoS拒绝服务攻击的系统、方法和设备 |
CN1716868A (zh) * | 2004-06-29 | 2006-01-04 | 华为技术有限公司 | 一种抵御拒绝服务攻击的方法 |
Also Published As
Publication number | Publication date |
---|---|
JP2012109996A (ja) | 2012-06-07 |
EP2095603A2 (en) | 2009-09-02 |
US20080109891A1 (en) | 2008-05-08 |
JP2010508760A (ja) | 2010-03-18 |
CN101536455A (zh) | 2009-09-16 |
WO2008063344A3 (en) | 2009-01-15 |
KR20090094236A (ko) | 2009-09-04 |
WO2008063344A2 (en) | 2008-05-29 |
US8914885B2 (en) | 2014-12-16 |
EP2095603B1 (en) | 2016-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101536455B (zh) | 用于在一个或多个分组网络中恶意攻击期间递送控制消息的方法和设备 | |
US9438592B1 (en) | System and method for providing unified transport and security protocols | |
US6865673B1 (en) | Method for secure installation of device in packet based communication network | |
US7171493B2 (en) | Camouflage of network traffic to resist attack | |
US9344418B2 (en) | Systems and methods for inhibiting attacks with a network | |
CN100452799C (zh) | IPv6子网内基于签名认证的防止源地址伪造的方法 | |
CN103701700B (zh) | 一种通信网络中的节点发现方法及系统 | |
WO2013055091A1 (ko) | Tcp통신을 이용한 정보 저장방법 및 시스템 | |
US8032746B2 (en) | Tamper-resistant communication layer for attack mitigation and reliable intrusion detection | |
Choo et al. | Robustness of DTN against routing attacks | |
CN109067797B (zh) | 一种网络安全防御方法 | |
KR100563611B1 (ko) | 안전한 패킷 무선통신망 | |
KR101263381B1 (ko) | TCP/IP네트워크에서의 서비스 거부 공격(DoS) 방어 방법 및 방어 장치 | |
CN108989316B (zh) | 一种适用于专用网络的端口跳变通信方法及系统 | |
CN108566379B (zh) | P2p网络下基于协议字段冗余的隐蔽数据传输同步方法 | |
Pansa et al. | Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol | |
JPH11289328A (ja) | 認証管理装置 | |
KR102184757B1 (ko) | 네트워크 은닉 시스템 및 방법 | |
JP4866150B2 (ja) | Ftp通信システム、ftp通信プログラム、ftpクライアント装置及びftpサーバ装置 | |
Ma et al. | Protecting satellite systems from disassociation DoS attacks | |
Bistarelli et al. | A TCP-based Covert Channel with Integrity Check and Retransmission | |
JP2003283548A (ja) | パケット処理方法および通信装置 | |
KR101143368B1 (ko) | 분산형 DDos 방어 시스템 및 이를 이용한 방어 방법 | |
Simpson | Photuris: Design Criteria | |
KR20060099723A (ko) | 데이터를 암호화한 커넥션 체인형태의 공격자를 추적하기위한 네트워크 보안 시스템 및 그 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: ALCATEL-LUCENT Free format text: FORMER OWNER: ALCATEL-LUCENT AMERICA CO., LTD. Effective date: 20120130 |
|
C41 | Transfer of patent application or patent right or utility model | ||
C53 | Correction of patent of invention or patent application | ||
CB02 | Change of applicant information |
Address after: New jersey, USA Applicant after: ALCATEL-LUCENT USA Inc. Address before: New jersey, USA Applicant before: Lucent Technologies Inc. |
|
COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: LUCENT TECHNOLOGIES INC. TO: ALCATEL-LUCENT AMERICA CO., LTD. |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20120130 Address after: Paris France Applicant after: ALCATEL LUCENT Address before: New jersey, USA Applicant before: ALCATEL-LUCENT USA Inc. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130102 Termination date: 20191023 |