WO2002021771A1 - Device to protect victim sites during denial of service attacks - Google Patents
Device to protect victim sites during denial of service attacks Download PDFInfo
- Publication number
- WO2002021771A1 WO2002021771A1 PCT/US2001/027413 US0127413W WO0221771A1 WO 2002021771 A1 WO2002021771 A1 WO 2002021771A1 US 0127413 W US0127413 W US 0127413W WO 0221771 A1 WO0221771 A1 WO 0221771A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packets
- gateway
- traffic
- network
- tcp
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001290612A AU2001290612A1 (en) | 2000-09-07 | 2001-09-04 | Device to protect victim sites during denial of service attacks |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US23075900P | 2000-09-07 | 2000-09-07 | |
US60/230,759 | 2000-09-07 | ||
US09/931,344 US7836498B2 (en) | 2000-09-07 | 2001-08-16 | Device to protect victim sites during denial of service attacks |
US09/931,344 | 2001-08-16 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002021771A1 true WO2002021771A1 (en) | 2002-03-14 |
Family
ID=26924532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/027413 WO2002021771A1 (en) | 2000-09-07 | 2001-09-04 | Device to protect victim sites during denial of service attacks |
Country Status (3)
Country | Link |
---|---|
US (1) | US7836498B2 (US20020031134A1-20020314-P00041.png) |
AU (1) | AU2001290612A1 (US20020031134A1-20020314-P00041.png) |
WO (1) | WO2002021771A1 (US20020031134A1-20020314-P00041.png) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006103337A1 (fr) * | 2005-03-31 | 2006-10-05 | France Telecom | Procede de controle d’une table de flots adaptative et de detection d’une attaque par inondation d’un reseau de transmission de donnees par paquets a large bande et equipement d’analyse correspondant |
EP2293513A1 (en) * | 2009-09-03 | 2011-03-09 | Juniper Networks, Inc. | Protecting Against Distributed Network Flood Attacks |
US8914878B2 (en) | 2009-04-29 | 2014-12-16 | Juniper Networks, Inc. | Detecting malicious network software agents |
Families Citing this family (60)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7702806B2 (en) * | 2000-09-07 | 2010-04-20 | Riverbed Technology, Inc. | Statistics collection for network traffic |
US7278159B2 (en) * | 2000-09-07 | 2007-10-02 | Mazu Networks, Inc. | Coordinated thwarting of denial of service attacks |
US7124440B2 (en) * | 2000-09-07 | 2006-10-17 | Mazu Networks, Inc. | Monitoring network traffic denial of service attacks |
US7743134B2 (en) * | 2000-09-07 | 2010-06-22 | Riverbed Technology, Inc. | Thwarting source address spoofing-based denial of service attacks |
US7043759B2 (en) * | 2000-09-07 | 2006-05-09 | Mazu Networks, Inc. | Architecture to thwart denial of service attacks |
US7398317B2 (en) * | 2000-09-07 | 2008-07-08 | Mazu Networks, Inc. | Thwarting connection-based denial of service attacks |
US7251692B1 (en) * | 2000-09-28 | 2007-07-31 | Lucent Technologies Inc. | Process to thwart denial of service attacks on the internet |
EP1401160A4 (en) * | 2001-04-27 | 2008-07-30 | Ntt Data Corp | PACKAGE TRACKING SYSTEM |
US6993790B2 (en) * | 2001-08-30 | 2006-01-31 | International Business Machines Corporation | Host-based systematic attack detection tool |
US7464410B1 (en) * | 2001-08-30 | 2008-12-09 | At&T Corp. | Protection against flooding of a server |
US7213264B2 (en) | 2002-01-31 | 2007-05-01 | Mazu Networks, Inc. | Architecture to thwart denial of service attacks |
US7743415B2 (en) * | 2002-01-31 | 2010-06-22 | Riverbed Technology, Inc. | Denial of service attacks characterization |
US7114182B2 (en) * | 2002-05-31 | 2006-09-26 | Alcatel Canada Inc. | Statistical methods for detecting TCP SYN flood attacks |
US7886365B2 (en) | 2002-06-11 | 2011-02-08 | Panasonic Corporation | Content-log analyzing system and data-communication controlling device |
US8504879B2 (en) * | 2002-11-04 | 2013-08-06 | Riverbed Technology, Inc. | Connection based anomaly detection |
US20050033989A1 (en) * | 2002-11-04 | 2005-02-10 | Poletto Massimiliano Antonio | Detection of scanning attacks |
US8479057B2 (en) * | 2002-11-04 | 2013-07-02 | Riverbed Technology, Inc. | Aggregator for connection based anomaly detection |
US7774839B2 (en) * | 2002-11-04 | 2010-08-10 | Riverbed Technology, Inc. | Feedback mechanism to minimize false assertions of a network intrusion |
US7363656B2 (en) * | 2002-11-04 | 2008-04-22 | Mazu Networks, Inc. | Event detection/anomaly correlation heuristics |
US7827272B2 (en) * | 2002-11-04 | 2010-11-02 | Riverbed Technology, Inc. | Connection table for intrusion detection |
US7716737B2 (en) * | 2002-11-04 | 2010-05-11 | Riverbed Technology, Inc. | Connection based detection of scanning attacks |
US8191136B2 (en) * | 2002-11-04 | 2012-05-29 | Riverbed Technology, Inc. | Connection based denial of service detection |
US7461404B2 (en) * | 2002-11-04 | 2008-12-02 | Mazu Networks, Inc. | Detection of unauthorized access in a network |
US8161145B2 (en) * | 2003-02-27 | 2012-04-17 | International Business Machines Corporation | Method for managing of denial of service attacks using bandwidth allocation technology |
US8024795B2 (en) | 2003-05-09 | 2011-09-20 | Q1 Labs, Inc. | Network intelligence system |
US9106479B1 (en) | 2003-07-10 | 2015-08-11 | F5 Networks, Inc. | System and method for managing network communications |
US7929534B2 (en) * | 2004-06-28 | 2011-04-19 | Riverbed Technology, Inc. | Flow logging for connection-based anomaly detection |
US20060059558A1 (en) * | 2004-09-15 | 2006-03-16 | John Selep | Proactive containment of network security attacks |
US7760653B2 (en) * | 2004-10-26 | 2010-07-20 | Riverbed Technology, Inc. | Stackable aggregation for connection based anomaly detection |
US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
JP4512196B2 (ja) * | 2005-10-20 | 2010-07-28 | アラクサラネットワークス株式会社 | 異常トラヒックの検出方法およびパケット中継装置 |
DE102005050584B4 (de) * | 2005-10-21 | 2009-04-30 | Lucas Will | Verfahren zum Ermitteln eines unerwünschten Zugriffs auf ein Datenpaket |
US8266696B2 (en) * | 2005-11-14 | 2012-09-11 | Cisco Technology, Inc. | Techniques for network protection based on subscriber-aware application proxies |
US9083712B2 (en) * | 2007-04-04 | 2015-07-14 | Sri International | Method and apparatus for generating highly predictive blacklists |
US8341739B2 (en) * | 2007-05-24 | 2012-12-25 | Foundry Networks, Llc | Managing network security |
KR100977365B1 (ko) * | 2007-12-20 | 2010-08-20 | 삼성에스디에스 주식회사 | 바이러스 및 네트워크 공격에 대한 자기 방어 기능을 갖는모바일 디바이스 및 이를 이용한 자기 방어 방법 |
US20110072515A1 (en) * | 2009-09-22 | 2011-03-24 | Electronics And Telecommunications Research Institute | Method and apparatus for collaboratively protecting against distributed denial of service attack |
US8966622B2 (en) * | 2010-12-29 | 2015-02-24 | Amazon Technologies, Inc. | Techniques for protecting against denial of service attacks near the source |
JP5845964B2 (ja) * | 2012-02-22 | 2016-01-20 | 富士ゼロックス株式会社 | 通信装置及びプログラム |
US8938804B2 (en) * | 2012-07-12 | 2015-01-20 | Telcordia Technologies, Inc. | System and method for creating BGP route-based network traffic profiles to detect spoofed traffic |
EP2871795A1 (en) * | 2013-11-06 | 2015-05-13 | MyOmega System Technologies GmbH | Method and controller for controlling at least one load |
US9774611B1 (en) * | 2014-03-11 | 2017-09-26 | Amazon Technologies, Inc. | Dynamically deploying a network traffic filter |
US9923767B2 (en) | 2014-04-15 | 2018-03-20 | Splunk Inc. | Dynamic configuration of remote capture agents for network data capture |
US11281643B2 (en) | 2014-04-15 | 2022-03-22 | Splunk Inc. | Generating event streams including aggregated values from monitored network data |
US10462004B2 (en) | 2014-04-15 | 2019-10-29 | Splunk Inc. | Visualizations of statistics associated with captured network data |
US10523521B2 (en) | 2014-04-15 | 2019-12-31 | Splunk Inc. | Managing ephemeral event streams generated from captured network data |
US10700950B2 (en) | 2014-04-15 | 2020-06-30 | Splunk Inc. | Adjusting network data storage based on event stream statistics |
US10127273B2 (en) | 2014-04-15 | 2018-11-13 | Splunk Inc. | Distributed processing of network data using remote capture agents |
US9838512B2 (en) | 2014-10-30 | 2017-12-05 | Splunk Inc. | Protocol-based capture of network data using remote capture agents |
US11086897B2 (en) | 2014-04-15 | 2021-08-10 | Splunk Inc. | Linking event streams across applications of a data intake and query system |
US10366101B2 (en) | 2014-04-15 | 2019-07-30 | Splunk Inc. | Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams |
US9762443B2 (en) | 2014-04-15 | 2017-09-12 | Splunk Inc. | Transformation of network data at remote capture agents |
US10693742B2 (en) | 2014-04-15 | 2020-06-23 | Splunk Inc. | Inline visualizations of metrics related to captured network data |
US10360196B2 (en) | 2014-04-15 | 2019-07-23 | Splunk Inc. | Grouping and managing event streams generated from captured network data |
US9596253B2 (en) | 2014-10-30 | 2017-03-14 | Splunk Inc. | Capture triggers for capturing network data |
US10334085B2 (en) | 2015-01-29 | 2019-06-25 | Splunk Inc. | Facilitating custom content extraction from network packets |
US10193855B2 (en) * | 2017-05-30 | 2019-01-29 | Paypal, Inc. | Determining source address information for network packets |
US10601849B2 (en) * | 2017-08-24 | 2020-03-24 | Level 3 Communications, Llc | Low-complexity detection of potential network anomalies using intermediate-stage processing |
US10735459B2 (en) * | 2017-11-02 | 2020-08-04 | International Business Machines Corporation | Service overload attack protection based on selective packet transmission |
CN115242438B (zh) * | 2022-06-15 | 2023-09-01 | 国家计算机网络与信息安全管理中心 | 基于异质信息网络的潜在受害群体定位方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5787253A (en) * | 1996-05-28 | 1998-07-28 | The Ag Group | Apparatus and method of analyzing internet activity |
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US6128298A (en) * | 1996-04-24 | 2000-10-03 | Nortel Networks Corporation | Internet protocol filter |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5623601A (en) * | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
US6012152A (en) * | 1996-11-27 | 2000-01-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Software fault management system |
US6272537B1 (en) * | 1997-11-17 | 2001-08-07 | Fujitsu Limited | Method for building element manager for a computer network element using a visual element manager builder process |
US6253321B1 (en) * | 1998-06-19 | 2001-06-26 | Ssh Communications Security Ltd. | Method and arrangement for implementing IPSEC policy management using filter code |
US6856676B1 (en) * | 1998-10-15 | 2005-02-15 | Alcatel | System and method of controlling and managing voice and data services in a telecommunications network |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6678250B1 (en) * | 1999-02-19 | 2004-01-13 | 3Com Corporation | Method and system for monitoring and management of the performance of real-time networks |
US6735702B1 (en) * | 1999-08-31 | 2004-05-11 | Intel Corporation | Method and system for diagnosing network intrusion |
US6990591B1 (en) * | 1999-11-18 | 2006-01-24 | Secureworks, Inc. | Method and system for remotely configuring and monitoring a communication device |
US6606744B1 (en) * | 1999-11-22 | 2003-08-12 | Accenture, Llp | Providing collaborative installation management in a network-based supply chain environment |
US6880086B2 (en) * | 2000-05-20 | 2005-04-12 | Ciena Corporation | Signatures for facilitating hot upgrades of modular software components |
US6947445B1 (en) * | 2000-06-09 | 2005-09-20 | Hughes Electronics Corporation | Available bandwidth control mechanism |
US7120931B1 (en) * | 2000-08-31 | 2006-10-10 | Cisco Technology, Inc. | System and method for generating filters based on analyzed flow data |
US7178166B1 (en) * | 2000-09-19 | 2007-02-13 | Internet Security Systems, Inc. | Vulnerability assessment and authentication of a computer by a local scanner |
US7046680B1 (en) * | 2000-11-28 | 2006-05-16 | Mci, Inc. | Network access system including a programmable access device having distributed service control |
-
2001
- 2001-08-16 US US09/931,344 patent/US7836498B2/en active Active
- 2001-09-04 AU AU2001290612A patent/AU2001290612A1/en not_active Abandoned
- 2001-09-04 WO PCT/US2001/027413 patent/WO2002021771A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6128298A (en) * | 1996-04-24 | 2000-10-03 | Nortel Networks Corporation | Internet protocol filter |
US5787253A (en) * | 1996-05-28 | 1998-07-28 | The Ag Group | Apparatus and method of analyzing internet activity |
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006103337A1 (fr) * | 2005-03-31 | 2006-10-05 | France Telecom | Procede de controle d’une table de flots adaptative et de detection d’une attaque par inondation d’un reseau de transmission de donnees par paquets a large bande et equipement d’analyse correspondant |
US8914878B2 (en) | 2009-04-29 | 2014-12-16 | Juniper Networks, Inc. | Detecting malicious network software agents |
US9344445B2 (en) | 2009-04-29 | 2016-05-17 | Juniper Networks, Inc. | Detecting malicious network software agents |
EP2293513A1 (en) * | 2009-09-03 | 2011-03-09 | Juniper Networks, Inc. | Protecting Against Distributed Network Flood Attacks |
US8789173B2 (en) | 2009-09-03 | 2014-07-22 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
Also Published As
Publication number | Publication date |
---|---|
US7836498B2 (en) | 2010-11-16 |
AU2001290612A1 (en) | 2002-03-22 |
US20020031134A1 (en) | 2002-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2002021771A1 (en) | Device to protect victim sites during denial of service attacks | |
US7043759B2 (en) | Architecture to thwart denial of service attacks | |
WO2002021279A1 (en) | Thwarting source address spoofing-based denial of service attacks | |
US7124440B2 (en) | Monitoring network traffic denial of service attacks | |
WO2002021296A1 (en) | Statistics collection for network traffic | |
US7278159B2 (en) | Coordinated thwarting of denial of service attacks | |
US7398317B2 (en) | Thwarting connection-based denial of service attacks | |
US7743415B2 (en) | Denial of service attacks characterization | |
CN108063765B (zh) | 适于解决网络安全的sdn系统 | |
Schuba et al. | Analysis of a denial of service attack on TCP | |
US7657934B2 (en) | Architecture to thwart denial of service attacks | |
US6973040B1 (en) | Method of maintaining lists of network characteristics | |
US7331060B1 (en) | Dynamic DoS flooding protection | |
US7213264B2 (en) | Architecture to thwart denial of service attacks | |
US8020207B2 (en) | Containment mechanism for potentially contaminated end systems | |
Abdelsayed et al. | An efficient filter for denial-of-service bandwidth attacks | |
Huang et al. | FSDM: Fast recovery saturation attack detection and mitigation framework in SDN | |
Mopari et al. | Detection and defense against DDoS attack with IP spoofing | |
Mohammadi et al. | Practical extensions to countermeasure dos attacks in software defined networking | |
Bellaiche et al. | SYN flooding attack detection based on entropy computing | |
Strother | Denial of service protection the nozzle | |
Bellaïche et al. | SYN flooding attack detection by TCP handshake anomalies | |
Thang et al. | Synflood spoofed source DDoS attack defense based on packet ID anomaly detection with bloom filter | |
Avramopoulos et al. | Counteracting discrimination against network traffic | |
Reichle et al. | Analysis and detection of DDoS attacks in the internet backbone using netflow logs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |