WO2002021771A1 - Device to protect victim sites during denial of service attacks - Google Patents

Device to protect victim sites during denial of service attacks Download PDF

Info

Publication number
WO2002021771A1
WO2002021771A1 PCT/US2001/027413 US0127413W WO0221771A1 WO 2002021771 A1 WO2002021771 A1 WO 2002021771A1 US 0127413 W US0127413 W US 0127413W WO 0221771 A1 WO0221771 A1 WO 0221771A1
Authority
WO
WIPO (PCT)
Prior art keywords
packets
gateway
traffic
network
tcp
Prior art date
Application number
PCT/US2001/027413
Other languages
English (en)
French (fr)
Inventor
Massimiliano Antonio Poletto
Edward W. Kohler, Jr.
Original Assignee
Mazu Networks, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mazu Networks, Inc. filed Critical Mazu Networks, Inc.
Priority to AU2001290612A priority Critical patent/AU2001290612A1/en
Publication of WO2002021771A1 publication Critical patent/WO2002021771A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PCT/US2001/027413 2000-09-07 2001-09-04 Device to protect victim sites during denial of service attacks WO2002021771A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001290612A AU2001290612A1 (en) 2000-09-07 2001-09-04 Device to protect victim sites during denial of service attacks

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US23075900P 2000-09-07 2000-09-07
US60/230,759 2000-09-07
US09/931,344 US7836498B2 (en) 2000-09-07 2001-08-16 Device to protect victim sites during denial of service attacks
US09/931,344 2001-08-16

Publications (1)

Publication Number Publication Date
WO2002021771A1 true WO2002021771A1 (en) 2002-03-14

Family

ID=26924532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/027413 WO2002021771A1 (en) 2000-09-07 2001-09-04 Device to protect victim sites during denial of service attacks

Country Status (3)

Country Link
US (1) US7836498B2 (US20020031134A1-20020314-P00041.png)
AU (1) AU2001290612A1 (US20020031134A1-20020314-P00041.png)
WO (1) WO2002021771A1 (US20020031134A1-20020314-P00041.png)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006103337A1 (fr) * 2005-03-31 2006-10-05 France Telecom Procede de controle d’une table de flots adaptative et de detection d’une attaque par inondation d’un reseau de transmission de donnees par paquets a large bande et equipement d’analyse correspondant
EP2293513A1 (en) * 2009-09-03 2011-03-09 Juniper Networks, Inc. Protecting Against Distributed Network Flood Attacks
US8914878B2 (en) 2009-04-29 2014-12-16 Juniper Networks, Inc. Detecting malicious network software agents

Families Citing this family (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7702806B2 (en) * 2000-09-07 2010-04-20 Riverbed Technology, Inc. Statistics collection for network traffic
US7278159B2 (en) * 2000-09-07 2007-10-02 Mazu Networks, Inc. Coordinated thwarting of denial of service attacks
US7124440B2 (en) * 2000-09-07 2006-10-17 Mazu Networks, Inc. Monitoring network traffic denial of service attacks
US7743134B2 (en) * 2000-09-07 2010-06-22 Riverbed Technology, Inc. Thwarting source address spoofing-based denial of service attacks
US7043759B2 (en) * 2000-09-07 2006-05-09 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7398317B2 (en) * 2000-09-07 2008-07-08 Mazu Networks, Inc. Thwarting connection-based denial of service attacks
US7251692B1 (en) * 2000-09-28 2007-07-31 Lucent Technologies Inc. Process to thwart denial of service attacks on the internet
EP1401160A4 (en) * 2001-04-27 2008-07-30 Ntt Data Corp PACKAGE TRACKING SYSTEM
US6993790B2 (en) * 2001-08-30 2006-01-31 International Business Machines Corporation Host-based systematic attack detection tool
US7464410B1 (en) * 2001-08-30 2008-12-09 At&T Corp. Protection against flooding of a server
US7213264B2 (en) 2002-01-31 2007-05-01 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7743415B2 (en) * 2002-01-31 2010-06-22 Riverbed Technology, Inc. Denial of service attacks characterization
US7114182B2 (en) * 2002-05-31 2006-09-26 Alcatel Canada Inc. Statistical methods for detecting TCP SYN flood attacks
US7886365B2 (en) 2002-06-11 2011-02-08 Panasonic Corporation Content-log analyzing system and data-communication controlling device
US8504879B2 (en) * 2002-11-04 2013-08-06 Riverbed Technology, Inc. Connection based anomaly detection
US20050033989A1 (en) * 2002-11-04 2005-02-10 Poletto Massimiliano Antonio Detection of scanning attacks
US8479057B2 (en) * 2002-11-04 2013-07-02 Riverbed Technology, Inc. Aggregator for connection based anomaly detection
US7774839B2 (en) * 2002-11-04 2010-08-10 Riverbed Technology, Inc. Feedback mechanism to minimize false assertions of a network intrusion
US7363656B2 (en) * 2002-11-04 2008-04-22 Mazu Networks, Inc. Event detection/anomaly correlation heuristics
US7827272B2 (en) * 2002-11-04 2010-11-02 Riverbed Technology, Inc. Connection table for intrusion detection
US7716737B2 (en) * 2002-11-04 2010-05-11 Riverbed Technology, Inc. Connection based detection of scanning attacks
US8191136B2 (en) * 2002-11-04 2012-05-29 Riverbed Technology, Inc. Connection based denial of service detection
US7461404B2 (en) * 2002-11-04 2008-12-02 Mazu Networks, Inc. Detection of unauthorized access in a network
US8161145B2 (en) * 2003-02-27 2012-04-17 International Business Machines Corporation Method for managing of denial of service attacks using bandwidth allocation technology
US8024795B2 (en) 2003-05-09 2011-09-20 Q1 Labs, Inc. Network intelligence system
US9106479B1 (en) 2003-07-10 2015-08-11 F5 Networks, Inc. System and method for managing network communications
US7929534B2 (en) * 2004-06-28 2011-04-19 Riverbed Technology, Inc. Flow logging for connection-based anomaly detection
US20060059558A1 (en) * 2004-09-15 2006-03-16 John Selep Proactive containment of network security attacks
US7760653B2 (en) * 2004-10-26 2010-07-20 Riverbed Technology, Inc. Stackable aggregation for connection based anomaly detection
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
JP4512196B2 (ja) * 2005-10-20 2010-07-28 アラクサラネットワークス株式会社 異常トラヒックの検出方法およびパケット中継装置
DE102005050584B4 (de) * 2005-10-21 2009-04-30 Lucas Will Verfahren zum Ermitteln eines unerwünschten Zugriffs auf ein Datenpaket
US8266696B2 (en) * 2005-11-14 2012-09-11 Cisco Technology, Inc. Techniques for network protection based on subscriber-aware application proxies
US9083712B2 (en) * 2007-04-04 2015-07-14 Sri International Method and apparatus for generating highly predictive blacklists
US8341739B2 (en) * 2007-05-24 2012-12-25 Foundry Networks, Llc Managing network security
KR100977365B1 (ko) * 2007-12-20 2010-08-20 삼성에스디에스 주식회사 바이러스 및 네트워크 공격에 대한 자기 방어 기능을 갖는모바일 디바이스 및 이를 이용한 자기 방어 방법
US20110072515A1 (en) * 2009-09-22 2011-03-24 Electronics And Telecommunications Research Institute Method and apparatus for collaboratively protecting against distributed denial of service attack
US8966622B2 (en) * 2010-12-29 2015-02-24 Amazon Technologies, Inc. Techniques for protecting against denial of service attacks near the source
JP5845964B2 (ja) * 2012-02-22 2016-01-20 富士ゼロックス株式会社 通信装置及びプログラム
US8938804B2 (en) * 2012-07-12 2015-01-20 Telcordia Technologies, Inc. System and method for creating BGP route-based network traffic profiles to detect spoofed traffic
EP2871795A1 (en) * 2013-11-06 2015-05-13 MyOmega System Technologies GmbH Method and controller for controlling at least one load
US9774611B1 (en) * 2014-03-11 2017-09-26 Amazon Technologies, Inc. Dynamically deploying a network traffic filter
US9923767B2 (en) 2014-04-15 2018-03-20 Splunk Inc. Dynamic configuration of remote capture agents for network data capture
US11281643B2 (en) 2014-04-15 2022-03-22 Splunk Inc. Generating event streams including aggregated values from monitored network data
US10462004B2 (en) 2014-04-15 2019-10-29 Splunk Inc. Visualizations of statistics associated with captured network data
US10523521B2 (en) 2014-04-15 2019-12-31 Splunk Inc. Managing ephemeral event streams generated from captured network data
US10700950B2 (en) 2014-04-15 2020-06-30 Splunk Inc. Adjusting network data storage based on event stream statistics
US10127273B2 (en) 2014-04-15 2018-11-13 Splunk Inc. Distributed processing of network data using remote capture agents
US9838512B2 (en) 2014-10-30 2017-12-05 Splunk Inc. Protocol-based capture of network data using remote capture agents
US11086897B2 (en) 2014-04-15 2021-08-10 Splunk Inc. Linking event streams across applications of a data intake and query system
US10366101B2 (en) 2014-04-15 2019-07-30 Splunk Inc. Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams
US9762443B2 (en) 2014-04-15 2017-09-12 Splunk Inc. Transformation of network data at remote capture agents
US10693742B2 (en) 2014-04-15 2020-06-23 Splunk Inc. Inline visualizations of metrics related to captured network data
US10360196B2 (en) 2014-04-15 2019-07-23 Splunk Inc. Grouping and managing event streams generated from captured network data
US9596253B2 (en) 2014-10-30 2017-03-14 Splunk Inc. Capture triggers for capturing network data
US10334085B2 (en) 2015-01-29 2019-06-25 Splunk Inc. Facilitating custom content extraction from network packets
US10193855B2 (en) * 2017-05-30 2019-01-29 Paypal, Inc. Determining source address information for network packets
US10601849B2 (en) * 2017-08-24 2020-03-24 Level 3 Communications, Llc Low-complexity detection of potential network anomalies using intermediate-stage processing
US10735459B2 (en) * 2017-11-02 2020-08-04 International Business Machines Corporation Service overload attack protection based on selective packet transmission
CN115242438B (zh) * 2022-06-15 2023-09-01 国家计算机网络与信息安全管理中心 基于异质信息网络的潜在受害群体定位方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5787253A (en) * 1996-05-28 1998-07-28 The Ag Group Apparatus and method of analyzing internet activity
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US6128298A (en) * 1996-04-24 2000-10-03 Nortel Networks Corporation Internet protocol filter

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623601A (en) * 1994-11-18 1997-04-22 Milkway Networks Corporation Apparatus and method for providing a secure gateway for communication and data exchanges between networks
US6012152A (en) * 1996-11-27 2000-01-04 Telefonaktiebolaget Lm Ericsson (Publ) Software fault management system
US6272537B1 (en) * 1997-11-17 2001-08-07 Fujitsu Limited Method for building element manager for a computer network element using a visual element manager builder process
US6253321B1 (en) * 1998-06-19 2001-06-26 Ssh Communications Security Ltd. Method and arrangement for implementing IPSEC policy management using filter code
US6856676B1 (en) * 1998-10-15 2005-02-15 Alcatel System and method of controlling and managing voice and data services in a telecommunications network
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6678250B1 (en) * 1999-02-19 2004-01-13 3Com Corporation Method and system for monitoring and management of the performance of real-time networks
US6735702B1 (en) * 1999-08-31 2004-05-11 Intel Corporation Method and system for diagnosing network intrusion
US6990591B1 (en) * 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US6606744B1 (en) * 1999-11-22 2003-08-12 Accenture, Llp Providing collaborative installation management in a network-based supply chain environment
US6880086B2 (en) * 2000-05-20 2005-04-12 Ciena Corporation Signatures for facilitating hot upgrades of modular software components
US6947445B1 (en) * 2000-06-09 2005-09-20 Hughes Electronics Corporation Available bandwidth control mechanism
US7120931B1 (en) * 2000-08-31 2006-10-10 Cisco Technology, Inc. System and method for generating filters based on analyzed flow data
US7178166B1 (en) * 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US7046680B1 (en) * 2000-11-28 2006-05-16 Mci, Inc. Network access system including a programmable access device having distributed service control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6128298A (en) * 1996-04-24 2000-10-03 Nortel Networks Corporation Internet protocol filter
US5787253A (en) * 1996-05-28 1998-07-28 The Ag Group Apparatus and method of analyzing internet activity
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006103337A1 (fr) * 2005-03-31 2006-10-05 France Telecom Procede de controle d’une table de flots adaptative et de detection d’une attaque par inondation d’un reseau de transmission de donnees par paquets a large bande et equipement d’analyse correspondant
US8914878B2 (en) 2009-04-29 2014-12-16 Juniper Networks, Inc. Detecting malicious network software agents
US9344445B2 (en) 2009-04-29 2016-05-17 Juniper Networks, Inc. Detecting malicious network software agents
EP2293513A1 (en) * 2009-09-03 2011-03-09 Juniper Networks, Inc. Protecting Against Distributed Network Flood Attacks
US8789173B2 (en) 2009-09-03 2014-07-22 Juniper Networks, Inc. Protecting against distributed network flood attacks

Also Published As

Publication number Publication date
US7836498B2 (en) 2010-11-16
AU2001290612A1 (en) 2002-03-22
US20020031134A1 (en) 2002-03-14

Similar Documents

Publication Publication Date Title
WO2002021771A1 (en) Device to protect victim sites during denial of service attacks
US7043759B2 (en) Architecture to thwart denial of service attacks
WO2002021279A1 (en) Thwarting source address spoofing-based denial of service attacks
US7124440B2 (en) Monitoring network traffic denial of service attacks
WO2002021296A1 (en) Statistics collection for network traffic
US7278159B2 (en) Coordinated thwarting of denial of service attacks
US7398317B2 (en) Thwarting connection-based denial of service attacks
US7743415B2 (en) Denial of service attacks characterization
CN108063765B (zh) 适于解决网络安全的sdn系统
Schuba et al. Analysis of a denial of service attack on TCP
US7657934B2 (en) Architecture to thwart denial of service attacks
US6973040B1 (en) Method of maintaining lists of network characteristics
US7331060B1 (en) Dynamic DoS flooding protection
US7213264B2 (en) Architecture to thwart denial of service attacks
US8020207B2 (en) Containment mechanism for potentially contaminated end systems
Abdelsayed et al. An efficient filter for denial-of-service bandwidth attacks
Huang et al. FSDM: Fast recovery saturation attack detection and mitigation framework in SDN
Mopari et al. Detection and defense against DDoS attack with IP spoofing
Mohammadi et al. Practical extensions to countermeasure dos attacks in software defined networking
Bellaiche et al. SYN flooding attack detection based on entropy computing
Strother Denial of service protection the nozzle
Bellaïche et al. SYN flooding attack detection by TCP handshake anomalies
Thang et al. Synflood spoofed source DDoS attack defense based on packet ID anomaly detection with bloom filter
Avramopoulos et al. Counteracting discrimination against network traffic
Reichle et al. Analysis and detection of DDoS attacks in the internet backbone using netflow logs

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP