WO2003050644A3 - Protecting against malicious traffic - Google Patents

Protecting against malicious traffic Download PDF

Info

Publication number
WO2003050644A3
WO2003050644A3 PCT/IL2002/000996 IL0200996W WO03050644A3 WO 2003050644 A3 WO2003050644 A3 WO 2003050644A3 IL 0200996 W IL0200996 W IL 0200996W WO 03050644 A3 WO03050644 A3 WO 03050644A3
Authority
WO
WIPO (PCT)
Prior art keywords
protecting against
malicious traffic
against malicious
data packet
determination
Prior art date
Application number
PCT/IL2002/000996
Other languages
French (fr)
Other versions
WO2003050644A2 (en
Inventor
Yehuda Afek
Rafi Zadikario
Dan Touitou
Bar Anat Bremler
Original Assignee
Riverhead Networks Inc
Yehuda Afek
Rafi Zadikario
Dan Touitou
Bar Anat Bremler
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/929,877 external-priority patent/US7707305B2/en
Application filed by Riverhead Networks Inc, Yehuda Afek, Rafi Zadikario, Dan Touitou, Bar Anat Bremler filed Critical Riverhead Networks Inc
Priority to CA2469885A priority Critical patent/CA2469885C/en
Priority to AU2002360197A priority patent/AU2002360197B2/en
Priority to EP02795406.4A priority patent/EP1461704B1/en
Publication of WO2003050644A2 publication Critical patent/WO2003050644A2/en
Publication of WO2003050644A3 publication Critical patent/WO2003050644A3/en
Priority to US10/774,169 priority patent/US8438241B2/en
Priority to US11/045,001 priority patent/US7225270B2/en
Priority to US11/183,091 priority patent/US20060212572A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for screening packet-based communication traffic. At least a first data parcket, sent over a network (40) from a source address to a destination address, is received. A determination is made, by analyzing the first data packet, that the first data packet was generated by a worm. In response to the determination, a second data packet sent over the network from the source address is blocked.
PCT/IL2002/000996 2000-10-17 2002-12-10 Protecting against malicious traffic WO2003050644A2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
CA2469885A CA2469885C (en) 2001-12-10 2002-12-10 Protecting against malicious traffic
AU2002360197A AU2002360197B2 (en) 2001-12-10 2002-12-10 Protecting against malicious traffic
EP02795406.4A EP1461704B1 (en) 2001-12-10 2002-12-10 Protecting against malicious traffic
US10/774,169 US8438241B2 (en) 2001-08-14 2004-02-05 Detecting and protecting against worm traffic on a network
US11/045,001 US7225270B2 (en) 2000-10-17 2005-01-26 Selective diversion and injection of communication traffic
US11/183,091 US20060212572A1 (en) 2000-10-17 2005-07-14 Protecting against malicious traffic

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/929,877 US7707305B2 (en) 2000-10-17 2001-08-14 Methods and apparatus for protecting against overload conditions on nodes of a distributed network
US33990001P 2001-12-10 2001-12-10
US60/339,900 2001-12-10

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/929,877 Continuation-In-Part US7707305B2 (en) 2000-10-17 2001-08-14 Methods and apparatus for protecting against overload conditions on nodes of a distributed network

Related Child Applications (4)

Application Number Title Priority Date Filing Date
US10498463 A-371-Of-International 2002-12-10
US10/774,169 Continuation-In-Part US8438241B2 (en) 2001-08-14 2004-02-05 Detecting and protecting against worm traffic on a network
US82180404A Continuation-In-Part 2000-10-17 2004-04-08
US11/183,091 Continuation US20060212572A1 (en) 2000-10-17 2005-07-14 Protecting against malicious traffic

Publications (2)

Publication Number Publication Date
WO2003050644A2 WO2003050644A2 (en) 2003-06-19
WO2003050644A3 true WO2003050644A3 (en) 2003-11-27

Family

ID=29553090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2002/000996 WO2003050644A2 (en) 2000-10-17 2002-12-10 Protecting against malicious traffic

Country Status (1)

Country Link
WO (1) WO2003050644A2 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8438241B2 (en) 2001-08-14 2013-05-07 Cisco Technology, Inc. Detecting and protecting against worm traffic on a network
EP1595193B1 (en) * 2001-08-14 2012-11-21 Cisco Technology, Inc. Detecting and protecting against worm traffic on a network
CN100414532C (en) * 2003-04-09 2008-08-27 思科技术公司 Selective diversion and injection of communication traffic
EP1629651A1 (en) * 2003-05-30 2006-03-01 International Business Machines Corporation Detecting network attacks
CN101180826B (en) 2004-01-26 2012-09-05 思科技术公司 Upper-level protocol authentication
EP1754348B1 (en) * 2004-05-19 2012-08-01 Computer Associates Think, Inc. Using address ranges to detect malicious activity
US7540025B2 (en) 2004-11-18 2009-05-26 Cisco Technology, Inc. Mitigating network attacks using automatic signature generation
US7607170B2 (en) 2004-12-22 2009-10-20 Radware Ltd. Stateful attack protection
CN101147376A (en) 2005-02-04 2008-03-19 诺基亚公司 Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth
FI20050561A0 (en) * 2005-05-26 2005-05-26 Nokia Corp Processing of packet data in a communication system
US20070077931A1 (en) * 2005-10-03 2007-04-05 Glinka Michael F Method and apparatus for wireless network protection against malicious transmissions
US20070258437A1 (en) * 2006-05-05 2007-11-08 Broadcom Corporation, A California Corporation Switching network employing server quarantine functionality
US8156557B2 (en) 2007-01-04 2012-04-10 Cisco Technology, Inc. Protection against reflection distributed denial of service attacks
US20160080413A1 (en) 2014-09-12 2016-03-17 Level 3 Communications, Llc Blocking forgiveness for ddos
CA2966605A1 (en) 2014-11-03 2016-05-12 Level 3 Communications, Llc Identifying a potential ddos attack using statistical analysis

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6397335B1 (en) * 1998-02-12 2002-05-28 Ameritech Corporation Computer virus screening methods and systems
US6513122B1 (en) * 2001-06-29 2003-01-28 Networks Associates Technology, Inc. Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6397335B1 (en) * 1998-02-12 2002-05-28 Ameritech Corporation Computer virus screening methods and systems
US6513122B1 (en) * 2001-06-29 2003-01-28 Networks Associates Technology, Inc. Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1461704A4 *

Also Published As

Publication number Publication date
WO2003050644A2 (en) 2003-06-19

Similar Documents

Publication Publication Date Title
WO2003050644A3 (en) Protecting against malicious traffic
EP1335559A3 (en) System and method of providing virus protection at a gateway
WO2002003653A3 (en) Packet data communications
EP1363428A3 (en) In-band flow control methods for communications systems
AU2003276869A1 (en) System for allowing network traffic through firewalls
WO2002079949A3 (en) Internet security system
WO2003067383A3 (en) Services processor having a packet editing unit
WO2005045642A3 (en) Secure, standards-based communications across a wide-area network
WO2000052896A3 (en) Method and apparatus for managing a network flow in a high performance network interface
AU2002252188A1 (en) Method for establishing channel-based internet access network
AU2003222452A1 (en) Mobile node, router, server and method for mobile communications under ip version 6 (ipv6) protocol
WO2004045159A3 (en) Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point
AU2002358361A1 (en) Method, apparatus and software for network traffic management
EP2328091A3 (en) Network media playout
GB2405773B (en) A method of controlling provision of audio communication on a network
AU1098101A (en) Method for establishing an mpls data network protection pathway
AU2002342524A1 (en) Method for sending postal packets
WO2000056013A3 (en) Method for avoiding out-of-ordering of frames in a network switch
EP1206079A3 (en) End-to-end prioritized data delivery on networks using ip over frame relay
TW200726145A (en) Terminal and related method for detecting malicious data for computer network
WO2002079927A3 (en) Simulating data flow through a network
WO2002100038A3 (en) Security in area networks
AU2000279463A1 (en) Method and device for routing or compressing packets destination address containing classless address
EP1283630A3 (en) Network routing using an untrusted router
AU2002252450A1 (en) Method, system and program for enabling communication between network elements using different address formats

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2469885

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 20028247000

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2002360197

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2002795406

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002795406

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP