WO2003069828A3 - System and methods for protecting network sites from denial of service attacks - Google Patents

System and methods for protecting network sites from denial of service attacks Download PDF

Info

Publication number
WO2003069828A3
WO2003069828A3 PCT/US2003/004535 US0304535W WO03069828A3 WO 2003069828 A3 WO2003069828 A3 WO 2003069828A3 US 0304535 W US0304535 W US 0304535W WO 03069828 A3 WO03069828 A3 WO 03069828A3
Authority
WO
WIPO (PCT)
Prior art keywords
target
nodes
packet
packets
denial
Prior art date
Application number
PCT/US2003/004535
Other languages
French (fr)
Other versions
WO2003069828A2 (en
Inventor
Angelos D Keromytis
Vishal Misra
Daniel Rubenstein
Original Assignee
Univ Columbia
Angelos D Keromytis
Vishal Misra
Daniel Rubenstein
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Columbia, Angelos D Keromytis, Vishal Misra, Daniel Rubenstein filed Critical Univ Columbia
Priority to AU2003216285A priority Critical patent/AU2003216285A1/en
Publication of WO2003069828A2 publication Critical patent/WO2003069828A2/en
Publication of WO2003069828A3 publication Critical patent/WO2003069828A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Abstract

A system and method for routing a packet within a computer network between a source and target for a source having a permission to transmit packets to the target, which includes a plurality of first nodes associated with the target. A plurality of routers are provided which are configured to route packets to the target only from one of the plurality of first nodes. A plurality of second nodes are configured to store routing information for routing packets from the respective second node to the one of the first nodes for those packets having a representation of the target's network address. A plurality of third nodes are configured to accept a packet, to determine whether the source has permission to transmit the packet to the target, and if such permission is determined to exist, to route the packet to one of the plurality of second nodes by applying a hash function to the target's network address associated with the packet. The system prevents Denial of Service attacks by routing via consistent hashing and filtering.
PCT/US2003/004535 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks WO2003069828A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003216285A AU2003216285A1 (en) 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US35697602P 2002-02-14 2002-02-14
US60/356,976 2002-02-14

Publications (2)

Publication Number Publication Date
WO2003069828A2 WO2003069828A2 (en) 2003-08-21
WO2003069828A3 true WO2003069828A3 (en) 2004-04-22

Family

ID=27734712

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/004535 WO2003069828A2 (en) 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks

Country Status (2)

Country Link
AU (1) AU2003216285A1 (en)
WO (1) WO2003069828A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7809003B2 (en) 2007-02-16 2010-10-05 Nokia Corporation Method for the routing and control of packet data traffic in a communication system
US8307415B2 (en) 2007-05-09 2012-11-06 Microsoft Corporation Safe hashing for network traffic
WO2022266672A1 (en) * 2021-06-17 2022-12-22 Rutgers, The State University Of New Jersey Discriminating defense against ddos attacks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842040A (en) * 1996-06-18 1998-11-24 Storage Technology Corporation Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units
US6330610B1 (en) * 1997-12-04 2001-12-11 Eric E. Docter Multi-stage data filtering system employing multiple filtering criteria

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842040A (en) * 1996-06-18 1998-11-24 Storage Technology Corporation Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units
US6330610B1 (en) * 1997-12-04 2001-12-11 Eric E. Docter Multi-stage data filtering system employing multiple filtering criteria

Also Published As

Publication number Publication date
AU2003216285A8 (en) 2003-09-04
AU2003216285A1 (en) 2003-09-04
WO2003069828A2 (en) 2003-08-21

Similar Documents

Publication Publication Date Title
EP2345212B1 (en) Method and apparatus for forwarding data packets using aggregating router keys
US7916739B2 (en) Location privacy for internet protocol networks using cryptographically protected prefixes
Lee et al. ICMP traceback with cumulative path, an efficient solution for IP traceback
WO2006029131A3 (en) System and method for routing data between different types of nodes in a wireless network
CN104506511A (en) Moving target defense system and moving target defense method for SDN (self-defending network)
JP2007235341A (en) Apparatus and network system for performing protection against anomalous communication
AU2003229793A1 (en) Candidate access router discovery
WO2003005650A3 (en) Method and system for improving a route along which data is sent using an ip protocol in a data communications network
ATE373361T1 (en) DISTRIBUTED DYNAMIC ROUTING
WO2000002114A3 (en) Firewall apparatus and method of controlling network data packet traffic between internal and external networks
EP1251657A3 (en) Implementing managed networks services for custormers with duplicate IP networks
WO2004059922A3 (en) Routing method and packet communications network
ATE429112T1 (en) METHOD, COMMUNICATION SYSTEMS AND MOBILE ROUTERS FOR ROUTING DATA PACKETS FROM A MOVING NETWORK TO A HOME NETWORK OF THE MOVING NETWORK
RU2005126731A (en) METHOD AND DEVICE FOR SECURE DATA EXCHANGE AND JOINT USE OF RESOURCES BETWEEN ANONYMOUS PARTIES NOT HAVING TRUST RELATIONSHIP, WITHOUT CENTRAL ADMINISTRATION
WO2007035655A3 (en) Using overlay networks to counter denial-of-service attacks
WO2007020548A3 (en) Routing advertisement authentication in fast router discovery
JP2010531106A (en) System and method for multihoming of access networks
WO2001047169A3 (en) A scheme for determining transport level information in the presence of ip security encryption
CN106470158A (en) Message forwarding method and device
CN106254152A (en) A kind of flow control policy treating method and apparatus
WO2002005485A3 (en) Apparatus and method for efficient hashing in networks
WO2003050644A3 (en) Protecting against malicious traffic
WO2003069828A3 (en) System and methods for protecting network sites from denial of service attacks
US8873555B1 (en) Privilege-based access admission table
EP1283630A3 (en) Network routing using an untrusted router

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP