WO2003069828A3 - System and methods for protecting network sites from denial of service attacks - Google Patents

System and methods for protecting network sites from denial of service attacks Download PDF

Info

Publication number
WO2003069828A3
WO2003069828A3 PCT/US2003/004535 US0304535W WO03069828A3 WO 2003069828 A3 WO2003069828 A3 WO 2003069828A3 US 0304535 W US0304535 W US 0304535W WO 03069828 A3 WO03069828 A3 WO 03069828A3
Authority
WO
Grant status
Application
Patent type
Prior art keywords
target
nodes
plurality
packet
system
Prior art date
Application number
PCT/US2003/004535
Other languages
French (fr)
Other versions
WO2003069828A2 (en )
Inventor
Angelos D Keromytis
Vishal Misra
Daniel Rubenstein
Original Assignee
Univ Columbia
Angelos D Keromytis
Vishal Misra
Daniel Rubenstein
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup or address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Abstract

A system and method for routing a packet within a computer network between a source and target for a source having a permission to transmit packets to the target, which includes a plurality of first nodes associated with the target. A plurality of routers are provided which are configured to route packets to the target only from one of the plurality of first nodes. A plurality of second nodes are configured to store routing information for routing packets from the respective second node to the one of the first nodes for those packets having a representation of the target's network address. A plurality of third nodes are configured to accept a packet, to determine whether the source has permission to transmit the packet to the target, and if such permission is determined to exist, to route the packet to one of the plurality of second nodes by applying a hash function to the target's network address associated with the packet. The system prevents Denial of Service attacks by routing via consistent hashing and filtering.
PCT/US2003/004535 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks WO2003069828A3 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US35697602 true 2002-02-14 2002-02-14
US60/356,976 2002-02-14

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2003216285A AU2003216285A8 (en) 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks

Publications (2)

Publication Number Publication Date
WO2003069828A2 true WO2003069828A2 (en) 2003-08-21
WO2003069828A3 true true WO2003069828A3 (en) 2004-04-22

Family

ID=27734712

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/004535 WO2003069828A3 (en) 2002-02-14 2003-02-14 System and methods for protecting network sites from denial of service attacks

Country Status (1)

Country Link
WO (1) WO2003069828A3 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7809003B2 (en) 2007-02-16 2010-10-05 Nokia Corporation Method for the routing and control of packet data traffic in a communication system
US8307415B2 (en) 2007-05-09 2012-11-06 Microsoft Corporation Safe hashing for network traffic

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842040A (en) * 1996-06-18 1998-11-24 Storage Technology Corporation Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units
US6330610B1 (en) * 1997-12-04 2001-12-11 Eric E. Docter Multi-stage data filtering system employing multiple filtering criteria

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842040A (en) * 1996-06-18 1998-11-24 Storage Technology Corporation Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units
US6330610B1 (en) * 1997-12-04 2001-12-11 Eric E. Docter Multi-stage data filtering system employing multiple filtering criteria

Also Published As

Publication number Publication date Type
WO2003069828A2 (en) 2003-08-21 application

Similar Documents

Publication Publication Date Title
Li et al. SAVE: Source address validity enforcement protocol
Coltun The OSPF opaque LSA option
Yu et al. Scalable flow-based networking with DIFANE
Andersen et al. Accountable internet protocol (aip)
US20120210416A1 (en) Load balancing in a network with session information
US6968393B1 (en) Method and apparatus for an attribute oriented routing update
US20070113075A1 (en) Secure route optimization for mobile network using multi-key crytographically generated addresses
US20060018317A1 (en) Communication system, router, method of communication, method of routing, and computer program product
US20120110633A1 (en) Apparatus for sharing security information among network domains and method thereof
US7721324B1 (en) Securing management operations in a communication fabric
US20060236394A1 (en) WAN defense mitigation service
US20050135359A1 (en) System and method for IPSEC-compliant network address port translation
US20080307110A1 (en) Conditional BGP advertising for dynamic group VPN (DGVPN) clients
Gupta et al. Authentication/confidentiality for OSPFv3
US20090175194A1 (en) Ip security within multi-topology routing
Bagnulo Hash-based addresses (HBA)
US20060112425A1 (en) Method and system for including security information with a packet
US20110274112A1 (en) Method and Apparatus for Forwarding Data Packets using Aggregating Router Keys
Jhaveri et al. A novel approach for grayhole and blackhole attacks in mobile ad hoc networks
Binkley et al. Authenticated ad hoc routing at the link layer for mobile systems
Lee et al. ICMP traceback with cumulative path, an efficient solution for IP traceback
US20120167160A1 (en) Router policy system
US7394756B1 (en) Secure hidden route in a data network
US6789190B1 (en) Packet flooding defense system
US20110069632A1 (en) Tracking network-data flows

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP