Multiplex communications – Data flow congestion prevention or control
Reexamination Certificate
2011-01-11
2011-01-11
Moore, Jr., Michael J (Department: 2467)
Multiplex communications
Data flow congestion prevention or control
C370S252000, C726S022000
Reexamination Certificate
active
07869352
ABSTRACT:
A network router includes a set of interface cards to receive packets from a network, and a set of accounting modules to calculate flow statistics for the packets. The router further includes a control unit to adaptively update routing information in response to the calculated flow statistics, and to route the packets in accordance with the routing information. The control unit identifies potentially malicious packet flows for the received packets based on the flow statistics, and applies an intercept filter to intercept the packets of the identified packet flows. The control unit analyzes the intercepted packets in real-time to determine the presence of a network event, and updates the routing information based on the determination, e.g., by terminating routing for packets associated with malicious packet flows. In this manner, the router may adaptively respond to network events, such as network security violations.
REFERENCES:
patent: 3962681 (1976-06-01), Requa et al.
patent: 4032899 (1977-06-01), Jenny et al.
patent: 4600319 (1986-07-01), Everett, Jr.
patent: 5375216 (1994-12-01), Moyer et al.
patent: 5408539 (1995-04-01), Finlay et al.
patent: 5490252 (1996-02-01), Macera et al.
patent: 5509123 (1996-04-01), Dobbins et al.
patent: 5530958 (1996-06-01), Agarwal et al.
patent: 5568471 (1996-10-01), Hershey et al.
patent: 6011795 (2000-01-01), Varghese et al.
patent: 6018765 (2000-01-01), Durana et al.
patent: 6148335 (2000-11-01), Haggard et al.
patent: 6182146 (2001-01-01), Graham-Cumming, Jr.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6392996 (2002-05-01), Hjalmtysson
patent: 6499088 (2002-12-01), Wexler et al.
patent: 6501752 (2002-12-01), Kung et al.
patent: 6563796 (2003-05-01), Saito
patent: 6584548 (2003-06-01), Bourne et al.
patent: 6590898 (2003-07-01), Uzun
patent: 6594268 (2003-07-01), Aukia et al.
patent: 6598034 (2003-07-01), Kloth
patent: 6651098 (2003-11-01), Carroll et al.
patent: 6735201 (2004-05-01), Mahajan et al.
patent: 6751663 (2004-06-01), Farrell et al.
patent: 6826713 (2004-11-01), Beesley et al.
patent: 6870817 (2005-03-01), Dolinar et al.
patent: 6889181 (2005-05-01), Kerr et al.
patent: 6970943 (2005-11-01), Subramanian et al.
patent: 6975628 (2005-12-01), Johnson et al.
patent: 6983294 (2006-01-01), Jones et al.
patent: 6985956 (2006-01-01), Luke et al.
patent: 7031304 (2006-04-01), Arberg et al.
patent: 7055174 (2006-05-01), Cope et al.
patent: 7058974 (2006-06-01), Maher, III et al.
patent: 7114008 (2006-09-01), Jungck et al.
patent: 7120931 (2006-10-01), Cheriton
patent: 7185368 (2007-02-01), Copeland, III
patent: 7203740 (2007-04-01), Putzolu et al.
patent: 7231459 (2007-06-01), Saraph
patent: 7251215 (2007-07-01), Turner et al.
patent: 7292573 (2007-11-01), LaVigne et al.
patent: 7362763 (2008-04-01), Wybenga et al.
patent: 7369557 (2008-05-01), Sinha
patent: 7386108 (2008-06-01), Zave et al.
patent: 7433966 (2008-10-01), Charny et al.
patent: 7492713 (2009-02-01), Turner et al.
patent: 7496955 (2009-02-01), Akuni et al.
patent: 7561569 (2009-07-01), Thiede
patent: 7580356 (2009-08-01), Mishra et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0126621 (2002-09-01), Johnson et al.
patent: 2002/0141343 (2002-10-01), Bays
patent: 2002/0163932 (2002-11-01), Fischer et al.
patent: 2003/0005145 (2003-01-01), Bullard
patent: 2003/0120769 (2003-06-01), McCollom et al.
patent: 2003/0145232 (2003-07-01), Poletto et al.
patent: 2003/0214913 (2003-11-01), Kan et al.
patent: 2007/0016702 (2007-01-01), Pione et al.
patent: 2007/0058558 (2007-03-01), Cheung et al.
patent: 2007/0076658 (2007-04-01), Park et al.
patent: 2007/0121812 (2007-05-01), Strange et al.
patent: WO 98/36532 (1998-08-01), None
patent: WO 02/84920 (2002-10-01), None
PCI Technology Overview, Feb. 2003, www.cs.unc.edu/Research/stc/FAQs/pci-overview.pdf, 22 pgs.
Juniper Networks, Inc., “Combating Bots and Mitigating DDoS Attacks”, Juniper Networks, Inc., 2008, entire document, http://www.juniper.net/solutions/literature/solutionbriefs/351198.pdf.
“The CAIDA Web Site,” www.caida.org, Copyright 2002.
“About Endace,” www.endace.com, Copyright 2002.
“Cisco IOS NetFlow,” www.cisco.com/warp/public/732/Tech
mp
etflow/index.shtml, Copyright 2002.
U.S. Appl. No. 10/188,567, entitled “Adaptive Network Flow Analysis”, filed Jul. 2, 2002, Scott Mackie.
U.S. Appl. No. 10/916,021, entitled “Stateful Firewall Protection for Control Plane Traffic Within a Network Device”, filed Aug. 11, 2004. Krohn et al.
U.S. Appl. No. 10/228,114, entitled “Network Router Having Integrated Flow Accounting and Packet Interception”, filed Aug. 26, 2002, Woo et al.
U.S. Appl. No. 10/241,785, entitled “Rate-Controlled Transmission of Traffic Flow Information”, filed Sep. 10, 2002, Sandeep Jain.
U.S. Appl. No. 10/228,150, entitled “Network Device Having Accounting Service Card,” filed Aug. 22, 2002, Woo, Hsien-Chung.
“Well-Known TCP Port Number,” www.webopedia.com, 2004, 3 pages.
“TCP Packet Field Descriptions,” www.ipanalyser.co.uk, Analyser Sales Ltd., Copyright 2003, 2 pages.
Michael Egan, “Decomposition of a TCP Packet,” www.passwall.com, 3 pages, Aug. 7, 2000.
Mark Gibbs, “A Guide to Original SYN,” www.nwfusion.com, Network World, Nov. 2000, 4 pages.
“Sample TCP/IP Packet,” www.passwall.com, Version 0.0.0 @ 03:55/08.07.2000, Copyright 2002, 6 pages.
D.J. Bernstein, “SYN Cookies,” http://cr.yp.to/syncookies.html, Oct. 2003, 3 pages.
Jonathan Lemon, “Resisting SYN Flood DoS Attacks with a SYN Cache,” http://people.freebsd.org/˜jlemon/papers/syncache.pdf, 9 pages, Nov. 14, 2001.
Stuart Staniford, et al., “Practical Automated Detection of Stealthy Portscans,” http://downloads.securityfocus.com/library/spice-ccs2000.pdf, 16 pages, Copyright 2002.
Weaver, A.C. et al., “A Real-Time Monitor for Token Ring Networks,” Military Communications Conference, 1989. MILCOM '89, Oct. 1989, vol. 3, pp. 794-798.
Dini, P. et al., “Performance Evaluation for Distributed System Components,” Proceedings of IEEE Second International Workshop on Systems Management, Jun. 1996, pp. 20-29.
Integrated Services Adapter, 2000, Cisco Systems, Data Sheet, pp. 1-6, http://www.cisco.com/warp/public/cc/pd/ifaa/svaa/iasvaa/prodlit/ism2—ds.pdf.
Office Action from U.S. Appl. No. 11/516,878, dated Apr. 16, 2010, 39 pp.
Response to Office Action dated Apr. 20, 2010, from U.S. Appl. No. 11/516,878, filed May 24, 2010, 13 pp.
Notice of Allowance from U.S. Appl. No. 11/516,878, mailed Jun. 14, 2010, 8 pp.
Cartee Wendy R.
Joe Truman
Kalra Sanjay
Turner Stephen W.
Woo Hsien-Chung
Juniper Networks, Inc.
Moore, Jr. Michael J
Shumaker & Sieffert P.A.
Smith Marcus R
LandOfFree
Adaptive network router does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Adaptive network router, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Adaptive network router will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2725416