Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-03-15
2011-03-15
Dinh, Minh (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07908654
ABSTRACT:
The deterministic packet marking (DPM) method is based on marking packets with the partial address information of ingress interface only. The attack victim is able to recover the complete address(es) information after receiving several packets from a particular attacking host or hosts. The full path is not really essential for the traceback since it can be different for different packets for different reasons. In order to deal with fragmentation, it is required that the ID field (as well as some other fields) of all the fragments in a given series is the same. DPM randomly selects the marks from the pool, which is created at startup. The mark completely occupies the ID field in the IP packet header, as well as Reserved Flag. Since every single packet passing through the DPM-enabled interface is marked, the ID field of all the fragments of a series are ensured to be the same. By allowing DPM to suspend randomness in selecting the marks for the fragments of a series, all fragments are ensured to have the same ID. This ID would be different from the one originally set by the origin of the packet, but this would not make a difference for the reassembly process.
REFERENCES:
patent: 5835726 (1998-11-01), Shwed et al.
patent: 6978223 (2005-12-01), Milliken
patent: 6981158 (2005-12-01), Sanchez et al.
patent: 7200105 (2007-04-01), Milliken et al.
patent: 7415018 (2008-08-01), Jones et al.
patent: 7752324 (2010-07-01), Hamadeh et al.
patent: 2004/0093521 (2004-05-01), Hamadeh et al.
patent: 2005/0086520 (2005-04-01), Dharmapurikar et al.
P. Ferguson and D. Senie, Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing, May 2000, RFC 2827.
S. Savage et al., Network support for IP traceback, IEEE/ACM Trans. Networking, Jun. 2001, pp. 226-237, vol. 9, No. 3.
P. Srisuresh and K. Egevang, Traditional IP network address translator, (traditional NAT), Jan. 2001, RFC 3022.
D. Moore et al., Inferring internet denial of service activity, Proc. of 10th USENIX Security Symposium, 2001, pp. 9-22.
R.K.C. Chang, Defending Against flooding-based Distributed Denial-of-service attacks: a tutorial, IEEE Commun. Mag., Oct. 2002, pp. 42-51, vol. 40, No. 10.
A. Belenky and Nirwan Ansari, On IP traceback, IEEE. Commun. Mag., Jul. 2003, pp. 142-153, vol. 41, No. 7.
S.M. Bellovin, ICMP traceback messages, IETF Draft, Mar. 2000.
N. Dean et al., An algebraic approach to IP feedback, ACM Trans. on Information and System Security (TISSEC), May 2002, pp. 1190137, vol. 5, No. 2.
D.X. Song and A. Perrig, Advanced and authenticated marking schemes for IP traceback, Proc. of INFOCOM 2001, Apr. 2001, pp. 878-886, vol. 2.
T.W. Doeppner et al., Using router stamping to identify the source of IP packets, Proc. of 7th ACM Inter. Conf. on Computer Comm. and Networks, Nov. 2000, pp. 184-189, New York, NY, USA: ACM Press.
A.C. Snoeren et al., Single-packet IP traceback, IEEE/ACM Trans. Networking, Dec. 2002, pp. 721-734, vol. 10, No. 6.
T. Baba and S. Matsuda, Tracing network attacks to their sources, IEEE Internet Comput., Mar./Apr. 2002, pp. 721-734, vol. 10, No. 6.
S. Matsuda et al., Design and Implementation of Unauthorized Access Tracing System, Proc. of the 2002 Symposium on Applications and the Internet, 2002, (Saint 2002), Jan./Feb. 2002, pp. 74-81.
R. Stone, Centertrack: An IP Overlay Network for Tracking DoS Floods, Proc. of 9th USENIX Security Symposium, Aug. 2000.
H. Chang et al., DecIdUouS: Decentralized Source Identification for Network-Based Intrusions, Proc. of 6th IFIP/IEEE International Syposium on Integrated Net. Management, May 1999, pp. 701-714.
H. Burch and B. Cheswick, Tracing anonymous Packets to their Approximate Source, Proc. of 2000 USENIX LISA Conference, Dec. 2000, pp. 319-327.
A. Belenky and N. Ansari, IP traceback with deterministic packet marking, IEEE. Commun. Lett., Apr. 2003, pp. 162-164, vol. 7, No. 4.
C. Shannon et al., Beyond folklore: observations on fragmented traffic, IEEE/ACM. Trans. Networking, Dec. 2002, pp. 709-720, vol. 10, No. 6.
S.F. Wu et al., On design and evaluation of ‘intention-driven’ ICMP Traceback, Proc. of 10th Inter. Conf. on Computer Comm. and Networks, Oct. 2001, pp. 159-165.
H. Chang et al., Design and implementation of a real-time decentralized source idetification system for untrusted ip packets, Proc. of the DARPA Information Survivability Conference & Exposition, Jan. 2000, pp. 100-111, vol. 2.
A. Belenky and N. Ansari, Tracing multiple attackers with deterministic packet marking (DPM), Proc. of IEEE PacRim, Aug. 2003, to be published.
S. McCreary and C.K. Claffy, Trends in wide area IP traffic patterns, ITC Specialist Seminar, CAIDA, 2000.
L. Subramanian et al., Characterizing the internet hierarchy from multiple vantage points, Proceeding of INFOCOM 2002 Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, Jun. 2002, pp. 619-627, vol. 2.
S.C. Lee and C. Shields, Technical, Legal and Challenges to automated attack Traceback, IT Professional, May/Jun. 2002, pp. 12-18, vol. 4, No. 3.
D. Wei and N. Ansari, “implementing IP Traceback in the Internet—An ISP Perspective, ”Proc. 3rd Annual IEEE Workshop on Information Assurance, West Point, NY, pp. 326-332, Jun. 17-19, 2002.
Y. Kim, J.-Y. Jo, and F. Merat, “Defeating Distributed Denial-of-Service Attack with Deterministic Bit Marking,” IEEE GLOBECOM, pp. 1363-1367, Dec. 2003.
Andrey Belenky, “IP traceback with Deterministic Packet Marking (DPM), ”Ph.D. dissertation, New Jersey Institute of Technology, Oct. 2003.
Ansari Nirwan
Belenky Andrey
Connolly Bove & Lodge & Hutz LLP
Dinh Minh
New Jersey Institute of Technology
LandOfFree
Accomodating fragmentation with deterministic packet marking does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Accomodating fragmentation with deterministic packet marking, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Accomodating fragmentation with deterministic packet marking will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2771418