Multiplex communications – Data flow congestion prevention or control
Reexamination Certificate
2008-05-13
2008-05-13
Backer, Firmin (Department: 2616)
Multiplex communications
Data flow congestion prevention or control
C370S389000, C370S401000, C370S392000
Reexamination Certificate
active
10848397
ABSTRACT:
Methods and systems for thwarting denial of service attacks originating in a DOCSIS-compliant cable network (DCN) are described. A DCN comprises one or more sub-networks each comprising an access network, one or more cable modem termination systems (CMTSs) and one or more cable modems (CMs). The DCN also accesses an edge server and a local DNS cache server. The DCN interfaces with the Internet and accesses a remote DNS server according to well-known protocols. The CMTS is adapted to compare the source IP address included in IP packet headers to the IP address of the customer premises equipment (CPE) from which the IP packet originates as assigned by the DNS. Data packets that have spoofed addresses are either deleted or quarantined. Packets reaching the edge server are evaluated by an attack detection system. A packet determined to be part of a denial of service attack is inspected and the source IP address and the destination IP address extracted. A cache controller is instructed to prevent a DNS cache server from responding to a domain name request containing both the extracted source IP address and destination IP address.
REFERENCES:
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2004/0123142 (2004-06-01), Dubal et al.
patent: 2005/0044352 (2005-02-01), Pazi et al.
patent: 2006/0031575 (2006-02-01), Jayawardena et al.
patent: 2006/0156404 (2006-07-01), Day
“Denial of Service Attacks Using Nameservers” CERT Coordination Center. CERT Incident Note (IN-2004-04), Pittsburgh, U.S.A. Apr. 28, 2000; http://www.cert.org/incident—notes/IN-2000-04.html.
“SYN Flooding and IP Spoofing Attacks” CERT Coordination Center. CERT Advisory (CA-1996-21 TCP), Pittsburgh, U.S.A. Sep. 19, 1996; http://www.cert.org/advisories/CA-1996-21.html.
“DNS Security Considerations and the Alternatives to BIND”, by Lim Seng Chor, SANS Institute, vol. 1, Oct. 2, 2001.
“Bound by Tradition: A Sampling of the Security Posture of the Internet's DNS Servers”, by Mike Schiffman, Feb. 2003.
“Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing”, by P. Ferguson and D. Senie, The Internet Society, May 2000; RFC 2827.
“Dynamic Updates in the Domain Name System (DNS Update)”, by P. Vixie, et. al., Apr. 1997; RFC 2136.
“Domain Names—Concepts and Facilities”, by P. Mockapetris, Nov. 1987; RFC 1034.
Chen John Anthony
Gould Kenneth
Backer Firmin
Ngo Nguyen
Roberts Mardula & Wertheim LLC
Time Warner Cable Inc.
LandOfFree
Thwarting denial of service attacks originating in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Thwarting denial of service attacks originating in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Thwarting denial of service attacks originating in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3928916