Information security – Access control or authentication – Network
Reexamination Certificate
2008-10-02
2010-12-28
Chai, Longbit (Department: 2431)
Information security
Access control or authentication
Network
C726S011000, C726S012000, C726S013000, C713S151000, C713S152000, C713S153000, C713S154000
Reexamination Certificate
active
07861292
ABSTRACT:
Ingress filtering has been adopted by the IETF as a methodology for preventing denial of service congestive attacks that spoof the source address in packets that are addressed to host server victims. Unless universally adopted by all ISPs on the Internet, however, a packet's source address cannot be totally trusted to be its actual source address. To take advantage of benefits of ingress filtering as it is gradually deployed by ISPs around the Internet, differentiated classes of service are used to transport packets whose source address can be trusted and packets whose source address cannot be trusted. A packet received by an access or edge router at an ISP that supports ingress filtering and has a source address that is properly associated with port on which it is received is forwarded in a privileged class of service and are dropped otherwise. A packet received by access or edge router at an ISP that does not support ingress filtering and whose source address cannot therefore be trusted is transported in an unprivileged class of service. At an intermediate exchange router within an intermediate ISP, where ISPs exchange packets, a packet received from an ISP that doesn't support ingress filtering is forwarded using the unprivileged class of service while a packet received from an ISP that does support ingress filtering is forwarded using the same class of service in which it is already marked.
REFERENCES:
patent: 6073175 (2000-06-01), Tavs et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6393465 (2002-05-01), Leeds
patent: 6775290 (2004-08-01), Merchant et al.
patent: 2003/0115485 (2003-06-01), Milliken
J.C. Brustoloni, “Protecting Electronic commerce from Distributed Denial-of-Service Attacks,” International World Wide Web Conference, Proceedings of the Eleventh International Conference on World Wide Web, Honolulu, Hawaii, USA, (May 7, 2002), pp. 553-561.
Kihong Park, et al., “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” Computer Communications Review, Association for Computing Machinery, New York, US, vol. 31, No. 4 (Oct. 2001), pp. 15-26.
P. Ferguson, et al., “RFC 2827: Network Ingress Filtering” Network Working Group Request for Comments, (May 2000), pp. 1-20.
European Search Report.
A. Odlyzko, “Paris Metro Pricing for the Internet,” Proc. ACM Conference on Electronic Commerce (EC99), ACM, 1999, pp. 140-147.
R. Braden, et al., “Integrated Services in the Internet Architecture: An Overview,” IETF, RFC 1633, Jun. 1994.
S. Blake, et al., “An Architecture for Differentiated Services,” IETF, RFC 2475, Dec. 1998.
P. Ferguson, et al., “Network Ingress Filtering: Defeating Denial of Service Attacks Which EmploylP Source Address Spoofing,” IETF, RFC 2827 (also BCP 0038).
S. Savage, et al., Practical Network Support for IP Traceback, Proc. SIGCOMM'2000, pp. 295-306, ACM, Stockholm, Sweden, Aug. 2000.
J. Bruno, et al., “Retrofitting quality of Service into a Time-Sharing Operating System,” Proc. Annual Tech. Conf., USENIX, Jun. 1999, pp. 15-26.
“Characterizing and Tracing Packet Floods Using Cisco Routers,” Cisco, available at http://www.cisco.com/warp/public/707/22.html.
RFC-2827 (“Network Ingress Filtering,” May 2000).
Alcatel-Lucent USA Inc.
Chai Longbit
Wall & Tong LLP
LandOfFree
Method and apparatus for incrementally deploying ingress... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for incrementally deploying ingress..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for incrementally deploying ingress... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4238380