Multiplex communications – Data flow congestion prevention or control – Control of data admission to the network
Reexamination Certificate
2006-08-15
2006-08-15
Nguyen, Chau (Department: 2616)
Multiplex communications
Data flow congestion prevention or control
Control of data admission to the network
C370S236000
Reexamination Certificate
active
07092357
ABSTRACT:
Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets.
REFERENCES:
patent: 6724721 (2004-04-01), Cheriton
patent: 6829217 (2004-12-01), Bechtolsheim et al.
patent: 2002/0105908 (2002-08-01), Blumer et al.
patent: 2002/0141341 (2002-10-01), Haggar et al.
patent: 2003/0035370 (2003-02-01), Brustoloni
patent: 2005/0226149 (2005-10-01), Jacobson et al.
H-Y Chang S. F. Wu, C. Sargor, and X. Wu, “Towards Tracing Hidden Attackers on Untrusted IP Networks”, pp. 1-19.
S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Practical Network Support for IP Traceback”, Technical Report UW-CSE-00-02-01, University of Washington, 6 pgs.
“Characterizing and Tracing Packet Floods Using Cisco Routers”, downloaded from: wysiwyg://23/http://www.cisco.com/warp/public/707/22.html, 5 pgs.
“Cert® Advisory CA-1996-26 Denial-of-Service Attack via ping”, downloaded from: http://www.cert.org/advisories/CA-1996-26.html, 4 pgs., last revised Dec. 5, 1997.
“Cert® Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks”, downloaded from: http://www.cert.org/advisories/CA-1996-21.html on Mar. 14, 2002, pp. 1-8, last revised Nov. 29, 2000.
S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss, “An Architecture for Differentiated Services”, Network Working Group Request For Comments: 2475, downloaded from: ftp://ftp.isi.edu/in-notes/rfc2475.txt on Mar. 14, 2002, Dec. 1998, pp. 1-32.
L. Houvinen and J. Hursti, “Denial of Service Attacks: Teardrop and Land”, Department of Computer Science Helsinki University of Technology, downloaded from: http://www.hut.fi/˜ilhuovine/hacker/dos.html on Mar. 14, 2002, pp. 1-12.
SecurityFocus home mailing list: BugTraq “The “mstream” distributed denial of service attack tool”, downloaded from: http://online.securityfocus.com/archive/1/57854 on Mar. 14, 2002, May 1, 2000, pp. 1-22.
Bellovin and Leech AT&T Labs Research, “ICMP Traceback Messages”, Network Working Group Internet Draft, downloaded from: http://www.ietf.org/internet-drafts/draft-ietf-itrace-00.txt on Jul. 9, 2001, Mar. 2001, pp. 1-9.
S. Floyd and V. Paxson, “Why We Don't Know How To Simulate The Internet”, AT&T Center for Internet Research, Oct. 11, 1999, pp. 1-13.
S. Floyd and K. Fall, “Promoting the Use of End-to-End Congestion Control in the Internet”, May 3, 1999, pp. 1-16.
K. Thompson, G. J. Miller, and R. Wilder, “Wide-Area Internet Traffic Patterns and Characteristics”, IEEE Network, Nov./Dec. 1997, pp. 10-23.
S. Floyd and V. Jacobson, “Link-sharing and Resource Management Models for Packet Networks”, IEEE/ACM Transactions on Networking, vol. 3, No. 4, Aug. 1995, 22 pgs.
S. Floyd and V. Jacobson, “Random Early Detection Gateways for Congestion Avoidance”, Lawrence Berkeley Laboratory University of California, 1993, pp. 1-22.
Nguyen Chau
Pham Tito
Straub & Pokotylo
Suchtya, Esq. Leonard C.
Verizon Services Corp.
LandOfFree
Anti-flooding flow-control methods and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Anti-flooding flow-control methods and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Anti-flooding flow-control methods and apparatus will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3695159