Architecture to thwart denial of service attacks

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S024000, C726S023000

Reexamination Certificate

active

07043759

ABSTRACT:
A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.

REFERENCES:
patent: 5787246 (1998-07-01), Lichtman et al.
patent: 5793753 (1998-08-01), Hershey et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5796956 (1998-08-01), Jones
patent: 5886643 (1999-03-01), Diebboll et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6061789 (2000-05-01), Hauser et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6108782 (2000-08-01), Fletcher et al.
patent: 6189101 (2001-02-01), Dusenbury, Jr.
patent: 6263447 (2001-07-01), French et al.
patent: 6269401 (2001-07-01), Fletcher et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6370116 (2002-04-01), Giroux et al.
patent: 6381649 (2002-04-01), Carlson
patent: 6388992 (2002-05-01), Aubert et al.
patent: 6389448 (2002-05-01), Primak et al.
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6535484 (2003-03-01), Hughes et al.
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6597661 (2003-07-01), Bonn
patent: 6597957 (2003-07-01), Beakley
patent: 6609205 (2003-08-01), Bernhard et al.
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6691213 (2004-02-01), Luu et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6775657 (2004-08-01), Baker
patent: 6789203 (2004-09-01), Belissent
patent: 6807667 (2004-10-01), Bar et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 6848005 (2005-01-01), Plevyak et al.
patent: 2002/0023089 (2002-02-01), Woo
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0032774 (2002-03-01), Kohler, Jr. et al.
patent: 2002/0032800 (2002-03-01), Poletto et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0032880 (2002-03-01), Poletto et al.
patent: 2002/0035628 (2002-03-01), Gil et al.
patent: 2002/0035683 (2002-03-01), Kaashoek et al.
patent: 2002/0035698 (2002-03-01), Malan et al.
patent: 2002/0038339 (2002-03-01), Xu
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0103886 (2002-08-01), Rawson, III
patent: 2002/0103916 (2002-08-01), Chen et al.
patent: 2002/0116491 (2002-08-01), Boyd et al.
patent: 2003/0046577 (2003-03-01), Silverman
patent: 1 079 583 (2001-02-01), None
Steve Bellovin. DDoS Attacks and Pushback. NANOG21, Feb. 18, 2001 http://www.aciri.org/pushback.
Ratul Manajan, Steven M. Bellovin, Sally Floyd, Vern Paxson, Scott Shenker, and John Ioannidis. Controlling High Bandwidth Aggregates in the Network. draft paper, Feb. 2001. http://www.aciri.org/pushback.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Proceedings of 2000 ACM SIGCOMM, Stockholm, Sweden, Aug. 2000. http://www.cs.washington.edu/homes/savage/traceback.html.
Steve Bellovin. ICMP Traceback Messages. AT&T Labs Research, Mar. 2000. http://www.research.att.com/˜smb/papers/draft-bellovin-itrace-00.txt.
“A System for Distributed Intrusion Detection,” Snapp et al.,Compcon Spring '91, Digest of Papers, Davis, CA, Mar. 1991, pp. 1 and 170-176.
Cisco. Characterizing and Tracing Packet Floods Using Cisco Routers. http://www.cisco.com/warp/public/707/22.html.
D. Senie. RFC2644 (BCP34), Changing the Default for Directed Broadcasts in Routers. IETF, Aug. 1999. http://www.ietf.org/rfc/rfc2644.txt.
P. Ferguson, D. Senie. RFC2827 (BCP38): Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF, May 2000. http://www.ietf.org/rfc/rfc2827.txt.
David G. Andersen, Hari Balakrishnan, and M. Frans Kaashoek, Robert Morris. The Case for Resilient Overlay Networks. Proc. of HotOS-VIII, Schloss Elmau, Germany, May 2001. http:/
ms.lcs.mit.edu/papers/ron-hotos2001.pdf.
Cisco. Web-Site Security and Denial-of-Service Protection. http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cswsc—wi.htm.
Analysis of a Denial of Service Attack on TCP by Schuba et al Proceedings of the 1997 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, May 1997.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Work in progress Technical Report UW-CSE-00-02-01. Date unknown. http://www.cs.washington.edu/homes/savage/traceback.html.
Web page entitled “Aggregate Based Congestion Control and Pushback” last modified Apr. 2001 Found at http://www.aciri.org/pushback.
D. Song et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. IEEE INFOCOM, Apr. 2001, pp. 878-886.
R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of 9thUSENIX Security Symposium, Denver, CO, Aug. 2000, pp. 199-212.
H. Burch et al., “Tracing Anonymous Packets to Their Approximate Source”, Proc. USENIX LISA 00, Dec. 2000, pp. 319-327.
Communications News, Jun. 2000, 37, 6, 48.
McFadden, Oct. 25, 2000, Ent, 5, 17, 22.
Greene, Feb. 16, 1998, p. 20.
Johnson, Nov. 27, 2000, Network World., “Instant, low cost VPNs: Inst add users”.
Martin, Aug. 14, 2000, Network World, p. 86.
Snyder, Jul. 19, 1999, Network World, p. 53.
Mell, P. et al., “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems,” RAID 1999, Sep. 1999, pp. 1-8.
Messmer, E., “Security needs spawn services—Manged detection services growing in popularity”, Network World, Apr. 2000, Retrieved from the Internet on May 8, 2005: <URL: http://www.networkworld.com
ews/2000/0403 intrusion.html>.
Mansfield et al., “Towards trapping wily intruders in the large”, RAID 1999, Sep. 1999, pp. 1-13.
Stallings, William, “Cryptography and Network Security”,Principles and Practice, 2ndEdition, Intruders and Viruses, Chapter 15, pp. 478-501.
Roesch, Martin, “Snort—Lightweight Intrusion Detection for Networks”, Proceedings of LISA XIII '99: 13thSystems Administration Conference, Nov. 7-12, 1999, pp. 229-238.
Ohta et al., “Detection, Defense, and Tracking of Internet-Wide Illegal Access in a Distributed Manner”, Internet Society, Jul. 18-21, 2000, Retrieved from the Internet on Oct. 27, 2004: <URL: http://www.isoc.org/inet2000/cdproceedings/1f/1f—2.htm>.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Architecture to thwart denial of service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Architecture to thwart denial of service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Architecture to thwart denial of service attacks will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3602891

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.