Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2007-10-02
2007-10-02
Moazzami, Nasser (Department: 2136)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000, C726S025000, C713S188000
Reexamination Certificate
active
09931291
ABSTRACT:
A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
REFERENCES:
patent: 5793753 (1998-08-01), Hershey et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5796956 (1998-08-01), Jones
patent: 5886643 (1999-03-01), Diebboll et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6061341 (2000-05-01), Andersson et al.
patent: 6061789 (2000-05-01), Hauser et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6108782 (2000-08-01), Fletcher et al.
patent: 6269401 (2001-07-01), Fletcher et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6370116 (2002-04-01), Giroux et al.
patent: 6381649 (2002-04-01), Carlson
patent: 6388992 (2002-05-01), Aubert et al.
patent: 6389448 (2002-05-01), Primak et al.
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6535484 (2003-03-01), Hughes et al.
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6591306 (2003-07-01), Redlich
patent: 6597661 (2003-07-01), Bonn
patent: 6597957 (2003-07-01), Beakley
patent: 6609205 (2003-08-01), Bernhard et al.
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6691213 (2004-02-01), Luu et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6775657 (2004-08-01), Baker
patent: 6789203 (2004-09-01), Belissent
patent: 6807667 (2004-10-01), Bar et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 6848005 (2005-01-01), Plevyak et al.
patent: 6944673 (2005-09-01), Malan et al.
patent: 2002/0023089 (2002-02-01), Woo
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0032774 (2002-03-01), Kohler, Jr. et al.
patent: 2002/0032800 (2002-03-01), Poletto et al.
patent: 2002/0032871 (2002-03-01), Malan et al.
patent: 2002/0035628 (2002-03-01), Gil et al.
patent: 2002/0035683 (2002-03-01), Kaashoek et al.
patent: 2002/0035698 (2002-03-01), Malan et al.
patent: 2002/0038339 (2002-03-01), Xu
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0103886 (2002-08-01), Rawson, III
patent: 2002/0103916 (2002-08-01), Chen et al.
patent: 2002/0116491 (2002-08-01), Boyd et al.
patent: 2003/0046577 (2003-03-01), Silverman
patent: 2003/0149919 (2003-08-01), Greenwald et al.
patent: 1 079 583 (2001-02-01), None
Messmer, Apr. 3, 2000, Network World, p. 1.
Messmer, Apr. 2000, Network World.
Communications News, Jun. 2000, 37, 6, 48.
McFadden, Oct. 25, 2000, Ent, 5, 17, 22.
Greene, Feb. 16, 1998, p. 20.
Johnson, Nov. 27, 20000, Network World.
Martin, Aug. 14, 2000, Network World, p. 86.
Snyder, Jul. 19, 1999, Network World, p. 53.
Ellen Messmer, “Network World”, Apr. 3, 2000.
“A System for Distributed Intrusion Detection”, Snapp et al., Compcon Spring '91, Digest of Papers, Davis, CA, Mar. 1991, pp. 1 and 170-176.
Steve Bellovin. DDoS Attacks and Pushback. NANOG21, Feb. 18, 2001 http://www.aciri.org/pushback.
Ratul Manajan, Steven M. Bellovin, Sally Floyd, Vern Paxson, Scott Shenker, and John Ioannidis. Controlling High Bandwidth Aggregates in the Network. draft paper, Feb. 2001. http://www.aciri.org/pushback.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Proceedings of 2000 ACM SIGCOMM, Stockholm, Sweden, Aug. 2000. http://www.cs.washington.edu/homes/savage/traceback.html.
Steve Bellovin. ICMP Traceback Messages. AT&T Labs Research, Mar. 2000. http://www.research.att.com/˜smb/papers/draft-bellovin-itrace-00.txt.
Cisco. Characterizing and Tracing Packet Floods Using Cisco Routers. http://www.cisco.com/warp/public/707/22.html.
D. Senie. RFC2644 (BCP34), Changing the Default for Directed Broadcasts in Routers. IETF, Aug. 1999. http://www.ietf.org/rfc/rfc2644.txt.
P. Ferguson, D. Senie. RFC2827 (BCP38): Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. IETF, May 2000. http://www.ietf.org/rfc/rfc2827.txt.
David G. Andersen, Hari Balakrishnan, and M. Frans Kaashoek, Robert Morris. The Case for Resilient Overlay Networks. Proc. of HotOS-VIII, Schloss Elmau, Germany, May 2001. http:/
ms.lcs.mit.edu/papers/ron-hotos2001.pdf.
Cisco. Web-Site Security and Denial-of-Service Protection. http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cswsc—wi.htm.
Analysis of a Denial of Service Attack on TCP by Schuba et al Proceedings of the 1997 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, May 1997.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. Practical Network Support for IP Traceback. Work in progress Technical Report UW-CSE-00-02-01. Date unknown. http://www.cs.washington.edu/homes/savage/traceback.html.
Web page entitled “Aggregate Based Congestion Control and Pushback” last modified Apr. 2001 Found at http://www.aciri.org/pushback.
D. Song et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. IEEE INFOCOM, Apr. 2001, pp. 878-886.
R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proceedings of 9thUSENIX Security Symposium, Denver, CO, Aug. 2000, pp. 199-212.
H. Burch et al., “Tracing Anonymous Packets to Their Approximate Source”, Proc. USENIX LISA 00, Dec. 2000, pp. 319-327.
Mell, P. et al., “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems,” RAID 1999, Sep. 1999, pp. 1-8.
Mansfield et al., “Towards trapping wily intruders in the large”, RAID 1999, Sep. 1999, pp. 1-13.
Stallings, William, “Cryptography and Network Security”,Principles and Practice, 2ndEdition, Intruders and Viruses, Chapter 15, pp. 478-501.
Roesch, Martin, “Snort—Lightweight Intrusion Detection for Networks”, Proceedings of LISA XIII '99: 13thSystems Administration Conference, Nov. 7-12, 1999, pp. 229-238.
Ohta et al., “Detection, Defense, and Tracking of Internet-Wide Illegal Access in a Distributed Manner”, Internet Society, Jul. 18-21, 2000, Retrieved from the Internet on Oct. 27, 2004: <URL: http://www.isoc.org/inet2000/cdproceedings/lf/lf—2.htm>.
Kaashoek Marinus Frans
Kohler, Jr. Edward W.
Morris Robert T.
Poletto Massimiliano Antonio
Mazu Networks, Inc.
Moazzami Nasser
Shiferaw Eleni A.
LandOfFree
Coordinated thwarting of denial of service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Coordinated thwarting of denial of service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Coordinated thwarting of denial of service attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3901172