Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2001-07-27
2010-11-30
Popham, Jeffrey D (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07845004
ABSTRACT:
A method for determining the entry point of an attack by a vandal such as a hacker upon a device such as a computer or a server such as a web server that operates under the protection of an intrusion detection system. Intrusion detection information regarding the attack and network information regarding the attack are correlated, and the entry point of the attack thereby deduced. In one embodiment, a source address of a message representative of the attack is found in a router table of a router that provides a connection supporting the attack. Logical ports of the connection are determined, and the corresponding physical ports found, thereby identifying the attack's entry point into the protected device.
REFERENCES:
patent: 5511122 (1996-04-01), Atkinson
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5835727 (1998-11-01), Wong et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5905859 (1999-05-01), Holloway et al.
patent: 6006272 (1999-12-01), Aravamudan et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6170061 (2001-01-01), Beser
patent: 6539435 (2003-03-01), Bolmarcich et al.
patent: 6553005 (2003-04-01), Skirmont et al.
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6973040 (2005-12-01), Ricciulli
patent: 99/48303 (1999-09-01), None
patent: 00/62167 (2000-10-01), None
“Network- vs. Host-based Intrusion Detection, a Guide to Intrusion Detection Technology”, Oct. 2, 1998, Internet Security Systems, http://documents.iss.net/whitepapers
vh—ids.pdf.
Hunt, G. et al., “Network Dispatcher: a connection router for scalable Internet services”, Apr. 1998, Proceedings of the 7th International World Wide Web Conference (WWW7), http://www.unizh.ch/home/mazzo/reports/www7conf/fullpapers/1899/com1899.htm.
Hunt et al., “Network Dispatcher: a connection router for scalable Internet services”, Oct. 2, 1998, Internet Security Systems, obtained from http://www.unizh.ch/home/mazzo/reports/www7conf/fullpapers/1899/com1899.htm.
Boivie, R. “Method for Protecting Web Servers Against Various Forms of Denial-of-Service Attacks”, IBM U.S. Appl. No. 09/650,524, filed Aug. 30, 2000.
Bardsley Jeffrey Scott
Brock Ashley Anderson
Kim Nathaniel Wook
Lingafelt Charles Steven
International Business Machines - Corporation
Pivnichny John R.
Popham Jeffrey D
Yee & Associates P.C.
LandOfFree
Correlating network information and intrusion information to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Correlating network information and intrusion information to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Correlating network information and intrusion information to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4199997