Multiplex communications – Data flow congestion prevention or control – Control of data admission to the network
Reexamination Certificate
2011-03-08
2011-03-08
Juntima, Nittaya (Department: 2462)
Multiplex communications
Data flow congestion prevention or control
Control of data admission to the network
C370S465000, C726S023000
Reexamination Certificate
active
07903551
ABSTRACT:
Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets.
REFERENCES:
patent: 4769811 (1988-09-01), Eckberg et al.
patent: 5090011 (1992-02-01), Fukuta et al.
patent: 5309431 (1994-05-01), Tominaga et al.
patent: 5457687 (1995-10-01), Newman
patent: 5706279 (1998-01-01), Teraslinna
patent: 5835484 (1998-11-01), Yamato et al.
patent: 5901140 (1999-05-01), Van As et al.
patent: 5914936 (1999-06-01), Hatono et al.
patent: 6028842 (2000-02-01), Chapman et al.
patent: 6144714 (2000-11-01), Bleiweiss et al.
patent: 6208653 (2001-03-01), Ogawa et al.
patent: 6424620 (2002-07-01), Nishihara
patent: 6463036 (2002-10-01), Nakamura et al.
patent: 6657961 (2003-12-01), Lauffenburger et al.
patent: 6724721 (2004-04-01), Cheriton
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6865185 (2005-03-01), Patel et al.
patent: 6894974 (2005-05-01), Aweva et al.
patent: 7058015 (2006-06-01), Wetherall et al.
patent: 7062782 (2006-06-01), Stone et al.
patent: 7092357 (2006-08-01), Ye
patent: 7188366 (2007-03-01), Chen et al.
patent: 7207062 (2007-04-01), Brustoloni
patent: 7246376 (2007-07-01), Moharram
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2003/0172289 (2003-09-01), Soppera
“Cert.RTM. Advisory CA-1996-26 Denial-of-Service Attack via ping”, downloaded from: http://www.cert.org/advisories/CA-1996-26.html, 4 pgs., last revised Dec. 5, 1997. cited by other.
“Cert.RTM. Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks”, downloaded from: http://www.cert.org/advisories/CA-1996-21.html on Mar. 14, 2002, pp. 1-8, last revied Nov. 29, 2000. cited by other.
S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss, “An Architecture for Differentiated Services”, Network Working Group Request For Comments: 2475, downloaded from: ftp://ftp.isi.edu/in-notes/rfc2475.txt on Mar. 14, 2002, Dec. 1998, pp. 1-32. cited by other.
L. Houvinen and J. Hursti, “Denial of Service Attacks: Teardrop and Land”, Department of Computer Science Helsinki University of Technology, downloaded from: http://www.hut.fi/.about.ilhuovine/hacker/dos.html on Mar. 14, 2002, pp. 1-12. cited by other.
SecurityFocus home mailing list: BugTraq “The “mstream” distributed denial of service attack tool”, downloaded from: http://online.securityfocus.com/archive/1/57854 on Mar. 14, 2002, May 1, 2000, pp. 1-22. cited by other.
Bellovin and Leech AT&T Labs Research, “ICMP Traceback Messages”, Network Working Group Internet Draft, downloaded from: http://www.ietf.org/internet-drafts/draft-ietf-itrace-00.txt on Jul. 9, 2001, Mar. 2001, pp. 1-9. cited by other.
S. Floyd and V. Paxson, “Why We Don't Know How To Simulate The Internet”, AT&T Center for Internet Research, Oct. 11, 1999, pp. 1-13. cited by other.
S. Floyd and K. Fall, “Promoting the Use of End-to-End Congestion Control in the Internet”, May 3, 1999, pp. 1-16. cited by other.
K. Thompson, G. J. Miller, and R. Wilder, “Wide-Area Internet Traffic Patterns and Characteristics”, IEEE Network, Nov./Dec. 1997, pp. 10-23. cited by other.
S. Floyd and V. Jacobson, “Link-sharing and Resource Management Models for Packet Networks”, IEEE/ACM Transactions on Networking, vol. 3, No. 4, Aug. 1995, 22 pgs. cited by other.
S. Floyd and V. Jacobson, “Random Early Detection Gateways for Congestion Avoidance”, Lawrence Berkeley Laboratory University of California, 1993, pp. 1-22. cited by other.
H-Y Chang S. F. Wu, C. Sargor, and X. Wu, “Towards Tracing Hidden Attackers on Untrusted IP Networks”, pp. 1-19, Jun. 2000.
S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Practical Network Support for IP Traceback”, Technical Report UW-CSE-00-02-01, University of Washington, 6 pgs., Feb. 1, 2000.
“Characterizing and Tracing Packet Floods Using Cisco Routers”, downloaded from: wysiwyg://23/http://www.cisco.com/warp/public/707/22.html, 5 pgs., Aug. 1999.
Juntima Nittaya
Verizon Services Corp.
LandOfFree
Early traffic regulation techniques to protect against... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Early traffic regulation techniques to protect against..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Early traffic regulation techniques to protect against... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2621095