Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
2004-03-26
2008-08-12
Lee, Andrew C. (Department: 2616)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C713S181000
Reexamination Certificate
active
07411957
ABSTRACT:
A system and method is provided for automatically identifying and removing malicious data packets, such as denial-of-service (DoS) packets, in an intermediate network node before the packets can be forwarded to a central processing unit (CPU) in the node. The CPU's processing bandwidth is therefore not consumed identifying and removing the malicious packets from the system memory. As such, processing of the malicious packets is essentially “off-loaded” from the CPU, thereby enabling the CPU to process non-malicious packets in a more efficient manner. Unlike prior implementations, the invention identifies malicious packets having complex encapsulations that can not be identified using traditional techniques, such as ternary content addressable memories (TCAM) or lookup tables.
REFERENCES:
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6430183 (2002-08-01), Satran et al.
patent: 6499107 (2002-12-01), Gleichauf et al.
patent: 6522188 (2003-02-01), Poole
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6657742 (2003-12-01), Kassmann
patent: 6714553 (2004-03-01), Poole et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6754662 (2004-06-01), Li
patent: 6792546 (2004-09-01), Shanklin et al.
patent: 6816973 (2004-11-01), Gleichauf et al.
patent: 6950434 (2005-09-01), Viswanath et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2004/0064737 (2004-04-01), Milliken et al.
patent: 2004/0107285 (2004-06-01), Larson et al.
patent: 2004/0199630 (2004-10-01), Sarkissian et al.
patent: 2007/0204344 (2007-08-01), Xue et al.
patent: 2007/0245417 (2007-10-01), Lee et al.
patent: 2007/0261112 (2007-11-01), Todd et al.
patent: 2008/0028467 (2008-01-01), Kommareddy et al.
U.S. Appl. No. 10/657,497, filed Sep. 8, 2003 by Garner et al., entitled Header Check Hash Circuit.
U.S. Appl. No. 10/769,941, filed Feb. 2, 2004 by Hughes et al., entitled Memory Efficient Hashing Algorithm.
Perlman, Radia, Interconnections Second Edition: Bridges, Routers, Switches, and Internetworking Protocols, Addison Wesley, 1999, Section 1.1, pp. 1-7.
PCT Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration, International Appl. No.: PCT/US05/07059, International Filing Date: Mar. 3, 2005, Date of Mailing: Feb. 6, 2008, 7 pages.
Garner Trevor
Hughes Martin W.
Lee William R.
Stacy John Kenneth
Cesari and McKenna LLP
Cisco Technology Inc.
Lee Andrew C.
LandOfFree
Hardware filtering support for denial-of-service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Hardware filtering support for denial-of-service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Hardware filtering support for denial-of-service attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4005380