Information security – Access control or authentication – Network
Reexamination Certificate
2007-04-17
2007-04-17
Sheikh, Avaz (Department: 2131)
Information security
Access control or authentication
Network
C726S011000, C726S012000, C713S151000, C713S152000, C713S153000, C713S154000, C709S220000, C709S221000, C709S222000, C709S223000, C370S229000, C370S230000, C370S231000, C370S232000
Reexamination Certificate
active
10175458
ABSTRACT:
An Internet Service Provider (ISP), in consideration of being remunerated in some manner by a site, determines whether packets destined to that site conform to a profile provided to the ISP by that site. The profile, indicates, for example, what protocols are allowed by the server, and, for each such protocol, what destination port numbers or message types are allowed, a maximum transmission rate, the maximum number of allowed connections a client may have, and whether to enforce congestion-avoidance. This server profile enforcement (SPE) automatically thwarts denial of service attacks from attackers that send packets to the subscribing server from that ISP using connections or having packet characteristics that do not conform to the acceptable characteristics specified in the profile. SPE is generally performed by an SPE unit, which can be incorporated in the access gateways of an ISP that supports the service. Packets may also be forwarded in multiple classes of service depending upon the type of traffic from which they originate. Multiple classes of service allow the method to be effective even if deployed only by select ISPs.
REFERENCES:
patent: 6073175 (2000-06-01), Tavs et al.
patent: 6119235 (2000-09-01), Vaid et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6459682 (2002-10-01), Ellesson et al.
patent: 6738377 (2004-05-01), Boden
RFC-2827 (“Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Sppofing”) May 2000.
“Operating Firewalls outside the LAN perimeter” Robert N. Smith, Feb. 10-12, 1999.
Robert N. Smith, et al, “Operating Firewalls Outside the LAN Perimeter”,1999 IEEE International Performance Computing&Communications Conference, (Feb. 10, 1999), pp. 493-498, XP000859730.
Cisco Systems, “Securing the Network, Egress & Ingress Filtering” etc.,Cisco ISP Essentials, (Jun. 6, 2001), pp. 63-95.
European Search Report.
Floyd, S. et al, “Promoting the Use of End-to-End Congestion Control in the Internet”, IEEE/ACM Transactions on Networking, vol. 7, No. 4, Aug. 1999, XP-000848692, pp. 458-472.
A. Odlyzko, “Paris Metro Pricing for the Internet”, Proc. ACM Conference on Electronic Commerce (EC99), ACM, 1999, pp. 140-147.
R. Braden, et al., “Integrated Services in the Internet Architecture: an Overview,” IETF, RFC 1633, Jun. 1994.
S. Blake, et al., “An Architecture for Differentiated Services,” IETF, RFC 2475, Dec. 1998.
P. Ferguson, et al., “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing”, IETF, RFC 2827 (also BCP 0038), May 2000.
S. Savage, et al., “Practical Network Support for IP Traceback”, Proc. SIGCOMM'2000, pp. 295-306, ACM, Stockholm, Sweden, Aug. 2000.
J. Bruno, et al., “Retrofitting Quality of Service into a Time-Sharing Operating System”, Proc. Annual Tech. Conf., USENIX, Jun. 1999, pp. 15-26.
“Characterizing and Tracing Packet Floods using Cisco Routers,” Cisco, available at http://www.cisco.com/warp/public/707/22.html.
Chai Longbit
Gurey Stephen M.
Lucent Technologies Inc
Sheikh Avaz
LandOfFree
Method and apparatus for protecting web sites from... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for protecting web sites from..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for protecting web sites from... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3724821