Method and system for controlling attacks on distributed...

Information security – Access control or authentication – Network

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S002000, C726S012000, C713S151000, C713S153000, C713S168000, C370S392000, C370S389000, C370S474000

Reexamination Certificate

active

07028335

ABSTRACT:
A method and system for distributed network address translation with security for controlling and limiting the disruption caused by denial of service attacks. The method and system have a first network device and a second network device on a first network, and a third network device on a second network external to the first network, with an established security association between the first network device and the third network device. The first network device specifies an external address of the third network device for the security association to the second network device, which stores the external address in a table. The second network device then maps at least one of an internal address and a security value to the external address in the table. Any packets sent from the third network device to the first network device are intercepted by the second network device, which determines the external address and security value of the packet. If the security value of the packet has been allocated to the first network device, and the external address of the packet has been specified by the first network device as being valid, the packet is sent from the second network device to the first network device using distributed network address translation with security. Otherwise, the packet is discarded by the second network device.

REFERENCES:
patent: 4953198 (1990-08-01), Daly et al.
patent: 5159592 (1992-10-01), Perkins
patent: 5227778 (1993-07-01), Vacon et al.
patent: 5327365 (1994-07-01), Fujisaki et al.
patent: 5497339 (1996-03-01), Bernard
patent: 5526353 (1996-06-01), Henley et al.
patent: 5526489 (1996-06-01), Nilakantan et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5604737 (1997-02-01), Iwami et al.
patent: 5606594 (1997-02-01), Register et al.
patent: 5636216 (1997-06-01), Fox et al.
patent: 5654957 (1997-08-01), Koyama
patent: 5708655 (1998-01-01), Toth et al.
patent: 5737333 (1998-04-01), Civanlar et al.
patent: 5742596 (1998-04-01), Baratz et al.
patent: 5754547 (1998-05-01), Nakazawa
patent: 5793657 (1998-08-01), Nemoto
patent: 5793763 (1998-08-01), Mayes et al.
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5828846 (1998-10-01), Kirby et al.
patent: 5835723 (1998-11-01), Andrews et al.
patent: 5862331 (1999-01-01), Herriot
patent: 5867495 (1999-02-01), Elliott et al.
patent: 5867660 (1999-02-01), Schmidt et al.
patent: 5872847 (1999-02-01), Boyle et al.
patent: 5889774 (1999-03-01), Mirashrafi et al.
patent: 5892924 (1999-04-01), Lyon et al.
patent: 5915008 (1999-06-01), Dulman
patent: 5933778 (1999-08-01), Buhrmann et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5960177 (1999-09-01), Tanno
patent: 5983350 (1999-11-01), Minear et al.
patent: 6011782 (2000-01-01), DeSimone et al.
patent: 6055236 (2000-04-01), Nessett et al.
patent: 6055561 (2000-04-01), Feldman et al.
patent: 6058421 (2000-05-01), Fijolek et al.
patent: 6079021 (2000-06-01), Abadi et al.
patent: 6101189 (2000-08-01), Tsuruoka
patent: 6101543 (2000-08-01), Alden et al.
patent: 6104711 (2000-08-01), Voit
patent: 6115751 (2000-09-01), Tam et al.
patent: 6134591 (2000-10-01), Nickles
patent: 6137791 (2000-10-01), Frid et al.
patent: 6157950 (2000-12-01), Krishnan
patent: 6172986 (2001-01-01), Watanuki et al.
patent: 6185184 (2001-02-01), Mattaway et al.
patent: 6195705 (2001-02-01), Leung
patent: 6212183 (2001-04-01), Wilford
patent: 6212563 (2001-04-01), Beser
patent: 6233234 (2001-05-01), Curry et al.
patent: 6249820 (2001-06-01), Dobbins et al.
patent: 6266707 (2001-07-01), Boden et al.
patent: 6269099 (2001-07-01), Borella et al.
patent: 6353614 (2002-03-01), Borella et al.
patent: 6353891 (2002-03-01), Borella et al.
patent: 6438612 (2002-08-01), Ylonen et al.
patent: WO 01/31888 (2001-05-01), None
G. Montene, Internet Engineering Task Force, Internet Draft, “Negotiated Address Reuse” (NAR), <draft-montenegro-aatn-nar-00.txt>, May 1998, pp. 1 to 22.
George Tsirtsis, Alan O'Neill, Internet Engineering Task Force, Internet Draft, “NAT Bypass for End 2 End ‘Sensitive’ Applications,” <draft-tsirtsis-nat-bypass-00.txt>, Jan. 1998, pp. 1 to 5.
George Tsirtsis, Pyda Srishuresh, Internet Engineering Task Force, Internet Draft, “Network Address Translation—Protocol Translation” (NAT-PT), <draft-ietf-ngtrans-natpt-04.txt>, Jan. 1999, pp. 1 to 13.
Jeffrey Lo, K, Taniguchi, Internet Engineering Task Force, Internet Draft, “IP Host Network Address (and port) Translation,” <draft-ietf-nat-hnat-00.txt>, Nov. 1998, pp. 1 to 13.
Michael Borella, David Grabelsky, Ikhlaq Sidhu, Brian Petry, Internet Engineering Task Force, Internet Draft, “Distributed Network Address Translation,” <draft-borella-aatn-dnat-01.txt>, Oct. 1998, pp. 1 to 21.
P. Srisuresh, G. Tsirtsis, P. Akkiraju, A. Heffernan, Internet Engineering Task Force, Internet Draft, “DNS Extensions to Network Address Translators” (DNS—ALG), <draft-ietf-nat-dns-alg-01.txt>, Oct. 1998, pp. 1 to 24.
P. Srisuresh, Internet Engineering Task Force, Internet Draft “Security for IP Network Address Translator (NAT) Domains,” <draft-ietf-nat-security-00.txt.>, Nov. 1998, pp. 1 to 11.
P. Srisuresh, K. Eg, Internet Engineering Task Force, Internet Draft, “The IP Network Address Translator” (NAT), <draft-rfced-info-srisuresh-05.txt>, Feb. 1998, pp. 1 to 24.
P. Srisuresh, K. Egev, Internet Engineering Task Force, Internet Draft, “Traditional IP Network Address Translator (Traditional NAT),” <draft-ietf-nat-traditional-01.txt>, Oct. 1998, pp. 1 to 17.
P. Srisuresh, Matt Holdrege, Internet Engineering Task Force, Internet Draft, “IP Network Address Translator (NAT) Terminology and Considerations,” <draft-ietf-nat-terminology-01.txt>, Oct. 1998, pp. 1 to 28.
Praveen Akkiraju, Yakov Rekhter, Internet Engineering Task Force, Internet Draft, “A Multihoming Solution Using NATs” <draft-akkiraju-nat-multihoming-00.txt>, Nov. 1998, pp. 1 to 32.
R. G. Moskowitz, Internet Engineering Task Force, Internet Draft, “Network Address Translation Issues with Ipsec,” <draft-moskowitz-net66-vpn-00.txt>, Feb. 6, 1998, p. 1 to 8.
R. Thay, N. Doraswa and R. Gle, Internet Engineering Task Force, Internet Draft, “IP Security,” <draft-ietf-ipsec-doc-roadmap-02.txt.>, Nov. 1997, pp. 1 to 12.
T. Hain, Internet Engineering Task Force, Internet Draft, “Architectural Implications of NAT,” <draft-iab-nat-implications-02.txt>, Oct. 1998, pp. 1 to 14.
W.T. Teo, S.W. Yeow, R. Singh, Internet Engineering Task Force, Internet Draft, “IP Relocation Through Twice Network Address Translators,” <draft-ietf-nat-rnat-00.txt>, Feb. 1999, pp. 1 to 20.
W.T. Teo, S.W. Yeow, R. Singh, Internet Engineering Task Force, Internet Draft, “Reverse Twice Network Address Translators (RAT),” <draft-teoyeow-mip-rat-01.txt>, Dec. 1998, pp. 1 to 20.
W.T. Teo, Y. Li, Internet Engineering Task Force, Internet Draft, “Mobile IP Extension for Private Internets Support,” <draft-teoyli-mobileip-mvpn-02.txt>, Feb. 1999, pp. 1 to 24.
Yakov Rekhter, Internet Engineering Task Force, Internet Draft, “Implications of NATs on the TCP/IP Architecture,” <draft-ietf-nat-arch-implications-00.txt>, Feb. 1999, pp. 1 to 7.
K. Egevang, and P. Francis, Internet Engineering Task Force, (“IETF”), Request for Comments (“RFC”) RFC-1631, “The IP Network Address Translator (NAT)”, May 1994, pp. 1-10.
Borella, “Protocol helps stretch lpv4 addresses,”Network World, Jan. 17, 2000, p. 43.
Kent, Stephen,Evaluating Certification Authority Security, Aerospace Conference, 1998 IEEE, Online, vol. 4, pp. 319-327 (Mar. 21-23, 1998).
Thayer, Rodney,Bulletproof IP With Authentication and Encryption IPSec Adds a Layer of Armor to IP, Data Communications,

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and system for controlling attacks on distributed... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and system for controlling attacks on distributed..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for controlling attacks on distributed... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3541820

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.