Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-03-18
2004-05-18
Dinh, Dung C. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C713S152000, C709S227000
Reexamination Certificate
active
06738814
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
This invention relates in general to communication systems, and more particularly to a method for blocking denial of service and address spoofing attacks on a private network.
BACKGROUND OF THE INVENTION
Corporate and other private networks often provide external access outward and inward through Internet gateways, firewalls or other routing devices. It is important for these routing devices to defend the private network against attackers from the outside as well as to allow access to the private network by authorized users. However there are numerous forms of attack on conventional routing device that can incapacitate the devices and interfere with an associated private network. The problem of keeping unauthorized persons from accessing data is a large problem for corporate and other information service management. Routing devices, such as gateways, firewalls and network routers lack important safeguards to block or prevent attacks. In particular, the number of denial service attacks have risen dramatically in recent years. Further, IP spoofing incidents occur with increasing frequency.
A denial of service attack consists of repeatedly sending requests for connections to different hosts through and/or behind the routing device. Typically, the host will wait for acknowledgment from the requester. Because a host can only handle a finite number of requests (for example, 1 to n, where n depends on the resources available to the host), the attacker can crash or “flood” a host with requests to the point of disrupting network service (host/server/port) to users.
Another form of attack is address spoofing which can be used by unauthorized third parties to gain access to a private network. This attack involves the attacker identifying a valid internal network :address within the private network. The attacker then requests access to the private network through the routing device by spoofing that internal network address. Conventional routing devices typically are not sophisticated enough to determine that such a request should be denied (i.e., because an external request can not originate from an internal address) and will allow access to the attacker. Address spoofing attacks can be carried out against various types of networks and network protocols such as IPX/SPX, MAC layer, Netbios, and IP.
It is therefore advantageous to provide facilities within a routing device that block denial of service, address spoofing and other attacks on an associated private network.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method for blocking denial of service and address spoofing attacks on a private network is disclosed that provides significant advantages over conventional network routing devices.
According to one aspect of the present invention, the method is implemented by a routing device interconnecting the private network to a public network. The method includes analyzing an incoming data packet from the public network. The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network. A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network.
A technical advantage of the present invention is the enabling of a routing device to the identify a denial of service attack and to block such an attack from tying up the routing device.
Another technical advantage of the present invention is enabling a routing device to identify an address spoofing attack and to block such an attack.
A further technical advantage of the present invention is an ability for the routing device to track information about the attacker to allow preventive measures to be taken.
Other technical advantages should be readily apparent to one skilled in the art from the following figures, description, and claims.
REFERENCES:
patent: 4672572 (1987-06-01), Alsberg
patent: 4769771 (1988-09-01), Lippmann et al.
patent: 5003595 (1991-03-01), Collins et al.
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5365580 (1994-11-01), Morisaki
patent: 5623601 (1997-04-01), Vu
patent: 5682478 (1997-10-01), Watson et al.
patent: 5757916 (1998-05-01), MacDoran et al.
patent: 5757924 (1998-05-01), Friedman et al.
patent: 5781550 (1998-07-01), Templin et al.
patent: 5784559 (1998-07-01), Frazier et al.
patent: 5793951 (1998-08-01), Stein et al.
patent: 5826014 (1998-10-01), Coley et al.
patent: 5828846 (1998-10-01), Kirby et al.
patent: 5864666 (1999-01-01), Shrader
patent: 5867647 (1999-02-01), Haigh et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5958053 (1999-09-01), Denker
patent: 5968176 (1999-10-01), Nessett et al.
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6003030 (1999-12-01), Kenner et al.
patent: 6009475 (1999-12-01), Shrader
patent: 6035404 (2000-03-01), Zhao
patent: 6061650 (2000-05-01), Malkin et al.
Schuba et al., Analysis of a Denial of Service Attack on TCP, 1997.*
CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, Sep. 1996.*
Webpage titled “Keeping Mobile Users Secure” by Dave Kosiur, Feb. 11, 1998.
Webpage titled “After Ping of Death, ‘Land’ Attack Disables some Mac Systems” by Ric Ford, Feb. 8, 1997.
Webpage titled “How Not to be Victim of the Next Hacker Attack” by Annette Hamilton, Dec. 18, 1996.
Cox Dennis
McClanahan Kip
Baker & Botts L.L.P.
Cisco Technology Inc.
Dinh Dung C.
LandOfFree
Method for blocking denial of service and address spoofing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for blocking denial of service and address spoofing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for blocking denial of service and address spoofing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3197191