Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2007-03-21
2010-10-26
Pyzocha, Michael (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
C726S013000, C709S224000
Reexamination Certificate
active
07823202
ABSTRACT:
The invention relates to a method for generating a prefix hijacking alert in a network, wherein a plurality of network traffic flows are routed based at least on a plurality of prefix announcements from one or more Border Gateway Protocol (BGP) router, the method comprises identifying an anomalous prefix from the plurality of prefix announcements, identifying a network traffic anomaly from the plurality of network traffic flows, and correlating the anomalous prefix and the network traffic anomaly to generate the prefix hijacking alert.
REFERENCES:
patent: 7624447 (2009-11-01), Horowitz et al.
Hu, Xin et al., “Accurate Real-time Identification of IP Hijacking”, May 2006, pp. 1-28.
Ballani, Hitesh et al., “A Study of Prefix Hijacking and Interception in the Internet”, SIGCOMM Proceedings, submitted Jan. 7, 2007, pp. 1-12.
Rekhter, et al., “A Border Gateway Protocol 4 (BGP-4),” Standards Track, Jan. 2006, 93 pgs., Network Working Group.
Ramachandran, et al., “Understanding the Network-Level Behavior of Spammers,” pp. 1-14, College of Computing Georgia Tech.
Chan, et al., “Modeling Adoptability of Secure BGP Protocols,” pp. 279-290, Carnegie Mellon University.
Siganos, et al., “Analyzing BGP Policies: Methodology and Tool,” 12 pgs., Dept. of Computer Science & Engineering, University of California, Riverside, USA.
Karlin, et al., “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” 10 pgs.
Mahajan, et al., “Understanding BGP Misconfiguration,” 14 pgs., Computer Science and Engineering, University of Washington, Seattle, WA.
Zhao, et al., “An Analysis of BGP Multiple Origin AS (MOAS) Conficts,” 5 pgs.
Kruegel, et al., “Topology-based detection of anomalous BGP messages,” 20pgs., Reliable Software Group, University of California, Santa Barbara.
Lad, et al., “PHAS: A Prefix Hijack Alert System,” 14 pgs.
Duan, et al., “Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates,” 12 pgs.
Feamster, et al., “An Empirical Study of “Bogon” Route Advertisements,” 7 pgs., MIT Computer Science & Artificial Intelligence Laboratory.
“University of Oregon Route Views Project,” http://www.routeviews.org/, 4 pgs., Advanced Network Technology Center, University of Oregon.
“Routing Information Service (RIS),” http://www.ripe.net/ris/, 1pg.
“NetFlow Input Filters,” 18 pgs., Cisco System, Inc.
Labovitz, et al., “Shining Light on Dark Address Space,” Tech Report, Nov. 13, 2001, 10 pgs., Arbor Networks.
Wang, et al., “Detecting SYN Flooding Attacks,” 10 pgs., EECS Department, The University of Michigan, Ann Arbor, MI.
Popescu, et al., “The Anatomy of a Leak: AS9121 or How we Learned to Start Worrying and Hate the Maximum Prefix Limits,” May 15, 2005, 37 pgs., Renesys Corpoation.
“Con-Ed Steals The 'Net,” http://www.renesys.com/blog/2006/01/coned—steals—the—net.shtml, Jan. 2006, 5 pgs., Renesys Blog.
“a fun hijack:1/8, 2/8, 3/8, 4/8, 5/8, 7/8, 12/8 briefly announced by AS 23520,” email, http://www.merit.due.mail.archives
anog/2006-06/ms00082.html, Jun. 6, 2007, 1 pg.
“CERT Advisory CA-2003-01 MS-SQL Server Worm,” http://www.cert.org/advisories/CA-2003-04.html, Jan. 27, 2003, 4 pgs., CERT/CC.
“W32.Spybot.EAS,” http://www.symantec.com/security—response/writeup.jsp? docid=2004-093016-36322-99, Sep. 30, 2004, 2 pgs.
“W32.Myddom.M@mm,” http://www.symantec.com/security—response/writeup.jsp? docid=2004-072615-3527-99, Jul. 26, 2004, 2 pgs.
Frantzen, Swa, “RealVNC exploits in the wild,” http://isc.sans.org/diary/html?storyid=1341, May 19, 2006, 2 pgs.
Keizer, Gregg, “Worm Attacks Symantec Enterprise AntiVirus,” http://www.informationweek.com/shared/printableArticle.jhtml?articleID=196700262, Dec. 15, 2006, 2 pgs.
Skoudis, Ed, “Today's Internet Threat Level: Green,” http://isc.sans.org/port.html?port=1026, 2 pgs.
Woodcock, Bill, “Best Practices in IPv4 Anycase Routing,” Aug. 2002, 42 pgs., Packet Clearing House.
“Autonomous System Numbers,” Nov. 30, 2006, 3 pgs.
Gao Lixin
Nucci Antonio
Qiu Jian
Ranjan Supranamaya
Fernandez & Associates LLP
Narus, Inc.
Pyzocha Michael
LandOfFree
Method for detecting internet border gateway protocol prefix... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for detecting internet border gateway protocol prefix..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for detecting internet border gateway protocol prefix... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4177036