Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2004-06-25
2008-12-09
Lanier, Benjamin E. (Department: 2132)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07464409
ABSTRACT:
A device for mitigating data flooding in a data communication network. The device can include a first module and a second module. The first module can identify flooding data transmitted from at least one offending host and intended for at least one threatened host. The second module can generate a data rate limit that is communicated to at least one of the plurality of edge nodes defining an entry node. The data rate limit can be based upon an observed rate of transmission of flooding data transmitted from the offending host to the entry node and a desired rate of transmission of flooding data transmitted to the threatened host from at least one other of the plurality of edge nodes defining an exit node.
REFERENCES:
patent: 5734903 (1998-03-01), Saulpaugh et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 2002/0118796 (2002-08-01), Menard et al.
patent: 2003/0002436 (2003-01-01), Anderson et al.
patent: 2003/0023733 (2003-01-01), Lingafelt et al.
patent: 2004/0250124 (2004-12-01), Chesla et al.
Chen, S., et al., “Perimeter-Based Defense Against High Bandwidth DDoS Attacks”, (Jul. 1, 2003).
Schuba, C.L., et al., “Analysis of a Denial of Service Attack on TCP”, IEEE Sym. on Sec. and Privacy, (1997).
Lemon, J., et al., “Resisting SYN Flood DoS Attacks With a SYN Cache”, Proc. of USENIX BSDCON2002, (Feb. 2002).
Wang, H., et al., “SYN-dog: Sniffing SYN Flooding Sources”, Proc. of 22nd Int'l. Conf. on Dist. Com. Systems (ICDCS '02) (Jul. 2002).
Moore, D., “Inferring Internet Denial-Of-Service Activity”, Proc. of USENIX Security Symposium 2001, (Aug. 2001).
Gibson, S., “The Strange Tale of the Denial fo Service Attacks Against GRC.COM”, Gibson Research Corporation, (2002).
Ferguson, P., et al., “RFC 2827—Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing”, IETF, (Jan. 1998).
Park, K., et al., “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets”, ACM SIGCOMM 2001, (Aug. 2001).
Burch, H., “Tracing Anonymous Packets to Their Approximate Source”, USENIX LISA '00, (Dec. 2000).
Schnackenberg, D., “Infrastructure for Intrusion Detection and Response”, Proc. of 1st DARPA Info. Survivability Conf., (Jan. 2000).
Stone, R., “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proc. of USENIX Security Symp. '00, (Aug. 2000).
Savage, S., et al., “Practical Network Support for IP Traceback”, Proc. of ACM SIGCOMM '2000, (Aug. 2000).
Song, D.X., et al., “Advanced and Authenticated Marking Schemes for IP Traceback”, Proc. of IEEE INFOCOM '2001, (Mar. 2001).
Snoeren, A.C., et al., “Hash-Based IP Traceback”, Proc. of ACM SIGCOMM '2001, (Aug. 2001).
Park, K., et al., “On the Effectiveness of Probabilistic Packet Marking for IP Traceback Under Denial of Service Attack”, Proc. of IEEE INFOCOM '2001, (Mar. 2001).
Ratnasamy, S., et al., “Routing Algorithms for DHTs: Some Open Questions”, Proc. of 1st Int'l WS on Peer-to-Peer Sys. (IPTPS'02), (Mar. 2002).
Mahajan, R., et al., “Controlling High Bandwidth Aggregates in the Network”, Computer Communications Review, vol. 32, No. 3, pp. 62-73, (Jul. 2002).
Keromytis, A.D., et al., “SOS: Secure Overlay Services”, Proc. of ACM SIGCOMM '2002, (Aug. 2002).
Gordon, G.W., “SYN Cookies, An Exploration”, GSEC Practical Assignment, v. 1.3, from the web, (2000-2002).
Akerman & Senterfitt
Gust Andrew C.
Kane Cordelia
Lanier Benjamin E.
Nelson Gregory A.
LandOfFree
Perimeter-based defense against data flooding in a data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Perimeter-based defense against data flooding in a data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Perimeter-based defense against data flooding in a data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4031924