Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
2004-05-05
2010-02-16
Bruckart, Benjamin R (Department: 2446)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C726S012000, C726S023000
Reexamination Certificate
active
07664855
ABSTRACT:
Techniques are described for mitigating adverse effects of port scanning within a network device. For example, an apparatus, such as a router, responds to all network connection request packets received from a client for all ports on an attached server as if all of the server's ports are open. Once a network connection is established between the router and the client, a network connection request is transmitted to the server for a requested port. Using the router to establish a full network connection with the client eliminates a unscrupulous client from sending numerous decoy network connection request messages in an effort to hide the identity of the client. By responding to all network connection requests by establishing a TCP full connection before a network connection request is forwarded to a server, a client receives no useful information regarding the state of a port on the server before providing a valid and detectable IP address. Stealth port scanning is rendered ineffective. Only connect scan-type port scanning, which is both detectible and defendable, may be used to identify open ports on a server.
REFERENCES:
patent: 6970943 (2005-11-01), Subramanian et al.
patent: 6975628 (2005-12-01), Johnson et al.
patent: 7162740 (2007-01-01), Eastlake, III
patent: 7203740 (2007-04-01), Putzolu et al.
patent: 7301899 (2007-11-01), Goldstone
patent: 7362763 (2008-04-01), Wybenga et al.
patent: 7496955 (2009-02-01), Akundi et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0126621 (2002-09-01), Johnson et al.
patent: 2003/0097557 (2003-05-01), Tarquini et al.
patent: 2003/0110274 (2003-06-01), Pazi et al.
patent: 2004/0015721 (2004-01-01), Eastlake, III
patent: 2004/0107286 (2004-06-01), Larson et al.
patent: 2004/0111635 (2004-06-01), Boivie et al.
patent: 2005/0144441 (2005-06-01), Govindarajan
patent: 2005/0160289 (2005-07-01), Shay
patent: 2006/0089994 (2006-04-01), Hayes
patent: 2006/0185008 (2006-08-01), Le et al.
patent: 2007/0180511 (2007-08-01), Eastlake, III
patent: 2007/0294369 (2007-12-01), Ginter et al.
“Well-Known TCP Port Number,” www.webopedia.com, 3 pages.
“TCP Packet Field Descriptions,” www.ipanalyser.co.uk, Analyser Sales Ltd., Copyright 2003, 2 pages.
Michael Egan, “Decomposition of a TCP Packet,” www.passwall.com, 4 pages, Aug. 7, 2000.
Mark Gibbs, “A Guide to Original SYN,” www.nwfusion.com, Network World, Nov. 2000, 2 pages.
Michael Egan, “Sample TCP/IP Packet,” www.passwall.com, Version 0.0.0 @ 03:55/Aug. 7, 2000, Copyright 2002, 9 pages.
D.J. Bernstein, “SYN Cookies,” http://cr.yp.to/syncookies.html, Oct. 2003, 3 pages.
Jonathan Lemon, “Resisting SYN Flood DoS Attacks with a SYN Cache,” http://people.freebsd.org/˜ jlemon/papers/syncache.pdf, 9 pages.
Stuart Staniford, et al., “Practical Automated Detection of Stealthy Portscans,” http://downloads.securityfocus.com/library/spice-ccs2000.pdf, 16 pages.
“Proceedings of the BSDCon 2002 Conference,” USENIX Association, San Francisco, California, Feb. 11-14, 2002, 10 pgs.
Juniper Networks, Inc., “Combating Bots and Mitigating DDoS Attacks”, Juniper Networks, Inc., 2008, entire document, http://www.juniper.net/solutions/literature/solutionbriefs/351198.pdf.
Freed Michael
Krohn Robert M.
Bruckart Benjamin R
Juniper Networks, Inc.
Shumaker & Sieffert P.A.
LandOfFree
Port scanning mitigation within a network through... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Port scanning mitigation within a network through..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Port scanning mitigation within a network through... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4205893