Information security – Access control or authentication – Network
Reexamination Certificate
2004-08-11
2009-06-09
Zand, Kambiz (Department: 2439)
Information security
Access control or authentication
Network
C726S014000, C709S223000, C709S224000, C709S227000, C709S229000, C709S238000, C709S240000, C709S241000, C709S242000, C370S351000, C370S392000, C370S400000, C370S401000, C370S428000
Reexamination Certificate
active
07546635
ABSTRACT:
A network device receives control plane packets and data plane packets from a network. The network device includes a forwarding component that forwards the data plane packets in accordance with routing information maintained by a routing component. The forwarding component directs the control plane packets to a firewall component that processes the control plane packets to apply firewall services and detect network attacks. After processing, the firewall component loops the control plane packets back to the forwarding components for forwarding to the routing component. The firewall component may be a security service card.
REFERENCES:
patent: 3962681 (1976-06-01), Requa et al.
patent: 4032899 (1977-06-01), Jenny et al.
patent: 4600319 (1986-07-01), Everett, Jr.
patent: 5408539 (1995-04-01), Finlay et al.
patent: 5490252 (1996-02-01), Macera et al.
patent: 5509123 (1996-04-01), Dobbins et al.
patent: 5568471 (1996-10-01), Hershey et al.
patent: 6011795 (2000-01-01), Varghese et al.
patent: 6018765 (2000-01-01), Durana et al.
patent: 6148335 (2000-11-01), Haggard et al.
patent: 6182146 (2001-01-01), Graham-Cumming, Jr.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6392996 (2002-05-01), Hjalmtysson
patent: 6499088 (2002-12-01), Wexler et al.
patent: 6563796 (2003-05-01), Saito
patent: 6590898 (2003-07-01), Uzun
patent: 6594268 (2003-07-01), Aukia et al.
patent: 6598034 (2003-07-01), Kloth
patent: 6735201 (2004-05-01), Mahajan et al.
patent: 6751663 (2004-06-01), Farrell et al.
patent: 6826713 (2004-11-01), Beesley et al.
patent: 6870817 (2005-03-01), Dolinar et al.
patent: 6970943 (2005-11-01), Subramanian et al.
patent: 6975628 (2005-12-01), Johnson et al.
patent: 6983294 (2006-01-01), Jones et al.
patent: 6985956 (2006-01-01), Luke et al.
patent: 7114008 (2006-09-01), Jungck et al.
patent: 7162740 (2007-01-01), Eastlake, III
patent: 7185368 (2007-02-01), Copeland, III
patent: 7203740 (2007-04-01), Putzolu et al.
patent: 7301899 (2007-11-01), Goldstone
patent: 7362763 (2008-04-01), Wybenga et al.
patent: 7496955 (2009-02-01), Akundi et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0126621 (2002-09-01), Johnson et al.
patent: 2002/0141343 (2002-10-01), Bays
patent: 2003/0005145 (2003-01-01), Bullard
patent: 2003/0097557 (2003-05-01), Tarquini et al.
patent: 2003/0110274 (2003-06-01), Pazi et al.
patent: 2003/0120769 (2003-06-01), McCollom et al.
patent: 2003/0214913 (2003-11-01), Kan et al.
patent: 2004/0015721 (2004-01-01), Eastlake, III
patent: 2005/0160289 (2005-07-01), Shay
patent: 2006/0089994 (2006-04-01), Hayes
patent: 2006/0185008 (2006-08-01), Le et al.
patent: 2007/0180511 (2007-08-01), Eastlake Iii
patent: 2007/0294369 (2007-12-01), Ginter et al.
Juniper Networks, Inc., ‘Combating Bots and Mitigating DDoS Attacks’, Juniper Networks, Inc., 2008, entire document, http://www.juniper.net/solutions/literature/solutionbriefs/351198.pdf.
Weaver, A.C. et al., “A Real-Time Monitor for Token Ring Networks,” Military Communications Conference, 1989. MILCOM '89, Oct. 1989, vol. 3, pp. 794-798.
Dini, P. et al., “Performance Evaluation for Distributed System Components,” Proceedings of IEEE Second International Workshop on Systems Management, Jun. 1996, pp. 20-29.
Integrated Services Adapter, 2000, Cisco Systems, Data Sheet, pp. 1-6, http://www.cisco.com/warp/public/cc/pd/ifaa/svaa/iasvaa/prodlit/ism2—ds.pdf.
“The CAIDA Web Site,” www.caida.org.
“About Endace,” www.endace.com.
“Cisco IOS NetFlow,” www.cisco.com/warp/public/732/Tech
mp
etflow/index.shtml.
U.S. Appl. No. 10/188,567, entitled “Adaptive Network Flow Analysis”, filed Jul. 2, 2002, Scott Mackie.
U.S. Appl. No. 10/228,132, entitled “Adaptive Network Router”, filed Aug. 26, 2002, Woo et al.
U.S. Appl. No. 10/228,114, entitled “Network Router Having Integrated Flow Accounting and Packet Interception”, filed Aug. 26, 2002, Woo et al.
U.S. Appl. No. 10/241,785, entitled “Rate-Controlled Transmission of Traffic Flow Information”, filed Sep. 10, 2002, Sandeep Jain.
U.S. Appl. No. 10/228,150, entitled “Network Device Having Accounting Service Card,” filed Aug. 22, 2002, Woo, Hsien-Chung.
U.S. Appl. No. 10/839,187, entitled “Port Scanning Mitigation Within A Network,” filed May 5, 2004.
“Well-Known TCP Port Number,” www.webopedia.com, 3 pages.
“TCP Packet Field Descriptions,” www.ipanalyser.co.uk, Analyser Sales Ltd., Copyright 2003, 2 pages.
Michael Egan, “Decomposition of a TCP Packet,” www.passwall.com, 3 pages, Aug. 7, 2000.
Mark Gibbs, “A Guide to Original SYN,” www.nwfusion.com, Network World, Nov. 2000, 4 pages.
“Sample TCP/IP Packet,” www.passwall.com, Version 0.0.0 @ 03:55/Aug. 7, 2000, Copyright 2002, 6 pages.
D.J. Bernstein, “SYN Cookies,” http://cr.yp.to/syncookies.html, Oct. 2003, 3 pages.
Jonathan Lemon, “Resisting SYN Flood DoS Attacks with a SYN Cache,” http://people.freebsd.org/˜jlemon/papers/syncache.pdf, 9 pages.
Stuart Staniford, et al., “Practical Automated Detection of Stealthy Portscans,” http://downloads.securityfocus.com/library/spice-ccs2000.pdf, 16 pages.
U.S. Appl. No. 12/182,619, filed Jul. 30, 2008 entitled “Streamlined Packet Forwarding Using Dynamic Filters For Routing And Security In A Shared Forwarding Plane,”.
Freed Michael
Holleman Keith
Krohn Robert M.
Ramamoorthi Sankar
Baum Ronald
Juniper Networks, Inc.
Shumaker & Sieffert P.A.
Zand Kambiz
LandOfFree
Stateful firewall protection for control plane traffic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Stateful firewall protection for control plane traffic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Stateful firewall protection for control plane traffic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4067663