Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-09-26
2006-09-26
Moise, Emmanuel L. (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S011000, C713S153000
Reexamination Certificate
active
07114182
ABSTRACT:
Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.
REFERENCES:
patent: 5958053 (1999-09-01), Denker
patent: 6321338 (2001-11-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6772334 (2004-08-01), Glawitsch
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: WO 02/21244 (2002-03-01), None
D'Souza Scott David
Howard Brett
Kierstead Paul
Robert Jean-Marc
(Marks & Clerk)
Abyaneh Ali
Alcatel Canada Inc.
Budd S. Mark
Moise Emmanuel L.
LandOfFree
Statistical methods for detecting TCP SYN flood attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Statistical methods for detecting TCP SYN flood attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Statistical methods for detecting TCP SYN flood attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3581217