Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2005-01-18
2009-12-29
Nguyen, Dustin (Department: 2454)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C726S022000
Reexamination Certificate
active
07640338
ABSTRACT:
Malicious network node activity and, in particular, denial of service attacks, may be mitigated by one or more practical mitigation mechanisms and mitigation mechanism combinations. Suitable protocol messages may be challenged with a challenge probe. A response to the challenge probe may be utilized to determine if received protocol messages are illegitimate, that is, originated by a malicious network node. Received protocol messages may be classified as questionable protocol messages. For efficiency, protocol message challenges may be limited to protocol message classified as questionable. A sequence number limit may be calculated as a function of receive window size. Transmission control protocol messages may be determined to be illegitimate by comparing the acknowledgement number field with the calculated sequence number limit. Randomized selection of source port numbers for transmission control protocol connections may also mitigate malicious network node activity by resulting in legitimate protocol message field values that are less predictable.
REFERENCES:
patent: 6823387 (2004-11-01), Srinivas
patent: 2001/0042200 (2001-11-01), Lamberton et al.
patent: 2002/0055983 (2002-05-01), Goddard
patent: 2002/0166071 (2002-11-01), Lingafelt et al.
patent: 2003/0135625 (2003-07-01), Fontes et al.
patent: 2003/0200441 (2003-10-01), Jeffries et al.
patent: 2004/0030424 (2004-02-01), Corl et al.
patent: 2004/0039938 (2004-02-01), Katz et al.
patent: 2004/0111635 (2004-06-01), Boivie et al.
patent: 2005/0229244 (2005-10-01), Khare et al.
patent: 2006/0072455 (2006-04-01), Cai et al.
patent: 2007/0044150 (2007-02-01), Dalal et al.
Anonymous, “CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections,” <http://www.cert.org/advisories/CA-1995-01.html>, Jan. 12, 2005, pp. 1-10, Carnegie Mellon University (Sep. 1997).
Anonymous, “CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers,”< http://www.cert.org/advisories/CA-2001-09.htm>, Jan. 12, 2005, pp. 1-12, Carnegie Mellon University (2002).
Anonymous, “Cisco Security Advisory: Cisco Secure PIX Firewall TCP Reset Vulnerability,” <http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml>, Jan. 12, 2005, pp. 1-6, Cisco Systems, Inc. (Jul. 2000).
Anonymous, “Shade Beta Group,” <http://groups-beta.google.com/group/alt.2600/msg/ca88101916d2808e?as—umsgid=26OOhertz@shade.com&outpit=gplain>, Jan. 12, 2005, pp. 1-2 (Jan. 1995).
Bellovin, “Defending Against Sequence Number Attacks,” AT & T Research Network Working Group Memo, pp. 1-6 (May 1996).
Convery et al., “BGP Vulnerability Testing: Separating Fact from FUD v1.00,” NANOG 28, pp. 1-61, (Jun. 2003).
Dalal, “Transmission Control Protocol Security Considerations, draft-ietf-tcpm-tcsecure-01.txt,” Network Working Group Memo, pp. 0-17, 2004 The Internet Society (Jun. 2, 2004).
Dalal, “Transmission Control Protocol Security Considerations, draft-ietf-tcpm-tcpsecure-02.txt,” Network Working Group Memo, pp. 1-17, The Internet Society. (Nov. 22, 2004).
Ferguson et al., “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” Network Working Group Memo, , pp. 1-10, The Internet Society (May 2000).
Freier et al., “The SSL Protocol, Version 3.0, <draft-freier-ssl-version3-02.txt>” Transport Layer Security Working GroupMemo, pp. 1-63, Netscape Communications (Nov. 18, 1996).
Jacobson et al., “TCP Extensions for High Performance,” Network Working Group Memo, pp. 1-37 (May 1992).
Kent et al., “Security Architecture for the Internet Protocol, draft-ietf-ipsec-rfc2401bis-04,” Network Working Group Memo, , pp. 1-92, The Internet Society (Oct. 2004).
MacDonald et al., “Microsoft Windows 2000 TCP/IP Implementation Details White Paper,” Supplement to Microsoft Windows 2000 TCP/IP Manuals, pp. i-130, Microsoft Corporation (Feb. 2000).
Postel for Internet Services Institute, “Internet Protocol: Darpa Internet Program Protocol Specification,” RFC: 791 Defense Advanced Research Projects Agency, pp. i-45 (Sep. 1981).
Postel for Internet Services Institute, “Transmission Control Protocol: Darpa Internet Program Protocol Specification,” RFC: 793 Defense Against Research Projects Agency, pp. i-85 (Sep. 1981).
Shimomura, “Internet Security: col. No. 001 Addendum,” <http://wvw.networkcomputing.com/shared/printArticle.jhtml?article=/unixworld/security/001.add.htl&pub=nwc>, Jan. 12, 2005, pp. 1-7, University of California at San Diego (Jan. 1995).
Simpson, “PPP Challenge Handshake Authentication Protocol (CHAP),” Network Working Group Memo, pp. i-12, DayDreamer (Aug. 1996).
Stewart, “Transmission Control Protocol Security Considerations, draft-ietf-tcpm-tcpsecure-00.txt,” Network Working Group Memo, pp. 0-10, The Internet Society (Apr. 19, 2004).
Watson, “Slipping in the Window: TCP Reset Attacks,” Technical Whitepaper <www.terrorist.net>, pp. 1-34 (Oct. 30, 2003).
Watson, “Slipping in the Window: TCP Reset Attacks,” PowerPoint slides <www.terrorist.net>, pp. 1-40, CanSecWest, Oct. 30, 2003.
Zalewski, “Strange Attractors and TCP/IP Sequence Number Analysis—One Year Later,” http://Icamtuf.coredump.cx
ewtcp/, Jan. 12, 2005, pp. 1-23.
Huitema Christian
Kaniyar Sanjay N.
Srinivas Nelamangal Krishnaswamy
Keefer Michael E
Microsoft Corporation
Nguyen Dustin
Wolf Greenfield & Sacks P.C.
LandOfFree
System and method for mitigation of malicious network node... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for mitigation of malicious network node..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for mitigation of malicious network node... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4116459