System and method for source IP anti-spoofing security

Details System and method for source IP anti-spoofing security System and method for source IP anti-spoofing security

2011-07-12

2011-07-12

Poltorak, Peter (Department: 2434)

Information security

Monitoring or scanning of software or data including attack...

Intrusion detection

C726S022000

Reexamination Certificate

active

07979903

ABSTRACT:
A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.

REFERENCES:
patent: 4897874 (1990-01-01), Lidinsky et al.
patent: 5237614 (1993-08-01), Weiss
patent: 5721780 (1998-02-01), Ensor et al.
patent: 5757924 (1998-05-01), Friedman et al.
patent: 5774551 (1998-06-01), Wu et al.
patent: 5825890 (1998-10-01), Elgamal et al.
patent: 5835720 (1998-11-01), Nelson et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5894479 (1999-04-01), Mohammed
patent: 5946308 (1999-08-01), Dobbins et al.
patent: 5958053 (1999-09-01), Denker
patent: 6009103 (1999-12-01), Woundy
patent: 6021495 (2000-02-01), Jain et al.
patent: 6167052 (2000-12-01), McNeill et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6212191 (2001-04-01), Alexander et al.
patent: 6219790 (2001-04-01), Lloyd et al.
patent: 6256314 (2001-07-01), Rodrig et al.
patent: 6338089 (2002-01-01), Quinlan
patent: 6339830 (2002-01-01), See et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6393484 (2002-05-01), Massarani
patent: 6496502 (2002-12-01), Fite, Jr. et al.
patent: 6510236 (2003-01-01), Crane et al.
patent: 6519646 (2003-02-01), Gupta et al.
patent: 6553028 (2003-04-01), Tang et al.
patent: 6615264 (2003-09-01), Stoltz et al.
patent: 6651168 (2003-11-01), Kao et al.
patent: 6665278 (2003-12-01), Grayson
patent: 6728246 (2004-04-01), Egbert et al.
patent: 6732270 (2004-05-01), Patzer et al.
patent: 6751728 (2004-06-01), Gunter et al.
patent: 6771649 (2004-08-01), Tripunitara et al.
patent: 6775290 (2004-08-01), Merchant et al.
patent: 6789118 (2004-09-01), Rao
patent: 6807179 (2004-10-01), Kanuri et al.
patent: 6813347 (2004-11-01), Baals et al.
patent: 6853988 (2005-02-01), Dickinson et al.
patent: 6874090 (2005-03-01), See et al.
patent: 6892309 (2005-05-01), Richmond et al.
patent: 6907470 (2005-06-01), Sawada et al.
patent: 6912592 (2005-06-01), Yip
patent: 6950628 (2005-09-01), Meier et al.
patent: 6959336 (2005-10-01), Moreh et al.
patent: 6980515 (2005-12-01), Schunk et al.
patent: 6981054 (2005-12-01), Krishna
patent: 7028098 (2006-04-01), Mate et al.
patent: 7062566 (2006-06-01), Amara et al.
patent: 7079537 (2006-07-01), Kanuri et al.
patent: 7088689 (2006-08-01), Lee et al.
patent: 7092943 (2006-08-01), Roese et al.
patent: 7093280 (2006-08-01), Ke et al.
patent: 7113479 (2006-09-01), Wong
patent: 7114008 (2006-09-01), Jungck et al.
patent: 7134012 (2006-11-01), Doyle et al.
patent: 7155518 (2006-12-01), Forslow
patent: 7188364 (2007-03-01), Volpano
patent: 7194554 (2007-03-01), Short et al.
patent: 7234163 (2007-06-01), Rayes et al.
patent: 7249374 (2007-07-01), Lear et al.
patent: 7302700 (2007-11-01), Mao et al.
patent: 7360086 (2008-04-01), Tsuchiya et al.
patent: 7360245 (2008-04-01), Ramachandran et al.
patent: 7469298 (2008-12-01), Kitada et al.
patent: 7483971 (2009-01-01), Sylvest et al.
patent: 7493084 (2009-02-01), Meier et al.
patent: 7500069 (2009-03-01), Hochmuth et al.
patent: 7516487 (2009-04-01), Szeto et al.
patent: 7523485 (2009-04-01), Kwan
patent: 7529933 (2009-05-01), Palekar et al.
patent: 7536464 (2009-05-01), Dommety et al.
patent: 7562390 (2009-07-01), Kwan
patent: 7567510 (2009-07-01), Gai et al.
patent: 7596693 (2009-09-01), Caves et al.
patent: 2001/0012296 (2001-08-01), Burgess et al.
patent: 2002/0016858 (2002-02-01), Sawada et al.
patent: 2002/0055980 (2002-05-01), Goddard
patent: 2002/0065938 (2002-05-01), Jungck et al.
patent: 2002/0146002 (2002-10-01), Sato
patent: 2002/0146107 (2002-10-01), Baals et al.
patent: 2003/0028808 (2003-02-01), Kameda
patent: 2003/0043763 (2003-03-01), Grayson
patent: 2003/0051041 (2003-03-01), Kalavade et al.
patent: 2003/0056001 (2003-03-01), Mate et al.
patent: 2003/0067874 (2003-04-01), See et al.
patent: 2003/0105881 (2003-06-01), Symons et al.
patent: 2003/0142680 (2003-07-01), Oguchi
patent: 2003/0188003 (2003-10-01), Sylvest et al.
patent: 2003/0226017 (2003-12-01), Palekar et al.
patent: 2003/0236898 (2003-12-01), Hu et al.
patent: 2004/0003285 (2004-01-01), Whelan et al.
patent: 2004/0053601 (2004-03-01), Frank et al.
patent: 2004/0078485 (2004-04-01), Narayanan
patent: 2004/0160903 (2004-08-01), Gai et al.
patent: 2004/0210663 (2004-10-01), Phillips et al.
patent: 2004/0213172 (2004-10-01), Myers et al.
patent: 2004/0213260 (2004-10-01), Leung et al.
patent: 2004/0255154 (2004-12-01), Kwan et al.
patent: 2005/0025125 (2005-02-01), Kwan
patent: 2005/0055570 (2005-03-01), Kwan et al.
patent: 2005/0091313 (2005-04-01), Zhou et al.
patent: 2005/0254474 (2005-11-01), Iyer et al.
patent: 2006/0028996 (2006-02-01), Huegen et al.
patent: 2006/0155853 (2006-07-01), Nesz et al.
patent: 2007/0220596 (2007-09-01), Keeler et al.
patent: 2009/0260083 (2009-10-01), Szeto et al.
patent: 2009/0265785 (2009-10-01), Kwan
patent: 2009/0307773 (2009-12-01), Kwan
Gill (Stephen Gill, “Catalyst Secure Template”, Vs. 1.21, Nov. 14, 2002, found on http://www.cymru.com/gillsr/documents/catalyst-secure-template.htm), p. 1-19.
U.S. Appl. No. 12/392,422, filed Feb. 25, 2009, Szeto et al.
U.S. Appl. No. 10/631,091, filed Jul. 31, 2003, Philip Kwan.
U.S. Appl. No. 10/668,455, filed Sep. 23, 2003, Szeto et al.
U.S. Appl. No. 10/925,155, filed Aug. 24, 2004, Philip Kwan.
“Authenticated VLANs: Secure Network Access at Layer 2,” An Alcatel White Paper, Nov. 2002, pp. 1-14, Alcatel Internetworking, Inc.
“Automatic Spoof Detector (aka Spoofwatch),” Jan. 28, 2002, at URL: http://www.anml.iu.edu/PDF/Automatic—Spoof—Detector.pdf, printed on Jul. 23, 2003, 2 pages.
“CERT® Incident Note IN-2000-04 (Denial of Service Attacks using Nameservers),” Jan. 2001, at URL: http://www.cert.org/incident—notes/IN-2000-04.html, printed on Jul. 23, 2003, 3 pages.
“Configuring Port-Based Traffic Control,” Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1 (13) EA1, Mar. 2003, pp. 1-14, Ch. 20, Cisco Systems, Inc.
“Configuring Network Security with ACLs,” Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1 (13) EA1, Mar. 2003, pp. 1-48, Ch. 27, Cisco Systems, Inc.
“Configuring 802.1X Port-Based Authentication,” Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1 (13) EA1, Mar. 2003, pp. 1-18, Ch. 9, Cisco Systems, Inc.
“Cisco—Cable Source—Verify and IP Address Security,” at URL: http://www.cisco.com/en/US/tech/tk86/tk803/technologies—tech—note09186a00800a7828.shtml (PDF & web pages), printed on Jul. 23, 2003, 25 pages.
“CISCO Catalyst 1900 Series Switches,” at URL: http://www.cisco.com/en/US/products/hw/switches/ps574/products—configuration—guide—chapter09186a008007ef90.html#xtocid3, printed on Jul. 29, 2003, 13 pages (PDF & web pages).
“CISCO IOS Software Releases 12.2 T,” at URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products—feature—guide09186a00801543c8.html#1027177, printed on Jul. 29, 2003, 26 pages (PDF & web pages).
Congdon, P. et al., “IEEE 802.1X Remote Authentication Dial in User Service (RADIUS) Usage Guidelines,” The Internet Society, 2003, at URL: http://www.faqs.org/ftp/rfc/pdf/rfc3580.txt.pdf, 30 pages.
Glenn, M., “A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Enviroment.” SANS Institute, Aug. 21, 2003, 34 pages.
Haviland, G. “Designing High Preformance Campus Intranets with Multilayer Switching.” 1998, 33 pages, Cisco Systems, Inc.
“IP Addressing Services,” at URL: http://www.cisco.

Affiliated with

Also associated with

Rating

System and method for source IP anti-spoofing security does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with System and method for source IP anti-spoofing security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for source IP anti-spoofing security will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2659619