[특허]Method for blocking denial of service and address spoofing attacks on a private network

Method for blocking denial of service and address spoofing attacks on a private network 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-015/16 G06F-011/30
출원번호	US-0040898 (1998-03-18)
발명자 / 주소	Cox, Dennis McClanahan, Kip
출원인 / 주소	Cisco Technology, Inc.
대리인 / 주소	Baker Botts L.L.P.
인용정보	피인용 횟수 : 92 인용 특허 : 24

초록 ▼

A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).

대표청구항 ▼

1. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising: receiving a request to establish a communication connection between an endpoint of a public network and an endpoint of a private network; requesting an acknowledgment from the endpoint of the public network; determining whether an acknowledgment has been received within a predetermined amount of time; if an acknowledgment is received, comparing the request to establish a communication connection with existing connections; and if an existing communication connection between the endpoint of the public network and the endpoint of the private network already exists, denying the request to establish a communication connection. 2. The method of claim 1, wherein the public network is the Internet.3. The method of claim 2, wherein the routing device is a firewall providing access to the Internet.4. The method of claim 1, further comprising using diagnostic detection tools to determine additional information about the source of the request.5. The method of claim 4, further comprising forwarding the additional information to a system administrator via electronic mail.6. The method of claim 1, further comprising denying the request if an acknowledgement is not received.7. The method of claim 1, further comprising allowing the connection and routing packets to the private network if there is not a match between the request and an existing connection.8. The method of claim 1, further comprising adding an IP address of the endpoint of the public network to a cache of IP addresses if there is a match.9. The method of claim 8, further comprising denying access through the routing device to any IP address on the cache of IP addresses.10. The method of claim 1, further comprising storing information about the request for connection on a system log for analysis by the system administrator.11. The method of claim 1, further comprising using diagnostic tools to determine additional information about a source of the request for connection.12. The method of claim 11, wherein using diagnostic tools to determine additional information about a source of the request for connection comprises using trace root diagnostic tools to determine the additional information about the source of the request for connection.13. The method of claim 11, wherein using diagnostic tools to determine additional information about a source of the request for connection comprises using ping diagnostic tools to determine the additional information about the source of the request for connection.14. The method of claim 11, wherein using diagnostic tools to determine additional information about a source of the request for connection comprises using NS lookup diagnostic tools to determine the additional information about the source of the request for connection.15. The method of claim 1, further comprising: comparing a source address of the request for connection with known internal addresses of the private network; determining if the source address matches a known internal address; and refusing to process the request for connection if there is a match. 16. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising: receiving a request for connection from an initiator, over the public network; requesting an acknowledgment from the initiator of the request; determining whether the acknowledgment has been received within a predetermined denying the request if the acknowledgment is not received within the predetermined comparing the request for connection with existing connections to determine if there is a match; and if there is a match, denying the request for connection.

이 특허에 인용된 특허 (24)

Vu Hung T. (Ottawa CAX), Apparatus and method for providing a secure gateway for communication and data exchanges between networks.
상세보기
Denker John Stewart, Communications protocol with improved security.
상세보기
Zhao Yan, Concurrent user access control in stateless network computing service system.
상세보기
Kirby Alan J. ; Nadkarni Ashok P., Controlling passage of packets or messages via a virtual connection or flow.
상세보기
Hecht Matthew S. (Potomac MD) Johri Abhai (Gaithersburg MD) Wei Tsung T. (Gaithersburg MD) Steves Douglas H. (Austin TX), Distributed security auditing subsystem for an operating system.
상세보기
Shrader Theodore Jack London, Filter rule validation and administration for firewalls.
상세보기
Coley Christopher D. ; Wesinger ; Jr. Ralph E., Firewall system for protecting network elements connected to a public network.
상세보기
Frazier Howard M. ; Muller Shimon, Full duplex flow control for ethernet networks.
상세보기
MacDoran Peter F. ; Mathews Michael B. ; Ziel Fred A. ; Gold Kenn L. ; Anderson Steven M. ; Coffey Mark A. ; Denning Dorothy E., Method and apparatus for authenticating the location of remote users of networked computing systems.
상세보기
Klaus Christopher W., Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication sy.
상세보기
Watson Colin (Issaquah WA) Herron Andrew M. (Issaquah WA), Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a cl.
상세보기
Malkin Gary ; Kossack Nancy ; Raison Paul ; Tran Thuan ; Wong Ellis L., Method and apparatus for transparently providing mobile network functionality.
상세보기
Nessett Danny M. ; Sherer William Paul, Multilayer firewall system.
상세보기
Lippmann Wouter J. H. M. (Eindhoven NLX) Kessels Jozef L. W. (Eindhoven NLX) Eggenhuisen Huibert H. (Eindhoven NLX) Dijkstra Hendrik (Eindhoven NLX), Multiprocessor system comprising a plurality of data processors which are interconnected by a communication network.
상세보기
Friedman Aharon ; Levy Ben Zion, Network security device which performs MAC address translation without affecting the IP address.
상세보기
Conklin David Allen ; Harrison John Reed, Network surveillance system.
상세보기
Alsberg Peter (Urbana IL), Protector system for computer access and use.
상세보기
Collins Cynthia B. (Basking Ridge NJ) Lynch Francis T. (Budd Lake NJ) Mueller Kay L. (Rumson NJ), Secure dial access to computer systems.
상세보기
Stein Michael Victor ; Wenker Paul Richard, Security and report generation system for networked multimedia workstations.
상세보기
Kenner Brian ; Karush Arnold, System and method for optimized storage and retrieval of data on a distributed computer network.
상세보기
Haigh J. Thomas ; Jensen Andrew W., System and method for securing compiled program code.
상세보기
Morisaki Tetsuya (Kawasaki JPX), System and method of detecting unauthorized use of identifiers.
상세보기
Templin Fred L. ; Gupta Ajay ; Skinner Gregory D. ; Tynan Dermot Matthew,IEX, Transparent and secure network gateway.
상세보기
Shrader Theodore Jack London, Web-based administration of IP tunneling on internet firewalls.
상세보기

이 특허를 인용한 특허 (92)

Cantrell,Craig; Willebeek LeMair,Marc; Cox,Dennis; McHale,John; Smith,Brian; Kolbly,Donovan, Active network defense system and method.
상세보기
Cantrell,Craig; Willebeek Lemair,Marc; Cox,Dennis; McHale,John; Smith,Brian; Kolbly,Donovan, Active network defense system and method.
상세보기
Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., Adaptive pattern recognition based controller apparatus and method and human-interface therefore.
상세보기
Poletto, Massimiliano Antonio; Ratin, Andrew; Gorelik, Andrew, Aggregator for connection based anomaly detection.
상세보기
Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., Alarm system controller and a method for controlling an alarm system.
상세보기
Lingafelt,C. Steven; McConnell,Daniel Edward; Noel, Jr.,Francis E.; Sannipoli,Charles J., Apparatus and method for using a network processor to guard against a "denial-of-service" attack on a server or server cluster.
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Frederic; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for compact internetworked wireless integrated network sensors (WINS).
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for compact internetworked wireless integrated network sensors (WINS).
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for internetworked wireless integrated network sensors (WINS).
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep; Merrill, William M., Apparatus for internetworked wireless integrated network sensors (WINS).
상세보기
Kaashoek,Marinus Frans; Kohler, Jr.,Edward W.; Poletto,Massimiliano Antonio, Architecture to thwart denial of service attacks.
상세보기
Poletto,Massimiliano Antonio; Vlachos,Dimitri Stratton, Architecture to thwart denial of service attacks.
상세보기
Rijsman, Bruno, Automatic filtering to prevent network attacks.
상세보기
Filsfils, Clarence; Previdi, Stefano B.; Scudder, John Galen; Ward, David D., Automatic protection of an SP infrastructure against exterior traffic.
상세보기
Meenan,Patrick; Damick,Jeffrey Joseph, Classifying devices using a local proxy server.
상세보기
Rodriguez Val,Richard; Watson, Jr.,Richard A., Client device identification when communicating through a network address translator device.
상세보기
Rodriguez Val,Richard; Watson, Jr.,Richard A., Client device identification when communicating through a network address translator device.
상세보기
Rodriguez-Val, Richard; Watson, Jr., Richard A., Client device identification when communicating through a network address translator device.
상세보기
Poletto, Massimiliano Antonio; Kohler, Jr., Edward W.; Ratin, Andrew; Gorelik, Andrew, Connection based anomaly detection.
상세보기
Kaashoek,Marinus Frans; Kohler, Jr.,Edward W.; Poletto,Massimiliano Antonio; Morris,Robert T., Coordinated thwarting of denial of service attacks.
상세보기
Jacoby, Brian; Wright, Christopher J., Deep packet scan hacker identification.
상세보기
Jacoby, Brian; Wright, Christopher J., Deep packet scan hacker identification.
상세보기
Jacoby, Brian; Wright, Christopher J., Deep packet scan hacker identification.
상세보기
Poletto, Massimiliano Antonio; Ratin, Andrew; Gorelik, Andrew, Denial of service attacks characterization.
상세보기
Singh, Sumeet; Varghese, George; Estan, Cristi; Savage, Stefan, Detecting public network attacks using signatures and fast content analysis.
상세보기
Singh, Sumeet; Varghese, George; Estan, Cristi; Savage, Stefan, Detecting public network attacks using signatures and fast content analysis.
상세보기
Himberger, Kevin; Jeffries, Clark D., Determining blocking measures for processing communication traffic anomalies.
상세보기
Mackie, Scott, Dynamically inserting filters into forwarding paths of a network device.
상세보기
Weber,Daniel; Gopalan,Prem; Poletto,Massimiliano Antonio, Event detection/anomaly correlation heuristics.
상세보기
O'Connor, Donald C., Facilitating protection of a maintenance entity group.
상세보기
Stacy,John Kenneth; Garner,Trevor; Hughes,Martin W.; Lee,William R., Hardware filtering support for denial-of-service attacks.
상세보기
Milliken, Walter Clark; Strayer, William Timothy; Milligan, Stephen Douglas; Sanchez, Luis; Partridge, Craig, Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses.
상세보기
Milliken, Walter Clark; Strayer, William Timothy; Milligan, Stephen Douglas; Sanchez, Luis; Partridge, Craig, Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses.
상세보기
Milliken, Walter Clark; Strayer, William Timothy; Milligan, Stephen Douglas, Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail.
상세보기
Hoffberg, Steven M.; Hoffberg-Borghesani, Linda I., Internet appliance system and method.
상세보기
Meenan,Patrick; Sengpiehl,Donald P.; Thornberg,Rich, Local proxy server for establishing device controls.
상세보기
Singh, Sumeet; Varghese, George; Ayres, Michael; Semanko, Michael; Eghbali, Bashir; Newhouse, Travis G, Method and apparatus for content classification.
상세보기
Futamura, Kenichi, Method and apparatus for detecting scans in real-time.
상세보기
Futamura, Kenichi, Method and apparatus for detecting scans in real-time.
상세보기
Foschiano, Marco E.; Chen, Justin Qizhong; Kenghe, Ambarish Chintamani, Method and apparatus for inter-layer binding inspection.
상세보기
Foschiano,Marco E.; Chen,Justin Qizhong; Kenghe,Ambarish Chintamani, Method and apparatus for inter-layer binding inspection to prevent spoofing.
상세보기
Duffield, Nicholas; Van Der Merwe, Jacobus; Sekar, Vyas; Spatscheck, Oliver, Method and apparatus for large-scale automated distributed denial of service attack detection.
상세보기
Taylor, George Macrae; Atkins, Paul; Lightbody, Katriona; Hannah, Mark; Aitken, Paul; Johnson, Andrew, Method and apparatus for monitoring network traffic.
상세보기
Huston, III, Lawrence Bruce; Richardson, Matthew; Campbell, Aaron, Method and apparatus for probabilistic matching to authenticate hosts during distributed denial of service attack.
상세보기
Schuba, Christoph L.; Guttman, Erik, Method and apparatus for using client puzzles to protect against denial-of-service attacks.
상세보기
Ramachandran,Viyyokaran R.; Choudhary,Manoj; Madhusudhana,Honnuduke S., Method and system for filtering spoofed packets in a network.
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Frederic; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Method for internetworked hybrid wireless integrated network sensors (WINS).
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Method for internetworked hybrid wireless integrated network sensors (WINS).
상세보기
Milliken, Walter, Method for source-spoofed IP packet traceback.
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Newberg, Fredric; Pottie, Gregory J., Method for vehicle internetworks.
상세보기
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Newberg, Fredric; Pottie, Gregory J., Method for vehicle internetworks.
상세보기
Hong, Se Gi; Schulzrinne, Henning, Methods and systems for controlling traffic on a communication network.
상세보기
Alam, Bilal; Courage, Michael, Methods and systems for preventing socket flooding during denial of service attacks.
상세보기
Alam,Bilal; Courage,Michael, Methods and systems for preventing socket flooding during denial of service attacks.
상세보기
Nieuwenhuis, Taco, Mobile network security system.
상세보기
Poletto,Massimiliano Antonio; Kohler, Jr.,Edward W., Monitoring network traffic denial of service attacks.
상세보기
Simon, Daniel R.; Agarwal, Sharad; Maltz, David A., Network accountability among autonomous systems.
상세보기
Simon, Daniel R.; Agarwal, Sharad; Maltz, David A., Network accountability among autonomous systems.
상세보기
Simon, Daniel R.; Agarwal, Sharad; Maltz, David A., Network accountability among autonomous systems.
상세보기
Carter, Stephen R.; Krishnamurthy, Ravishankar; Veeravadivel, Duraisamy, Network application layer routing.
상세보기
Carter, Stephen R.; Krishnamurthy, Ravishankar; Veeravadivel, Duraisamy, Network application layer routing.
상세보기
Willebeek LeMair,Marc; Cantrell,Craig; Cox,Dennis; McHale,John; Smith,Brian, Network security system integration.
상세보기
Porras, Phillip Andrew; Valdes, Alfonso De Jesus, Network surveillance.
상세보기
Boulanger, Alan; Himberger, Kevin; Jeffries, Clark D.; Ziraldo, John, Operating a communication network through use of blocking measures for responding to communication traffic anomalies.
상세보기
Stone, Robert J.; Sibley, Matthew J., Overlay network for tracking denial-of-service floods in unreliable datagram delivery networks.
상세보기
Shanklin, Steven D.; Lathem, Gerald S., Parallel intrusion detection sensors with load balancing for high speed networks.
상세보기
Shanklin, Steven D.; Lathem, Gerald S., Parallel intrusion detection sensors with load balancing for high speed networks.
상세보기
Goldstone,Jonathan S, Prevention of bandwidth congestion in a denial of service or other internet-based attack.
상세보기
Uskela, Sami; Jokinen, Hannu, Prevention of spoofing in telecommunications system.
상세보기
Uskela,Sami; Jokinen,Hannu, Prevention of spoofing in telecommunications systems.
상세보기
Carter,Stephen R.; Burch,Lloyd Leon; Ebrahimi,Hashem Mohammad; McClain,Carolyn B., Privileged network routing.
상세보기
Halasz,Sylvia; Tewani,Kamlesh T.; Tarjan,David, Protection against flooding of a server.
상세보기
Eisendrath,Benjamin; Spannbauer,Bradley; Smith, Jr.,Stanley O., Regulating concurrent logins associated with a single account.
상세보기
Toomey, Christopher, Restricting the volume of outbound electronic messages originated by a single entity.
상세보기
Lapidous, Eugene, Secure communications with internet-enabled devices.
상세보기
Lapidous, Eugene; Arsitov, Artem, Secure communications with internet-enabled devices.
상세보기
Lapidous, Eugene; Arsitov, Artem, Secure communications with internet-enabled devices.
상세보기
Wright, Christopher J.; Hufford, Patrick; Rolon, Terry; Robertson, Jonathan K.; Stehnach, Thomas; Jalan, Rajkumar, Securing an access provider.
상세보기
Wright, Christopher J.; Hufford, Patrick; Rolon, Terry; Robertson, Jonathan K.; Stehnach, Thomas; Jalan, Rajkumar, Securing an access provider.
상세보기
Wright, Christopher J.; Hufford, Patrick; Rolon, Terry; Robertson, Jonathan K.; Stehnach, Thomas; Jalan, Rajkumar, Securing an access provider.
상세보기
Barrett, Joseph G.; Wright, Christopher J.; Blake, Victor R.; Stehnach, Thomas; Jalan, Rajkumar, Securing an accessible computer system.
상세보기
Barrett, Joseph G.; Wright, Christopher J.; Blake, Victor R.; Stehnach, Thomas; Jalan, Rajkumar, Securing an accessible computer system.
상세보기
Poletto, Massimiliano Antonio, Stackable aggregation for connection based anomaly detection.
상세보기
Gil, Thomer Michael; Poletto, Massimiliano Antonio; Kohler, Jr., Edward W., Statistics collection for network traffic.
상세보기
Watson,Robert N. M.; Kindred,Darrell; Lewis,Ed; Niebuhr,Brian; Gudmundsson,Olafur, System and method for negotiating multi-path connections through boundary controllers in a networked computing environment.
상세보기
Gutzmann, Kurt M., System and methods for classifying internet devices as hostile or benign.
상세보기
Gutzmann, Kurt, Systems and methods for classification of internet devices as hostile or benign.
상세보기
Stavrou, Angelos; Keromytis, Angelos D., Systems and methods for inhibiting attacks with a network.
상세보기
Barrett, Joseph G.; Muehl, Mark J.; Palino, Todd M., Throttling electronic communications from one or more senders.
상세보기
Chen,Benjie; Poletto,Massimiliano Antonio, Thwarting connection-based denial of service attacks.
상세보기
Kohler, Jr., Edward W.; Poletto, Massimiliano Antonio, Thwarting source address spoofing-based denial of service attacks.
상세보기
Jungck, Peder J.; Drown, Matthew Donald; Goller, Sean M., Transparent provisioning of network access to an application.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Method for blocking denial of service and address spoofing attacks on a private network 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (24)

이 특허를 인용한 특허 (92)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Method for blocking denial of service and address spoofing attacks on a private network 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (24)

이 특허를 인용한 특허 (92)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트