[go: up one dir, main page]

AU2001292569A1 - Thwarting source address spoofing-based denial of service attacks - Google Patents

Thwarting source address spoofing-based denial of service attacks

Info

Publication number
AU2001292569A1
AU2001292569A1 AU2001292569A AU9256901A AU2001292569A1 AU 2001292569 A1 AU2001292569 A1 AU 2001292569A1 AU 2001292569 A AU2001292569 A AU 2001292569A AU 9256901 A AU9256901 A AU 9256901A AU 2001292569 A1 AU2001292569 A1 AU 2001292569A1
Authority
AU
Australia
Prior art keywords
thwarting
source address
service attacks
address spoofing
based denial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2001292569A
Inventor
Edward W. Kohler Jr.
Massimiliano Antonia Poletto
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mazu Networks Inc
Original Assignee
Mazu Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mazu Networks Inc filed Critical Mazu Networks Inc
Publication of AU2001292569A1 publication Critical patent/AU2001292569A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
AU2001292569A 2000-09-07 2001-09-04 Thwarting source address spoofing-based denial of service attacks Abandoned AU2001292569A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US23075900P 2000-09-07 2000-09-07
US60230759 2000-09-07
US09/931,487 US7743134B2 (en) 2000-09-07 2001-08-16 Thwarting source address spoofing-based denial of service attacks
US09931487 2001-08-16
PCT/US2001/027396 WO2002021279A1 (en) 2000-09-07 2001-09-04 Thwarting source address spoofing-based denial of service attacks

Publications (1)

Publication Number Publication Date
AU2001292569A1 true AU2001292569A1 (en) 2002-03-22

Family

ID=26924533

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2001292569A Abandoned AU2001292569A1 (en) 2000-09-07 2001-09-04 Thwarting source address spoofing-based denial of service attacks

Country Status (3)

Country Link
US (1) US7743134B2 (en)
AU (1) AU2001292569A1 (en)
WO (1) WO2002021279A1 (en)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6804232B1 (en) * 2000-03-27 2004-10-12 Bbnt Solutions Llc Personal area network with automatic attachment and detachment
US7043759B2 (en) * 2000-09-07 2006-05-09 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7278159B2 (en) * 2000-09-07 2007-10-02 Mazu Networks, Inc. Coordinated thwarting of denial of service attacks
US7020713B1 (en) * 2000-10-10 2006-03-28 Novell, Inc. System and method for balancing TCP/IP/workload of multi-processor system based on hash buckets
US7444404B2 (en) * 2001-02-05 2008-10-28 Arbor Networks, Inc. Network traffic regulation including consistency based detection and filtering of packets with spoof source addresses
US7307999B1 (en) 2001-02-16 2007-12-11 Bbn Technologies Corp. Systems and methods that identify normal traffic during network attacks
US6965574B1 (en) * 2001-06-20 2005-11-15 Arbor Networks, Inc. Network traffic data collection and query
US7464410B1 (en) * 2001-08-30 2008-12-09 At&T Corp. Protection against flooding of a server
NZ516346A (en) * 2001-12-21 2004-09-24 Esphion Ltd A device for evaluating traffic on a computer network to detect traffic abnormalities such as a denial of service attack
US6616381B2 (en) * 2002-01-25 2003-09-09 John E. Larsen, Jr. Piling solution
US7213264B2 (en) * 2002-01-31 2007-05-01 Mazu Networks, Inc. Architecture to thwart denial of service attacks
US7886365B2 (en) 2002-06-11 2011-02-08 Panasonic Corporation Content-log analyzing system and data-communication controlling device
US6823383B2 (en) * 2002-09-10 2004-11-23 Capital One Financial Corporation Stealth network
FR2844938B1 (en) * 2002-09-23 2005-01-14 Cit Alcatel METHOD FOR INTERCEPTING CONTROL DATA, IN PARTICULAR QUALITY OF SERVICE, AND DEVICE THEREFOR
US8504879B2 (en) * 2002-11-04 2013-08-06 Riverbed Technology, Inc. Connection based anomaly detection
US7363656B2 (en) * 2002-11-04 2008-04-22 Mazu Networks, Inc. Event detection/anomaly correlation heuristics
US8479057B2 (en) * 2002-11-04 2013-07-02 Riverbed Technology, Inc. Aggregator for connection based anomaly detection
US8161145B2 (en) * 2003-02-27 2012-04-17 International Business Machines Corporation Method for managing of denial of service attacks using bandwidth allocation technology
US8793360B1 (en) * 2003-05-23 2014-07-29 Verizon Laboratories Inc. Systems and methods for testing denial of service attacks
US7307997B2 (en) 2004-05-21 2007-12-11 Alcatel Lucent Detection and mitigation of unwanted bulk calls (spam) in VoIP networks
US20050278779A1 (en) * 2004-05-25 2005-12-15 Lucent Technologies Inc. System and method for identifying the source of a denial-of-service attack
US7929534B2 (en) * 2004-06-28 2011-04-19 Riverbed Technology, Inc. Flow logging for connection-based anomaly detection
US7760653B2 (en) * 2004-10-26 2010-07-20 Riverbed Technology, Inc. Stackable aggregation for connection based anomaly detection
US20060224886A1 (en) * 2005-04-05 2006-10-05 Cohen Donald N System for finding potential origins of spoofed internet protocol attack traffic
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
US8266696B2 (en) * 2005-11-14 2012-09-11 Cisco Technology, Inc. Techniques for network protection based on subscriber-aware application proxies
JP4827972B2 (en) * 2007-09-28 2011-11-30 日本電信電話株式会社 Network monitoring device, network monitoring method, and network monitoring program
US8165019B2 (en) * 2009-07-14 2012-04-24 At&T Intellectual Property I, L.P. Indirect measurement methodology to infer routing changes using statistics of flow arrival processes
CN102281298A (en) * 2011-08-10 2011-12-14 深信服网络科技(深圳)有限公司 Method and device for detecting and defending challenge collapsar (CC) attack
IL219499B (en) * 2012-04-30 2019-02-28 Verint Systems Ltd System and method for malware detection
CA2938318C (en) * 2014-01-30 2023-10-03 Nasdaq, Inc. Systems and methods for continuous active data security
US9800592B2 (en) * 2014-08-04 2017-10-24 Microsoft Technology Licensing, Llc Data center architecture that supports attack detection and mitigation
CN112615818B (en) 2015-03-24 2021-12-03 华为技术有限公司 SDN-based DDOS attack protection method, device and system
US10050983B2 (en) * 2015-11-13 2018-08-14 Kabushiki Kaisha Toshiba Communication system, receiving apparatus, receiving method, and computer program product
KR101776128B1 (en) * 2015-12-23 2017-09-19 주식회사 시큐아이 Security device and operating method thereof
CN108259426B (en) * 2016-12-29 2020-04-28 华为技术有限公司 DDoS attack detection method and device
CN112055956B (en) 2018-02-23 2023-01-10 诺基亚技术有限公司 Apparatus and method for network security
US10757117B1 (en) 2019-05-03 2020-08-25 Greynoise Intelligence Inc. Contextual analyses of network traffic
US10659335B1 (en) * 2019-05-03 2020-05-19 Greynoise Intelligence Inc. Contextual analyses of network traffic
US11388188B2 (en) * 2019-05-10 2022-07-12 The Boeing Company Systems and methods for automated intrusion detection
CN111641628B (en) * 2020-05-26 2022-04-19 南京云利来软件科技有限公司 Monitoring and early warning method for DDoS attack in subnet deception
US11595432B1 (en) * 2020-06-29 2023-02-28 Amazon Technologies, Inc. Inter-cloud attack prevention and notification
CN118694607B (en) * 2024-08-22 2024-10-25 安徽省宝舟信息科技有限公司 Cloud-based multi-node attack flow tracing data acquisition system and method

Family Cites Families (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9405406D0 (en) 1994-03-18 1994-05-04 Netcomm Ltd Atm cell switch
US6061789A (en) 1996-01-12 2000-05-09 International Business Machines Corporation Secure anonymous information exchange in a network
US6034945A (en) 1996-05-15 2000-03-07 Cisco Technology, Inc. Method and apparatus for per traffic flow buffer management
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US6108782A (en) * 1996-12-13 2000-08-22 3Com Corporation Distributed remote monitoring (dRMON) for networks
US6167027A (en) 1997-09-09 2000-12-26 Cisco Technology, Inc. Flow control technique for X.25 traffic in a high speed packet switching network
US6061341A (en) 1997-12-16 2000-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Use of transmission control protocol proxy within packet data service transmissions in a mobile network
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6442694B1 (en) 1998-02-27 2002-08-27 Massachusetts Institute Of Technology Fault isolation for communication networks for isolating the source of faults comprising attacks, failures, and other network propagating errors
US6279113B1 (en) * 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6738814B1 (en) * 1998-03-18 2004-05-18 Cisco Technology, Inc. Method for blocking denial of service and address spoofing attacks on a private network
US6725378B1 (en) 1998-04-15 2004-04-20 Purdue Research Foundation Network protection for denial of service attacks
US6370116B1 (en) 1998-05-26 2002-04-09 Alcatel Canada Inc. Tolerant CIR monitoring and policing
US6304262B1 (en) 1998-07-21 2001-10-16 Raytheon Company Information security analysis system
US6807667B1 (en) 1998-09-21 2004-10-19 Microsoft Corporation Method and system of an application program interface for abstracting network traffic control components to application programs
US6308214B1 (en) 1998-09-23 2001-10-23 Inktomi Corporation Self-tuning dataflow I/O core
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6301668B1 (en) 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US6381649B1 (en) 1999-02-05 2002-04-30 Pluris, Inc. Data flow monitoring at a network node using periodically incremented counters for comparison to predetermined data flow thresholds
US6678827B1 (en) 1999-05-06 2004-01-13 Watchguard Technologies, Inc. Managing multiple network security devices from a manager device
US6597661B1 (en) 1999-08-25 2003-07-22 Watchguard Technologies, Inc. Network packet classification
US6735702B1 (en) * 1999-08-31 2004-05-11 Intel Corporation Method and system for diagnosing network intrusion
US6389448B1 (en) 1999-12-06 2002-05-14 Warp Solutions, Inc. System and method for load balancing
US6597957B1 (en) 1999-12-20 2003-07-22 Cisco Technology, Inc. System and method for consolidating and sorting event data
US6775657B1 (en) 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US6816910B1 (en) 2000-02-17 2004-11-09 Netzentry, Inc. Method and apparatus for limiting network connection resources
US7039641B2 (en) 2000-02-24 2006-05-02 Lucent Technologies Inc. Modular packet classification
US6789203B1 (en) 2000-06-26 2004-09-07 Sun Microsystems, Inc. Method and apparatus for preventing a denial of service (DOS) attack by selectively throttling TCP/IP requests
US7058015B1 (en) * 2000-08-04 2006-06-06 Arbor Networks, Inc. Distributed solution for regulating network traffic
US6353385B1 (en) 2000-08-25 2002-03-05 Hyperon Incorporated Method and system for interfacing an intrusion detection system to a central alarm system
US6772334B1 (en) * 2000-08-31 2004-08-03 Networks Associates, Inc. System and method for preventing a spoofed denial of service attack in a networked computing environment
US7278159B2 (en) 2000-09-07 2007-10-02 Mazu Networks, Inc. Coordinated thwarting of denial of service attacks
US7836498B2 (en) 2000-09-07 2010-11-16 Riverbed Technology, Inc. Device to protect victim sites during denial of service attacks
US7398317B2 (en) 2000-09-07 2008-07-08 Mazu Networks, Inc. Thwarting connection-based denial of service attacks
US7702806B2 (en) 2000-09-07 2010-04-20 Riverbed Technology, Inc. Statistics collection for network traffic
US6691213B1 (en) * 2001-02-28 2004-02-10 Western Digital Ventures, Inc. Computer system and method for accessing a protected partition of a disk drive that lies beyond a limited address range of a host computer's BIOS
US6715084B2 (en) * 2002-03-26 2004-03-30 Bellsouth Intellectual Property Corporation Firewall system and method via feedback from broad-scope monitoring for intrusion detection

Also Published As

Publication number Publication date
US7743134B2 (en) 2010-06-22
WO2002021279A1 (en) 2002-03-14
US20020032774A1 (en) 2002-03-14

Similar Documents

Publication Publication Date Title
AU2001292569A1 (en) Thwarting source address spoofing-based denial of service attacks
AU2001292566A1 (en) Coordinated thwarting of denial of service attacks
AU2001268540A1 (en) Method for preventing denial of service attacks
AU2001288684A1 (en) Architecture to thwart denial of service attacks
AU2001253534A1 (en) Method and system for overcoming denial of service attacks
EP1433076A4 (en) Protecting against distributed denial of service attacks
AU2001252067A1 (en) Method and system for protection against denial of service attacks
AU2003301800A1 (en) Location privacy through ip address space scrambling
AU2001290612A1 (en) Device to protect victim sites during denial of service attacks
AU2002367640A1 (en) Methods of exchanging secure messages
AU2003225533A1 (en) Architecture to thwart denial of service attacks
AU7068600A (en) Encrypted coupons
AU2001288687A1 (en) Monitoring network traffic denial of service attacks
AU2002225620A1 (en) Address matching
AU2001291945A1 (en) Plasma sterilisation system
AU2002357003A1 (en) Indoles as naaladase inhibitors
AU2002254453A1 (en) Micro-programmable protocol packet parser
AU2002252038A1 (en) Proxy-less packet routing between private and public address realms
AU2001249397A1 (en) Oxindole inhibitors of factor xa
AU2002236093A1 (en) Access networks
AU2001261777A1 (en) Treatment for irritable bowel syndrome and related conditions
EP1461704A4 (en) Protecting against malicious traffic
AU2001283226A1 (en) Methods and compositions for inhibiting rad51
AU2002248282A1 (en) Compact water-cooled multi-kilowatt lamp
AU2002337587A1 (en) Protecting network traffic against spoofed domain name system (dns) messages