DE60127978D1 - System und Verfahren zur Verteidigung gegen Denial-of-Service angriffe auf die Netzwerkknoten - Google Patents
System und Verfahren zur Verteidigung gegen Denial-of-Service angriffe auf die NetzwerkknotenInfo
- Publication number
- DE60127978D1 DE60127978D1 DE60127978T DE60127978T DE60127978D1 DE 60127978 D1 DE60127978 D1 DE 60127978D1 DE 60127978 T DE60127978 T DE 60127978T DE 60127978 T DE60127978 T DE 60127978T DE 60127978 D1 DE60127978 D1 DE 60127978D1
- Authority
- DE
- Germany
- Prior art keywords
- switch
- server
- malicious
- network nodes
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 230000007123 defense Effects 0.000 title 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/351—Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/35—Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US65304500A | 2000-09-01 | 2000-09-01 | |
| US653045 | 2000-09-01 | ||
| PCT/US2001/041961 WO2002019661A2 (en) | 2000-09-01 | 2001-08-30 | System and process for defending against denial of service attacks on network nodes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| DE60127978D1 true DE60127978D1 (de) | 2007-05-31 |
| DE60127978T2 DE60127978T2 (de) | 2008-01-17 |
Family
ID=24619280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| DE60127978T Expired - Lifetime DE60127978T2 (de) | 2000-09-01 | 2001-08-30 | System und Verfahren zur Verteidigung gegen Denial-of-Service angriffe auf die Netzwerkknoten |
Country Status (6)
| Country | Link |
|---|---|
| EP (1) | EP1319296B1 (de) |
| JP (1) | JP2004507978A (de) |
| AT (1) | ATE360319T1 (de) |
| AU (1) | AU2001287221A1 (de) |
| DE (1) | DE60127978T2 (de) |
| WO (1) | WO2002019661A2 (de) |
Families Citing this family (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7073198B1 (en) | 1999-08-26 | 2006-07-04 | Ncircle Network Security, Inc. | Method and system for detecting a vulnerability in a network |
| US6957348B1 (en) * | 2000-01-10 | 2005-10-18 | Ncircle Network Security, Inc. | Interoperability of vulnerability and intrusion detection systems |
| US7032023B1 (en) | 2000-05-16 | 2006-04-18 | America Online, Inc. | Throttling electronic communications from one or more senders |
| US7725587B1 (en) | 2000-08-24 | 2010-05-25 | Aol Llc | Deep packet scan hacker identification |
| US7711790B1 (en) | 2000-08-24 | 2010-05-04 | Foundry Networks, Inc. | Securing an accessible computer system |
| US9280667B1 (en) | 2000-08-25 | 2016-03-08 | Tripwire, Inc. | Persistent host determination |
| US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
| JP3986871B2 (ja) * | 2002-04-17 | 2007-10-03 | 株式会社エヌ・ティ・ティ・データ | アンチプロファイリング装置およびアンチプロファイリングプログラム |
| JP3794491B2 (ja) | 2002-08-20 | 2006-07-05 | 日本電気株式会社 | 攻撃防御システムおよび攻撃防御方法 |
| US7418733B2 (en) * | 2002-08-26 | 2008-08-26 | International Business Machines Corporation | Determining threat level associated with network activity |
| KR100481614B1 (ko) | 2002-11-19 | 2005-04-08 | 한국전자통신연구원 | 서비스 거부와 분산 서비스 거부 공격으로부터 정상트래픽을 보호하는 방법 및 그 장치 |
| US7269850B2 (en) | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
| US20040153665A1 (en) * | 2003-02-03 | 2004-08-05 | Logan Browne | Wireless network control and protection system |
| GB2411799A (en) * | 2004-03-02 | 2005-09-07 | Vistorm Ltd | Virus checking devices in a test network before permitting access to a main network |
| US7363513B2 (en) * | 2004-04-15 | 2008-04-22 | International Business Machines Corporation | Server denial of service shield |
| CN1820483B (zh) * | 2004-06-04 | 2011-12-28 | 国际商业机器公司 | 防止在高速网络中受到攻击的方法 |
| CN1968147B (zh) * | 2006-11-27 | 2010-04-14 | 华为技术有限公司 | 业务处理方法、网络设备及业务处理系统 |
| US7672336B2 (en) | 2006-12-01 | 2010-03-02 | Sonus Networks, Inc. | Filtering and policing for defending against denial of service attacks on a network |
| US7940657B2 (en) * | 2006-12-01 | 2011-05-10 | Sonus Networks, Inc. | Identifying attackers on a network |
| US7804774B2 (en) | 2006-12-01 | 2010-09-28 | Sonus Networks, Inc. | Scalable filtering and policing mechanism for protecting user traffic in a network |
| KR101143497B1 (ko) | 2010-10-26 | 2012-05-09 | 시큐아이닷컴 주식회사 | 인터넷 메시지 교환용 프록시 서버를 위한 공격 방어 장치 및 방법 |
| KR101144819B1 (ko) | 2010-11-23 | 2012-05-11 | 한국과학기술정보연구원 | 분산서비스거부 공격 탐지 및 방어 장치 및 그 방법 |
| US9137325B2 (en) * | 2011-02-11 | 2015-09-15 | Microsoft Technology Licensing, Llc | Efficiently isolating malicious data requests |
| FI126032B (en) | 2013-03-07 | 2016-05-31 | Airo Finland Oy | Detection of a threat in a telecommunications network |
| US10877951B2 (en) | 2014-01-22 | 2020-12-29 | International Business Machines Corporation | Network control software notification and invalidation of static entries |
| US10419267B2 (en) | 2014-01-22 | 2019-09-17 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Network control software notification with advance learning |
| US20150256431A1 (en) * | 2014-03-07 | 2015-09-10 | Cisco Technology, Inc. | Selective flow inspection based on endpoint behavior and random sampling |
| RU2649290C1 (ru) * | 2017-04-28 | 2018-03-30 | Акционерное общество "Лаборатория Касперского" | Система и способ фильтрации трафика при обнаружении DDoS-атаки |
| DE102017219770B4 (de) | 2017-11-07 | 2019-06-19 | Continental Automotive Gmbh | Verfahren zum Betreiben einer Ethernet-Kommunikationseinrichtung und Ethernet-Kommunikationseinrichtung |
| CN109347889B (zh) * | 2018-12-24 | 2021-05-18 | 沈阳航空航天大学 | 一种针对软件定义网络的混合型DDoS攻击检测的方法 |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5958053A (en) * | 1997-01-30 | 1999-09-28 | At&T Corp. | Communications protocol with improved security |
| JP2002507025A (ja) * | 1998-03-09 | 2002-03-05 | ニュートン,ファレル | 入口及び出口キー利用のインターネット、イントラネット及び他のネットワーク通信保護システム |
| US6738814B1 (en) * | 1998-03-18 | 2004-05-18 | Cisco Technology, Inc. | Method for blocking denial of service and address spoofing attacks on a private network |
| JP2001057554A (ja) * | 1999-08-17 | 2001-02-27 | Yoshimi Baba | クラッカー監視システム |
-
2001
- 2001-08-30 AT AT01966736T patent/ATE360319T1/de not_active IP Right Cessation
- 2001-08-30 EP EP01966736A patent/EP1319296B1/de not_active Expired - Lifetime
- 2001-08-30 WO PCT/US2001/041961 patent/WO2002019661A2/en not_active Ceased
- 2001-08-30 DE DE60127978T patent/DE60127978T2/de not_active Expired - Lifetime
- 2001-08-30 AU AU2001287221A patent/AU2001287221A1/en not_active Abandoned
- 2001-08-30 JP JP2002523830A patent/JP2004507978A/ja active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| AU2001287221A1 (en) | 2002-03-13 |
| EP1319296B1 (de) | 2007-04-18 |
| WO2002019661A2 (en) | 2002-03-07 |
| ATE360319T1 (de) | 2007-05-15 |
| WO2002019661A3 (en) | 2002-04-18 |
| DE60127978T2 (de) | 2008-01-17 |
| EP1319296A2 (de) | 2003-06-18 |
| JP2004507978A (ja) | 2004-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE60127978D1 (de) | System und Verfahren zur Verteidigung gegen Denial-of-Service angriffe auf die Netzwerkknoten | |
| Wang et al. | Honeypot detection in advanced botnet attacks | |
| Anagnostopoulos et al. | DNS amplification attack revisited | |
| US9667589B2 (en) | Logical / physical address state lifecycle management | |
| ATE284557T1 (de) | Abschreckungssystem gegen aufschaltung und missbrauch | |
| Thing et al. | A survey of bots used for distributed denial of service attacks | |
| Chen et al. | Spatial-temporal characteristics of internet malicious sources | |
| Arukonda et al. | The innocent perpetrators: reflectors and reflection attacks | |
| Dissanayake | DNS cache poisoning: A review on its technique and countermeasures | |
| CN116471121A (zh) | 安全防御方法、网关代理设备及存储介质 | |
| Goutam | The problem of attribution in cyber security | |
| Vasilomanolakis et al. | Did you really hack a nuclear power plant? An industrial control mobile honeypot | |
| Behal et al. | Signature-based botnet detection and prevention | |
| Krylov et al. | IP fast hopping protocol design | |
| Marrison | Understanding the threats to DNS and how to secure it | |
| Rajkumar et al. | Evolution for a secured path using NexGen firewalls | |
| Zhou et al. | Protecting SIP server from CPU-based DoS attacks using history-based IP filtering | |
| Krylov et al. | SDI defense against DDoS attacks based on IP Fast Hopping method | |
| Leu et al. | Intrusion detection with CUSUM for TCP-based DDoS | |
| Rahman | Mitigating information disclosure attacks in the cloud by blocking invalid user and figure out problems to solve ddos by analyzing stackoverflow questions | |
| Kuppusamy et al. | An effective prevention of attacks using gI time frequency algorithm under dDoS | |
| Francois et al. | Tracking global wide configuration errors | |
| Yan | Denial of service: Another example | |
| Lipan et al. | Neutralizing City's Cyber Infrastructure through the launch of Second Wave SYN-Flood Attacks | |
| Jegatheesan et al. | Privacy and Security in IPv6 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 8364 | No opposition during term of opposition |