ATE544283T1 - Verfahren zur verteidigung vor dienstverweigerungsangriffen in ip-netzwerken mittels zielopferselbstidentifizierung und steuerung - Google Patents
Verfahren zur verteidigung vor dienstverweigerungsangriffen in ip-netzwerken mittels zielopferselbstidentifizierung und steuerungInfo
- Publication number
- ATE544283T1 ATE544283T1 AT06789264T AT06789264T ATE544283T1 AT E544283 T1 ATE544283 T1 AT E544283T1 AT 06789264 T AT06789264 T AT 06789264T AT 06789264 T AT06789264 T AT 06789264T AT E544283 T1 ATE544283 T1 AT E544283T1
- Authority
- AT
- Austria
- Prior art keywords
- victim
- network
- source
- identified
- attack
- Prior art date
Links
- 238000000034 method Methods 0.000 title abstract 2
- 230000007123 defense Effects 0.000 title 1
- 230000005540 biological transmission Effects 0.000 abstract 1
- 238000001914 filtration Methods 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/197,841 US7889735B2 (en) | 2005-08-05 | 2005-08-05 | Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs |
| PCT/US2006/030207 WO2007019213A1 (en) | 2005-08-05 | 2006-08-02 | Method for defending against denial of service attacks in ip networks by target victim self-identification and control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| ATE544283T1 true ATE544283T1 (de) | 2012-02-15 |
Family
ID=37440673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AT06789264T ATE544283T1 (de) | 2005-08-05 | 2006-08-02 | Verfahren zur verteidigung vor dienstverweigerungsangriffen in ip-netzwerken mittels zielopferselbstidentifizierung und steuerung |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US7889735B2 (de) |
| EP (1) | EP1911243B1 (de) |
| JP (1) | JP4768021B2 (de) |
| KR (1) | KR101217647B1 (de) |
| CN (1) | CN101213812B (de) |
| AT (1) | ATE544283T1 (de) |
| WO (1) | WO2007019213A1 (de) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7747244B2 (en) * | 2003-01-23 | 2010-06-29 | Research In Motion Limited | Methods and apparatus for re-establishing communication for a wireless communication device after a communication loss in a wireless communication network |
| US7661136B1 (en) * | 2005-12-13 | 2010-02-09 | At&T Intellectual Property Ii, L.P. | Detecting anomalous web proxy activity |
| US8327297B2 (en) | 2005-12-16 | 2012-12-04 | Aol Inc. | User interface system for handheld devices |
| US20070157316A1 (en) * | 2005-12-30 | 2007-07-05 | Intel Corporation | Managing rogue IP traffic in a global enterprise |
| US8646038B2 (en) * | 2006-09-15 | 2014-02-04 | Microsoft Corporation | Automated service for blocking malware hosts |
| US8898276B1 (en) * | 2007-01-11 | 2014-11-25 | Crimson Corporation | Systems and methods for monitoring network ports to redirect computing devices to a protected network |
| JP4877107B2 (ja) * | 2007-07-06 | 2012-02-15 | ブラザー工業株式会社 | 情報配信システムにおける端末装置及び情報処理プログラム、並びに端末装置の情報処理方法 |
| US8588056B1 (en) * | 2009-04-15 | 2013-11-19 | Sprint Communications Company L.P. | Elimination of unwanted packets entering a restricted bandwidth network |
| US9148376B2 (en) | 2010-12-08 | 2015-09-29 | AT&T Intellectual Property I, L.L.P. | Method and system for dynamic traffic prioritization |
| US8644177B2 (en) | 2010-12-16 | 2014-02-04 | Blackberry Limited | Methods and apparatus for use in controlling data traffic for a wireless mobile terminal using a wireless access point (AP) |
| US8966622B2 (en) * | 2010-12-29 | 2015-02-24 | Amazon Technologies, Inc. | Techniques for protecting against denial of service attacks near the source |
| CN105741510A (zh) * | 2016-03-17 | 2016-07-06 | 云丁网络技术(北京)有限公司 | 一种基于无线信号的智能报警方法及其智能报警系统 |
| US11750622B1 (en) | 2017-09-05 | 2023-09-05 | Barefoot Networks, Inc. | Forwarding element with a data plane DDoS attack detector |
| US11108812B1 (en) | 2018-04-16 | 2021-08-31 | Barefoot Networks, Inc. | Data plane with connection validation circuits |
| CN110535844B (zh) * | 2019-08-20 | 2021-09-28 | 北京网思科平科技有限公司 | 一种恶意软件通讯活动检测方法、系统及存储介质 |
| CN115514501B (zh) * | 2021-06-03 | 2024-07-02 | 中国移动通信集团四川有限公司 | 一种封堵网络攻击的方法和装置 |
| CN113452692A (zh) * | 2021-06-24 | 2021-09-28 | 北京卫达信息技术有限公司 | 一种防御网络攻击的方法 |
| US12603916B2 (en) * | 2023-04-10 | 2026-04-14 | Level 3 Communications, Llc | Systems and methods for increased security using client address manipulation |
Family Cites Families (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5198607A (en) * | 1992-02-18 | 1993-03-30 | Trw Inc. | Laser anti-missle defense system |
| US5907485A (en) * | 1995-03-31 | 1999-05-25 | Sun Microsystems, Inc. | Method and apparatus for flow control in packet-switched computer system |
| US6611521B1 (en) * | 1998-07-14 | 2003-08-26 | International Business Machines Corporation | Data link layer extensions to a high latency wireless MAC protocol |
| US6594268B1 (en) * | 1999-03-11 | 2003-07-15 | Lucent Technologies Inc. | Adaptive routing system and method for QOS packet networks |
| JP2001057554A (ja) * | 1999-08-17 | 2001-02-27 | Yoshimi Baba | クラッカー監視システム |
| SE518422C2 (sv) | 2000-03-10 | 2002-10-08 | Ericsson Telefon Ab L M | Förfarande och anordning för punkt-till-punktförbindelser i ett kommunikationsnät |
| JP2002073433A (ja) * | 2000-08-28 | 2002-03-12 | Mitsubishi Electric Corp | 侵入検知装置及び不正侵入対策管理システム及び侵入検知方法 |
| CN1592898A (zh) * | 2000-09-01 | 2005-03-09 | Tut系统公司 | 一种为数据通信设备预编译配置信息的方法和系统 |
| US6944673B2 (en) * | 2000-09-08 | 2005-09-13 | The Regents Of The University Of Michigan | Method and system for profiling network flows at a measurement point within a computer network |
| US7188366B2 (en) * | 2000-09-12 | 2007-03-06 | Nippon Telegraph And Telephone Corporation | Distributed denial of service attack defense method and device |
| AU2002211242A1 (en) | 2000-09-20 | 2002-04-02 | Bbnt Solutions Llc | Systems and methods that protect networks and devices against denial of service attacks |
| US7301899B2 (en) * | 2001-01-31 | 2007-11-27 | Comverse Ltd. | Prevention of bandwidth congestion in a denial of service or other internet-based attack |
| US8402129B2 (en) * | 2001-03-21 | 2013-03-19 | Alcatel Lucent | Method and apparatus for efficient reactive monitoring |
| WO2003001333A2 (en) | 2001-06-20 | 2003-01-03 | Arbor Networks, Inc., | Detecting network misuse |
| US7028179B2 (en) | 2001-07-03 | 2006-04-11 | Intel Corporation | Apparatus and method for secure, automated response to distributed denial of service attacks |
| US20030037141A1 (en) | 2001-08-16 | 2003-02-20 | Gary Milo | Heuristic profiler software features |
| JP3876687B2 (ja) * | 2001-10-30 | 2007-02-07 | ソニー株式会社 | 通信処理装置、および通信処理方法、並びにコンピュータ・プログラム |
| US7197009B1 (en) * | 2002-03-06 | 2007-03-27 | Sprint Communications Company L.P. | Delay variation based routing in communication systems |
| US20040054925A1 (en) * | 2002-09-13 | 2004-03-18 | Cyber Operations, Llc | System and method for detecting and countering a network attack |
| US7472421B2 (en) | 2002-09-30 | 2008-12-30 | Electronic Data Systems Corporation | Computer model of security risks |
| KR100523483B1 (ko) * | 2002-10-24 | 2005-10-24 | 한국전자통신연구원 | 네트워크에서의 유해 트래픽 탐지 및 대응 시스템 및 방법 |
| GB0315156D0 (en) | 2003-06-28 | 2003-08-06 | Ibm | Identification system and method |
| US8171562B2 (en) * | 2003-08-26 | 2012-05-01 | Oregon Health & Science University | System and methods for protecting against denial of service attacks |
| KR100502068B1 (ko) * | 2003-09-29 | 2005-07-25 | 한국전자통신연구원 | 네트워크 노드의 보안 엔진 관리 장치 및 방법 |
| JP2005130190A (ja) * | 2003-10-23 | 2005-05-19 | Nippon Telegr & Teleph Corp <Ntt> | 攻撃パケット防御システム |
| JP3784799B2 (ja) * | 2003-11-13 | 2006-06-14 | 日本電信電話株式会社 | 攻撃パケット防御システム |
| KR100609684B1 (ko) * | 2003-12-26 | 2006-08-08 | 한국전자통신연구원 | 네트워크 시스템에서의 서비스 거부 공격 방지 장치 및 그방법 |
| US7436770B2 (en) * | 2004-01-21 | 2008-10-14 | Alcatel Lucent | Metering packet flows for limiting effects of denial of service attacks |
| US7523499B2 (en) * | 2004-03-25 | 2009-04-21 | Microsoft Corporation | Security attack detection and defense |
| US7725708B2 (en) * | 2004-10-07 | 2010-05-25 | Genband Inc. | Methods and systems for automatic denial of service protection in an IP device |
| US7936682B2 (en) * | 2004-11-09 | 2011-05-03 | Cisco Technology, Inc. | Detecting malicious attacks using network behavior and header analysis |
-
2005
- 2005-08-05 US US11/197,841 patent/US7889735B2/en not_active Expired - Fee Related
-
2006
- 2006-08-02 KR KR1020077030525A patent/KR101217647B1/ko not_active Expired - Fee Related
- 2006-08-02 AT AT06789264T patent/ATE544283T1/de active
- 2006-08-02 EP EP06789264A patent/EP1911243B1/de not_active Not-in-force
- 2006-08-02 CN CN2006800237398A patent/CN101213812B/zh not_active Expired - Fee Related
- 2006-08-02 JP JP2008525173A patent/JP4768021B2/ja not_active Expired - Fee Related
- 2006-08-02 WO PCT/US2006/030207 patent/WO2007019213A1/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| KR20080028381A (ko) | 2008-03-31 |
| EP1911243B1 (de) | 2012-02-01 |
| CN101213812A (zh) | 2008-07-02 |
| KR101217647B1 (ko) | 2013-01-02 |
| JP4768021B2 (ja) | 2011-09-07 |
| US7889735B2 (en) | 2011-02-15 |
| JP2009504100A (ja) | 2009-01-29 |
| US20070030850A1 (en) | 2007-02-08 |
| WO2007019213A1 (en) | 2007-02-15 |
| CN101213812B (zh) | 2011-08-03 |
| EP1911243A1 (de) | 2008-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| ATE544283T1 (de) | Verfahren zur verteidigung vor dienstverweigerungsangriffen in ip-netzwerken mittels zielopferselbstidentifizierung und steuerung | |
| WO2021171092A3 (en) | Treating data flows differently based on level of interest | |
| TW200617705A (en) | A method of identifying a distributed denial of service (ddos) attack within a network and defending against such an attack | |
| CN109587167B (zh) | 一种报文处理的方法和装置 | |
| WO2008061171A3 (en) | Process for abuse mitigation | |
| ATE488945T1 (de) | Verfahren und vorrichtung zum detektieren eines portscans mit gefälschter quelladdresse | |
| RU2013134440A (ru) | Способ обнаружения компьютерных атак на сетевую компьютерную систему | |
| WO2008063344A3 (en) | Methods and apparatus for delivering control messages during a malicious attack in one or more packet networks | |
| CN107517195A (zh) | 一种内容分发网络定位攻击域名的方法和装置 | |
| JP2009504100A5 (de) | ||
| Goldberg et al. | How secure are secure interdomain routing protocols? | |
| CN204578564U (zh) | 一种安全隔离设备 | |
| Singh et al. | Performance Analysis of Agent based Distributed Defense Mechanisms against DDoS Attacks. | |
| Krylov et al. | IP fast hopping protocol design | |
| WO2008133644A3 (en) | Method and apparatus for overriding denunciations of unwanted traffic in one or more packet networks | |
| KR101380096B1 (ko) | 분산 서비스 거부 공격 대응 시스템 및 그 방법 | |
| Hilliard et al. | A discard prefix for ipv6 | |
| Chamotra et al. | Deployment of a low interaction honeypot in an organizational private network | |
| Vadehra et al. | Impact evaluation of distributed denial of service attacks using ns2 | |
| Liu et al. | Study on attacking and defending techniques in IPv6 networks | |
| KR20150033624A (ko) | IoT 환경에서 발생하는 서비스거부 공격을 중계기에서 방어하는 방법 | |
| Gont et al. | Security assessments of IPv6 networks and firewalls | |
| Serodio | Traffic diversion techniques for DDoS mitigation using BGP flowspec | |
| Gont | Results of a Security assessment of the internet protocol version 6 (ipv6) | |
| Choi | Network Hacking and Implementation Techniques using Faked ARP Reply Unicast Spoofing according to various Server Types |