Protecting a network from unauthorized access

US 20030043740A1
Filed: 06/14/2001
Published: 03/06/2003
Est. Priority Date: 06/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically protecting access to a first network, comprising:

receiving, in a system, a data unit containing a source address indicating a source of a data unit;

matching the source address with information stored in the system; and

enabling entry of the data unit to the first network if the source address matches the information stored in the system and denying entry of the data unit to the first network if the source address does not match the information stored in the system.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of protecting a first network from unauthorized access includes storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information. The profile information includes a predetermined threshold indicating a maximum acceptable rate of incoming data units from an external network to the first network. If the incoming data unit rate exceeds the predetermined threshold, then a security action is taken, such as generating an alarm or preventing further transport of data units from the external network to the first network.

89 Citations

View as Search Results

25 Claims

1. A method of dynamically protecting access to a first network, comprising:
- receiving, in a system, a data unit containing a source address indicating a source of a data unit;
  
  matching the source address with information stored in the system; and
  
  enabling entry of the data unit to the first network if the source address matches the information stored in the system and denying entry of the data unit to the first network if the source address does not match the information stored in the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein matching the source address with the information comprises matching the source address with one or more entries of a network address translation mapping table.
  - 3. The method of claim 1, wherein matching the source address comprises matching an Internet Protocol address.
  - 4. The method of claim 1, wherein receiving the data unit comprises receiving a data unit containing media associated with a call session.
  - 5. The method of claim 1, further comprising determining if the data unit contains a payload according to a predetermined protocol, and denying entry of the data unit if the data unit does not contain payload according to the predetermined protocol.
  - 6. The method of claim 5, wherein determining if the data unit contains a payload according to the predetermined protocol comprises determining if the data unit contains a payload according to a Real-Time Protocol or Real-Time Control Protocol.
  - 7. The method of claim 1, further comprising storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information.
  - 8. The method of claim 7, wherein storing the profile information comprises storing a threshold representing a maximum acceptable rate of incoming data units from an external network to the first network.
  - 9. The method of claim 8, further comprising calculating a value for the threshold based on a frame size used in the call session.
  - 10. The method of claim 8, wherein storing the profile information further comprises storing a pattern expected in incoming data units.
  - 11. The method of claim 10, wherein storing the pattern comprises storing a codec type used in the call session.
  - 12. The method of claim 8, further comprising generating an alarm if the system detects a rate of incoming data units from the external network to the first network exceeding the threshold.
  - 13. The method of claim 8, further comprising denying further transport of incoming data units from the external network to the first network for the call session if the system detects a rate of incoming data units from the external network to the first network exceeding the threshold.

14. An article comprising at least one storage medium containing instructions for protecting a first network, the instructions when executed causing a system to:
- determine if a rate of incoming data units from an external network to the first network exceeds a predetermined threshold; and
  
  perform a security action if the determined rate of incoming data units exceeds the predetermined threshold.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The article of claim 14, wherein the instructions when executed cause the system to determine if the rate of incoming data units exceeds the predetermined threshold in a given call session.
  - 16. The article of claim 15, wherein the instructions when executed cause the system to further store plural thresholds for corresponding plural call sessions.
  - 17. The article of claim 15, wherein the instructions when executed cause the system to further calculate the predetermined threshold based at least in part on a frame size used in the call session.
  - 18. The article of claim 14, wherein the instructions when executed cause the system to further determine if each incoming packet has a predetermined pattern.
  - 19. The article of claim 18, wherein the instructions when executed cause the system to determine if each incoming packet has the predetermined pattern by checking if each incoming packet has an indication of a predetermined codec type.

20. A system for use in communications between a first network and an external network, comprising:
- a storage module to store a threshold value for a communications session, the threshold value representing an acceptable rate of incoming data units from the external network to the first network; and
  
  a controller adapted to deny further entry of data units from the external network to the first network in the communications session in response to the controller detecting that the rate of incoming data units exceeds the threshold value.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The system of claim 20, the storage module to further store address information, wherein the controller is adapted to compare a source address of an incoming data unit with the address information stored in the system and to deny further entry of the incoming data unit if the source address does not match the address information stored in the system.
  - 22. The system of claim 21, wherein the address information comprises a network address translation table.
  - 23. The system of claim 22, wherein the network address translation table comprises a network address and port translation table.
  - 24. The system of claim 21, wherein the controller is adapted to further check if the incoming data unit contains a Real-Time Protocol or Real-Time Control Protocol payload, and to deny further entry of the incoming data unit if the incoming data unit does not contain a Real-Time Protocol or Real-Time Control Protocol payload.
  - 25. The system of claim 20, the storage module to further store a codec type for the communications session, wherein the controller is adapted to deny entry of an incoming data unit if the incoming data unit does not contain an indication of the codec type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genband US LLC (Ribbon Communications, Inc.)
Original Assignee
Genband US LLC (Ribbon Communications, Inc.)
Inventors
March, Sean W., McKnight, David W., Sollee, Patrick N.

Granted Patent

US 7,684,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/229
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2517   using port numbers

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/255   Maintenance or indexing of ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/1106   Call signalling protocols; ...

H04L 65/65   Network streaming protocols...

H04L 65/80   Responding to QoS

Protecting a network from unauthorized access

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting a network from unauthorized access

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links