Determination of message source in network communications

US 20030074434A1
Filed: 10/11/2001
Published: 04/17/2003
Est. Priority Date: 10/11/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

generating information, at first and second points of a network, about unwanted communications that are adapted to substantially reduce the ability of a target device to respond to other communications; and

analyzing the information generated at the first and second points to identify which of the points first carried the unwanted communications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for determining the source, on a network, of unwanted messages generated by a malicious agent, toward a target device such as a web server. The malicious agent directs one or more computers on a sub network to direct a flood of communications toward the server on a second sub network designed to substantially reduce the ability of the server to respond to other communications. Messages passing through points on a path between the malicious agent computers and the server are monitored for indicia of messages uncharacteristic of normal network communication. The first point along the path that the unwanted messages pass through is identified. A network device at that point is instructed to block portion of communications passing through that point.

88 Citations

View as Search Results

34 Claims

1. A method comprising:
- generating information, at first and second points of a network, about unwanted communications that are adapted to substantially reduce the ability of a target device to respond to other communications; and
  
  analyzing the information generated at the first and second points to identify which of the points first carried the unwanted communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, also including detecting the direction of the unwanted communications.
  - 3. The method of claim 1, also including identifying the target device.
  - 4. The method of claim 1, also including statistically analyzing the communications to determine if an uncharacteristically large number of communications have passed through at least one of the network points.
  - 5. The method of claim 1, also including statistically analyzing the communications to determine when an uncharacteristically large number of communications have been targeted toward the target device.
  - 6. The method of claim 1, also including correlating communications request messages with acknowledgement messages.
  - 7. The method of claim 1, also including communicating information about the unwanted communications to brokers.
  - 8. The method of claim 7, also including communicating information about the unwanted communications among brokers.
  - 9. The method of claim 1, also including blocking a portion of communications passing through the point through which the unwanted communications originated.
  - 10. The method of claim 9, also including blocking a portion of communication request messages passing through the point through which the unwanted communications originated.
  - 11. The method of claim 1, in which the target device comprises a web server.

12. A method comprising:
- identifying a source sub-network of unwanted communications that are adapted to substantially reduce the ability of a target device on a network to respond to other communications, the source sub-network connected to the network through an interface device; and
  
  blocking communications passing through the interface device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, also including blocking a portion of the communications passing through the interface device.
  - 14. The method of claim 13, also including blocking a portion of communication request messages passing through the interface device.
  - 15. The method of claim 12, also including monitoring communications passing through at least a first point and second point on a path from the source sub-network to the target device.
  - 16. The method of claim 15, also including analyzing the communications passing through the first and second points for indicia of unwanted communications.
  - 17. The method of claim 16, also including statistically analyzing the communications passing through the first and second points for an uncharacteristically large number of communications passing through either point.
  - 18. The method of claim 16, also including statistically analyzing the communications passing through the first and second points for an uncharacteristically large number of communication request messages passing through either point.
  - 19. The method of claim 16, also including correlating communication request messages passing though the first and second points with acknowledgement messages.

20. A system comprising:
- first and second interface devices for detecting and generating information about unwanted messages directed to a target device; and
  
  a communications analyzer for analyzing the information generated at the first and second interface devices to identify which of the interface devices first carried the unwanted communications.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20, in which the communications analyzer also includes:
    - an interface monitor corresponding to each interface device; and
      
      a communications link between the interface monitors.
  - 22. The system of claim 21, in which the communications analyzer also includes a statistics analyzer corresponding to each interface device for statistically analyzing the messages that pass through each interface device.
  - 23. The system of claim 22, also including an interface coordinator associated with each interface device for instructing the interface devices to block messages.

24. A system comprising:
- a communications monitor for detecting and generating information about unwanted messages originating on a first network and directed to a target device on a second network; and
  
  a gating module for blocking messages passing from the first network to the second network.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The system of claim 24, in which the communications monitor includes a plurality of interface monitors for monitoring the passage of messages through a plurality of network points.
  - 26. The system of claim 25, in which the communications monitor also includes a localizer to identify the network point that first carried the unwanted messages.
  - 27. The system of claim 26, in which the communications monitor also includes a statistics analyzer for statistically analyzing the messages passing through the plurality of points.
  - 28. The system of claim 24, in which the gating module is operable to block a portion of the messages passing from the first network to the second network.
  - 29. The system of claim 28, in which the gating module is operable to block a percentage of all messages passing from the first network to the second network.
  - 30. The system of claim 28, in which the gating module is operable to block a portion of communication request messages directed to the target device.

31. A computer program embodied in a computer readable medium, the program capable of configuring a computer to:
- generate information, at first and second points of a network, about unwanted communications that are adapted to substantially reduce the ability of a target device to respond to other communications; and
  
  analyze the information generated at the first and second points to identify which of the points first carried the unwanted communications.
- View Dependent Claims (32)
- - 32. The program of claim 31, also capable of configuring a computer to block a portion of the communications passing through the point that first carried the unwanted communications.

33. A computer program embodied in a carrier wave, the program capable of configuring a computer to:
- generate information, at first and second points of a network, about unwanted communications that are adapted to substantially reduce the ability of a target device to respond to other communications; and
  
  analyze the information generated at the first and second points to identify which of the points first carried the unwanted communications.
- View Dependent Claims (34)
- - 34. The program of claim 33, also capable of configuring a computer to block a portion of the communications passing through the point that first carried the unwanted communications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Govindarajan, Priya, Chiu, Chun Yang, Durham, David M., Jason, James L. Jr.

Application Number

US09/976,471
Publication Number

US 20030074434A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 51/212 using filtering or selectiv...

H04L 63/1458 Denial of Service

Determination of message source in network communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

88 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Determination of message source in network communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links