System and method for detecting and eliminating IP spoofing in a data transmission network
First Claim
Patent Images
1. A traffic management system for use in conjunction with packet data, said system operative for passing data packets there through, said system comprising:
- means for extracting certain parameters of data from each packet of data which is flowing into said system; and
means for comparing said extracted data against at least one database to determine if the data packet associated with said extracted data is valid.
6 Assignments
0 Petitions
Accused Products
Abstract
A traffic management system sniffs data arriving at any point in a system. The sniffer operates to extract certain data from each address. This data could be, for example, the IP address data and the physical address data. The extracted data is then used to access different data bases to determine if matches occur. Time stamps, sequencing and other parameters of each piece of data entering a system are used to control data access.
-
Citations
25 Claims
-
1. A traffic management system for use in conjunction with packet data, said system operative for passing data packets there through, said system comprising:
-
means for extracting certain parameters of data from each packet of data which is flowing into said system; and
means for comparing said extracted data against at least one database to determine if the data packet associated with said extracted data is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data network monitoring system comprising:
-
at least one data sniffer;
a temporary storage device;
a processor for determining spoofing with respect to data passing through said system; and
said processor further operative for diverting to said temporary storage device selected data entering said system, said selected data controlled in part by information obtained from said data sniffer and from a determination of spoofing. - View Dependent Claims (10, 11)
-
-
12. The method of controlling a traffic management system, said method comprising the steps of:
-
reviewing certain parameters of data packets flowing into said system, said parameters pertaining to possible spoofing;
remembering for a period of time said reviewed certain parameters in conjunction with each received data packet; and
upon attainment of packet flow volume into said system reaching a certain level, temporarily storing certain subsequently received packets in accordance with selective remembered parameter of previously received packets. - View Dependent Claims (13, 14, 15, 16, 17, 18, 20, 21)
-
-
19. The method of claim 26 further including the step of:
putting at least some of said retrieved data packets through said system.
-
22. A method for preventing data from flowing beyond a particular point faster than the handling capability associated with that point;
- said system comprising the steps of;
remembering certain parameters of data passing said particular point, said certain parameters selected from the list of;
software address of a sender;
hardware address of a sender;
time stamp of a transaction;
sequence of a transaction;
data pertaining to spoofing; and
preventing selected data from passing said particular point when the data handling capability associated with that point reaches a preset limit, said preventing step relying on said remembered parameters pertaining to data previously passing said particular point.
- said system comprising the steps of;
-
23. A data flow control system for preventing an enterprise data processing system from being overloaded with spoofed data requests directed to said enterprise system from sources external to said enterprise system, said data flow system comprising:
-
a gateway for accepting data directed to said enterprise system from any said external source;
a data monitoring circuit for observing selected portions of certain data directed to said gateway, and a delay path operable when the amount of data currently being handled by said enterprise system reaches a certain threshold for temporarily removing selected data which is directed to said enterprise system away from enterprise system, said selected data having an uncertain probability of spoofing. - View Dependent Claims (24, 25)
-
Specification