Method for blocking denial of service and address spoofing attacks on a private network
First Claim
1. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
- receiving a request for connection from an initiator, over the public network;
requesting an acknowledgment from the initiator of the request;
determining whether the acknowledgment has been received within a predetermined amount of time; and
denying the request if the acknowledgment is not received within the predetermined amount of time.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).
129 Citations
33 Claims
-
1. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
-
receiving a request for connection from an initiator, over the public network;
requesting an acknowledgment from the initiator of the request;
determining whether the acknowledgment has been received within a predetermined amount of time; and
denying the request if the acknowledgment is not received within the predetermined amount of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
-
receiving an incoming data packet from the public network;
comparing a source address of the data packet against known internal addresses of the private network;
determining if the source address matches a known internal address; and
if there is a match;
dropping the data packet;
analyzing a header of the data packet;
determining information regarding a history of the packet;
determining a real source of the data packet using the information regarding the history of the packet; and
refusing to process any additional data packets received from the real source of the data packet. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for blocking an attack on a private network implemented by a routing device interconnecting the private network to a public network, comprising:
-
receiving a request for connection from an initiator, over the public network;
requesting an acknowledgment from the initiator of the request;
determining whether the acknowledgment has been received within a predetermined amount of time;
denying the request if the acknowledgment is not received within the predetermined amount of time;
comparing a source address of the request for connection with known internal addresses of the private network;
determining if the source address matches a known internal address; and
refusing to process the request for connection if there is a match.
-
-
28. A system for blocking an attack on a private network, comprising:
a routing device being operable to interconnect a private network to a public network, the routing device being further operable to;
receive a request for connection from an initiator, over the public network;
request an acknowledgment from the initiator of the request;
determine whether the acknowledgment has been received within a predetermined amount of time; and
deny the request if the acknowledgment is not received within the predetermined amount of time.
-
29. A system for blocking an attack on a private network, comprising:
a routing device being operable to interconnect the private network and a public network, the routing device being further operable to;
receive an incoming data packet from the public network;
compare a source address of the data packet against known internal addresses of the private network;
determine if the source address matches a known internal address; and
if there is a match;
drop the data packet;
analyze a header of the data packet;
determine information regarding a history of the packet;
determine a real source of the data packet using the information regarding the history of the packet; and
refuse to process any additional data packets received from the real source of the data packet.
-
30. A system for blocking an attack on a private network, comprising:
-
means for interconnecting a private network to a public network;
means for receiving a request for connection from an initiator, over the public network;
means for requesting an acknowledgment from the initiator of the request;
means for determining whether the acknowledgment has been received within a predetermined amount of time; and
means for denying the request if the acknowledgment is not received within the predetermined amount of time.
-
-
31. A system for blocking an attack on a private network, comprising:
-
means for interconnecting the private network and a public network;
means for receiving an incoming data packet from the public network;
means for comparing a source address of the data packet against known internal addresses of the private network;
means for determining if the source address matches a known internal address; and
if there is a match, means for;
dropping the data packet;
analyzing a header of the data packet;
determining information regarding a history of the packet;
determining a real source of the data packet using the information regarding the history of the packet; and
refusing to process any additional data packets received from the real source of the data packet.
-
-
32. Software embodied in a computer-readable medium, the computer-readable medium comprising code operable to:
-
interconnect a private network to a public network;
receive a request for connection from an initiator, over the public network;
request an acknowledgment from the initiator of the request;
determine whether the acknowledgment has been received within a predetermined amount of time; and
deny the request if the acknowledgment is not received within the predetermined amount of time.
-
-
33. Software embodied in a computer-readable medium, the computer-readable medium comprising code operable to:
-
receive an incoming data packet from the public network;
compare a source address of the data packet against known internal addresses of the private network;
determine if the source address matches a known internal address; and
if there is a match;
drop the data packet;
analyze a header of the data packet;
determine information regarding a history of the packet;
determine a real source of the data packet using the information regarding the history of the packet; and
refuse to process any additional data packets received from the real source of the data packet.
-
Specification