Mechanism for tracing back anonymous network flows in autonomous systems

US 20050044208A1
Filed: 08/07/2003
Published: 02/24/2005
Est. Priority Date: 08/07/2003
Status: Active Grant

First Claim

Patent Images

1. A method of determining a source of data packet flow into a plurality of network nodes forming an Autonomous System and connected to network devices that are external to the Autonomous System in a communication network comprising the steps of:

a) detecting, by one of the plurality of network nodes and according to a signature, packets of a particular flow for which the source is to be determined;

b) marking, by said network devices, packets received by network nodes from said network devices, the marking including a label indicating the network node and/or an associated interface;

c) identifying, by the detecting network node, marking network nodes that are marking packets of the particular flow; and

d) for each identified marking network node recording its label as a source of the particular flow.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of tracing network flows in an autonomous communications system are described. The Autonomous System may be formed of multiple subgroups depending on size and application. Each subgroup contains multiple, interconnected routers which participate in transporting data flow across the Autonomous System (AS). A Director within the AS has a full and complete vision of the network topology. When it is desired to trace a particular flow because of an identified attack, selected routers in key locations—through which that particular flow travels—mark packets with labels which enable the tracing of the path. These labels permit the source of the attack, at least in so far as it travels through the AS, to be identified. If the number of entry (or key) points to the AS is larger than the number of available labels, the AS will be divided into subgroups, the flow is traced from subgroup to subgroup.

42 Citations

View as Search Results

17 Claims

1. A method of determining a source of data packet flow into a plurality of network nodes forming an Autonomous System and connected to network devices that are external to the Autonomous System in a communication network comprising the steps of:
- a) detecting, by one of the plurality of network nodes and according to a signature, packets of a particular flow for which the source is to be determined;
  
  b) marking, by said network devices, packets received by network nodes from said network devices, the marking including a label indicating the network node and/or an associated interface;
  
  c) identifying, by the detecting network node, marking network nodes that are marking packets of the particular flow; and
  
  d) for each identified marking network node recording its label as a source of the particular flow.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as defined in claim 1 wherein step d) includes the step of discontinuing marking packets by the marking network node when there are no more marking network nodes being identified.
  - 3. The method as defined in claim 1 wherein the Autonomous System is divided into multiple subgroups and the determination of sources is conducted across the multiple subgroups, from one to another.
  - 4. The method as defined in claim 3 wherein each subgroup is considered separately and sources which are links between subgroups are removed for further consideration.
  - 5. The method as defined in claim 1 wherein the identification of a network node by a label is assigned dynamically.
  - 6. The method as defined in claim 1 wherein the identification of an interface, on a network node, by a label is assigned dynamically.
  - 7. The method as defined in claim 1 wherein the packets are marked using any IP field, including IP Options.

8. A system for determining sources of data packet flow into a plurality of network nodes forming an Autonomous System and connected to network devices that are external to the Autonomous System in a communication network comprising:
- means at one of said plurality of network nodes to discriminate, according to a signature, packets of a particular flow for which the source is to be determined;
  
  means at the network devices to mark packets received by network nodes from the network devices, the marking including a label indicating the network node and/or associated interface;
  
  means at the detecting network node to identify marking network nodes that are marking packets of that particular flow; and
  
  means for each identifying marking network node to record its label as a source of the particular flow.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The system as defined in claim 8 further including means to coordinate all necessary entities and to communicate across different Autonomous Systems.
  - 10. The system as defined in claim 8 wherein the Autonomous System is divided into multiple subgroups and source determination is conducted across the multiple subgroups, from one to another.
  - 11. The system as defined in claim 8 wherein a Director in the AS initiates flow tracing in response to a signal to proceed.
  - 12. The system as defined in claim 11 wherein the signal is generated by a Last Router in the AS, the Last Router being located in the AS immediately before a victim of an attack.
  - 13. The system as defined in claim 11 wherein the signal is generated by a victim node in the AS, or directly connected to the AS.
  - 14. The system as defined in claim 11 wherein the signal is generated by a trusted entity from another domain. For example the Director of an adjacent Autonomous System.
  - 15. The system as defined in claim 8 wherein the Director passes the labels to the network devices dynamically.
  - 16. The system as defined in claim 8 wherein the Director pre-assigns labels to network devices.
  - 17. The system as defined in claim 8 wherein the Director employs a combination of dynamic and static label assignment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Robert, Jean-Marc, Jones, Emanuele

Granted Patent

US 7,565,426 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 2463/146   Tracing the source of attacks

H04L 43/00   Arrangements for monitoring...

H04L 43/026   using flow identification

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

Mechanism for tracing back anonymous network flows in autonomous systems

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for tracing back anonymous network flows in autonomous systems

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links