Method for resisting a denial-of-service attack of a private network element

US 20050235359A1
Filed: 03/01/2005
Published: 10/20/2005
Est. Priority Date: 02/06/1996
Status: Abandoned Application

First Claim

Patent Images

1. A method for resisting a denial-of-service attack of a private network element comprising:

receiving a packet destined for a private network element over an IP-compliant network;

assigning a proxy agent operable within a firewall to examine said packet based on the destination port of said packet;

determining, by said proxy agent, whether said packet is suspect and should be discarded; and

if said packet is suspect, then discarding said packet without shutting down said port.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for resisting a denial-of-service attack of a private network element are disclosed. In one embodiment, a network device is configured to receive a packet destined for a private network element over an IP-compliant network. A proxy is assigned to examine the packet based on the destination port of the packet. The proxy agent then determines whether the packet is suspect and should be discarded. If the packet is suspect, it is discarded without shutting down said port.

107 Citations

View as Search Results

20 Claims

1. A method for resisting a denial-of-service attack of a private network element comprising:
- receiving a packet destined for a private network element over an IP-compliant network;
  
  assigning a proxy agent operable within a firewall to examine said packet based on the destination port of said packet;
  
  determining, by said proxy agent, whether said packet is suspect and should be discarded; and
  
  if said packet is suspect, then discarding said packet without shutting down said port.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said act of determining whether said packet is suspect further comprises comparing the source address of said packet against a list of addresses.
  - 3. The method of claim 2, further comprising the act of performing additional verification checks on suspect addresses.
  - 4. The method of claim 3, further comprising the act of performing additional verification based on the suspect packet'"'"'s port designation.
  - 5. The method of claim 1, further comprising the act of maintaining a transaction log containing information regarding said incoming packets.

6. A firewall device for resisting a denial-of-service attack of a private network element comprising:
- a firewall operatively disposed between a private network element and an IP-compliant network;
  
  the firewall device configured to receive a packet destined for a private network element over an IP-compliant network and assign a proxy agent operable within said firewall to examine said packet based on the destination port of said packet; and
  
  wherein the proxy agent is configured to discard suspect packets without shutting down said port.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The firewall device of claim 6, wherein said proxy agent is further configured to determine whether said packet is suspect by comparing the source address of said packet against a list of addresses.
  - 8. The firewall device of claim 7, wherein said proxy agent is further configured to perform additional verification checks on suspect addresses.
  - 9. The firewall device of claim 8, wherein said proxy agent is further configured to perform additional verification based on the suspect packet'"'"'s port designation.
  - 10. The firewall device of claim 6, wherein said firewall device is further configured to maintain a transaction log containing information regarding said incoming access request packets.

11. A firewall apparatus for resisting a denial-of-service attack of a private network element comprising:
- means for receiving a packet destined for a private network element over an IP-compliant network;
  
  means for assigning a proxy agent operable within a firewall to examine said packet based on the destination port of said packet;
  
  means for determining whether said packet is suspect and should be discarded; and
  
  means for discarding said packet without shutting down said port if said packet is suspect.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11, further comprising means for comparing the source address of said packet against a list of addresses.
  - 13. The apparatus of claim 12, further comprising means for performing additional verification checks on suspect addresses.
  - 14. The apparatus of claim 13, further comprising means for performing additional verification based on the suspect packet'"'"'s port designation.
  - 15. The apparatus of claim 11, further comprising means for maintaining a transaction log containing information regarding said incoming access request packets.

16. A computer-readable device containing a set of computer instructions for performing a method for resisting a denial-of-service attack of a private network element, the method comprising:
- receiving a packet destined for a private network element over an IP-compliant network;
  
  assigning a proxy agent operable within a firewall to examine said packet based on the destination port of said packet;
  
  determining, by said proxy agent, whether said packet is suspect and should be discarded; and
  
  if said packet is suspect, then discarding said packet without shutting down said port.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The device of claim 16, wherein said act of determining whether said packet is suspect further comprises comparing the source address of said packet against a list of addresses.
  - 18. The device of claim 17, further comprising the act of performing additional verification checks on suspect addresses.
  - 19. The device of claim 18, further comprising the act of performing additional verification based on the suspect packet'"'"'s port designation.
  - 20. The device of claim 16, further comprising the act of maintaining a transaction log containing information regarding said incoming access request packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Original Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Inventors
Coley, Christopher D., Wesinger, Ralph E. Jr.

Application Number

US11/070,847
Publication Number

US 20050235359A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06Q 20/027   involving a payment switch ...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/1458   Denial of Service

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 9/40   Network security protocols

Method for resisting a denial-of-service attack of a private network element

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for resisting a denial-of-service attack of a private network element

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links