Frame-transfer control device, DoS-attack preventing device, and DoS-attack preventing system

US 20060280121A1
Filed: 09/23/2005
Published: 12/14/2006
Est. Priority Date: 06/13/2005
Status: Abandoned Application

First Claim

Patent Images

1. A frame-transfer control device configured to transfer, to a network to which a server is connected, a frame transmitted from a client in an external network, the frame-transfer control device comprising:

a transmitting unit configured to periodically transmit a response request to the client, and to monitor a response to the response request from the client to grasp a responding state of the client;

an identifying unit configured to identify whether the frame is any one of a legitimate frame and an illegitimate frame based on the responding state; and

a limiting unit configured to transfer the legitimate frame to the server by priority, and to limit transfer of the illegitimate frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prior information collecting unit transmits in advance a SYN/ACK frame to an address of a client in an external network, and monitors a response to the SYN/ACK frame. If there is no response, the prior information collecting unit determines that the address is a valid attack address. If there is a response with a RST frame, the prior information collecting unit determines that the address is an invalid attack address. An address holding unit stores a responding state of the client. A valid attack identifying unit detects a valid attack frame having a valid attack address as a source address from among frames addressed to the server, based on information stored in the address holding unit. A flow rate limiting unit limits a flow rate at the time of transferring the valid attack frames to the server.

Citations

11 Claims

1. A frame-transfer control device configured to transfer, to a network to which a server is connected, a frame transmitted from a client in an external network, the frame-transfer control device comprising:
- a transmitting unit configured to periodically transmit a response request to the client, and to monitor a response to the response request from the client to grasp a responding state of the client;
  
  an identifying unit configured to identify whether the frame is any one of a legitimate frame and an illegitimate frame based on the responding state; and
  
  a limiting unit configured to transfer the legitimate frame to the server by priority, and to limit transfer of the illegitimate frame.

2. An attack preventing device configured to protect a network to which a server is connected, from an attack from an external network, the attack preventing device comprising:
- a transmitting unit configured to transmit a first frame to at least one client connected to the external network, and to monitor a response to the first frame from the client with a second frame, to grasp a responding state of the client;
  
  a first storing unit configured to store the responding state corresponding to an address of the client;
  
  an detecting unit configured to detect an offensive frame with which the network is attacked from among at least one frame transmitted from the external network toward the server, based on information stored in the first storing unit; and
  
  a limiting unit configured to limit a flow rate of the offensive frame by adjusting a transmission band to transfer the frame to the server.
- View Dependent Claims (3, 4, 5, 6)
- - 3. The attack preventing device according to claim 2, further comprising a second storing unit configured to store an address of a client, wherein the limiting unit is configured to transfer a frame transmitted from a client of which an address is stored in the second storing unit.
  - 4. The attack preventing device according to claim 2, further comprising a searching unit configure to search an address of a client registered in a domain name system, and to provide the transmitting unit with the address of a registered client, wherein the transmitting unit is configured to transmit the first frame only to the registered client.
  - 5. The attack preventing device according to claim 2, further comprising a monitoring unit configured to monitor communication between the server and the client, and to cause the first storing unit to store an address of a client that has normally completed the communication.
  - 6. The attack preventing device according to claim 2, further comprising a timing storing unit configured to store information on a monitoring time during which transmission of the first frame and the response with the second frame are monitored, and to inform the transmitting unit of a start time and an end time of the monitoring time, wherein the transmitting unit is configured to monitor the transmission of the first frame and the response to the first frame based on the start time and the end time.

7. An attack preventing system configured to protect a network to which a server is connected, from an attack from an external network, the attack preventing system comprising:
- a first processing device configured to be connected to the external network; and
  
  a second processing device configured to be connected to the network, wherein the first processing device includes a transmitting unit configured to transmit a first frame to at least one client connected to the external network, and to monitor a response to the first frame from the client with a second frame, to grasp a responding state of the client;
  
  a first storing unit configured to store the responding state corresponding to an address of the client; and
  
  a transferring unit configured to transfer information stored in the first storing unit to the second processing device, and the second processing device includes a second storing unit configured to store transferred information;
  
  a detecting unit configured to detect an offensive frame with which the network is attacked from among at least one frame transmitted from the external network toward the server, based on information stored in the second storing unit; and
  
  a limiting unit configured to limit a flow rate of the offensive frame by adjusting a transmission band to transfer the frame to the server.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The attack preventing device according to claim 7, wherein the first processing device further includes a second storing unit configured to store an address of a client, and the limiting unit is configured to transfer a frame transmitted from a client of which an address is stored in the second storing unit.
  - 9. The attack preventing device according to claim 7, wherein the first processing device further includes a searching unit configure to search an address of a client registered in a domain name system, and to provide the transmitting unit with the address of a registered client, and the transmitting unit is configured to transmit the first frame only to the registered client.
  - 10. The attack preventing device according to claim 7, wherein the second processing device further includes a monitoring unit configured to monitor communication between the server and the client, and to cause the second storing unit to store an address of a client that has normally completed the communication.
  - 11. The attack preventing device according to claim 7, wherein the first processing device further includes a timing storing unit configured to store information on a monitoring time during which transmission of the first frame and the response with the second frame are monitored, and to inform the transmitting unit of a start time and an end time of the monitoring time, wherein the transmitting unit is configured to monitor the transmission of the first frame and the response to the first frame based on the start time and the end time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Matoba, Kazumine

Application Number

US11/233,750
Publication Number

US 20060280121A1
Time in Patent Office

Days
Field of Search
US Class Current

370/235
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1458 Denial of Service

Frame-transfer control device, DoS-attack preventing device, and DoS-attack preventing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Frame-transfer control device, DoS-attack preventing device, and DoS-attack preventing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links