Denial-of-service attack defense system, denial-of-service attack defense method, and denial-of-service attack defense program
1 Assignment
0 Petitions
Accused Products
Abstract
A monitoring device is provided on a LAN to which a communication device that is a target of a denial-of-service attack is connected, and monitors a packet transmitted to the communication device via an ISP network. A restricting device is provided on the ISP network, and restricts a packet to the LAN. The monitoring device detects an attack by the packet on the communication device, and transmits protection request information indicating a request for protection against the attack to the restricting device. The restricting device restricts a packet transmitted to the communication device via the ISP network based on the protection request information.
19 Citations
28 Claims
-
1-14. -14. (canceled)
-
15. A system for protecting a communication device against a denial-of-service attack, the system comprising:
-
a monitoring device configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected, the monitoring device monitoring a packet transmitted to the communication device via an internet-service-provider network; and
a restricting device configured to be provided on the internet-service-provider network, the restricting device restricting a packet to the local area network, wherein the monitoring device includes an attack detecting unit that detects an attack by the packet on the communication device, and a protection-request-information transmitting unit that transmits protection request information indicating a request for protection against the attack to the restricting device; and
the restricting device includes a packet restricting unit that restricts a packet transmitted to the communication device via the internet-service-provider network based on the protection request information. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method of protecting a communication device against a denial-of-service attack using a monitoring device and a restricting device, the monitoring device being configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected and monitoring a packet transmitted to the communication device via an internet-service-provider network, the restricting device being configured to be provided on the internet-service-provider network and restricting a packet to the local area network, the method comprising:
-
attack detecting including the monitoring device detecting an attack by the packet on the communication device;
protection-request-information transmitting including the monitoring device transmitting protection request information indicating a request for protection against the attack to the restricting device; and
packet restricting including the restricting device restricting a packet transmitted to the communication device via the internet-service-provider network based on the protection request information. - View Dependent Claims (22, 23, 24)
-
-
25. A computer-readable recording medium that stores a computer program for protecting a communication device against a denial-of-service attack using a monitoring device and a restricting device, the monitoring device being configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected and monitoring a packet transmitted to the communication device via an internet-service-provider network, the restricting device being configured to be provided on the internet-service-provider network and restricting a packet to the local area network, wherein
the computer program causes a computer to execute: -
attack detecting including the monitoring device detecting an attack by the packet on the communication device;
protection-request-information transmitting including the monitoring device transmitting protection request information indicating a request for protection against the attack to the restricting device; and
packet restricting including the restricting device restricting a packet transmitted to the communication device via the internet-service-provider network based on the protection request information. - View Dependent Claims (26, 27, 28)
-
Specification