×

Attack defending system and attack defending method

  • US 7,464,407 B2
  • Filed: 08/20/2003
  • Issued: 12/09/2008
  • Est. Priority Date: 08/20/2002
  • Status: Active Grant
First Claim
Patent Images

1. An attack defending system provided at an interface between an internal network and an external network, comprising a computer having a processor and a memory to execute software recorded on a tangible medium, the software implementing a decoy device and a firewall device, wherein the firewall device inputs an input IP packet from the external network and forwards it to one of the decoy device and the internal network, whereinthe decoy device comprises:

  • an attack detector for detecting presence or absence of an attack by executing a service process for the input IP packet transferred from the firewall device, andthe firewall device comprises;

    a packet filter for determining whether the input IP packet inputted from the external network is to be accepted, based on header information of the input IP packet and a filtering condition corresponding to the input IP packet;

    a destination selector for selecting one of the internal network and the decoy device as a destination of the input IP packet accepted by the packet filter, based on the header information of the input IP packet and a distribution condition; and

    a filtering condition manager for managing the filtering condition depending on whether the attack detector detects an attack based on the input IP packet forwarded to the decoy device, whereinthe destination selector comprises a memory for storing as the distribution condition a guiding list containing a set of IP addresses unused in the internal network, the destination selector selecting the decoy device when a destination IP address of the input IP packet matches an unused IP address contained in the guiding list.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×