Protecting a network from unauthorized access

US 7,940,654 B2
Filed: 11/03/2006
Issued: 05/10/2011
Est. Priority Date: 06/14/2001
Status: Expired due to Term

First Claim

Patent Images

1. A node for use in communications between a first network and an external network, comprising:

a storage module to store a threshold value for a communications session, the threshold value representing an acceptable rate of incoming data units from the external network to the first network; and

a controller to deny further entry of data units from the external network to the first network in the communications session and to generate a report of an attack from the external network in response to the controller detecting that the rate of incoming data units exceeds the threshold value,the storage module to further store address information, wherein the controller is to compare a source address of a particular incoming data unit with the address information stored in the system and to deny further entry of the particular incoming data unit if the source address does not match the address information stored in the system.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of protecting a first network from unauthorized access includes storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information. The profile information includes a predetermined threshold indicating a maximum acceptable rate of incoming data units from an external network to the first network. If the incoming data unit rate exceeds the predetermined threshold, then a security action is taken, such as generating an alarm or preventing further transport of data units from the external network to the first network.

43 Citations

View as Search Results

11 Claims

1. A node for use in communications between a first network and an external network, comprising:
- a storage module to store a threshold value for a communications session, the threshold value representing an acceptable rate of incoming data units from the external network to the first network; and
  
  a controller to deny further entry of data units from the external network to the first network in the communications session and to generate a report of an attack from the external network in response to the controller detecting that the rate of incoming data units exceeds the threshold value,the storage module to further store address information, wherein the controller is to compare a source address of a particular incoming data unit with the address information stored in the system and to deny further entry of the particular incoming data unit if the source address does not match the address information stored in the system.
- View Dependent Claims (2, 3, 4)
- - 2. The node of claim 1, wherein the address information comprises a network address translation table.
  - 3. The node of claim 2, wherein the network address translation table comprises a network address and port translation table.
  - 4. The node of claim 1, wherein the controller is to further check if the particular incoming data unit contains a Real-Time Protocol or Real-Time Control Protocol payload, and to deny further entry of the particular incoming data unit if the incoming data unit does not contain a Real-Time Protocol or Real-Time Control Protocol payload.

5. A method of protecting a first network, comprisingdetermining if a rate of incoming data units from an external network to the first network exceeds a predetermined threshold in a given call session;
- performing a security action if the determined rate of incoming data units exceeds the predetermined threshold, wherein performing the security action comprises generating a report that an attack is occurring; and
  
  storing plural thresholds for corresponding plural call sessions, wherein the predetermined threshold is one of the plural thresholds.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein the determining, performing, and storing are performed by a node, the method further comprising:
    - storing, by the node, a network address translation table;
      
      determining, by the node, whether a source address of a particular incoming data unit matches an entry of the network address translation table; and
      
      in response to determining that the source address does not match an entry of the network address translation table, the node denying entry of the particular incoming data unit to the first network.
  - 7. The method of claim 5, wherein the determining, performing, and storing are performed by a node, the method further comprising:
    - determining, by the node, a type of payload of a particular incoming data unit; and
      
      in response to determining that the payload is not one of a Real-Time Protocol payload and a Real-Time Control Protocol payload, the node denying entry of the particular incoming data unit.

8. An article comprising at least one non-transitory machine-readable storage medium containing instructions for protecting a first network, the instructions when executed causing a node to:
- determine if a rate of incoming data units from an external network to the first network exceeds a predetermined threshold in a given call session;
  
  perform a security action if the determined rate of incoming data units exceeds the predetermined threshold; and
  
  calculate the predetermined threshold based at least in part on a frame size used in the call session.
- View Dependent Claims (9, 10, 11)
- - 9. The article of claim 8, wherein performing the security action comprises generating a report that an attack is occurring.
  - 10. The article of claim 8, wherein the instructions when executed cause the node to further:
    - store a network address translation table;
      
      determine whether a source address of a particular incoming data unit matches an entry of the network address translation table; and
      
      in response to determining that the source address does not match an entry of the network address translation table, deny entry of the particular incoming data unit to the first network.
  - 11. The article of claim 8, wherein the instructions when executed cause the node to further:
    - determine a type of payload of a particular incoming data unit; and
      
      in response to determining that the payload is not one of a Real-Time Protocol payload and a Real-Time Control Protocol payload, deny entry of the particular incoming data unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genband US LLC (Ribbon Communications, Inc.)
Original Assignee
Genband US LLC (Ribbon Communications, Inc.)
Inventors
March, Sean W., McKnight, David W., Sollee, Patrick N.
Primary Examiner(s)
PHAN, MAN U

Application Number

US11/592,775
Publication Number

US 20070053289A1
Time in Patent Office

1,649 Days
Field of Search

370229-236, 370328-396, 370401-475, 709223-245, 726 3- 25
US Class Current

370/229
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2517   using port numbers

H04L 61/2539   Hiding addresses; Keeping a...

H04L 61/255   Maintenance or indexing of ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/1106   Call signalling protocols; ...

H04L 65/65   Network streaming protocols...

H04L 65/80   Responding to QoS

Protecting a network from unauthorized access

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting a network from unauthorized access

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links