Denial-of-service attack defense system, denial-of-service attack defense method, and computer product
First Claim
1. A system for protecting a communication device against a denial-of-service attack, the system comprising:
- a monitoring device provided on a local area network including the communication device, the monitoring device being configured to monitor a packet transmitted to the communication device via an internet-service-provider network; and
a restricting device provided on the internet-service-provider network, the restricting device being configured to restrict a packet to the local area network,wherein the monitoring device includesan attack detecting unit configured to detect an attack by the packet on the communication device based on an attack detection condition including a destination address and a port number of the packet, anda protection-request-information transmitting unit configured to transmit to the restricting device protection request information indicating a request for protection against the attack, the protection request information including a certificate authenticating the monitoring device, a signature indicating a feature including the destination address and the port number of a packet that attacks the communication device, the protection-request-information transmitting unit being configured to update the protection request information to remove packets not included in the attack from restriction based on a report of received packets transmitted from the restricting device, andthe restricting device includes a packet restricting unit configured to restrict a packet transmitted to the communication device via the internet-service-provider network based on the protection request information.
1 Assignment
0 Petitions
Accused Products
Abstract
A monitoring device is provided on a LAN to which a communication device that is a target of a denial-of-service attack is connected, and monitors a packet transmitted to the communication device via an ISP network. A restricting device is provided on the ISP network, and restricts a packet to the LAN. The monitoring device detects an attack by the packet on the communication device, and transmits protection request information indicating a request for protection against the attack to the restricting device. The restricting device restricts a packet transmitted to the communication device via the ISP network based on the protection request information.
18 Citations
14 Claims
-
1. A system for protecting a communication device against a denial-of-service attack, the system comprising:
-
a monitoring device provided on a local area network including the communication device, the monitoring device being configured to monitor a packet transmitted to the communication device via an internet-service-provider network; and a restricting device provided on the internet-service-provider network, the restricting device being configured to restrict a packet to the local area network, wherein the monitoring device includes an attack detecting unit configured to detect an attack by the packet on the communication device based on an attack detection condition including a destination address and a port number of the packet, and a protection-request-information transmitting unit configured to transmit to the restricting device protection request information indicating a request for protection against the attack, the protection request information including a certificate authenticating the monitoring device, a signature indicating a feature including the destination address and the port number of a packet that attacks the communication device, the protection-request-information transmitting unit being configured to update the protection request information to remove packets not included in the attack from restriction based on a report of received packets transmitted from the restricting device, and the restricting device includes a packet restricting unit configured to restrict a packet transmitted to the communication device via the internet-service-provider network based on the protection request information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of causing a monitoring device and a restricting device to protect a communication device against a denial-of-service attack, the monitoring device being provided on a local area network including the communication device and being configured to monitor a packet transmitted to the communication device via an internet-service-provider network, the restricting device being provided on the internet-service-provider network and being configured to restrict a packet to the local area network, the method comprising:
-
detecting, at the monitoring device, an attack by the packet on the communication device based on an attack detection condition including a destination address and a port number of the packet; transmitting, from the monitoring device to the restricting device, a protection request information indicating a request for protection against the attack, the protection request information including a certificate authenticating the monitoring device, a signature indicating a feature including the destination address and the port number of a packet that attacks the communication device; restricting, at the restricting device, packets transmitted to the communication device via the internet-service-provider network based on the protection request information; transmitting, from the restricting device to the monitoring device, a report including information on packets included in the attack; and transmitting, from the monitoring device to the restricting device, an updated protection request information removing packets not included in the attack from restriction based on the report. - View Dependent Claims (8, 9, 10)
-
-
11. A non-transitory computer-readable medium storing thereon computer-readable instructions for protecting a communication device against a denial-of-service attack using a monitoring device and a restricting device, the monitoring device being provided on a local area network including the communication device and being configured to monitor a packet transmitted to the communication device via an internet-service-provider network, the restricting device being provided on the internet-service-provider network and being configured to restrict a packet to the local area network, the computer-readable instructions when executed by a computer cause the computer to perform the method comprising:
-
detecting, at the monitoring device, an attack by the packet on the communication device based on an attack detection condition including an address and a port number of the packet; transmitting, from the monitoring device to the restricting device, protection request information indicating a request for protection against the attack, the protection request information including a certificate authenticating the monitoring device, a signature indicating a feature including the destination address and the port number of a packet that attacks the communication device; restricting, at the restricting device, a packet transmitted to the communication device via the internet-service-provider network based on the protection request information; transmitting, from the restricting device to the monitoring device, a report including information on packets included in the attack; and transmitting, from the monitoring device to the restricting device, an updated protection request information removing packets not included in the attack from restriction based on the report. - View Dependent Claims (12, 13, 14)
-
Specification