专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07970886B1 Detecting and preventing undesirable network traffic from being sourced out of a network domain 有权
标题翻译：检测和防止不期望的网络流量从网络域中进出
公开(公告)号：US07970886B1
公开(公告)日：2011-06-28
申请号：US09706503
申请日：2000-11-02
申请人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
发明人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
IPC分类号： G06F15/173
CPC分类号： H04L41/28 , H04L43/00 , H04L43/06 , H04L43/16 , H04L63/1416 , H04L63/1458
摘要： The present invention provides for a novel approach to protecting a system owner's system(s) from being exploited and providing involuntary assistance to a DOS attack. The present invention provides the protection by detecting and preventing undesirable or inappropriate network traffic from being sourced from a network domain. More specifically, a monitor/regulator is provided to monitor network traffic leaving a network domain. The monitor/regulator determines if undesirable/inappropriate network traffics are leaving the network domain based on the observed characteristics of the outbound and inbound network traffics. If it is determined that undesirable/inappropriate network traffics are leaving the network domain, the monitors/regulator, in one embodiment, at least warns system owners of the detection. In another embodiment, the monitors/regulator further issues regulation instruction(s) to boundary routing device(s) of the network domain(s), thereby preventing the network domain(s) from being exploited to source such undesirable/inappropriate network traffics.
摘要翻译：本发明提供了一种保护系统所有者的系统免受利用并为DOS攻击提供非自愿援助的新颖方法。本发明通过检测和防止不期望的或不适当的网络业务来自网络域来提供保护。更具体地，提供监视器/调节器来监视离开网络域的网络流量。监视器/调节器基于观察到的出站和入站网络流量的特征，确定是否有不合适/不合适的网络流量离开网络域。如果确定不期望/不适当的网络流量正在离开网络域，则在一个实施例中，监视器/调节器至少警告系统所有者的检测。在另一个实施例中，监视器/调节器进一步向网络域的边界路由设备发出调节指令，从而防止网络域被利用以产生这种不合需要/不适当的网络业务。

2. 发明授权

US07444404B2 Network traffic regulation including consistency based detection and filtering of packets with spoof source addresses 失效
标题翻译：网络流量调节，包括基于一致性的检测和过滤具有欺骗源地址的数据包
公开(公告)号：US07444404B2
公开(公告)日：2008-10-28
申请号：US09777550
申请日：2001-02-05
申请人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
发明人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
IPC分类号： G06F15/173 , G06F7/04 , G06F17/30 , G06F7/58 , G06F15/16 , G06K9/00 , H04L9/32 , H04L12/28
CPC分类号： H04L63/1416 , H04L29/12009 , H04L29/12783 , H04L61/35 , H04L63/1458 , H04L63/1466
摘要： A director is provided to receive source address instances of packets routed through routing devices of a network. The director determines whether any of the reported source address instances are to be deemed as spoof source address instances. The director further determines where filtering actions are to be deployed to filter out packets having certain source addresses deemed to be spoof instances. The director makes its determinations based at least in part on a selected one of a number of consistency measures. The consistency measures may include but are not limited to spatial consistency, destination consistency, migration consistency, and temporary consistency. The consistency measures are evaluated using spatial, destination source address range, migration and timing S/D/M/T distribution profiles of the reported source addresses. In some embodiments, the determinations are based further in view of reference S/D/M/T distribution profiles, which may be an exemplary S/D/M/T distribution profile of a typical non-spoof source address or a historical S/D/M/T distribution profile of the source address.
摘要翻译：提供一个主管来接收通过网络的路由设备路由的分组的源地址实例。导演确定是否将任何报告的源地址实例视为欺骗源地址实例。主管进一步确定要部署过滤动作的位置，以过滤掉具有被认为是欺骗性实例的某些源地址的数据包。该导演至少部分地根据多个一致性度量中的一个选择进行确定。一致性措施可能包括但不限于空间一致性，目标一致性，迁移一致性和临时一致性。使用报告的源地址的空间，目的地源地址范围，迁移和时序S / D / M / T分布概况来评估一致性度量。在一些实施例中，鉴于参考S / D / M / T分布曲线，进一步的确定是可以是典型的非欺骗性源地址或历史S / D / M / T分布轮廓的示例性S / D / M / T分布轮廓。源地址的D / M / T分布图。

3. 发明授权

US08509086B2 Detecting network misuse 有权
公开(公告)号：US08509086B2
公开(公告)日：2013-08-13
申请号：US10176845
申请日：2002-06-20
申请人： Thomas E. Anderson , David J. Wetherall , Stefan R. Savage
发明人： Thomas E. Anderson , David J. Wetherall , Stefan R. Savage
IPC分类号： G01R31/08 , H04L12/54
CPC分类号： H04L12/56 , H04L43/00 , H04L43/06 , H04L43/10 , H04L43/16 , H04L47/10 , H04L47/11 , H04L63/1416
摘要： An apparatus is equipped to receive network traffic data for network traffic routed over one or more network links relevant to a network link. Selected numbers of analysis are performed to determine if the network link of interest is being misused. The analyses include but are not limited to analyses to determine whether the network traffic routed are inconsistent with an expected traffic pattern, whether unallocated source addresses are present, whether source addresses exhibit an uncharacteristic even distribution pattern, whether a server is uncharacteristically excessive in responding to the same source address, whether normal bursty behavior is absent from the traffic, whether a ratio of packets in one direction to packets in another direction is out of balance, whether a ratio of packets of one type to packets of another type is out of balance, and whether a server is uncharacteristically excessive in responding with error responses.

4. 发明授权

US06801503B1 Progressive and distributed regulation of selected network traffic destined for a network node 失效
标题翻译：针对网络节点的选定网络流量的渐进和分布式调节
公开(公告)号：US06801503B1
公开(公告)日：2004-10-05
申请号：US09685518
申请日：2000-10-09
申请人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
发明人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
IPC分类号： H04J314
CPC分类号： H04L47/10 , H04L47/122 , H04L47/19 , H04L47/20 , H04L47/2433 , H04L63/1458
摘要： An apparatus is equipped to receive network traffic data for network traffic routed through a number of routing devices with one or more degrees of separation from a network node. The network traffic data include at least network traffic data for network traffic destined for the network node which meet a traffic type selection criteria and are routed by the routing devices to the network node. The apparatus is further equipped to progressively regulate and de-regulate network traffic routing by the routing devices based at least in part on the received network traffic data and the degrees of separation of the routing devices from the network node. Regulation extends from routing devices with the lowest degree of separation from the network node to routing devices with the highest degree of separation, following in the reverse direction of the routing paths traversed by the packets to reach the network node. In one embodiment, the extension or push back is made one degree of separation at a time. In one embodiment, deregulation follows the reverse path, whereas in another embodiment, deregulation is determined and implemented locally, whenever regulation or the extent of regulation is no longer needed. In one embodiment, regulation is made in accordance with a not-to-exceed profile, and the not-to-exceed limit or limits are divided up as regulation extends away from the network node.
摘要翻译：一种装置被配备为接收经由多个路由设备路由的网络流量的网络流量数据，该路由设备具有与网络节点的一个或多个分离度。网络流量数据至少包括用于满足流量类型选择标准的网络流量的网络流量的网络流量数据，并由路由设备路由到网络节点。该装置还被配备为至少部分地基于所接收的网络业务数据和路由设备与网络节点的分离程度来逐步地规范和去规划路由设备的网络业务路由。规则从具有最低分离程度的最低分离距离的路由设备延伸出来，遵循由分组穿过的路由路径到达网络节点的相反方向。在一个实施例中，延伸或推回一次被分开一度。在一个实施例中，取消调节遵循相反的路径，而在另一个实施例中，无论何时不再需要调节或调节程度，在局部确定和实现去调节。在一个实施例中，根据不超过的配置进行调整，并且当规则从网络节点延伸出来时，不超过限制或限制被分开。

5. 发明授权

US08271678B2 Independent detection and filtering of undesirable packets 有权
标题翻译：独立检测和过滤不需要的数据包
公开(公告)号：US08271678B2
公开(公告)日：2012-09-18
申请号：US09825139
申请日：2001-04-03
申请人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
发明人： David J. Wetherall , Stefan R. Savage , Thomas E. Anderson
IPC分类号： G06F15/16
CPC分类号： H04L63/0227 , H04L63/1416
摘要： A server, using a deterministic function, a secret value and persistent information of a packet, destined for a client device, generates and includes a conversation identifier for inclusion with the packet. The client device in turn includes the conversation identifier in a subsequent packet sent by the client device destined for the server. An intermediate routing device having knowledge of the deterministic function and the secret value, upon receiving the packet en-route from the client device to the server, would independently determine whether the packet is a part of a conversation between the client and the server, by independently verifying the included conversation identifier, and forward or not forward the packet accordingly. As result, undesirable packets may be independently detected and filtered for the server.
摘要翻译：使用确定性功能的服务器，发往客户端设备的分组的秘密值和持久性信息生成并包括用于与分组一起包含的会话标识符。客户端设备又包括由发往服务器的客户端设备发送的后续分组中的会话标识符。具有确定性功能和秘密值的知识的中间路由设备在接收到从客户端设备到服务器的路由分组时将独立地确定分组是否是客户端和服务器之间的会话的一部分，通过独立地验证所包括的会话标识符，并相应地转发或不转发分组。因此，对于服务器可以独立地检测和过滤不期望的分组。

6. 发明授权

US07475141B1 Distributed service level management for network traffic 失效
标题翻译：网络流量分布式服务级别管理
公开(公告)号：US07475141B1
公开(公告)日：2009-01-06
申请号：US09920335
申请日：2001-07-31
申请人： Thomas E. Anderson , Stefan R. Savage , David J. Wetherall
发明人： Thomas E. Anderson , Stefan R. Savage , David J. Wetherall
IPC分类号： G06F15/173
CPC分类号： H04L41/5025 , H04L41/5003 , H04L41/5009
摘要： One or more networking apparatuses are employed to practice a networking method that improves a first networking device's likelihood in meeting its service level goals/commitments for a first group of network traffic serviced by the first networking device. Determination is made, away from the networking device, on whether the first network device is meeting the service level goals/commitments for the first group of network traffic. Determination may include monitoring the first group of network traffic at or away from the networking device. If the service level goals/commitments are not being met, a second group of network traffic (also serviced by the first networking device) is regulated. Regulation may be made at the networking device or away from the network device. Additionally, if the condition for regulation is no longer presents, regulation may be moderated or removed. Further, the service level goals/commitments may include reliability and/or performance goals/commitments.
摘要翻译：使用一个或多个联网设备来实施网络方法，其提高第一网络设备在满足由第一网络设备服务的第一组网络流量的服务水平目标/承诺时的可能性。远离网络设备，确定第一个网络设备是否满足第一组网络流量的服务级目标/承诺。确定可以包括监视网络设备处或远离网络设备的第一组网络流量。如果服务水平目标/承诺未得到满足，则第二组网络流量（也由第一网络设备提供服务）被调节。可以在网络设备或远离网络设备进行调节。另外，如果规定条件不再存在，则可以调节或删除规定。此外，服务水平目标/承诺可能包括可靠性和/或绩效目标/承诺。

7. 发明授权

US07058015B1 Distributed solution for regulating network traffic 有权
标题翻译：用于调节网络流量的分布式解决方案
公开(公告)号：US07058015B1
公开(公告)日：2006-06-06
申请号：US09631898
申请日：2000-08-04
申请人： David J. Wetherall , Thomas E. Anderson , Stefan R. Savage
发明人： David J. Wetherall , Thomas E. Anderson , Stefan R. Savage
IPC分类号： G06F11/00 , G06F15/16 , G06F15/173
CPC分类号： H04L47/11 , H04L41/00 , H04L43/062 , H04L43/16 , H04L47/10
摘要： A number of sensors are distributively deployed in a network, either integrally disposed in a number of routing devices of the network or externally disposed and coupled to the routing devices, to monitor and report on network traffic routed through the routing devices. A director is provided to receive network traffic reports from the sensors for the routing devices, and to determine whether moderating actions are to be taken to moderate an amount of network traffic, based at least in part on some of the network traffic reports received from the sensors. In one embodiment, upon determining moderating actions are to be taken, the director further determines what kind of moderating actions are to be taken, including where the moderating actions are to be taken. In one embodiment, the director further instructs appropriate ones of the sensors to cause the desired moderating actions to be applied on the network traffic going through some of the routing devices. In one embodiment, the director, in cooperation with the sensors, also determines when and where moderating actions are to be relaxed, and causes such relaxation to be effectuated. In yet another embodiment, the director, in cooperation with the sensors, also determines when and where regulating actions filtering out certain types of network traffic destined for a network node are to be applied, and causes such filtering to be performed.
摘要翻译：许多传感器分布式部署在网络中，整体地设置在网络的多个路由设备中，或者外部设置并耦合到路由设备，以监视和报告通过路由设备路由的网络流量。提供导演以从传感器接收用于路由设备的网络流量报告，并且至少部分地基于从所述路由设备接收到的一些网络流量报告来确定是否采取调节动作来调节一定量的网络流量传感器。在一个实施例中，在确定要采取调节动作时，导演进一步确定要采取什么样的调节动作，包括要采取调节动作的位置。在一个实施例中，导演进一步指示适当的传感器，以使所需的调节动作应用于通过某些路由设备的网络业务。在一个实施例中，导演与传感器协作也决定了何时以及在何处放松调节动作，并导致这种放松。在另一个实施例中，导向器与传感器协作还确定何时以及在何处以及何处过滤掉去往网络节点的某些类型的网络流量将被应用，并且使得执行这样的过滤。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式