Invention Grant
US07889735B2 Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs
有权
基于指定的源/目的IP地址对,在IP网络中防止拒绝服务攻击的方法和装置
- Patent Title: Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs
- Patent Title (中): 基于指定的源/目的IP地址对,在IP网络中防止拒绝服务攻击的方法和装置
-
Application No.: US11197841Application Date: 2005-08-05
-
Publication No.: US07889735B2Publication Date: 2011-02-15
- Inventor: Eric Henry Grosse
- Applicant: Eric Henry Grosse
- Applicant Address: US NJ Murray Hill
- Assignee: Alcatel-Lucent USA Inc.
- Current Assignee: Alcatel-Lucent USA Inc.
- Current Assignee Address: US NJ Murray Hill
- Agent Kenneth M. Brown
- Main IPC: H04L12/28
- IPC: H04L12/28 ; H04L12/56
Abstract:
A method and apparatus for defending against a Denial of Service attack wherein a target victim of an attack has recognized the existence of an attack and identified its source. The carrier network which provides service to the victim automatically receives one or more IP (Internet Protocol) source/destination IP address pairs from the victim, and then limits (e.g., blocks) the transmission of packets from the identified source address to the identified destination address. The carrier may implement this filtering capability as a stand-alone box included in the network, or as a line card incorporated into otherwise conventional network elements already present in the network. The source/destination address pairs to be blocked may be advantageously communicated from the victim with use of security signatures and with use of redundant connections from the victim to the carrier network to ensure receipt even under congested network conditions.
Public/Granted literature
Information query
