WO1999063727B1 - Distributed filtering and monitoring system for a computer internetwork - Google Patents
Distributed filtering and monitoring system for a computer internetworkInfo
- Publication number
- WO1999063727B1 WO1999063727B1 PCT/US1999/010272 US9910272W WO9963727B1 WO 1999063727 B1 WO1999063727 B1 WO 1999063727B1 US 9910272 W US9910272 W US 9910272W WO 9963727 B1 WO9963727 B1 WO 9963727B1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packets
- loads
- internetwork
- packet
- computer
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU40738/99A AU4073899A (en) | 1998-06-01 | 1999-05-11 | Distributed filtering and monitoring system for a computer internetwork |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/088,348 | 1998-06-01 | ||
US09/088,348 US6658565B1 (en) | 1998-06-01 | 1998-06-01 | Distributed filtering and monitoring system for a computer internetwork |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1999063727A1 WO1999063727A1 (en) | 1999-12-09 |
WO1999063727B1 true WO1999063727B1 (en) | 2000-01-27 |
Family
ID=22210854
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1999/010272 WO1999063727A1 (en) | 1998-06-01 | 1999-05-11 | Distributed filtering and monitoring system for a computer internetwork |
Country Status (3)
Country | Link |
---|---|
US (1) | US6658565B1 (en) |
AU (1) | AU4073899A (en) |
WO (1) | WO1999063727A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9143518B2 (en) | 2005-08-18 | 2015-09-22 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media protecting a digital data processing device from attack |
US9495541B2 (en) | 2011-09-15 | 2016-11-15 | The Trustees Of Columbia University In The City Of New York | Detecting return-oriented programming payloads by evaluating data for a gadget address space address and determining whether operations associated with instructions beginning at the address indicate a return-oriented programming payload |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6321338B1 (en) | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6885657B1 (en) | 1998-11-30 | 2005-04-26 | Broadcom Corporation | Network telephony system |
FR2787265B1 (en) * | 1998-12-14 | 2001-02-16 | France Telecom | METHOD FOR TRANSPORTING PACKETS BETWEEN AN ACCESS INTERFACE OF A SUBSCRIBER INSTALLATION AND A SHARED NETWORK, AND ACCESS INTERFACE IMPLEMENTING SUCH A METHOD |
US6954775B1 (en) * | 1999-01-15 | 2005-10-11 | Cisco Technology, Inc. | Parallel intrusion detection sensors with load balancing for high speed networks |
FR2793367B1 (en) * | 1999-05-03 | 2004-09-10 | Jean Luc Stehle | AUTHENTICATION AND SECURITY DEVICE FOR A COMPUTER NETWORK |
US20020108059A1 (en) * | 2000-03-03 | 2002-08-08 | Canion Rodney S. | Network security accelerator |
US7299489B1 (en) * | 2000-05-25 | 2007-11-20 | Lucent Technologies Inc. | Method and apparatus for host probing |
US6928482B1 (en) * | 2000-06-29 | 2005-08-09 | Cisco Technology, Inc. | Method and apparatus for scalable process flow load balancing of a multiplicity of parallel packet processors in a digital communication network |
JP2002063084A (en) * | 2000-08-21 | 2002-02-28 | Toshiba Corp | Packet-transferring device, packet-transferring method, and storage medium stored with program therefor |
US6801503B1 (en) * | 2000-10-09 | 2004-10-05 | Arbor Networks, Inc. | Progressive and distributed regulation of selected network traffic destined for a network node |
US7020713B1 (en) * | 2000-10-10 | 2006-03-28 | Novell, Inc. | System and method for balancing TCP/IP/workload of multi-processor system based on hash buckets |
NL1016533C2 (en) * | 2000-11-02 | 2002-05-07 | Industree B V | Restricting data transfer in data communication network, by restricting transfer to network from end station based on data transfer characteristics determined by analysis |
JP3629516B2 (en) * | 2000-11-02 | 2005-03-16 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Proxy server, electronic signature system, electronic signature verification system, network system, electronic signature method, electronic signature verification method, and storage medium |
US7681032B2 (en) * | 2001-03-12 | 2010-03-16 | Portauthority Technologies Inc. | System and method for monitoring unauthorized transport of digital content |
US7356689B2 (en) * | 2001-07-09 | 2008-04-08 | Lucent Technologies Inc. | Method and apparatus for tracing packets in a communications network |
TW576061B (en) * | 2001-08-13 | 2004-02-11 | Via Tech Inc | Device and method for load balancing of packet switching |
EP1433066B1 (en) * | 2001-09-14 | 2010-08-11 | Nokia Inc. | Device and method for packet forwarding |
US6851062B2 (en) * | 2001-09-27 | 2005-02-01 | International Business Machines Corporation | System and method for managing denial of service attacks |
JP3864743B2 (en) * | 2001-10-04 | 2007-01-10 | 株式会社日立製作所 | Firewall device, information device, and information device communication method |
US7719980B2 (en) * | 2002-02-19 | 2010-05-18 | Broadcom Corporation | Method and apparatus for flexible frame processing and classification engine |
US7254603B2 (en) * | 2002-05-03 | 2007-08-07 | Sonics, Inc. | On-chip inter-network performance optimization using configurable performance parameters |
US7194566B2 (en) | 2002-05-03 | 2007-03-20 | Sonics, Inc. | Communication system and method with configurable posting points |
US7356633B2 (en) | 2002-05-03 | 2008-04-08 | Sonics, Inc. | Composing on-chip interconnects with configurable interfaces |
FR2846171B1 (en) * | 2002-10-21 | 2005-03-04 | France Telecom | CAPTURE OF DATA ON A COMPUTER LINK WITH SAMPLING |
US7603441B2 (en) | 2002-12-27 | 2009-10-13 | Sonics, Inc. | Method and apparatus for automatic configuration of multiple on-chip interconnects |
US8239942B2 (en) * | 2002-12-30 | 2012-08-07 | Cisco Technology, Inc. | Parallel intrusion detection sensors with load balancing for high speed networks |
BR0318136A (en) * | 2003-02-25 | 2006-02-07 | Siemens Ag | Separation process of specific group-conjugable ip packets and specific ip-packet |
US7970006B1 (en) * | 2003-03-10 | 2011-06-28 | Ciena Corporation | Dynamic configuration for a modular interconnect |
JP3758661B2 (en) * | 2003-11-17 | 2006-03-22 | 株式会社インテリジェントウェイブ | Fraud monitoring program, fraud monitoring method and fraud monitoring system |
US8291448B2 (en) | 2004-09-15 | 2012-10-16 | Nokia Corporation | Providing zapping streams to broadcast receivers |
WO2006042424A1 (en) * | 2004-10-19 | 2006-04-27 | Eidgenössische Technische Hochschule Zürich | Distributed internet traffic control system |
US8320242B2 (en) | 2004-12-24 | 2012-11-27 | Net Optics, Inc. | Active response communications network tap |
US7760859B2 (en) * | 2005-03-07 | 2010-07-20 | Net Optics, Inc. | Intelligent communications network tap port aggregator |
JP2008537267A (en) | 2005-04-18 | 2008-09-11 | ザ トラスティーズ オブ コロンビア ユニヴァーシティ イン ザ シティ オブ ニューヨーク | System and method for detecting and deterring attacks using honeypots |
US7930748B1 (en) | 2005-12-29 | 2011-04-19 | At&T Intellectual Property Ii, L.P. | Method and apparatus for detecting scans in real-time |
US8763103B2 (en) | 2006-04-21 | 2014-06-24 | The Trustees Of Columbia University In The City Of New York | Systems and methods for inhibiting attacks on applications |
US8205252B2 (en) * | 2006-07-28 | 2012-06-19 | Microsoft Corporation | Network accountability among autonomous systems |
US7822027B2 (en) * | 2006-10-05 | 2010-10-26 | Cisco Technology, Inc. | Network routing to the socket |
US7974286B2 (en) * | 2006-12-04 | 2011-07-05 | International Business Machines Corporation | Reduced redundant security screening |
US7779143B2 (en) * | 2007-06-28 | 2010-08-17 | Alcatel-Lucent Usa Inc. | Scalable methods for detecting significant traffic patterns in a data network |
US7903576B2 (en) | 2007-08-07 | 2011-03-08 | Net Optics, Inc. | Methods and arrangement for utilization rate display |
US8094576B2 (en) * | 2007-08-07 | 2012-01-10 | Net Optic, Inc. | Integrated switch tap arrangement with visual display arrangement and methods thereof |
US7898984B2 (en) | 2007-08-07 | 2011-03-01 | Net Optics, Inc. | Enhanced communication network tap port aggregator arrangement and methods thereof |
US7773529B2 (en) * | 2007-12-27 | 2010-08-10 | Net Optic, Inc. | Director device and methods thereof |
US20110145572A1 (en) * | 2009-12-15 | 2011-06-16 | Christensen Kenneth J | Apparatus and method for protecting packet-switched networks from unauthorized traffic |
US9306959B2 (en) | 2010-02-26 | 2016-04-05 | Ixia | Dual bypass module and methods thereof |
US9813448B2 (en) | 2010-02-26 | 2017-11-07 | Ixia | Secured network arrangement and methods thereof |
US9749261B2 (en) | 2010-02-28 | 2017-08-29 | Ixia | Arrangements and methods for minimizing delay in high-speed taps |
US8755293B2 (en) * | 2010-02-28 | 2014-06-17 | Net Optics, Inc. | Time machine device and methods thereof |
US8902735B2 (en) | 2010-02-28 | 2014-12-02 | Net Optics, Inc. | Gigabits zero-delay tap and methods thereof |
FR2992445B1 (en) * | 2012-06-22 | 2014-07-04 | Snecma | METHOD FOR SYNCHRONIZING ALGORITHM DATA OF ASYNCHRONOUS AIRCRAFT COMPUTERS |
WO2014108173A1 (en) * | 2013-01-08 | 2014-07-17 | Telefonaktiebolaget L M Ericsson (Publ) | Distributed traffic inspection in a telecommunications network |
US9998213B2 (en) | 2016-07-29 | 2018-06-12 | Keysight Technologies Singapore (Holdings) Pte. Ltd. | Network tap with battery-assisted and programmable failover |
US10050937B1 (en) * | 2016-12-29 | 2018-08-14 | Juniper Networks, Inc. | Reducing impact of network attacks in access networks |
US11228431B2 (en) * | 2019-09-20 | 2022-01-18 | General Electric Company | Communication systems and methods for authenticating data packets within network flow |
US11418491B2 (en) * | 2020-02-26 | 2022-08-16 | Cisco Technology, Inc. | Dynamic firewall discovery on a service plane in a SDWAN architecture |
CN113595957B (en) * | 2020-04-30 | 2022-11-08 | 华为技术有限公司 | Network defense method and security detection equipment |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4621359A (en) | 1984-10-18 | 1986-11-04 | Hughes Aircraft Company | Load balancing for packet switching nodes |
US5455865A (en) * | 1989-05-09 | 1995-10-03 | Digital Equipment Corporation | Robust packet routing over a distributed network containing malicious failures |
US5495426A (en) * | 1994-01-26 | 1996-02-27 | Waclawsky; John G. | Inband directed routing for load balancing and load distribution in a data communication network |
US5511122A (en) | 1994-06-03 | 1996-04-23 | The United States Of America As Represented By The Secretary Of The Navy | Intermediate network authentication |
NZ306846A (en) | 1995-06-05 | 2000-01-28 | Certco Llc | Digital signing method using partial signatures |
US5680461A (en) | 1995-10-26 | 1997-10-21 | Sun Microsystems, Inc. | Secure network protocol system and method |
JP3688830B2 (en) * | 1995-11-30 | 2005-08-31 | 株式会社東芝 | Packet transfer method and packet processing apparatus |
JPH09252323A (en) * | 1996-01-11 | 1997-09-22 | Sony Corp | Communication system and communication equipment |
US5892754A (en) * | 1996-06-07 | 1999-04-06 | International Business Machines Corporation | User controlled adaptive flow control for packet networks |
US6173364B1 (en) * | 1997-01-15 | 2001-01-09 | At&T Corp. | Session cache and rule caching method for a dynamic filter |
US6229806B1 (en) * | 1997-12-30 | 2001-05-08 | Motorola, Inc. | Authentication in a packet data system |
US6111877A (en) * | 1997-12-31 | 2000-08-29 | Cisco Technology, Inc. | Load sharing across flows |
JP3966598B2 (en) * | 1998-03-04 | 2007-08-29 | 富士通株式会社 | Server selection system |
US6055236A (en) * | 1998-03-05 | 2000-04-25 | 3Com Corporation | Method and system for locating network services with distributed network address translation |
-
1998
- 1998-06-01 US US09/088,348 patent/US6658565B1/en not_active Expired - Lifetime
-
1999
- 1999-05-11 AU AU40738/99A patent/AU4073899A/en not_active Abandoned
- 1999-05-11 WO PCT/US1999/010272 patent/WO1999063727A1/en active Application Filing
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9143518B2 (en) | 2005-08-18 | 2015-09-22 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media protecting a digital data processing device from attack |
US9544322B2 (en) | 2005-08-18 | 2017-01-10 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media protecting a digital data processing device from attack |
US9495541B2 (en) | 2011-09-15 | 2016-11-15 | The Trustees Of Columbia University In The City Of New York | Detecting return-oriented programming payloads by evaluating data for a gadget address space address and determining whether operations associated with instructions beginning at the address indicate a return-oriented programming payload |
Also Published As
Publication number | Publication date |
---|---|
AU4073899A (en) | 1999-12-20 |
US6658565B1 (en) | 2003-12-02 |
WO1999063727A1 (en) | 1999-12-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1999063727B1 (en) | Distributed filtering and monitoring system for a computer internetwork | |
CN109565500B (en) | On-demand security architecture | |
US7146421B2 (en) | Handling state information in a network element cluster | |
US11652798B2 (en) | Dynamic, user-configurable virtual private network | |
US6687222B1 (en) | Backup service managers for providing reliable network services in a distributed environment | |
Diguet et al. | NOC-centric security of reconfigurable SoC | |
JP3568850B2 (en) | How the data packet filter works | |
Bates et al. | Detecting co-residency with active traffic analysis techniques | |
US6754214B1 (en) | Communication network having packetized security codes and a system for detecting security breach locations within the network | |
Bays et al. | Virtual network security: threats, countermeasures, and challenges | |
US7886145B2 (en) | Method and system for including security information with a packet | |
US20140153435A1 (en) | Tiered deep packet inspection in network devices | |
US20010014912A1 (en) | Distributed security system for a communication network | |
US20090028045A1 (en) | System and method for traffic load balancing to multiple processors | |
US8713628B2 (en) | Method and system for providing cloud based network security services | |
IL161112A (en) | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device | |
EP0743777A3 (en) | System for packet filtering of data packets at a computer network interface | |
US20070168452A1 (en) | Method of processing data, a network analyser card, a host and an intrusion detection system | |
EP1540921B1 (en) | Method and apparatus for inspecting inter-layer address binding protocols | |
CN111865806B (en) | Prefix-based fat flows | |
US10841840B2 (en) | Processing packets in a computer system | |
JP2003505934A (en) | Secure network switch | |
KR20090006632A (en) | Virtual firewall system and the control method for using based on commonness security policy | |
Gold et al. | A virtualized link layer with support for indirection | |
DE60207515D1 (en) | Method for increasing the throughput of data in a gateway, and routers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AU BA BB BG BR CA CN CU CZ EE GD GE HR HU ID IL IN IS JP KP KR LC LK LR LT LV MG MK MN MX NO NZ PL RO SG SI SK SL TR TT UA UZ VN YU |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
AK | Designated states |
Kind code of ref document: B1 Designated state(s): AL AU BA BB BG BR CA CN CU CZ EE GD GE HR HU ID IL IN IS JP KP KR LC LK LR LT LV MG MK MN MX NO NZ PL RO SG SI SK SL TR TT UA UZ VN YU |
|
AL | Designated countries for regional patents |
Kind code of ref document: B1 Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase |