公开(公告)号：US08045460B2

公开(公告)日：2011-10-25

申请号：US12779546

申请日：2010-05-13

申请人： Thusitha Jayawardena ,  William J. Shugard

发明人： Thusitha Jayawardena ,  William J. Shugard

IPC分类号： G01R31/08

CPC分类号： H04L43/0847 ,  H04L45/00 ,  H04L45/18 ,  H04L45/20 ,  H04L63/1441 ,  H04L69/28

摘要： A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

摘要翻译： 公开了一种在电信网络中检测路由环路和生存时间（TTL）到期攻击的方法和系统。 基于网络中两台或多台路由器上发生的TTL到期的比较，可以实现对路由环路和TTL到期攻击的检测。 可以将与路由器相关联的TTL到期数量相加。 另外，可以将与可操作地耦合到路由器的其他路由器相关联的一定数量的TTL到期值相加。 可以计算和之间的差异，并且可以响应于差异来确定是否存在路由环路。

公开(公告)号：US20100242113A1

公开(公告)日：2010-09-23

申请号：US12779546

申请日：2010-05-13

申请人： Thusitha Jayawardena ,  William J. Shugard

发明人： Thusitha Jayawardena ,  William J. Shugard

IPC分类号： G06F21/00 ,  H04L12/26

CPC分类号： H04L43/0847 ,  H04L45/00 ,  H04L45/18 ,  H04L45/20 ,  H04L63/1441 ,  H04L69/28

摘要： A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

摘要翻译： 公开了一种在电信网络中检测路由环路和生存时间（TTL）到期攻击的方法和系统。 基于网络中两台或多台路由器上发生的TTL到期的比较，可以实现对路由环路和TTL到期攻击的检测。 可以将与路由器相关联的TTL到期数量相加。 另外，可以将与可操作地耦合到路由器的其他路由器相关联的一定数量的TTL到期值相加。 可以计算和之间的差异，并且可以响应于差异来确定是否存在路由环路。

公开(公告)号：US07752666B2

公开(公告)日：2010-07-06

申请号：US11963039

申请日：2007-12-21

申请人： Thusitha Jayawardena ,  William J. Shugard

发明人： Thusitha Jayawardena ,  William J. Shugard

IPC分类号： G06F11/00

CPC分类号： H04L43/0847 ,  H04L45/00 ,  H04L45/18 ,  H04L45/20 ,  H04L63/1441 ,  H04L69/28

摘要： A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

摘要翻译： 公开了一种在电信网络中检测路由环路和生存时间（TTL）到期攻击的方法和系统。 基于网络中两台或多台路由器上发生的TTL到期的比较，可以实现对路由环路和TTL到期攻击的检测。 可以将与路由器相关联的TTL到期数量相加。 另外，可以将与可操作地耦合到路由器的其他路由器相关联的一定数量的TTL到期值相加。 可以计算和之间的差异，并且可以响应于差异来确定是否存在路由环路。

公开(公告)号：US20090161567A1

公开(公告)日：2009-06-25

申请号：US11963039

申请日：2007-12-21

申请人： Thusitha Jayawardena ,  William J. Shugard

发明人： Thusitha Jayawardena ,  William J. Shugard

IPC分类号： G06F11/00

CPC分类号： H04L43/0847 ,  H04L45/00 ,  H04L45/18 ,  H04L45/20 ,  H04L63/1441 ,  H04L69/28

摘要： A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

摘要翻译： 公开了一种在电信网络中检测路由环路和生存时间（TTL）到期攻击的方法和系统。 基于网络中两台或多台路由器上发生的TTL到期的比较，可以实现对路由环路和TTL到期攻击的检测。 可以将与路由器相关联的TTL到期数量相加。 另外，可以将与可操作地耦合到路由器的其他路由器相关联的一定数量的TTL到期值相加。 可以计算和之间的差异，并且可以响应于差异来确定是否存在路由环路。

公开(公告)号：US08578287B2

公开(公告)日：2013-11-05

申请号：US12341238

申请日：2008-12-22

申请人： Gustavo De Los Reyes ,  Sanjay MacWan ,  Gang Xu ,  Howard Shirokmann ,  Rachel Rosencrantz ,  Thusitha Jayawardena

发明人： Gustavo De Los Reyes ,  Sanjay MacWan ,  Gang Xu ,  Howard Shirokmann ,  Rachel Rosencrantz ,  Thusitha Jayawardena

IPC分类号： G06F3/048

CPC分类号： G05B15/02 ,  G06F3/023 ,  G06F3/038 ,  G06F3/0489 ,  H04N21/2265 ,  H04N21/43615 ,  H04N21/4622 ,  H04N21/482 ,  H04N21/6377

摘要： A computer readable storage medium storing a set of instructions that are executable by a processor, the set of instructions being operable to store a virtual representation of a plurality of physical components, display the virtual representation, receive user interaction with at least one of the virtual representations and send a command to the physical component corresponding to the user interaction.

摘要翻译： 存储可由处理器执行的一组指令的计算机可读存储介质，所述指令集可操作以存储多个物理组件的虚拟表示，显示所述虚拟表示，接收与所述虚拟表示中的至少一个的用户交互 表示并发送命令到对应于用户交互的物理组件。

公开(公告)号：US07953855B2

公开(公告)日：2011-05-31

申请号：US12284254

申请日：2008-09-19

申请人： Thusitha Jayawardena ,  Luis E. Morales

发明人： Thusitha Jayawardena ,  Luis E. Morales

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F15/177

CPC分类号： H04L63/1408 ,  H04L29/06

摘要： In an IP network during a DDoS attack on a website or other internet entity having an IP address, selective black-holing of attack traffic is performed such that some of the traffic destined for the IP address under attack continues to go to the IP address under attack while other traffic, destined for the same IP address is, rerouted via BGP sessions to a black-hole router. Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted.

摘要翻译： 在IP网络中对网站或具有IP地址的其他互联网实体进行DDoS攻击时，会执行攻击流量的选择性黑洞攻击，使得发往受攻击的IP地址的一些流量继续进入IP地址下的IP地址 攻击，而其他流量，注定相同的IP地址，通过BGP会话重新路由到一个黑洞路由器。 这种选择性黑洞方案可以用于允许某些流量继续路由到被攻击的IP地址，而其他流量被转移。

公开(公告)号：US08566465B2

公开(公告)日：2013-10-22

申请号：US12884976

申请日：2010-09-17

申请人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

发明人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

IPC分类号： G06F15/173

CPC分类号： H04L63/0281 ,  H04L63/1458 ,  H04L63/1466 ,  H04L67/141 ,  H04L67/2814

摘要： A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.

摘要翻译： 一种方法包括响应于在服务地址处接收到的第一会话请求向第一客户端发送第一重定向指令，以及响应于在由所述第一重定向地址指示的第一重定向地址接收到的第二会话请求，建立与第一客户端的第一会话 第一个重定向指令。 此外，该方法包括确定已经过去的第一服务间隔，并且响应于在经过第一服务间隔之后在服务地址处接收的第三会话请求，向第二客户端发送第二重定向指令。 该方法还包括响应于在第一服务间隔已经过去之后由第二重定向指令指示的第二重定向地址处接收到的第四会话请求，建立与第二客户端的第二会话，并且拒绝从第三客户端接收到的第五会话请求 客户端在第一个服务间隔之后的第一个重定向地址。

公开(公告)号：US08644159B2

公开(公告)日：2014-02-04

申请号：US13557909

申请日：2012-07-25

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： G06F11/00 ,  G06F15/173 ,  H04L12/66

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。

公开(公告)号：US20120291128A1

公开(公告)日：2012-11-15

申请号：US13557909

申请日：2012-07-25

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： G06F21/00

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。

公开(公告)号：US20100162378A1

公开(公告)日：2010-06-24

申请号：US12338614

申请日：2008-12-18

申请人： Thusitha Jayawardena ,  Gustavo De Los Reyes ,  Gang Xu

发明人： Thusitha Jayawardena ,  Gustavo De Los Reyes ,  Gang Xu

IPC分类号： G06F17/00 ,  G06F15/16

CPC分类号： H04L67/2814 ,  H04L63/0227

摘要： Example methods and apparatus to enhance security in residential networks and residential gateways are disclosed. A disclosed example apparatus includes a transceiver to receive an Internet protocol (IP) packet, a first packet processing module associated with a protected IP address, the first packet processing module to be communicatively coupled to a first network device, a second packet processing module associated with a public IP address, the second packet processing module to be communicatively coupled to a second network device, and a packet diverter to route the received IP packet to the first packet processing module when the IP packet contains the protected IP address and to route the IP packet to the second packet processing module when the IP packet does not contain the protected IP address.

摘要翻译： 公开了增强住宅网络和住宅网关安全性的示例方法和装置。 所公开的示例性设备包括：收发器，用于接收因特网协议（IP）分组;与受保护的IP地址相关联的第一分组处理模块;第一分组处理模块，用于通信地耦合到第一网络设备;第二分组处理模块， 具有公共IP地址，所述第二分组处理模块通信地耦合到第二网络设备，以及分组转发器，以在IP分组包含受保护的IP地址时将接收的IP分组路由到第一分组处理模块，并且路由 当IP包不包含受保护的IP地址时，IP包到第二包处理模块。