WO2005117370A3 - Using address ranges to detect malicious activity - Google Patents

Using address ranges to detect malicious activity Download PDF

Info

Publication number
WO2005117370A3
WO2005117370A3 PCT/US2005/017685 US2005017685W WO2005117370A3 WO 2005117370 A3 WO2005117370 A3 WO 2005117370A3 US 2005017685 W US2005017685 W US 2005017685W WO 2005117370 A3 WO2005117370 A3 WO 2005117370A3
Authority
WO
WIPO (PCT)
Prior art keywords
network
address ranges
malicious activity
detect malicious
addresses
Prior art date
Application number
PCT/US2005/017685
Other languages
French (fr)
Other versions
WO2005117370A2 (en
Inventor
Paul Gassoway
Original Assignee
Computer Ass Think Inc
Paul Gassoway
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=35285605&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2005117370(A3) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Computer Ass Think Inc, Paul Gassoway filed Critical Computer Ass Think Inc
Priority to EP05778923A priority Critical patent/EP1754348B1/en
Publication of WO2005117370A2 publication Critical patent/WO2005117370A2/en
Publication of WO2005117370A3 publication Critical patent/WO2005117370A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

A method for detecting malicious programs within a network, includes monitoring at least one packet within the network to ascertain a source address and a destination address of the at least one packet, determining whether the source address and the destination address of the at least one packet match addresses within a listing of addresses of devices on the network and generating an alert when neither the source address nor the destination address of the at least one packet match addresses within the listing of addresses of devices on the network.
PCT/US2005/017685 2004-05-19 2005-05-18 Using address ranges to detect malicious activity WO2005117370A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05778923A EP1754348B1 (en) 2004-05-19 2005-05-18 Using address ranges to detect malicious activity

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57265804P 2004-05-19 2004-05-19
US60/572,658 2004-05-19

Publications (2)

Publication Number Publication Date
WO2005117370A2 WO2005117370A2 (en) 2005-12-08
WO2005117370A3 true WO2005117370A3 (en) 2006-01-26

Family

ID=35285605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/017685 WO2005117370A2 (en) 2004-05-19 2005-05-18 Using address ranges to detect malicious activity

Country Status (3)

Country Link
US (1) US20050259657A1 (en)
EP (1) EP1754348B1 (en)
WO (1) WO2005117370A2 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060002306A1 (en) * 2004-06-30 2006-01-05 Ronald Brown Failure detection of path information corresponding to a transmission path
US8139521B2 (en) * 2005-10-28 2012-03-20 Interdigital Technology Corporation Wireless nodes with active authentication and associated methods
US20120020217A1 (en) * 2008-12-30 2012-01-26 Shaun Wakumoto Storing network flow information
US10091174B2 (en) 2014-09-29 2018-10-02 Dropbox, Inc. Identifying related user accounts based on authentication data
US10223423B2 (en) * 2014-10-02 2019-03-05 Splunk Inc. Custom communication alerts
US10756956B2 (en) * 2018-03-05 2020-08-25 Schweitzer Engineering Laboratories, Inc. Trigger alarm actions and alarm-triggered network flows in software-defined networks
US11741228B2 (en) * 2020-08-25 2023-08-29 Bank Of America Corporation System for generating computing network segmentation and isolation schemes using dynamic and shifting classification of assets

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003050644A2 (en) * 2001-08-14 2003-06-19 Riverhead Networks Inc. Protecting against malicious traffic

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6513122B1 (en) * 2001-06-29 2003-01-28 Networks Associates Technology, Inc. Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities
US7246156B2 (en) * 2003-06-09 2007-07-17 Industrial Defender, Inc. Method and computer program product for monitoring an industrial network
US7725545B2 (en) * 2004-02-20 2010-05-25 Sybase 365, Inc. Dual use counters for routing loops and spam detection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003050644A2 (en) * 2001-08-14 2003-06-19 Riverhead Networks Inc. Protecting against malicious traffic

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CISCO SYSTEMS: "SAFE: Worm Mitigation", CISCO SYSTEMS WHITE PAPER, 2003, XP002355058, Retrieved from the Internet <URL:http://www.cisco.com/warp/public/cc/so/neso/sqso/safr/prodlit/sawrm_wp.pdf> [retrieved on 20051118] *
YING JIN, STEVEN WALLACE: "A Preprocessor Plugin for SNORT: IP Spoof Detector", INTERNET PUBLICATION, 22 April 2002 (2002-04-22), ADVANCED NETWORK MANAGEMENT LAB, INDIANA UNIVERSITY, XP002355057, Retrieved from the Internet <URL:http://www.cs.indiana.edu/~yinjin/anml/Automatic_Spoof_Detector_Ying.doc> [retrieved on 20051117] *

Also Published As

Publication number Publication date
US20050259657A1 (en) 2005-11-24
EP1754348B1 (en) 2012-08-01
WO2005117370A2 (en) 2005-12-08
EP1754348A2 (en) 2007-02-21

Similar Documents

Publication Publication Date Title
WO2005117370A3 (en) Using address ranges to detect malicious activity
WO2002023805A3 (en) Monitoring network activity
GB2457398A (en) Sensor node of wireless sensor networks and operating method thereof
WO2008067371A3 (en) System for automatic detection of spyware
WO2008014272A3 (en) Method and apparatus for monitoring wireless network access
WO2006091944A3 (en) Location-based enhancements for wireless intrusion detection
WO2008079337A3 (en) Systems, methods, and apparatus for communicating the state of a wireless user device in a wireless domain to an application server in an internet protocol (ip) domain
EP1854005A4 (en) Method and apparatus for locating rogue access point switch ports in a wireless network
AU2003272797A1 (en) Acoustic sensing device, system and method for monitoring emissions from machinery
WO2004050839A3 (en) Fragmentation-based methods and systems for sequence variation detection and discovery
WO2008067248A3 (en) Detection for end of service using dynamic inactivity timer thresholds
WO2008063343A3 (en) Methods and apparatus for detecting unwanted traffic in one or more packet networks utilizing string analysis
WO2007073546A3 (en) Installing an application from one peer to another including configuration settings
WO2004088477A3 (en) Apparatus and method for network vulnerability detection and compliance assessment
WO2007070396A3 (en) Medicament compliance monitoring system, method, and medicament container
HK1113873A1 (en) Using a test query to determine whether a network device suffers from a software bug or design flaw
WO2008131371A3 (en) Extensions to ipv6 neighbor discovery protocol for automated prefix delegation
GB201203406D0 (en) Automatic address range detection for IP networks
WO2008052291A3 (en) System and process for detecting anomalous network traffic
WO2007022364A3 (en) Change audit method, apparatus and system
WO2006107560A3 (en) Methods, systems, and computer program products for establishing trusted access to a communication network
WO2006133383A3 (en) Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies
WO2008012792A3 (en) A method and system for detection of nat devices in a network
GB0406104D0 (en) Connecting devices to a peer-to-peer network
WO2011079149A3 (en) Systems and methods for listening policies for virtual servers of an appliance

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWE Wipo information: entry into national phase

Ref document number: 2005778923

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005778923

Country of ref document: EP