Patents Assigned to Mazu Networks, Inc.
-
Patent number: 7461404Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: December 2, 2008Assignee: Mazu Networks, Inc.Inventors: Anne Elizabeth Dudfield, Massimiliano Antonio Poletto, Daniel Weber
-
Patent number: 7398317Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: September 5, 2001Date of Patent: July 8, 2008Assignee: Mazu Networks, Inc.Inventors: Benjie Chen, Massimiliano Antonio Poletto
-
Patent number: 7363656Abstract: A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.Type: GrantFiled: November 3, 2003Date of Patent: April 22, 2008Assignee: Mazu Networks, Inc.Inventors: Daniel Weber, Prem Gopalan, Massimiliano Antonio Poletto
-
Patent number: 7278159Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: October 2, 2007Assignee: Mazu Networks, Inc.Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Jr., Massimiliano Antonio Poletto, Robert T. Morris
-
Patent number: 7213264Abstract: A monitoring device disposed for thwarting denial of service attacks on the data center is described. The monitoring device includes a plurality of probe devices that are disposed to collect statistical information on packets that are sent between the network and the data center and a cluster head coupled to each of the plurality of probe devices, the cluster head receiving collected statistical information from the probe devices and determining from the collected information whether the data center is under a denial of service attack.Type: GrantFiled: January 31, 2002Date of Patent: May 1, 2007Assignee: Mazu Networks, Inc.Inventors: Massimiliano Antonio Poletto, Dimitri Stratton Vlachos
-
Patent number: 7124440Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: October 17, 2006Assignee: Mazu Networks, Inc.Inventors: Massimiliano Antonio Poletto, Edward W. Kohler, Jr.
-
Patent number: 7043759Abstract: A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.Type: GrantFiled: August 16, 2001Date of Patent: May 9, 2006Assignee: Mazu Networks, Inc.Inventors: Marinus Frans Kaashoek, Edward W. Kohler, Jr., Massimiliano Antonio Poletto
-
Publication number: 20060089985Abstract: A system includes a plurality of collector devices that are disposed to collect statistical information on packets that are sent between nodes on a network. The system also includes a stackable aggregator that receives network data from the plurality of collector devices, and which produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The stackable aggregator includes a manager blade, a database blade, and two or more, analyzer blades.Type: ApplicationFiled: October 26, 2004Publication date: April 27, 2006Applicant: Mazu Networks, Inc.Inventor: Massimiliano Poletto
-
Publication number: 20060075081Abstract: Techniques to assign nodes in a network to groups of nodes are described. The techniques include representing hosts in the network by property vectors that encode information about the hosts, identifying properties of the property vector by integers in the property vector for the host and determining proximity of hosts according to the property vectors and grouping the hosts according to the determined proximity.Type: ApplicationFiled: October 4, 2004Publication date: April 6, 2006Applicant: Mazu Networks, Inc.Inventor: Benjamin Wilken
-
Publication number: 20060067220Abstract: Techniques for tracking dynamically negotiated port connections in a network include collecting statistical information on packets that are sent between nodes on a network, inspecting packets of control connections to detect payload fragments that denote ephemeral port negotiation and producing a mapping from a ephemeral connection flow_id to a control connection flow_id. The techniques also include checking the flow_id to see whether a flow record maps to a control connection.Type: ApplicationFiled: September 30, 2004Publication date: March 30, 2006Applicant: Mazu Networks, Inc.Inventors: Massimiliano Poletto, Andrew Gorelik