Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2004-05-04
2008-09-02
Lanier, Benjamin E (Department: 2132)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000, C726S025000
Reexamination Certificate
active
07421737
ABSTRACT:
Evasion detection is disclosed. Techniques are provided for network security, including comparing a received header value to a baseline header value, determining based on the comparison whether a threshold has been satisfied, and generating an alert if the threshold has been satisfied. Header values may be representative of data included in packet headers that, depending upon a data communication protocol in use (e.g., TCP, IP, etc.) may include information such as a time-to-live (TTL) value or IP options. After retrieving a received packet's header value, it is compared to a baseline header value and, in combination with evaluating a flip count threshold, used to detect an evasion attempt.
REFERENCES:
patent: 7046653 (2006-05-01), Nigrin et al.
patent: 7114181 (2006-09-01), Ramaiah et al.
patent: 7171683 (2007-01-01), Pazi et al.
patent: 2003/0084319 (2003-05-01), Tarquini et al.
patent: 2003/0112780 (2003-06-01), Ouyang et al.
patent: 2003/0172289 (2003-09-01), Soppera
Thomas Ptacek, “Insertion, Evasion, and Denail of Service: Eluding Network Intrusion Detection”, 1998, Secure Networks, Inc., pp. 1-67.
U.S. Appl. No. 10/839,737, Hernacki et al.
Bennett Jeremy
Hernacki Brian
Lanier Benjamin E
Symantec Corporation
Van Pelt & Yi & James LLP
LandOfFree
Evasion detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Evasion detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Evasion detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3987470