Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2006-02-01
2011-12-06
Arani, Taghi (Department: 2438)
Information security
Monitoring or scanning of software or data including attack...
C370S394000, C370S395500, C370S395520, C709S227000, C709S228000, C709S229000
Reexamination Certificate
active
08074275
ABSTRACT:
A method of preventing network denial of service attacks by early discard of out-of-order segments comprises creating a reassembly queue for a connection between a first network node and a second network node, wherein the connection has been established based on a transport-layer network protocol, the reassembly queue having a size based on a buffer size of an input interface with which the connection is associated. As out-of-order data segments arrive on the connection, and before other processing of the segments, whether the reassembly queue is full is determined, and the out-of-order segments are discarded if the reassembly queue is full. The size of the reassembly queue is automatically changed in response to one or more changes in any of network conditions and device resources.
REFERENCES:
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6888835 (2005-05-01), Reeve
patent: 2002/0026502 (2002-02-01), Phillips et al.
patent: 2002/0035681 (2002-03-01), Maturana et al.
patent: 2002/0116644 (2002-08-01), Richard
patent: 2002/0147722 (2002-10-01), Banerjee
patent: 2003/0079031 (2003-04-01), Nagano
patent: 2004/0008681 (2004-01-01), Govindarajan et al.
patent: 2005/0259644 (2005-11-01), Huitema et al.
patent: 2006/0007935 (2006-01-01), Bennett et al.
patent: 2006/0179147 (2006-08-01), Tran et al.
V. Jacobson et al., “TCP Extensions for High Performance,” IETF RFC 1323, May 1992, pp. 1-33.
Anonymous, “NetBSD not vulnerable to TCP reassembly mbuf DoS,” message posted in mailing list archive of Virus.org, Mar. 4, 2004, pp. 1-2.
Anonymous, Source code excerpt from “tcp-input.c” module revision 1.223 of NetBSD operating system, printed May 2, 2005, 1 page.
Information Sciences Institute of the University of Southern California, “Internet Protocol DARPA Internet Program Protocol Specification” (IETF RFC 791), Sep. 1981, pp. 1-49.
Ramaiah Anantha
Sivakumar Senthil
Somasundaram Mahadev
Arani Taghi
Chang Kenneth
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
LandOfFree
Preventing network denial of service attacks by early... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Preventing network denial of service attacks by early..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing network denial of service attacks by early... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4260612