Preventing network reset denial of service attacks

Information security – Monitoring or scanning of software or data including attack...

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C709S227000, C370S235000

Reexamination Certificate

active

10755146

ABSTRACT:
Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

REFERENCES:
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2002/0145976 (2002-10-01), Meyer et al.
patent: 2003/0154399 (2003-08-01), Zuk et al.
patent: 2003/0191844 (2003-10-01), Meyer et al.
patent: 2004/0052234 (2004-03-01), Ameigeiras et al.
“Transmission Control Protocol Security Considerations” dated Apr. 19, 2004; R. Stewart, Editor; Network Working Group (draft-ietf-tcpm-tcpsecure-00.txt).
Cisco Systems, Inc., “Configuring TCP Internet (Prevent Denial-of-Service Attacks,” pp. SC-189-SC-194.
Cisco Systems, Inc., “TCP Intercept Commands,” Cisco IOS Command Summary, vol. 1 of 2, pp. CSI-817-CSI-820.
Cisco Systems, Inc., “ip tcp intercept drop-made,” Cisco IOS Security Command Reference, SR-399-SR-412.
Cisco Systems, Inc., “Establishing Security Components,” Chapter 8, Cisco SS7 Interconnect for Voice Gateways 2.0 Implementation Guide, pp. 8-1-8-6.
P. Watson, “Slipping in the Window: TCP RST Attacks,” Dec. 25, 2003 (“Watson”) pp. 1-3 & 5-33.
USC Information Sciences Institute, “Transmission Control Protocol, DARPA Internet Program Protocol Specification,” Internet Engineering Task Force (IETF), Request for Comments (RFC) 793 (Sep. 1981) [“IETF RFC 793”], pp. 1-84.
M. Dalal, “Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-01.txt,” Jun. 2, 2004, pp. 1-17.
M. Dalal, “Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-02.txt,” Nov. 22 2004, pp. 1-17.
M. Dalal, “Improving TCP's Robustness to Blind In-Window Attacks draft-ietf-tcpm-tcpsecure-03.txt,” May 18, 2005, pp. 1-18.
M. Dalal, “Improving TCP's Robustness to Blind In-Window Attacks draft-ietf-tcpm-tcpsecure-04.txt,” Feb. 13, 2006, pp. 1-27.
Stewart, R. “Transmission Control Protocol Security Considerations,” Network Working Group Internet Draft, Apr. 19, 2004, 11 pages.
International Searching Authority, “Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declarations,” PCT/US05/00551, dated May 26, 2006, 7 pages.
Current Claims, PCT/US05/0551, 4 pages.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Preventing network reset denial of service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Preventing network reset denial of service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing network reset denial of service attacks will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3769123

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.