Preventing network reset denial of service attacks

Information security – Monitoring or scanning of software or data including attack...

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C709S227000, C370S235000

Reexamination Certificate

active

07458097

ABSTRACT:
Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

REFERENCES:
patent: 6779033 (2004-08-01), Watson et al.
patent: 7114181 (2006-09-01), Ramaiah et al.
patent: 7275093 (2007-09-01), Freed et al.
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2002/0145976 (2002-10-01), Meyer et al.
patent: 2003/0154399 (2003-08-01), Zuk et al.
patent: 2003/0191844 (2003-10-01), Meyer et al.
patent: 2004/0052234 (2004-03-01), Ameigeiras et al.
patent: 2005/0021999 (2005-01-01), Touitou et al.
patent: 2005/0039104 (2005-02-01), Shah et al.
patent: 2005/0160293 (2005-07-01), Ramaiah et al.
patent: 2005/0160478 (2005-07-01), Ramaiah et al.
patent: 2005/0216954 (2005-09-01), Ramaiah et al.
patent: 2006/0075482 (2006-04-01), Appanna et al.
patent: 2006/0253603 (2006-11-01), Clark et al.
U.S. Appl. No. 10/641,494, filed Aug. 14, 2003.
U.S. Appl. No. 60/537,372, filed Jan. 16, 2004.
U.S. Appl. No. 10/815,218, filed Mar. 30, 2004.
U.S. Appl. No. 10/842,015, filed May 6, 2004.
U.S. Appl. No. 10/959,225, filed Oct. 5, 2004.
R. Stewart et al., “Improving TCP's Robustness to Blind In-Window Attacks,” IETF Internet-draft, Jun. 15, 2006, pp. 1-26.
P. Watson, “Slipping in the Window: TCP RST Attacks,” Dec. 25, 2003 (“Watson”) pp. 1-3 & 5-33.
USC Information Sciences Institute, “Transmission Control Protocol, DARPA Internet Program Protocol Specification,” Internet Engineering Task Force (IETF), Request for Comments (RFC) 793 (Sep. 1981) [“IETF RFC 793”], pp. 1-84.
M. Dalal, “Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-01.txt,” Jun. 2, 2004, pp. 1-17.
M. Dalal, “Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-02.txt,” Nov. 22, 2004, pp. 1-17.
M. Dalal, “Improving TCP's Robustness to Blind In-Window Attacks draft-ietf-tcpm-tcpsecure-03.txt,” May 18, 2005, pp. 1-18.
M. Dalal, “Improving TCP's Robustness to Blind In-Window Attacks draft-ietf-tcpm-tcpsecure-04.txt,” Feb. 13, 2006, pp. 1-27.
Cisco Systems, Inc., “Configuring TCP Internet (Prevent Denial-of-Service Attacks,” pp. SC-189-SC-194.
Cisco Systems, Inc., “TCP Intercept Commands,” Cisco IOS Command Summary, vol. 1 of 2, pp. CS1-817-CS1-820.
Cisco Systems, Inc., “ip tcp intercept drop-made,” Cisco IOS Security Command Reference, SR-399-SR-412.
Cisco Systems, Inc., “Establishing Security Components,” Chapter 8, Cisco SS7 Interconnect for Voice Gateways 2.0 Implementation Guide, pp. 8-1-8.6.
Stewart, R. “Transmission Control Protocol Security Considerations,” Network Working Group Internet Draft, Apr. 19, 2004, 9 pages.
International Searching Authority, “Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declarations,” PCT/US05/00551, dated May 26, 2006, 7 pages.
Claims of PCT/US05/00551 as of May 26, 2006, 4 pages.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Preventing network reset denial of service attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Preventing network reset denial of service attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing network reset denial of service attacks will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4021859

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.