Multiplex communications – Diagnostic testing – Determination of communication parameters
Reexamination Certificate
2004-12-22
2009-10-13
Ahmed, Salman (Department: 2419)
Multiplex communications
Diagnostic testing
Determination of communication parameters
C713S168000, C370S389000, C370S428000, C726S022000, C726S026000
Reexamination Certificate
active
07602731
ABSTRACT:
The present invention provides an integrated prevention of header, state, rate and content anomalies along with network policy enforcement. A hardware based apparatus classifies layers2, 3, 4and7network data and maintains rate-thresholds through continuous and adaptive learning. In the process of classifying the packets, the apparatus can determine header and state anomalies and drop packets containing those anomalies. Accurate detection and prevention of layer7content anomalies is achieved using fragment assembly, TCP reorder and retransmission removal components, which also identify anomalies in those areas. Content inspection is achieved at high speed through a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter.
REFERENCES:
patent: 6711127 (2004-03-01), Gorman et al.
patent: 6904057 (2005-06-01), Sarkinen et al.
patent: 6928549 (2005-08-01), Brock et al.
patent: 6944168 (2005-09-01), Paatela et al.
patent: 6944678 (2005-09-01), Lu et al.
patent: 7006505 (2006-02-01), Bleszynski et al.
patent: 7058974 (2006-06-01), Maher et al.
patent: 7082117 (2006-07-01), Billhartz
patent: 7150044 (2006-12-01), Hoefelmeyer et al.
patent: 7177930 (2007-02-01), LoPresti
patent: 7233597 (2007-06-01), Kumar et al.
patent: 7234168 (2007-06-01), Gupta et al.
patent: 7305708 (2007-12-01), Norton et al.
patent: 7308715 (2007-12-01), Gupta et al.
patent: 7386733 (2008-06-01), Yoon et al.
patent: 7409714 (2008-08-01), Gupta et al.
patent: 7411957 (2008-08-01), Stacy et al.
patent: 7424744 (2008-09-01), Wu et al.
patent: 7426634 (2008-09-01), Jain
patent: 2002/0194469 (2002-12-01), Dominique et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0004689 (2003-01-01), Gupta et al.
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0041266 (2003-02-01), Ke et al.
patent: 2003/0097557 (2003-05-01), Tarquini et al.
patent: 2003/0105881 (2003-06-01), Symons et al.
patent: 2003/0123447 (2003-07-01), Smith
patent: 2003/0123452 (2003-07-01), Cox et al.
patent: 2003/0149887 (2003-08-01), Yadav
patent: 2003/0204632 (2003-10-01), Willebeek-LeMair et al.
patent: 2003/0221013 (2003-11-01), Lockwood et al.
patent: 2004/0008681 (2004-01-01), Govindarajan et al.
patent: 2004/0114519 (2004-06-01), MacIsaac
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0060557 (2005-03-01), Lin
patent: 2005/0086500 (2005-04-01), Albornoz
patent: 2005/0111460 (2005-05-01), Sahita
patent: 2006/0023709 (2006-02-01), Hall et al.
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 0493892 (1992-07-01), None
A multi-agent based system for intrusion detection; Hegazy, I.M.; Al-Arif, T.; Fayed, Z.T.; Faheem, H.M.; Potentials, IEEE vol. 22, Issue 4, Oct.-Nov. 2003 pp. 28-31.
Architecture for a hardware-based, TCP/IP content-processing system; Schuehler, D.V.; Moscola, J.; Lockwood, J.W.; Micro, IEEE vol. 24, Issue 1, Jan.-Feb. 2004 pp. 62-69.
TCP-Stream reassembly and state tracking in hardware; Necker, M.; Contis, D.; Schimmel, D.; Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on Apr. 22-24, 2002 pp. 286-287.
Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]; Schuehler, D.V.; Moscola, J.; Lockwood, J.; High Performance Interconnects, 2003. Proceedings. 11th Symposium on Aug. 20-22, 2003 pp. 89-94.
http://www.idt.com/docs/75K6213452134—DS—80635.pdf 4.5M and 9M Network Search Engine (NSE) with QDR™ Interface.
G. Iannaccone, S. Jaiswal and C. Diot, “Packet Reordering Inside the Sprint Backbone,” Tech. Report, TR01-ATL-062917, Sprint ATL, Jun. 2001.
E. Blanton and M. Allman, “On Making TCP More Robust to Packet Reordering”, ACM Computer Comm. Review, 32(1), Jan. 2002, pp. 20-30.
M. Laor and L. Gendel, “The Effect of Packet Recordering in a Backbone Link on Application Throughput,” IEEE Network, Sep./Oct. 2002, pp. 28-36.
Girish P. Chandranmenon et al., “Reconsidering Fragmentation and Reassembly,” Aug. 1, 1997, Washington University in St. Louis, pp. 1-23.
T. Banka, A. A. Bare and A. P. Jayasumana, “Metrics for Degree of Reordering in Packet Sequences,” Proc. 27th IEEE Conference on Local Computer Networks, Nov. 2002, pp. 333-342.
J. Bellardo and S. Savage, “Measuring Packet Reordering,” Proc. IMW'02, Nov. 2002, pp. 97-105.
S. Jaiswal, G. Iannaccone, C. Diot, J. Kurose and D. Towsley, “Measurement and Classification of Out-of-sequence Packets in Tier-1 IP Backbone,” Proc. IEEE INFOCOM, Mar. 2003, pp. 1199-1209.
Chris Clark, Wenke Lee, David Schimmel, Didier Contis, Mohamed Konè and Ashley Thomas, “A Hardware Platform for Network Intrusion Detection and Prevention”, Workshop on Network Processors & Applications—NP3, Feb. 14-15, 2004, Madrid, Spain.
Colleen Shannon, David Moore, k claffy, “Characteristics of Fragmented IP Traffic on Internet Links”,PAM2001—A workshop on Passive and Active Measurements, RIPE NCC, (Amsterdam, Netherlands), 2001.
Thomas H. Ptacek; Timothy N. Newsham, “Insertion Evasion and Denial of Service Eluding Network Intrusion Detection”, Secure Networks, Jan. 1998.
David V. Schuehler John Lockwood, “TCP-Splitter A TCPIP Flow Monitor in Reconfigurable Hardware”, IEEE Micro, Jan./Feb. 2003.
Marc Necker, Didier Contis, David Schimmel, “TCP-Stream Reassembly and State Tracking in Hardware”, Proceedings of the 10 th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'02).
David V. Schuehler, James Moscola, John Lockwood, “Architecture for a Hardware Based, TCP/IP Content Scanning System”, Proceedings of Hot Interconnects 11 (HotI-11), Stanford, CA, Aug. 20-22, 2003, pp. 89-94.
J. Postel, J. Reynolds, “Telnet Protocol Specifications”, RFC 854, May 1983.
J. Postel, J. Reynolds, “File Transfer Protocol (FTP)”, RFC 959, May 1985.
P. Mockapetris, “Domain Names—Implementation and Specification”, RFC 1035, Nov. 1987.
Sun Microsystems, “RPC: Remote Procedure Call Protocol Specification Version 2”, RFC 1057, Jun. 1988.
J. Myers, M. Rose, “Post Office Protocol—Version 3”, RFC 1939, May 1996.
R. Fielding, et. al, “Hypertext Transfer Protocol—HTTP/1.1”, RFC 2616, Jun. 1999.
J. Klensin, “Simple Mail Transfer Protocol”, RFC 2821, Apr. 2001.
David D. Clark, “IP Datagram Reassembly Algorithms”, RFC 815, Jul. 1982.
http://www.ccsi.cs.sunysb.edu/elibrary/linux
etwork/iprecv4.pdf Internet pages, “IP Reassembly”, downloaded on Oct. 19, 2004.
Adam Dunkels, “Minimal TCP/IP implementation with proxy support”, SICS Tchnical Report T2001:20, ISSN 1100-3154.
David Watson, Matthew Smart, G. Robert Malan, “Protocol Scrubbing: Network Security Through Transparent Flow Modification”, IEEE/ACM Transactions on Networking, vol. 12, No. 2, Apr. 2004.
Matthew V. Mahoney et al., “PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic,” Florida Institute of Technology Technical Report CS-2001-04, pp. 1-17.
Sun Microsystems, Inc., “RPC: Remote Procedure Call” RFC 1050, Apr. 1988.
http://www.syngress.com/book—catalog/244—snort/sample.pdf, “Preprocessors”, Internet pages downloaded on Oct. 19, 2004.
Ahmed Salman
IntruGuard Devices, Inc.
Lumen Patent Firm
LandOfFree
System and method for integrated header, state, rate and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for integrated header, state, rate and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for integrated header, state, rate and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4062228