Multiplex communications – Diagnostic testing – Determination of communication parameters
Reexamination Certificate
2005-06-20
2009-12-01
Sheikh, Ayaz R (Department: 2419)
Multiplex communications
Diagnostic testing
Determination of communication parameters
C713S168000, C370S389000, C370S428000, C726S022000, C726S026000
Reexamination Certificate
active
07626940
ABSTRACT:
The present invention provides an integrated prevention of header, state, rate and content anomalies along with network policy enforcement for domain name service (DNS). A hardware-based apparatus helps identifying DNS rate-thresholds through continuous and adaptive learning. The apparatus can determine DNS header and DNS state anomalies and drop packets containing those anomalies. DNS queries and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for DNS.
REFERENCES:
patent: 6711127 (2004-03-01), Gorman et al.
patent: 6904057 (2005-06-01), Sarkinen et al.
patent: 6928549 (2005-08-01), Brock et al.
patent: 6944168 (2005-09-01), Paatela et al.
patent: 6944678 (2005-09-01), Lu et al.
patent: 7006505 (2006-02-01), Bleszynski et al.
patent: 7058974 (2006-06-01), Maher et al.
patent: 7082117 (2006-07-01), Billhartz
patent: 7150044 (2006-12-01), Hoefelmeyer et al.
patent: 7177930 (2007-02-01), LoPresti
patent: 7233597 (2007-06-01), Kumar et al.
patent: 7234168 (2007-06-01), Gupta et al.
patent: 7305708 (2007-12-01), Norton et al.
patent: 7308715 (2007-12-01), Gupta et al.
patent: 7386733 (2008-06-01), Yoon et al.
patent: 7409714 (2008-08-01), Gupta et al.
patent: 7411957 (2008-08-01), Stacy et al.
patent: 7424744 (2008-09-01), Wu et al.
patent: 7426634 (2008-09-01), Jain
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2002/0194469 (2002-12-01), Dominique et al.
patent: 2003/0004688 (2003-01-01), Gupta et al.
patent: 2003/0004689 (2003-01-01), Gupta et al.
patent: 2003/0009699 (2003-01-01), Gupta et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0041266 (2003-02-01), Ke et al.
patent: 2003/0070096 (2003-04-01), Pazi et al.
patent: 2003/0076848 (2003-04-01), Bremler-Barr et al.
patent: 2003/0097557 (2003-05-01), Tarquini et al.
patent: 2003/0105881 (2003-06-01), Symons et al.
patent: 2003/0110274 (2003-06-01), Pazi et al.
patent: 2003/0123447 (2003-07-01), Smith
patent: 2003/0123452 (2003-07-01), Cox et al.
patent: 2003/0149887 (2003-08-01), Yadav
patent: 2003/0204632 (2003-10-01), Willebeek-LeMair et al.
patent: 2003/0221013 (2003-11-01), Lockwood et al.
patent: 2004/0008681 (2004-01-01), Govindarajan et al.
patent: 2004/0114519 (2004-06-01), MacIsaac
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0060557 (2005-03-01), Lin
patent: 2005/0086500 (2005-04-01), Albornoz
patent: 2005/0111460 (2005-05-01), Sahita
patent: 2006/0023709 (2006-02-01), Hall et al.
patent: 2006/0117386 (2006-06-01), Gupta et al.
patent: 0493892 (1992-07-01), None
patent: WO 0078004 (2000-12-01), None
A multi-agent based system for intrusion detection; Hegazy, I.M.; Al-Arif, T.; Fayed, Z.T.; Faheem, H.M.; Potentials, IEEE vol. 22, Issue 4, Oct.-Nov. 2003, pp. 28-31.
Architecture for a hardware-based, TCP/IP content-processing system; Schuehler, D.V.; Moscola, J.; Lockwood, J.W.; Micro, IEEE vol. 24, Issue 1, Jan.-Feb. 2004 pp. 62-69.
TCP-Stream reassembly and state tracking in hardware; Necker, M.; Contis, D.; Schimmel, D.; Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on Apr. 22-24, 2002 pp. 286-287.
Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]; Schuehler, D.V.; Moscola, J.; Lockwood, J.; High Performance Interconnects, 2003. Proceedings. 11th Symposium on Aug. 20-22, 2003 pp. 89-94.
Network-based Intrusion Detection Model for Detecting TCP SYN flooding; U Kanlayasiri, S Sanguanpong—Proceedings of the 4 th National Computer Science 2000.
Some approaches to information security of communication networks; S Avdoshin, V Serdiouk—Informatica-Ljubljana- , 2002.
Network Management & Security; E Cheung—Network security, 2003.
G. Iannaccone, S. Jaiswal and C. Diot, “Packet Reordering Inside the Sprint Backbone,” Tech. Report, TR01-ATL-062917, Sprint ATL, Jun. 2001.
E. Blanton and M. Allman, “On Making TCP More Robust to Packet Reordering”, ACM Computer Comm. Review, 32(1), Jan. 2002, pp. 20-30.
M. Laor and L. Gendel, “The Effect of Packet Reordering in a Backbone Link on Application Throughput,” IEEE Network, Sep./Oct. 2002, pp. 28-36.
Girish P. Chandranmenon et al., “Reconsidering Fragmentation and Reassembly,” Aug. 1, 1997, Washington University in St. Louis, pp. 1-23.
T. Banka, A. A. Bare and A. P. Jayasumana, “Metrics for Degree of Reordering in Packet Sequences,” Proc. 27th IEEE Conference on Local Computer Networks, Nov. 2002, pp. 333-342.
J. Bellardo and S. Savage, “Measuring Packet Reordering,” Proc. IMW'02, Nov. 2002, pp. 97-105.
S. Jaiswal, G. Iannaccone, C. Diot, J. Kurose and D. Towsley, “Measurement and Classification of Out-of-sequence Packets in Tier-1 IP Backbone,” Proc. IEEE INFOCOM, Mar. 2003, pp. 1199-1209.
Chris Clark, Wenke Lee, David Schimmel, Didier Contis, Mohamed Koné and Ashley Thomas, “A Hardware Platform for Network Intrusion Detection and Prevention”, Workshop on Network Processors & Applications—NP3, Feb. 14-15, 2004, Madrid, Spain.
Colleen Shannon, David Moore, k claffy, “Characteristics of Fragmented IP Traffic on Internet Links”,PAM2001—A workshop on Passive and Active Measurements, RIPE NCC, (Amsterdam, Netherlands), 2001.
Thomas H. Ptacek; Timothy N. Newsham, “Insertion Evasion and Denial of Service Eluding Network Intrusion Detection”, Secure Networks, Jan. 1998.
David V. Schuehler John Lockwood, “TCP-Splitter A TCPIP Flow Monitor in Reconfigurable Hardware”, IEEE Micro, Jan./Feb. 2003.
David V. Schuehler, James Moscola, John Lockwood, “Architecture for a Hardware Based, TCP/IP Content Scanning System”, Proceedings of Hot Interconnects 11 (HotI-11), Stanford, CA, Aug. 20-22, 2003, pp. 89-94.
J. Postel, J. Reynolds, “Telnet Protocol Specifications”, RFC 854, May 1983.
J. Postel, J. Reynolds, “File Transfer Protocol (FTP)”, RFC 959, May 1985.
P. Mockapetris, “Domain Names—Implementation and Specification”, RFC 1035, Nov. 1987.
Sun Microsystems, “RPC: Remote Procedure Call Protocol Specification Version 2”, RFC 1057, Jun. 1988.
J. Myers, M. Rose, “Post Office Protocol—Version 3”, RFC 1939, May 1996.
R. Fielding, et. al, “Hypertext Transfer Protocol—HTTP/1.1”, RFC 2616, Jun. 1999.
J. Klensin, “Simple Mail Transfer Protocol”, RFC 2821, Apr. 2001.
David D. Clark, “IP Datagram Reassembly Algorithms”, RFC 815, Jul. 1982.
http://www.ecsl.cs.sunysb.edu/elibrary/linux
etwork/iprecv4.pdf Internet pages, “IP Reassembly”, downloaded on Oct. 19, 2004.
David Watson, Matthew Smart, G. Robert Malan, “Protocol Scrubbing: Network Security Through Transparent Flow Modification”, IEEE/ACM Transactions on Networking, vol. 12, No. 2, Apr. 2004.
Matthew V. Mahoney et al., “PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic,” Florida Institute of Technology Technical Report CS-2001-04, pp. 1-17.
Sun Microsystems, Inc., “RPC: Remote Procedure Call” RFC 1050, Apr. 1988.
http://www.syngress.com/book—catalog/244—snort/sample.pdf, “Preprocessors”, Internet pages downloaded on Oct. 19, 2004.
Ahmed Salman
IntruGuard Devices, Inc.
Lumen Patent Firm
Sheikh Ayaz R
LandOfFree
System and method for integrated header, state, rate and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for integrated header, state, rate and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for integrated header, state, rate and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4068914