Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2004-05-12
2010-06-01
Jean, Frantz B (Department: 2454)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C726S004000, C726S023000
Reexamination Certificate
active
07730175
ABSTRACT:
A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.
REFERENCES:
patent: 4550436 (1985-10-01), Freeman
patent: 4570157 (1986-02-01), Kodaira
patent: 4857912 (1989-08-01), Everett et al.
patent: 4912748 (1990-03-01), Horii et al.
patent: 5193192 (1993-03-01), Seberger
patent: 5222081 (1993-06-01), Lewis et al.
patent: 5430842 (1995-07-01), Thompson et al.
patent: 5459841 (1995-10-01), Flora-Holmquist et al.
patent: 5604910 (1997-02-01), Kojima et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5870554 (1999-02-01), Grossman et al.
patent: 5901307 (1999-05-01), Potter et al.
patent: 5917821 (1999-06-01), Gobuyan et al.
patent: 5919257 (1999-07-01), Trostle
patent: 5963942 (1999-10-01), Igata
patent: 5987473 (1999-11-01), Jorgensen
patent: 5995963 (1999-11-01), Nanba et al.
patent: 5999937 (1999-12-01), Ellard
patent: 6002427 (1999-12-01), Kipust
patent: 6141686 (2000-10-01), Jackowski et al.
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6219786 (2001-04-01), Cunningham et al.
patent: 6320848 (2001-11-01), Edwards et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6324656 (2001-11-01), Gleichauf et al.
patent: 6334121 (2001-12-01), Primeaux et al.
patent: 6343362 (2002-01-01), Ptacek et al.
patent: 6393474 (2002-05-01), Eichert et al.
patent: 6415321 (2002-07-01), Gleichauf et al.
patent: 6477648 (2002-11-01), Schell et al.
patent: 6487666 (2002-11-01), Shanklin et al.
patent: 6499107 (2002-12-01), Gleichauf et al.
patent: 6539381 (2003-03-01), Prasad et al.
patent: 6587876 (2003-07-01), Mahon et al.
patent: 6590885 (2003-07-01), Jorgensen
patent: 6678734 (2004-01-01), Haatainen et al.
patent: 6678824 (2004-01-01), Cannon et al.
patent: 6754826 (2004-06-01), Challener et al.
patent: 6766320 (2004-07-01), Wang et al.
patent: 6772196 (2004-08-01), Kirsch et al.
patent: 6789202 (2004-09-01), Ko et al.
patent: 6851061 (2005-02-01), Holland et al.
patent: 6957348 (2005-10-01), Flowers et al.
patent: 6983323 (2006-01-01), Cantrell et al.
patent: 6999998 (2006-02-01), Russell
patent: 7032114 (2006-04-01), Moran
patent: 7058821 (2006-06-01), Parekh et al.
patent: 7065657 (2006-06-01), Moran
patent: 7073198 (2006-07-01), Flowers et al.
patent: 7076803 (2006-07-01), Bruton et al.
patent: 7096503 (2006-08-01), Magdych et al.
patent: 7113789 (2006-09-01), Boehmke
patent: 7133916 (2006-11-01), Schunemann
patent: 7134141 (2006-11-01), Crosbie et al.
patent: 7152105 (2006-12-01), McClure et al.
patent: 7257630 (2007-08-01), Cole et al.
patent: 7305708 (2007-12-01), Norton et al.
patent: 7310688 (2007-12-01), Chin
patent: 7313695 (2007-12-01), Norton et al.
patent: 7317693 (2008-01-01), Roesch et al.
patent: 7363656 (2008-04-01), Weber et al.
patent: 2001/0034847 (2001-10-01), Gaul, Jr.
patent: 2002/0035639 (2002-03-01), Xu
patent: 2002/0066034 (2002-05-01), Schlossberg
patent: 2002/0083344 (2002-06-01), Vairavan
patent: 2002/0087716 (2002-07-01), Mustafa
patent: 2002/0112185 (2002-08-01), Hodges
patent: 2002/0123995 (2002-09-01), Shibuya
patent: 2002/0165707 (2002-11-01), Call
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0046388 (2003-03-01), Milliken
patent: 2003/0065817 (2003-04-01), Benchetrit et al.
patent: 2003/0083847 (2003-05-01), Schertz et al.
patent: 2003/0093517 (2003-05-01), Tarquini et al.
patent: 2003/0101353 (2003-05-01), Tarquini et al.
patent: 2003/0195874 (2003-10-01), Akaboshi
patent: 2003/0229726 (2003-12-01), Daseke et al.
patent: 2004/0015728 (2004-01-01), Cole et al.
patent: 2004/0034773 (2004-02-01), Balabine et al.
patent: 2004/0064726 (2004-04-01), Girouard
patent: 2004/0073800 (2004-04-01), Shah et al.
patent: 2004/0093582 (2004-05-01), Segura
patent: 2004/0123153 (2004-06-01), Wright et al.
patent: 2004/0172234 (2004-09-01), Dapp et al.
patent: 2004/0179477 (2004-09-01), Lincoln et al.
patent: 2004/0193943 (2004-09-01), Angelino et al.
patent: 2004/0268358 (2004-12-01), Darling et al.
patent: 2005/0005169 (2005-01-01), Kelekar
patent: 2005/0044422 (2005-02-01), Cantrell et al.
patent: 2005/0108393 (2005-05-01), Banerjee et al.
patent: 2005/0113941 (2005-05-01), Ii et al.
patent: 2005/0114700 (2005-05-01), Barrie et al.
patent: 2005/0160095 (2005-07-01), Dick et al.
patent: 2005/0172019 (2005-08-01), Williamson et al.
patent: 2005/0188079 (2005-08-01), Motsinger et al.
patent: 2005/0240604 (2005-10-01), Corl, Jr. et al.
patent: 2005/0268331 (2005-12-01), Le et al.
patent: 2005/0268332 (2005-12-01), Le et al.
patent: 2005/0273857 (2005-12-01), Freund
patent: 2006/0174337 (2006-08-01), Bernoth
patent: 2006/0265748 (2006-11-01), Potok
patent: 2006/0294588 (2006-12-01), Lahann et al.
patent: 2007/0192863 (2007-08-01), Kapoor et al.
patent: 2007/0288579 (2007-12-01), Schunemann
patent: 2008/0168561 (2008-07-01), Durie et al.
patent: 2009/0028147 (2009-01-01), Russell
Office Action issued on Feb. 5, 2008 in connection with the related U.S. Appl. No. 10/843,375.
Spitzner, Lance; Passive Fingerprinting, May 3, 2003; Focus on Intrusion Detection; pp. 1-4; obtained from http://www.ctillhq.com/pdfdb/000183/data.pdf.
Lyon, Gordon; Remote OS detection via TCP/IP Stack Fingerprinting, Jun. 30, 2002; pp. 1-12; obtained from: http://web.archive.org/web/20021017063625/www.insecure.org
map
map-fingerprinting-article.html.
Office Action issued on Feb. 21, 2008 in connection with the related U.S. Appl. No. 11/272,033.
Office Action issued on Mar. 12, 2008 in connection with related U.S. Appl. No. 10/843,459.
U.S. Appl. No. 10/843,353, filed May 2004, Roesch et al., System and Method for Determining Characteristics of a Network and Analyzing Vulnerbilities.
U.S. Appl. No. 10/843,374, filed May 2004, Roesch et al., System and Methods for Determining Characteristics of a Network Based on Flow Analysis.
U.S. Appl. No. 10/843,375, filed May 2004, Roesch et al., Systems and Methods for Determining Characteristics of a Network and Assessing Confidence.
U.S. Appl. No. 10/843,398, filed May 2004, Roesch et al., Systems and Methods for Determining Characteristics of a Network.
U.S. Appl. No. 10/843,459, filed May 2004, Roesch et al., Systems and Methods for Determining Characteristics of a Network and Enforcing Policy.
U.S. Appl. No. 10/898,220, filed Jul. 2004, Norton et al., Methods and Systems for Multi-Pattern Searching.
U.S. Appl. No. 10/951,796, filed Sep. 2004, Roelker et al., Intrusion Detection Strategies for Hypertext Transport Protocol.
U.S. Appl. No. 11/272,033, filed Nov. 2005, Dempster et al., Systems and Methods for Identifying the Services of a Network.
U.S. Appl. No. 11/272,034, filed Nov. 2005, Vogel, III et al., Systems and Methods for Modifying Network Map Attributes.
U.S. Appl. No. 11/272,035, filed Nov. 2005, Gustafson et al., Intrusion Event Correlation with Network Discovery Information.
U.S. Appl. No. 11/493,934, filed Jul. 2006, Roesch et al., Device System and Method for Analysis of Fragments in a Fragment Train.
U.S. Appl. No. 11/501,776, filed Aug. 2006, Roesch et al., Device, System and Method for Analysis of Segments in a Transmission Control Protocol (TCP) Session.
U.S. Appl. No. 11/711,876, filed Feb. 2007, Sturges et al., Device, System and Method for Timestamp Analysis of Segments in a Transmission Control Protocol (TCP) Session.
U.S. Appl. No. 11/785,609, filed Ap
Dempster Ronald A.
Roesch Martin
Jean Frantz B
Posz Law Group , PLC
Sourcefire, Inc.
LandOfFree
Systems and methods for identifying the services of a network does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems and methods for identifying the services of a network, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems and methods for identifying the services of a network will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4153996