Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
2011-01-18
2011-01-18
Srivastava, Vivek (Department: 2445)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S230000, C709S235000
Reexamination Certificate
active
07873731
ABSTRACT:
Systems detect maliciously formed TCP/IP retransmit packets attempting to pass through an intrusion detection system (IDS) and prevent them from reaching their destination by forcing early flow termination. As each packet arrives in the IDS, the TTL field is monotonically decreased by setting it to the smallest TTL received from the packet flow. Any packet flow that attempts to confuse the sensor with a low TTL will be starved off and will never reach the destination host. Each flow may be periodically reset to a high value or to the current packet value to allow flow recovery. In another embodiment, the TTL decrease mechanism may operate on a contingent basis, determined by the presence or absence of the flow identifier on a pre-determined list of flows that should never be restricted.
REFERENCES:
patent: 6192404 (2001-02-01), Hurst et al.
patent: 6671737 (2003-12-01), Snowdon et al.
patent: 7283563 (2007-10-01), Allan
patent: 7552237 (2009-06-01), Cernohous et al.
patent: 2003/0009594 (2003-01-01), McElligott
Mark Handley et al, “Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics,” Proceedings of USENIX Security Symposium 2001, www.icir.org/vern/papers
orm-usenix-sec-01.pdf.
Thomas H. Ptacek and Timothy N. Newsham;Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection; Jan. 1998; available at http://www.acri.org/vern/Ptacek-Newsham-Evasion-98.ps; last visited Mar. 19, 2003, 55 pages.
Vern Paxson;Bro: A System for Detecting Network Intruders in Real-Time; Computer Networks, Dec. 1999; 31 (23-24) pp. 2435-2463; also available at http://www.icir.org/vern/bro-info.html.
Mark Handley, Vern Paxson and Christian Kreibich;Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics; Proceedings of USENIX Security Symposium 2001, available at Http://www.icir.org/vern/papers/-norm-usenix-sec-01.html/index.html; last visited Mar. 19, 2003; 17 pages.
Hall, Jr. Michael L.
Leavy Nicholas
BainwoodHuang
Choudhury Azizul
Cisco Technology Inc.
Srivastava Vivek
LandOfFree
Use of per-flow monotonically decreasing TTLs to prevent IDS... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Use of per-flow monotonically decreasing TTLs to prevent IDS..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Use of per-flow monotonically decreasing TTLs to prevent IDS... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2731211