-
1.发明授权公开(公告)号:US10326730B2
公开(公告)日:2019-06-18
申请号:US15193863
申请日:2016-06-27
Applicant: Cisco Technology, Inc.
Inventor: Venkatesh N. Gautam , Meixing Le
Abstract: Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.
-
公开(公告)号:US10264079B2
公开(公告)日:2019-04-16
申请号:US15157621
申请日:2016-05-18
Applicant: Cisco Technology, Inc.
Inventor: Manish Pathak , Venkatesh N. Gautam , Jianxin Wang
Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.
-
3.发明申请公开(公告)号:US20170374017A1
公开(公告)日:2017-12-28
申请号:US15193863
申请日:2016-06-27
Applicant: Cisco Technology, Inc.
Inventor: Venkatesh N. Gautam , Meixing Le
CPC classification number: H04L61/1511 , H04L61/6068 , H04L67/02 , H04L67/2804 , H04L67/2842
Abstract: Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.
-
Patent Agency Ranking
公开(公告)号:US20170339253A1
公开(公告)日:2017-11-23
申请号:US15157621
申请日:2016-05-18
Applicant: Cisco Technology, Inc.
Inventor: Manish Pathak , Venkatesh N. Gautam , Jianxin Wang
CPC classification number: H04L67/142 , H04L67/146 , H04L69/22
Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.
-
5.发明申请公开(公告)号:US20170104722A1
公开(公告)日:2017-04-13
申请号:US14877116
申请日:2015-10-07
Applicant: Cisco Technology, Inc.
Inventor: Vincent E. Parla , Hari Shankar , Constantinos Kleopa , Venkatesh N. Gautam , Gerald N.A. Selvam
IPC: H04L29/06
CPC classification number: H04L63/0281 , H04L63/0254 , H04L63/1425
Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
-
公开(公告)号:US10686889B2
公开(公告)日:2020-06-16
申请号:US16287099
申请日:2019-02-27
Applicant: Cisco Technology, Inc.
Inventor: Manish Pathak , Venkatesh N. Gautam , Jianxin Wang
Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.
-
公开(公告)号:US20190199804A1
公开(公告)日:2019-06-27
申请号:US16287099
申请日:2019-02-27
Applicant: Cisco Technology, Inc.
Inventor: Manish Pathak , Venkatesh N. Gautam , Jianxin Wang
CPC classification number: H04L67/142 , H04L67/146 , H04L69/22
Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.
-
8.发明授权公开(公告)号:US10027627B2
公开(公告)日:2018-07-17
申请号:US14877116
申请日:2015-10-07
Applicant: Cisco Technology, Inc.
Inventor: Vincent E. Parla , Hari Shankar , Constantinos Kleopa , Venkatesh N. Gautam , Gerald N. A. Selvam
Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.017 seconds)
