-
1.发明申请公开(公告)号:US20070233877A1
公开(公告)日:2007-10-04
申请号:US11396249
申请日:2006-03-30
申请人: Diheng Qu , Nicholas Leavy , Richard Fox
发明人: Diheng Qu , Nicholas Leavy , Richard Fox
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L63/14 , H04L29/12377 , H04L29/12509 , H04L61/2517 , H04L61/2567 , H04L67/2814
摘要: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.
摘要翻译: 公开了使用路由器和代理处理数据包的方法和装置,以透明地代理客户端和服务器之间的连接。 一种方法涉及将TCP连接映射到连接ID并将从TCP连接发送到代理的段,包括连接ID,方向值和分配的代理应用程序的标识符,使得该段似乎来自该连接 。 该方法还包括代理从IP套接字创建和读取,所述IP套接字对应于段,连接ID,方向和分配的代理应用,然后使用连接ID,第二方向值和所分配的代理的标识符来欺骗该段 应用。
-
2.发明授权公开(公告)号:US09154512B2
公开(公告)日:2015-10-06
申请号:US11396249
申请日:2006-03-30
申请人: Diheng Qu , Nicholas Leavy
发明人: Diheng Qu , Nicholas Leavy , Richard Fox
IPC分类号: G06F15/173 , G06F15/16 , H04L29/06 , H04L29/12 , H04L29/08
CPC分类号: H04L63/14 , H04L29/12377 , H04L29/12509 , H04L61/2517 , H04L61/2567 , H04L67/2814
摘要: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.
摘要翻译: 公开了使用路由器和代理处理数据包的方法和装置,以透明地代理客户端和服务器之间的连接。 一种方法涉及将TCP连接映射到连接ID并将从TCP连接发送到代理的段,包括连接ID,方向值和分配的代理应用程序的标识符,使得该段似乎来自该连接 。 该方法还包括代理从IP套接字创建和读取,所述IP套接字对应于段,连接ID,方向和分配的代理应用,然后使用连接ID,第二方向值和所分配的代理的标识符来欺骗该段 应用。
-
公开(公告)号:US07334035B1
公开(公告)日:2008-02-19
申请号:US10903133
申请日:2004-07-30
申请人: Nicholas Leavy
发明人: Nicholas Leavy
IPC分类号: G06F15/173
CPC分类号: H04L63/0254 , H04L67/06 , H04L67/322
摘要: A method and intermediate device for dynamically modifying a stateful inspection of data. In one embodiment, the present invention is comprised of an intermediate device such as, for example, a router. The intermediate device is adapted to perform a stateful inspection of data passing therethrough. In one approach, the intermediate device performs the stateful inspection by inspecting the data to determine state information for the data. Next, the intermediate device modifies a state graph used to perform the stateful inspection of the data based upon the state information found during the aforementioned inspection. The intermediate device then utilizes the modified state graph to perform continued stateful inspection of the data. In so doing, the present invention enables an enhanced use of Quality of Service (QoS) classification based upon the high level application of the data. The present invention further provides a classification engine which can readily be adapted to new protocols.
摘要翻译: 一种用于动态修改数据状态检查的方法和中间设备。 在一个实施例中,本发明包括诸如路由器之类的中间设备。 中间装置适于对通过其中的数据执行状态检查。 在一种方法中,中间设备通过检查数据来确定数据的状态信息来执行状态检查。 接下来,中间装置基于在上述检查期间发现的状态信息来修改用于执行数据的状态检查的状态图。 然后,中间设备利用修改后的状态图来对数据进行持续状态检查。 这样做,本发明能够基于数据的高级应用来增强使用服务质量(QoS)分类。 本发明还提供了可以容易地适应于新协议的分类引擎。
-
公开(公告)号:US06912570B1
公开(公告)日:2005-06-28
申请号:US09439116
申请日:1999-11-12
申请人: Nicholas Leavy
发明人: Nicholas Leavy
IPC分类号: G06F15/173 , H04L29/06 , H04L29/08
CPC分类号: H04L63/0254 , H04L67/06 , H04L67/322
摘要: A method and intermediate device for dynamically modifying a stateful inspection of data. In one embodiment, the present invention is comprised of an intermediate device such as, for example, a router. The intermediate device is adapted to perform a stateful inspection of data passing therethrough. In one approach, the intermediate device performs the stateful inspection by inspecting the data to determine state information for the data. Next, the intermediate device modifies a state graph used to perform the stateful inspection of the data based upon the state information found during the aforementioned inspection. The intermediate device then utilizes the modified state graph to perform continued stateful inspection of the data. In so doing, the present invention enables an enhanced use of Quality of Service (QoS) classification based upon the high level application of the data. The present invention further provides a classification engine which can readily be adapted to new protocols.
摘要翻译: 一种用于动态修改数据状态检查的方法和中间设备。 在一个实施例中,本发明包括诸如路由器之类的中间设备。 中间装置适于对通过其中的数据执行状态检查。 在一种方法中,中间设备通过检查数据来确定数据的状态信息来执行状态检查。 接下来,中间装置基于在上述检查期间发现的状态信息来修改用于执行数据的状态检查的状态图。 然后,中间设备利用修改后的状态图来对数据进行持续状态检查。 这样做,本发明能够基于数据的高级应用来增强使用服务质量(QoS)分类。 本发明还提供了可以容易地适应于新协议的分类引擎。
-
5.发明授权公开(公告)号:US07873731B1
公开(公告)日:2011-01-18
申请号:US10820591
申请日:2004-04-08
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L63/1416
摘要: Systems detect maliciously formed TCP/IP retransmit packets attempting to pass through an intrusion detection system (IDS) and prevent them from reaching their destination by forcing early flow termination. As each packet arrives in the IDS, the TTL field is monotonically decreased by setting it to the smallest TTL received from the packet flow. Any packet flow that attempts to confuse the sensor with a low TTL will be starved off and will never reach the destination host. Each flow may be periodically reset to a high value or to the current packet value to allow flow recovery. In another embodiment, the TTL decrease mechanism may operate on a contingent basis, determined by the presence or absence of the flow identifier on a pre-determined list of flows that should never be restricted.
摘要翻译: 系统检测恶意形成的TCP / IP重传数据包尝试通过入侵检测系统(IDS),并通过强制早期流程终止来阻止它们到达目的地。 当每个数据包到达IDS时,TTL字段通过将其设置为从数据包流接收到的最小TTL而单调减少。 尝试将传感器与低TTL混淆的任何数据包流将被饿死,永远不会到达目标主机。 每个流程可以周期性地重置为高值或当前分组值,以允许流量恢复。 在另一个实施例中,TTL减小机制可以在由永久不受限制的预定流量列表上的流标识符的存在或不存在的基础上进行操作。
-
公开(公告)号:US07500264B1
公开(公告)日:2009-03-03
申请号:US10820327
申请日:2004-04-08
CPC分类号: H04L63/123 , H04L63/1466
摘要: Embodiments of the invention are directed to systems that detect maliciously formed TCP/IP retransmit packets attempting to pass through an intrusion detection system (IDS) and prevent them from reaching their destination by forcing early flow termination. The IDS may be configured to track a hash of certain fields in each packet. This set of hashes is maintained for all of the packets in the currently open TCP window for each flow. If the hash of a retransmit packet does not match the cached hash of the corresponding original packet, the system concludes that there is an attack under way and terminates the flow. The hash function may range in complexity and security from low complexity and relative insecurity to high complexity and high security. Hash algorithms may also be used in conjunction with a private seed value concatenated with the packet fields prior to hashing.
摘要翻译: 本发明的实施例涉及检测恶意形成的TCP / IP重传分组的系统,所述TCP / IP重传分组尝试通过入侵检测系统(IDS)并且通过强制早期的流量终止来阻止它们到达目的地。 IDS可以被配置为跟踪每个分组中某些字段的散列。 对于每个流,当前打开的TCP窗口中的所有数据包都保留了这组哈希值。 如果重传数据包的散列与对应的原始数据包的缓存散列不匹配,则系统得出结论,正在进行攻击并终止流程。 散列函数的范围可能在复杂性和安全性方面都很低,复杂度低,相对不安全,高复杂度和高安全性。 哈希算法还可以与散列之前的分组字段连接的私有种子值结合使用。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.014 秒)
