利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

39 条记录 (耗时 0.023 秒)

    DISTRIBUTED TCP SYN FLOOD PROTECTION
    1.
    发明申请
    DISTRIBUTED TCP SYN FLOOD PROTECTION 有权
    分布式TCP SYN FLOOD保护

    公开(公告)号:US20130263245A1

    公开(公告)日:2013-10-03

    申请号:US13794367

    申请日:2013-03-11

    申请人: Yi Sun Meng Xu Louis Cheung Choung-Yaw Michael Shieh

    发明人: Yi Sun Meng Xu Louis Cheung Choung-Yaw Michael Shieh

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0209 H04L63/1458

    摘要: A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.

    摘要翻译: 本文公开了用于TCP SYN防洪的方法和装置。 在一个实施例中,TCP SYN泛洪保护装置包括可操作以处理分组输入和输出功能的第一设备,包括相对于来自发送方的发送方与发送方与目的地服务器之间的第一TCP连接的连接发起执行发送方验证,以及 所述第二设备与所述第一设备分离,以在所述第一设备验证所述发送者是合法之后,对来自所述发送者的所述第一TCP连接的分组执行一个或多个安全处理操作。

    Non-fragmented IP packet tunneling in a network
    2.
    发明授权
    Non-fragmented IP packet tunneling in a network 有权
    网络中非分片IP分组隧道

    公开(公告)号:US09294302B2

    公开(公告)日:2016-03-22

    申请号:US13847881

    申请日:2013-03-20

    申请人: Yi Sun Meng Xu Choung-Yaw Michael Shieh

    发明人: Yi Sun Meng Xu Choung-Yaw Michael Shieh

    IPC分类号: H04L12/46 H04L29/06

    CPC分类号: H04L12/4633 H04L69/166

    摘要: A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.

    摘要翻译: 本文公开了一种用于网络中的IP分组隧道的方法和装置。 在一个实施例中,该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

    COOPERATIVE NETWORK SECURITY INSPECTION
    3.
    发明申请
    COOPERATIVE NETWORK SECURITY INSPECTION 有权
    合作网络安全检查

    公开(公告)号:US20130291088A1

    公开(公告)日:2013-10-31

    申请号:US13860408

    申请日:2013-04-10

    申请人: Choung-Yaw Michael Shieh Meng Xu Yi Sun Jia-Jyi Roger Lian

    发明人: Choung-Yaw Michael Shieh Meng Xu Yi Sun Jia-Jyi Roger Lian

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0218 H04L63/0227 H04L63/0263

    摘要: A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.

    摘要翻译: 网络系统包括安全设备和网络接入设备。 网络接入设备是从目的地节点的源节点接收分组,并检查由网络接入设备维护的数据结构,以确定数据结构是否存储具有预定值的数据成员,数据成员指示 是否应该进行安全处理。 如果数据成员与预定值相匹配,则将分组发送到与网络接入设备相关联的安全设备,以允许安全设备执行内容检查,并且响应于从安全设备接收到的响应,将分组路由到 目标节点取决于响应。 分组被路由到目的地节点,而不将分组转发到安全设备。

    Cooperative network security inspection
    5.
    发明授权
    Cooperative network security inspection 有权
    合作网络安全检查

    公开(公告)号:US08955093B2

    公开(公告)日:2015-02-10

    申请号:US13860408

    申请日:2013-04-10

    申请人: Choung-Yaw Michael Shieh Meng Xu Yi Sun Jia-Jyi Roger Lian

    发明人: Choung-Yaw Michael Shieh Meng Xu Yi Sun Jia-Jyi Roger Lian

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0218 H04L63/0227 H04L63/0263

    摘要: A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.

    摘要翻译: 网络系统包括安全设备和网络接入设备。 网络接入设备是从目的地节点的源节点接收分组,并检查由网络接入设备维护的数据结构,以确定数据结构是否存储具有预定值的数据成员,数据成员指示 是否应该进行安全处理。 如果数据成员与预定值相匹配,则将分组发送到与网络接入设备相关联的安全设备,以允许安全设备执行内容检查,并且响应于从安全设备接收到的响应,将分组路由到 目标节点取决于响应。 分组被路由到目的地节点,而不将分组转发到安全设备。

    ADAPTIVE SESSION FORWARDING FOLLOWING VIRTUAL MACHINE MIGRATION DETECTION
    6.
    发明申请
    ADAPTIVE SESSION FORWARDING FOLLOWING VIRTUAL MACHINE MIGRATION DETECTION 审中-公开
    针对虚拟机移动检测的自适应会话

    公开(公告)号:US20130275592A1

    公开(公告)日:2013-10-17

    申请号:US13860404

    申请日:2013-04-10

    申请人: Meng Xu Yi Sun Hsisheng Wang Choung-Yaw Michael Shieh

    发明人: Meng Xu Yi Sun Hsisheng Wang Choung-Yaw Michael Shieh

    IPC分类号: H04L12/56

    CPC分类号: H04L45/14 G06F9/45558 G06F2009/4557 G06F2009/45595 H04L45/02 H04L63/0209 H04L63/20

    摘要: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.

    摘要翻译: 网络系统包括具有防火墙的输入/输出(IO)模块的第一网络接入设备,用于捕获从与第一网络接入设备相关联的第一节点发起的网络会话的分组,具有防火墙处理的第一安全设备 模块,以基于所捕获的分组确定所述第一节点是否是从与第二网络接入设备相关联的第二节点接收VM迁移的目的地节点。 第一安全设备是更新第一网络接入设备内的第一流表。 网络系统还包括第二安全设备,用于从第一安全设备接收关于VM迁移的消息以更新第二网络接入设备的第二流表,使得网络会话的另外的网络业务路由到第一节点 而不会中断网络会话。

    NON-FRAGMENTED IP PACKET TUNNELING IN A NETWORK
    7.
    发明申请
    NON-FRAGMENTED IP PACKET TUNNELING IN A NETWORK 有权
    网络中的非易碎IP分组隧道

    公开(公告)号:US20130250956A1

    公开(公告)日:2013-09-26

    申请号:US13847881

    申请日:2013-03-20

    申请人: Yi Sun Meng Xu Choung-Yaw Michael Shieh

    发明人: Yi Sun Meng Xu Choung-Yaw Michael Shieh

    IPC分类号: H04L12/46

    CPC分类号: H04L12/4633 H04L69/166

    摘要: A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.

    摘要翻译: 本文公开了一种用于网络中的IP分组隧道的方法和装置。 在一个实施例中,该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

    Distributed TCP SYN flood protection
    8.
    发明授权
    Distributed TCP SYN flood protection 有权

    公开(公告)号:US09742732B2

    公开(公告)日:2017-08-22

    申请号:US13794367

    申请日:2013-03-11

    申请人: Yi Sun Meng Xu Lee Cheung Choung-Yaw Michael Shieh

    发明人: Yi Sun Meng Xu Lee Cheung Choung-Yaw Michael Shieh

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0209 H04L63/1458

    摘要: A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.

    Distributed computer network zone based security architecture
    9.
    发明授权
    Distributed computer network zone based security architecture 有权
    基于分布式计算机网络区域的安全架构

    公开(公告)号:US09419941B2

    公开(公告)日:2016-08-16

    申请号:US13849315

    申请日:2013-03-22

    申请人: Yi Sun Meng Xu Lee Cheung Hsisheng Wang Chuong-Yaw Michael Shieh

    发明人: Yi Sun Meng Xu Lee Cheung Hsisheng Wang Chuong-Yaw Michael Shieh

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0209 H04L63/104

    摘要: A method and apparatus is disclosed herein for distributed zone-based security. In one embodiment, the method comprises: determining an ingress security zone associated with an ingress of a first network device based on a first key and a media access control (MAC) address of a source of a packet; determining an egress security zone of a second network device based on a MAC address of a destination for the packet and a second key; performing a policy lookup based on the ingress security zone and the egress security zone to identify a policy to apply to the packet; and applying the policy to the packet.

    摘要翻译: 本文公开了一种用于分布式区域安全性的方法和装置。 在一个实施例中,该方法包括:基于分组的源的第一密钥和媒体访问控制(MAC)地址来确定与第一网络设备的入口相关联的入口安全区域; 基于所述分组的目的地的MAC地址和第二密钥来确定第二网络设备的出口安全区域; 基于进入安全区域和出口安全区域执行策略查找,以识别应用于分组的策略; 并将策略应用于数据包。

    Adaptive session forwarding following virtual machine migration detection
    10.
    发明授权
    Adaptive session forwarding following virtual machine migration detection 有权

    公开(公告)号:US10333827B2

    公开(公告)日:2019-06-25

    申请号:US13860404

    申请日:2013-04-10

    申请人: Meng Xu Yi Sun Hsisheng Wang Choung-Yaw Shieh

    发明人: Meng Xu Yi Sun Hsisheng Wang Choung-Yaw Shieh

    IPC分类号: G06F15/173 H04L12/721 H04L29/06 G06F9/455 H04L12/751

    摘要: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.