Methods and apparatus for monitoring local network traffic on local network segments and resolving detected security and network management problems occurring on those segments
First Claim
1. A system for providing network security by managing and manipulating formed data connections and connection attempts initiated over a data-packet-network between at least two nodes connected to the network comprising:
- a system host machine connected to the network;
a first software application residing on the host machine for detecting and monitoring the connections and connection attempts;
a data store for storing data about the connections and connection attempts; and
a second software application for emulating one or more end nodes of the connections or connection attempts;
characterized in that the system using the detection software detects one or more pre-defined states associated with a particular formed connection or connection attempt in progress including those associated with any data content or type transferred there over and performs at least one packet generation and insertion action triggered by the detected state or states, the packet or packets emulating one or more end nodes of the connection or connection attempt to cause preemption or resolution of the detected state or states.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for providing network security through manipulating data connections and connection attempts over a data-packet-network between at least two network nodes is provided. The system includes a system host machine, a first software application residing on the host machine for detecting and monitoring connection activity, a data store for storing connection related data, and a second software application for emulating one or more end nodes of the connections or connection attempts. In a preferred embodiment the system uses the detection software to detect one or more pre-defined states associated with a particular connection or connection attempt including states associated with data content transferred there over and performs at least one packet generation and insertion action triggered by the detected state or states, the packet or packets emulating one or more end nodes of the connection or connection attempt to cause preemption or resolution of the detected state or states.
251 Citations
55 Claims
-
1. A system for providing network security by managing and manipulating formed data connections and connection attempts initiated over a data-packet-network between at least two nodes connected to the network comprising:
-
a system host machine connected to the network;
a first software application residing on the host machine for detecting and monitoring the connections and connection attempts;
a data store for storing data about the connections and connection attempts; and
a second software application for emulating one or more end nodes of the connections or connection attempts;
characterized in that the system using the detection software detects one or more pre-defined states associated with a particular formed connection or connection attempt in progress including those associated with any data content or type transferred there over and performs at least one packet generation and insertion action triggered by the detected state or states, the packet or packets emulating one or more end nodes of the connection or connection attempt to cause preemption or resolution of the detected state or states. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A software application for manipulating one or more connection ends of a data network connection between two or more network nodes operating on a data-packet-network in response to detection of a pre-defined and undesirable state or states associated with the connection comprising:
-
a first portion thereof for detecting one or more states associated with the connection;
a second portion thereof for generating packets emulating packet activity of the connection; and
a third portion thereof for sending the emulated packet or packets to one or more parties of the connection;
characterized in that the application uses a software communication stack to send one or more Transfer Control Protocol packets emulating in construction and sequence number a packet or packets sent by a sender end of the connection, the packet received by the receiver of the connection wherein the receiving end acknowledges the packet or packets as being a valid packet or packets received from the sender of the connection, the packet or packets sent causing pre-emption or resolution of the detected state or states. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A fast pattern search system for detecting virus patterns over a data network comprising:
-
a promiscuous mode driver for intercepting data packets on the network;
a hashing module for creating hash values from same-lengths of intercepted data;
a data buffer section for storing hash values; and
a processing component for comparing created hash values to an index of hash entries maintained in a data store;
characterized in that the hash entries in the data store point to virus patterns also stored in the data store and where upon a match between a created hash and a hash entry results in generation of one or more packets emulating at least one party node to the connection, the packet or packets sent to pre-empt the download of the particular virus found. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A method for denying a connection to a data source on a data network, the connection initiated from a local network node comprising steps of:
-
(a) maintaining data identifying the banned data source;
(b) detecting a SYN packet from the local node sent to the host node of the banned data source, the SYN packet identifying at least the banned data source;
(c) generating a TCP reset packet emulating one sent from the local node and sending the packet to the host node of the banned data source terminating the handshake process for accessing the data source at the host node of the banned data source; and
(d) generating a TCP reset packet emulating one sent from the host node of the banned data source and sending the packet to the local node terminating the handshake process for accessing the banned data source at the local node. - View Dependent Claims (45, 46)
-
-
47. A method for stopping a download of a pop-up advertisement over a data network from a data source to a local node on the network comprising steps of:
-
(a) monitoring a browser session between the local node and the source node;
(b) detecting execution by the local browser of an embedded code calling an advertisement to be served;
(c) generating a TCP FIN packet emulating one sent from the data source node and sending the packet to the local node, the packet indicative that the source node has finished transmitting the ad data; and
(d) generating a TCP reset packet emulating one sent from the local node to the TCP connection source of the ad data requesting a reset of the connection preventing the source node from serving the ad data. - View Dependent Claims (48, 49, 50)
-
-
51. A method for configuring a resource on a local network for access from the network by a node using Domain Name Service protocol comprising steps of:
-
(a) pre-assigning a name to the shared resource;
(b) storing the pre-assigned name in a data store;
(c) publishing the pre-assigned name to local nodes on the network;
(d) monitoring Domain Name Service requests from the local nodes;
(e) detecting the pre-assigned name in a request;
(f) generating a Domain Name Service reply emulating in construction and sequence number a reply sent from a Domain Name Server, the reply containing an IP address through which the resource may be accessed; and
(g) sending the reply to the local node that initiated the request. - View Dependent Claims (52, 53, 54, 55)
-
Specification