Methods, systems and computer program products for monitoring protocol responses for a server application

US 20050198099A1
Filed: 02/24/2004
Published: 09/08/2005
Est. Priority Date: 02/24/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of monitoring protocol response codes for a server application, the method comprising:

(a) monitoring protocol response codes in communication data between a server application and a client during a session;

(b) determining a number of protocol response codes during the session; and

(c) comparing the number of protocol response codes to a predetermined number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products are disclosed for monitoring protocol responses for a server application in a computer network. The methods, systems, and computer program products can monitor communication data between a server application and a client. The methods, systems, and computer program products can also include applying one or more detectors to the communication data to identify a variety of predetermined activity. Further, the methods, systems, and computer program products can include generating a threat score associated with the predetermined activity by comparing the identified predetermined activity with a security threshold criteria.

283 Citations

207 Claims

1. A method of monitoring protocol response codes for a server application, the method comprising:
- (a) monitoring protocol response codes in communication data between a server application and a client during a session;
  
  (b) determining a number of protocol response codes during the session; and
  
  (c) comparing the number of protocol response codes to a predetermined number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 3. The method of claim 1, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 4. The method of claim 1, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 5. The method of claim 1, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 6. The method of claim 1, wherein the server application is implemented by a web server.
  - 7. The method of claim 1, wherein the communication data comprises only transmission control protocol packets.
  - 8. The method of claim 1, wherein the protocol response codes is a predetermined response code type.
  - 9. The method of claim 1, wherein the protocol response codes comprise response code errors.
  - 10. The method of claim 1, wherein step (b) comprises determining the number of protocol response codes for a unique session.
  - 11. The method of claim 1, wherein step (b) comprises determining the number of protocol response codes for a predetermined plurality of sessions.
  - 12. The method of claim 1, wherein step (c) comprises determining whether the number of protocol response codes exceeds the predetermined number.
  - 13. The method of claim 12, comprising selectively generating an alert if the number of protocol response codes exceeds the predetermined number.

14. A system for monitoring protocol response codes for a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to determine a number of protocol response codes during the session, and operable to compare the number of protocol response codes to a predetermined number.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The system of claim 14, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 16. The system of claim 14, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 17. The system of claim 14, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 18. The system of claim 14, wherein the server application is implemented by a web server.
  - 19. The system of claim 14, wherein the communication data comprises only transmission control protocol packets.
  - 20. The system of claim 14, wherein the protocol response codes is a predetermined response code type.
  - 21. The system of claim 14, wherein the protocol response codes comprise response code errors.
  - 22. The system of claim 14, wherein the detector is operable to determine the number of protocol response codes for a unique session.
  - 23. The system of claim 14, wherein the detector is operable to determine the number of protocol response codes for a predetermined plurality of sessions.
  - 24. The system of claim 14, wherein the detector is operable to determine whether the number of protocol response codes exceeds the predetermined number.
  - 25. The system of claim 24, wherein the detector is operable to selectively generate an alert if the number of protocol response codes exceeds the predetermined number.

26. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring protocol response codes in communication data between a server application and a client during a session;
  
  (b) determining a number of protocol response codes during the session; and
  
  (c) comparing the number of protocol response codes to a predetermined number.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The computer program product of claim 26, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 28. The computer program product of claim 26, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 29. The computer program product of claim 26, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 30. The computer program product of claim 26, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 31. The computer program product of claim 26, wherein the server application is implemented by a web server.
  - 32. The computer program product of claim 26, wherein the communication data comprises only transmission control protocol packets.
  - 33. The computer program product of claim 26, wherein the protocol response codes is a predetermined response code type.
  - 34. The computer program product of claim 26, wherein the protocol response codes comprise response code errors.
  - 35. The computer program product of claim 26, wherein step (b) comprises determining the number of protocol response codes for a unique session.
  - 36. The computer program product of claim 26, wherein step (b) comprises determining the number of protocol response codes for a predetermined plurality of sessions.
  - 37. The computer program product of claim 26, wherein step (c) comprises determining whether the number of protocol response codes exceeds the predetermined number.
  - 38. The computer program product of claim 37, comprising selectively generating an alert if the number of protocol response codes exceeds the predetermined number.

39. A method of monitoring protocol response codes for a server application, the method comprising:
- (a) monitoring protocol response codes in communication data between a server application and a client associated with server data;
  
  (b) determining a number of protocol response codes for the server data; and
  
  (c) comparing the number of protocol response codes to a predetermined number.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 40. The method of claim 39, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 41. The method of claim 39, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 42. The method of claim 39, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 43. The method of claim 39, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 44. The method of claim 39, wherein the server application is implemented by a web server.
  - 45. The method of claim 39, wherein the communication data comprises only transmission control protocol packets.
  - 46. The method of claim 39, wherein the protocol response codes is a predetermined response code type.
  - 47. The method of claim 39, wherein the protocol response codes comprise response code errors.
  - 48. The method of claim 39, wherein step (b) comprises determining the number of protocol response codes for a unique session.
  - 49. The method of claim 39, wherein step (b) comprises determining the number of protocol response codes for a predetermined plurality of sessions.
  - 50. The method of claim 39, wherein step (c) comprises determining whether the number of protocol response codes exceeds the predetermined number.
  - 51. The method of claim 50, comprising selectively generating an alert if the number of protocol response codes exceeds the predetermined number.

52. A system for monitoring protocol response codes for a server application, the method comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to determine a number of protocol response codes for the server data, and operable to compare the number of protocol response codes to a predetermined number.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 53. The system of claim 52, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 54. The system of claim 52, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 55. The system of claim 52, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 56. The system of claim 52, wherein the server application is implemented by a web server.
  - 57. The system of claim 52, wherein the communication data comprises only transmission control protocol packets.
  - 58. The system of claim 52, wherein the protocol response codes is a predetermined response code type.
  - 59. The system of claim 52, wherein the protocol response codes comprise response code errors.
  - 60. The system of claim 52, wherein the detector is operable to determine the number of protocol response codes for a unique session.
  - 61. The system of claim 52, wherein the detector is operable to determine the number of protocol response codes for a predetermined plurality of sessions.
  - 62. The system of claim 52, wherein the detector is operable to determine whether the number of protocol response codes exceeds the predetermined number.
  - 63. The system of claim 62, wherein the detector is operable to selectively generate an alert if the number of protocol response codes exceeds the predetermined number.

64. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring protocol response codes in communication data between a server application and a client associated with server data;
  
  (b) determining a number of protocol response codes for the server data; and
  
  (c) comparing the number of protocol response codes to a predetermined number.
- View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76)
- - 65. The computer program product of claim 64, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 66. The computer program product of claim 64, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 67. The computer program product of claim 64, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 68. The computer program product of claim 64, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 69. The computer program product of claim 64, wherein the server application is implemented by a web server.
  - 70. The computer program product of claim 64, wherein the communication data comprises only transmission control protocol packets.
  - 71. The computer program product of claim 64, wherein the protocol response codes is a predetermined response code type.
  - 72. The computer program product of claim 64, wherein the protocol response codes comprise response code errors.
  - 73. The computer program product of claim 64, wherein step (b) comprises determining the number of protocol response codes for a unique session.
  - 74. The computer program product of claim 64, wherein step (b) comprises determining the number of protocol response codes for a predetermined plurality of sessions.
  - 75. The computer program product of claim 64, wherein step (c) comprises determining whether the number of protocol response codes exceeds the predetermined number.
  - 76. The computer program product of claim 75, comprising selectively generating an alert if the number of protocol response codes exceeds the predetermined number.

77. A method of monitoring an application protocol for a server application, the method comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) monitoring errors in the application protocol; and
  
  (c) comparing the errors in the application protocol to a predetermined criteria.
- View Dependent Claims (78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
- - 78. The method of claim 77, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 79. The method of claim 77, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 80. The method of claim 77, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 81. The method of claim 77, wherein the server application is implemented by a web server.
  - 82. The method of claim 77, wherein the communication data comprises only transmission control protocol packets.
  - 83. The method of claim 77, wherein the errors comprise malformed protocol requests.
  - 84. The method of claim 77, wherein the application protocol is HTTP.
  - 85. The method of claim 77, wherein the errors comprise parsing errors.
  - 86. The method of claim 85, wherein the application protocol is HTTP.
  - 87. The method of claim 77, wherein the errors comprise buffer overflows within the application protocol.
  - 88. The method of claim 87, wherein the application protocol is HTTP.
  - 89. The method of claim 77, wherein step (c) comprises determining whether the errors in the application protocol match the predetermined criteria.
  - 90. The method of claim 77, comprising selectively generating an alert if the errors in the application protocol match the predetermined criteria.

91. A system for monitoring an application protocol for a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to monitor errors in the application protocol, and operable to compare the errors in the application protocol to a predetermined criteria.
- View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
- - 92. The system of claim 91, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 93. The system of claim 91, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 94. The system of claim 91, wherein the server application is implemented by a web server.
  - 95. The system of claim 91, wherein the communication data comprises only transmission control protocol packets.
  - 96. The system of claim 91, wherein the errors comprise malformed protocol requests.
  - 97. The system of claim 91, wherein the application protocol is HTTP.
  - 98. The system of claim 91, wherein the errors comprise parsing errors.
  - 99. The system of claim 98, wherein the application protocol is HTTP.
  - 100. The system of claim 91, wherein the errors comprise buffer overflows within the application protocol.
  - 101. The system of claim 100, wherein the application protocol is HTTP.
  - 102. The system of claim 91, wherein step (c) comprises determining whether the errors in the application protocol match the predetermined criteria.
  - 103. The system of claim 91, comprising selectively generating an alert if the errors in the application protocol match the predetermined criteria.

104. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) monitoring errors in the application protocol; and
  
  (c) comparing the errors in the application protocol to a predetermined criteria.
- View Dependent Claims (105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117)
- - 105. The computer program product of claim 104, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 106. The computer program product of claim 104, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 107. The computer program product of claim 104, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 108. The computer program product of claim 104, wherein the server application is implemented by a web server.
  - 109. The computer program product of claim 104, wherein the communication data comprises only transmission control protocol packets.
  - 110. The computer program product of claim 104, wherein the errors comprise malformed protocol requests.
  - 111. The computer program product of claim 104, wherein the application protocol is HTTP.
  - 112. The computer program product of claim 104, wherein the errors comprise parsing errors.
  - 113. The computer program product of claim 112, wherein the application protocol is HTTP.
  - 114. The computer program product of claim 104, wherein the errors comprise buffer overflows within the application protocol.
  - 115. The computer program product of claim 114, wherein the application protocol is HTTP.
  - 116. The computer program product of claim 104, wherein step (c) comprises determining whether the errors in the application protocol match the predetermined criteria.
  - 117. The computer program product of claim 104, comprising selectively generating an alert if the errors in the application protocol match the predetermined criteria.

118. A method of monitoring an application protocol for a server application, the method comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) detecting a first protocol method utilized by the application protocol; and
  
  (c) comparing the first protocol method to a predetermined protocol method.
- View Dependent Claims (119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129)
- - 119. The method of claim 118, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 120. The method of claim 118, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 121. The method of claim 118, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 122. The method of claim 118, wherein the server application is implemented by a web server.
  - 123. The method of claim 118, wherein the communication data comprises only transmission control protocol packets.
  - 124. The method of claim 118, wherein the communication method is a first encryption strength.
  - 125. The method of claim 124, wherein the first encryption strength is about 40 bit encryption.
  - 126. The method of claim 124, wherein the predetermined method is a second encryption strength.
  - 127. The method of claim 126, comprising determining whether the second encryption strength is greater than the first encryption strength.
  - 128. The method of claim 127, comprising generating an alarm if the second encryption strength is greater than the first encryption strength
  - 129. The method of claim 126, wherein the second encryption strength is 128 bit encryption.

130. A system for monitoring an application protocol for a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to detect a first protocol method utilized by the application protocol, and operable to compare the first protocol method to a predetermined protocol method.
- View Dependent Claims (131, 132, 133, 134, 135, 136, 137, 138, 139, 140)
- - 131. The system of claim 130, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 132. The system of claim 130, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 133. The system of claim 130, wherein the server application is implemented by a web server.
  - 134. The system of claim 130, wherein the communication data comprises only transmission control protocol packets.
  - 135. The system of claim 130, wherein the communication method is a first encryption strength.
  - 136. The system of claim 135, wherein the first encryption strength is about 40 bit encryption.
  - 137. The system of claim 130, wherein the predetermined method is a second encryption strength.
  - 138. The system of claim 137, wherein the detector is operable to determine whether the second encryption strength is greater than the first encryption strength.
  - 139. The system of claim 138, wherein the detector is operable to generate an alarm if the second encryption strength is greater than the first encryption strength.
  - 140. The system of claim 137, wherein the second encryption strength is 128 bit encryption.

141. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) detecting a first protocol method utilized by the application protocol; and
  
  (c) comparing the first protocol method to a predetermined protocol method.
- View Dependent Claims (142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152)
- - 142. The computer program product of claim 141, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 143. The computer program product of claim 141, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 144. The computer program product of claim 141, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 145. The computer program product of claim 141, wherein the server application is implemented by a web server.
  - 146. The computer program product of claim 141, wherein the communication data comprises only transmission control protocol packets.
  - 147. The computer program product of claim 141, wherein the communication method is a first encryption strength.
  - 148. The computer program product of claim 147, wherein the first encryption strength is about 40 bit encryption.
  - 149. The computer program product of claim 147, wherein the predetermined method is a second encryption strength.
  - 150. The computer program product of claim 149, comprising determining whether the second encryption strength is greater than the first encryption strength.
  - 151. The computer program product of claim 150, comprising generating an alarm if the second encryption strength is greater than the first encryption strength
  - 152. The computer program product of claim 149, wherein the second encryption strength is 128 bit encryption.

153. A method of monitoring an application protocol for a server application, the method comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) detecting a first protocol version of the application protocol; and
  
  (c) comparing the first version to a predetermined protocol version.
- View Dependent Claims (154, 155, 156, 157, 158, 159, 160, 161, 162, 163)
- - 154. The method of claim 153, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 155. The method of claim 153, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 156. The method of claim 153, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 157. The method of claim 153, wherein the server application is implemented by a web server.
  - 158. The method of claim 153, wherein the communication data comprises only transmission control protocol packets.
  - 159. The method of claim 153, wherein the application protocol is secure socket layer (SSL).
  - 160. The method of claim 159, wherein the first protocol version is SSL version 2.0.
  - 161. The method of claim 160, wherein the predetermined protocol version is SSL version 3.0.
  - 162. The method of claim 153, comprising determining whether the first protocol version matches the predetermined protocol version.
  - 163. The method of claim 162, if the first protocol version does not match the second protocol version, generating an alert.

164. A system for monitoring an application protocol for a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to detect a first protocol version of the application protocol, and operable to compare the first version to a predetermined protocol version.
- View Dependent Claims (165, 166, 167, 168, 169, 170, 171, 172, 173)
- - 165. The system of claim 164, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 166. The system of claim 164, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 167. The system of claim 164, wherein the server application is implemented by a web server.
  - 168. The system of claim 164, wherein the communication data comprises only transmission control protocol packets.
  - 169. The system of claim 164, wherein the application protocol is secure socket layer (SSL).
  - 170. The system of claim 169, wherein the first protocol version is SSL version 2.0.
  - 171. The system of claim 170, wherein the predetermined protocol version is SSL version 3.0.
  - 172. The system of claim 164, wherein the detector is operable to determine whether the first protocol version matches the predetermined protocol version.
  - 173. The system of claim 172, wherein the detector is operable to generate an alert if the first protocol version does not match the second protocol version.

174. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) detecting a first protocol version of the application protocol; and
  
  (c) comparing the first version to a predetermined protocol version.
- View Dependent Claims (175, 176, 177, 178, 179, 180, 181, 182, 183, 184)
- - 175. The computer program product of claim 174, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 176. The computer program product of claim 174, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 177. The computer program product of claim 174, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 178. The computer program product of claim 174, wherein the server application is implemented by a web server.
  - 179. The computer program product of claim 174, wherein the communication data comprises only transmission control protocol packets.
  - 180. The computer program product of claim 174, wherein the application protocol is secure socket layer (SSL).
  - 181. The computer program product of claim 180, wherein the first protocol version is SSL version 2.0.
  - 182. The computer program product of claim 181, wherein the predetermined protocol version is SSL version 3.0.
  - 183. The computer program product of claim 174, comprising determining whether the first protocol version matches the predetermined protocol version.
  - 184. The computer program product of claim 183, if the first protocol version does not match the second protocol version, generating an alert.

185. A method of monitoring an application protocol for a server application, the method comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) determining whether the application protocol is a valid protocol for the server application; and
  
  (c) if the application protocol is not valid, generating an alert.
- View Dependent Claims (186, 187, 188, 189, 190, 191, 192)
- - 186. The method of claim 185, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 187. The method of claim 185, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 188. The method of claim 185, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 189. The method of claim 185, wherein the server application is implemented by a web server.
  - 190. The method of claim 185, wherein the communication data comprises only transmission control protocol packets.
  - 191. The method of claim 185, wherein the application protocol is a non-secure socket layer (SSL) protocol.
  - 192. The method of claim 191, wherein the server application receives the application protocol at an HTTPS port.

193. A system for monitoring an application protocol for a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client during a session; and
  
  (b) a detector operable to determine whether the application protocol is a valid protocol for the server application, and operable to generate an alert if the application protocol is not valid.
- View Dependent Claims (194, 195, 196, 197, 198, 199)
- - 194. The system of claim 193, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 195. The system of claim 193, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 196. The system of claim 193, wherein the server application is implemented by a web server.
  - 197. The system of claim 193, wherein the communication data comprises only transmission control protocol packets.
  - 198. The system of claim 193, wherein the application protocol is a non-secure socket layer (SSL) protocol.
  - 199. The system of claim 198, wherein the server application receives the application protocol at an HTTPS port.

200. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) monitoring an application protocol in communication data between a server application and a client;
  
  (b) determining whether the application protocol is a valid protocol for the server application; and
  
  (c) if the application protocol is not valid, generating an alert.
- View Dependent Claims (201, 202, 203, 204, 205, 206, 207)
- - 201. The computer program product of claim 200, wherein steps (a)-(c) are performed transparent to the communication of data between the server application and the client.
  - 202. The computer program product of claim 200, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 203. The computer program product of claim 200, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 204. The computer program product of claim 200, wherein the server application is implemented by a web server.
  - 205. The computer program product of claim 200, wherein the communication data comprises only transmission control protocol packets.
  - 206. The computer program product of claim 200, wherein the application protocol is a non-secure socket layer (SSL) protocol.
  - 207. The computer program product of claim 206, wherein the server application receives the application protocol at an HTTPS port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Covelight Systems, Inc. (Radware Limited)
Original Assignee
Covelight Systems, Inc. (Radware Limited)
Inventors
Hargett, Byron Lee, Somerville, Garth Douglas, Hester, Douglas Wayne, Logan, David Byron, Motsinger, David Lee, Wall, Virgil Montgomery Jr., Gramley, Kenneth Robert, Choy, Albert Ming

Application Number

US10/785,651
Publication Number

US 20050198099A1
Time in Patent Office

Days
Field of Search
US Class Current

709/200
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

Methods, systems and computer program products for monitoring protocol responses for a server application

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

283 Citations

207 Claims

Specification

Use Cases

Quick Links

Others

Methods, systems and computer program products for monitoring protocol responses for a server application

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

283 Citations

207 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others