Inline intrusion detection
First Claim
1. A method for inline intrusion detection, comprising:
- receiving a packet at a network gateway;
storing the packet and assigning an identifier to the packet;
transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system;
analyzing the copy of the packet, by the intrusion detection system, to determine whether the packet includes an attack signature; and
communicating a reply message, including the identifier, from the intrusion detection system to the network gateway, the reply message indicative of the results of the analysis and the size of the reply message being less than the size of the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for inline intrusion detection includes receiving a packet at a network gateway, storing the packet, and assigning an identifier to the packet. The method also includes transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system and analyzing the copy of the packet by the intrusion detection system to determine whether the packet includes an attack signature and communicating a reply message from the intrusion detection system to the network gateway. The reply message includes the identifier and is indicative of the results of the analysis. The size of the reply message is less than the size of the packet.
-
Citations
37 Claims
-
1. A method for inline intrusion detection, comprising:
-
receiving a packet at a network gateway;
storing the packet and assigning an identifier to the packet;
transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system;
analyzing the copy of the packet, by the intrusion detection system, to determine whether the packet includes an attack signature; and
communicating a reply message, including the identifier, from the intrusion detection system to the network gateway, the reply message indicative of the results of the analysis and the size of the reply message being less than the size of the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Logic embodied in a computer-readable medium operable to perform the steps of:
-
receiving a packet at a network gateway;
storing the packet and assigning an identifier to the packet;
transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system;
analyzing the copy of the packet, by the intrusion detection system, to determine whether the packet includes an attack signature; and
communicating a reply message, including the identifier, from the intrusion detection system to the network gateway, the reply message indicative of the results of the analysis and the size of the reply message being less than the size of the packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system comprising:
-
means for receiving a packet at a network gateway;
means for storing the packet and assigning an identifier to the packet;
means for transmitting a copy of the packet and the identifier from the network gateway to an intrusion detection system;
means for analyzing the copy of the packet, by the intrusion detection system, to determine whether the packet includes an attack signature; and
means for communicating a reply message, including the identifier, from the intrusion detection system to the network gateway, the reply message indicative of the results of the analysis and the size of the reply message being less than the size of the packet.
-
-
26. An apparatus, comprising:
-
a communication link;
a network gateway operable to;
receive a packet at a network gateway;
store the packet and assign an identifier to the packet; and
transmit a copy of the packet and the identifier from the network gateway to an intrusion detection system; and
the network intrusion detection system coupled to the network gateway by the communication link and operable to;
analyze the copy of the packet to determine whether the packet includes an attack signature; and
communicate a reply message including the identifier from the intrusion detection system to the network gateway, the reply message indicative of the results of the analysis and the size of the reply message being less than the size of the packet. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification