Sequence number based TCP session proxy
First Claim
1. In a computer communication network including a firewall protecting a secured host against attack from outside computers, the host and an outside computer communicating through the firewall via data packets including byte sequence numbers, a method for processing communications between the host and computer, one of which acts as a source and the other as a destination for the communication, said method comprising the steps of:
- defining a sequence number offset which characterizes the byte sequence number received by the firewall from the source and the byte sequence number the firewall will provide to the destination for that communication; and
in the firewall, combining the offset with a source byte sequence number in a packet the firewall receives from the source to determine a corresponding destination byte sequence number the firewall will provide to the destination in place of the source byte sequence number.
3 Assignments
0 Petitions
Accused Products
Abstract
In a computer communication network including a firewall which protects a secured host against attack from outside computers, the host communicating with an outside computer, through the firewall, via data packets which include byte sequence numbers. In a communication between the host and computer in which one of them acts as a source and the other as a destination for the communication, a sequence number offset is derived by the firewall which characterizes the byte sequence number received from the source and the byte sequence number the firewall will provide to the destination for that communication. In a communication received from the source, the firewall adds the offset to byte sequence numbers in a packet passing between the source and destination, in order to determine the byte sequence numbers it will provide to the destination. Thus, proper sequence numbers can be provided to both locations, without the firewall having to restructure packets. This speeds communication between the source and destination and substantially reduces the commitment of processing and storage resources.
-
Citations
40 Claims
-
1. In a computer communication network including a firewall protecting a secured host against attack from outside computers, the host and an outside computer communicating through the firewall via data packets including byte sequence numbers, a method for processing communications between the host and computer, one of which acts as a source and the other as a destination for the communication, said method comprising the steps of:
-
defining a sequence number offset which characterizes the byte sequence number received by the firewall from the source and the byte sequence number the firewall will provide to the destination for that communication; and in the firewall, combining the offset with a source byte sequence number in a packet the firewall receives from the source to determine a corresponding destination byte sequence number the firewall will provide to the destination in place of the source byte sequence number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A firewall for use in a computer communication network to protect a secured host against attack from outside computers, the host and an outside computer communicating through the firewall via data packets including byte sequence numbers, one of them acting as a source and the other as a destination for a communication, the firewall comprising:
-
an offset processor generating an offset code which characterizes the byte sequence number received by the firewall from the source and corresponding byte sequence number the firewall provides to the destination for that communication; and a combiner combining the offset with a source byte sequence number in a packet the firewall receives from the source to determine a corresponding destination byte sequence number the firewall will provides to the destination in place of the source byte sequence number. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification