Device, system and method for analysis of fragments in a transmission control protocol (TCP) session
First Claim
1. A method performed in an intrusion detection/prevention system, for analyzing segments in a transmission in a communication network, the transmission including a plurality of segments in the same transmission control protocol (TCP) session, comprising:
- (A) monitoring a plurality of segments in a transmission; and
(B) reassembling data in the segments in the transmission in an order indicated by a segment reassembly policy, the segment reassembly policy indicating an order specific to at least comprehensively overlapped segments.
3 Assignments
0 Petitions
Accused Products
Abstract
A method performed in an intrusion detection/prevention system, a system or a device for analyzing segments in a transmission in a communication network. The transmission includes segments in the same transmission control protocol (TCP) session. Segments in a transmission are monitored. Data in the segments in the transmission are reassembled in an order indicated by a segment reassembly policy, the segment reassembly policy indicating an order specific to at least comprehensively overlapped segments.
-
Citations
24 Claims
-
1. A method performed in an intrusion detection/prevention system, for analyzing segments in a transmission in a communication network, the transmission including a plurality of segments in the same transmission control protocol (TCP) session, comprising:
-
(A) monitoring a plurality of segments in a transmission; and (B) reassembling data in the segments in the transmission in an order indicated by a segment reassembly policy, the segment reassembly policy indicating an order specific to at least comprehensively overlapped segments. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium comprising instructions for execution by a computer, the instructions including a computer-implemented method for analyzing segments in a transmission in a communication network, a transmission including a plurality of segments in the same transmission control protocol (TCP) session and associated with the same destination, where segments can be one of non-overlapped, partially overlapped, and completely overlapped, the instructions for implementing:
-
(A) identifying at least one segment reassembly policy of plural segment reassembly policies, the at least one segment reassembly policy corresponding to a destination associated with segments in a transmission; and (B) providing data in the segments in the transmission in an order indicated by the at least one segment reassembly policy, the at least one segment reassembly policy indicating an order specific to at least comprehensively overlapped segments. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for at least one of detecting and preventing intrusion, comprising:
-
(A) a unit configured to facilitate determining a kind of host associated with a destination, in response to an indication of the destination in segments in a transmission control protocol (TCP) session; (B) a segment reassembly unit configured to facilitate identifying at least one segment reassembly policy of plural segment reassembly policies, the at least one segment reassembly policy corresponding to the kind of host associated with the segments in the transmission; and (C) an order providing unit configured to facilitate providing data in the segments in the transmission in an order indicated by the at least one segment reassembly policy. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method performed in an intrusion detection/prevention system, for analyzing segments in a transmission in a communication network, the transmission including a plurality of segments in the same transmission control protocol (TCP) session, comprising:
-
(A) monitoring a plurality of segments in a transmission; and (B) reassembling data in the segments in the transmission in an order indicated by a segment reassembly policy, the segment reassembly policy including an evaluation of an urgent indication in the segments.
-
Specification