×

Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session

  • US 20080209518A1
  • Filed: 02/28/2007
  • Published: 08/28/2008
  • Est. Priority Date: 02/28/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method performed in an intrusion detection/prevention system for determining whether a transmission control protocol (TCP) segment in a TCP connection in a communication network is acceptable, the TCP connection including a plurality of TCP segments beginning with a three way handshake, wherein a TCP segment includes a field for a timestamp, comprising:

  • (A) identifying a timestamp policy of plural timestamp policies, the timestamp policy corresponding to a target associated with the segments in a TCP connection;

    (B) identifying a baseline timestamp based on a three way handshake in the TCP connection;

    (C) monitoring segments in the TCP connection; and

    (D) filtering the segments in the TCP connection as indicated in the timestamp policy corresponding to the target, the timestamp policy indicating whether the segments are to be filtered out or forwarded to the target by comparing the timestamp of the segments to the baseline timestamp.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×