Network connection blocker, method, and computer readable memory for monitoring connections in a computer network and blocking the unwanted connections

US 6,044,402 A
Filed: 07/02/1997
Issued: 03/28/2000
Est. Priority Date: 07/02/1997
Status: Expired due to Term

First Claim

Patent Images

1. A network connection blocker for monitoring connections between host computers in a computer network and blocking unwanted ones of the monitored connections, the host computers transmitting monitored connection packets over the computer network that are addressed to each other and, in accordance with a connection oriented transport layer protocol, establish, provide network services with, and close the monitored connections, the network connection blocker comprising:

a central processing unit;

a network interface configured to receive the transmitted monitored connection packets over the computer network without blocking their reception by the host computers; and

a blocking module running on the central processing unit and configured to (a) process the received monitored connection packets to detect the unwanted connections, and (b) generate blocking connection packets that are addressed to those of the host computers that have the detected unwanted connections therebetween and, in accordance with the connection oriented transport layer protocol, cause the detected unwanted connections to be closed by the host computers that have the unwanted connections therebetween;

the network interface being further configured to transmit the generated blocking connection packets over the computer network to the host computers that have the detected unwanted connections therebetween.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network connection blocker for monitoring connections between host computers in a network and blocking the unwanted connections. The host computers transmit connection packets between each other in accordance with a network protocol suite when seeking to establish, providing network services with, and close the connections. The network protocol suite includes a connection oriented transport layer protocol. The network connection blocker comprises a network interface that receives the connection packets transmitted between the host computers. It also comprises a blocking module that processes the received connection packets to detect the unwanted connections. The blocking module then generates connection packets in accordance with the network protocol suite to cause the detected unwanted connections to be closed by the corresponding host computers between which are the unwanted connections. The network interface then transmits the generated connection packets to these host computers.

Citations

15 Claims

1. A network connection blocker for monitoring connections between host computers in a computer network and blocking unwanted ones of the monitored connections, the host computers transmitting monitored connection packets over the computer network that are addressed to each other and, in accordance with a connection oriented transport layer protocol, establish, provide network services with, and close the monitored connections, the network connection blocker comprising:
- a central processing unit;
  
  a network interface configured to receive the transmitted monitored connection packets over the computer network without blocking their reception by the host computers; and
  
  a blocking module running on the central processing unit and configured to (a) process the received monitored connection packets to detect the unwanted connections, and (b) generate blocking connection packets that are addressed to those of the host computers that have the detected unwanted connections therebetween and, in accordance with the connection oriented transport layer protocol, cause the detected unwanted connections to be closed by the host computers that have the unwanted connections therebetween;
  
  the network interface being further configured to transmit the generated blocking connection packets over the computer network to the host computers that have the detected unwanted connections therebetween.
- View Dependent Claims (2, 3, 8, 9, 10, 11)
- - 2. The network connection blocker of claim 1 further comprising a memory wherein the blocking module comprises:
    - a blocking data structure configured in the memory to store a connection blocking policy;
      
      a blocking controller configured to (a) process the received monitored connection packets to detect the unwanted connections by (i) obtaining from the received monitored connection packets connection information sets that identify the monitored connections, and (ii) determining from the obtained connection information sets which ones of the monitored connections satisfy the stored connection blocking policy, and (b) generate the generated blocking connection packets.
  - 3. The network connection blocker of claim 2 wherein:
    - the network interface is further configured to receive management packets over the computer network that are transmitted by an administrating one of the host computers;
      
      the blocking module further comprises a manager configured to (a) process the received management packets to obtain management information sets from the received management packets, (b) perform management operations at the network connection blocker based on the obtained management information sets, and (c) generate management packets to provide results of the management operations to the administrating host computer;
      
      the network interface is further configured to transmit the generated management packets over the computer network to the administrating host computer.
  - 8. The computer readable memory of claim 1 wherein the blocking module comprises:
    - a blocking data structure configured in the computer readable memory to store a connection blocking policy;
      
      a blocking controller to (a) process the received monitored connection packets to detect the unwanted connections by (i) obtaining from the received connection packets connection information sets that identify the monitored connections, and (ii) determining from the obtained connection information sets which ones of the monitored connections satisfy the stored connection blocking policy, and (b) generate the generated blocking connection packets.
  - 9. The computer readable memory of claim 8 wherein:
    - the computer is further configured to receive management packets over the computer network that are transmitted by an administrating one of the host computers and transmit generated management packets over the computer network to the administrating host computer; and
      
      the blocking module comprises a manager to (a) process the received management packets to obtain management information sets from the received management packets, (b) perform management operations at the network connection blocker based on the obtained management information sets, and (c) generate the generated management packets to provide results of the management operations to the administrating host computer.
  - 10. The network connection blocker of claim 1 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise reset packets containing the reset flag of the TCP protocol.
  - 11. The network connection blocker of claim 1 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise connection closing packets containing the finish flag of the TCP protocol.

4. A method of monitoring connections between host computers in a computer network and blocking unwanted ones of the monitored connections, the host computers transmitting monitored connection packets over the computer network that are addressed to each other and, in accordance with a connection oriented transport layer protocol, establish, provide network services with, and close the monitored connections, the method comprising the steps of:
- receiving the transmitted monitored connection packets over the computer network without blocking their reception by the host computers;
  
  processing the received monitored connection packets to detect the unwanted connections;
  
  generating blocking connection packets that are addressed to those of the host computers that have the detected unwanted connections therebetween and, in accordance with the connection oriented transport layer protocol, cause the detected unwanted connections to be closed by the host computers that have the unwanted connections therebetween; and
  
  transmitting the generated blocking connection packets over the computer network to the host computers that have the detected unwanted connections therebetween.
- View Dependent Claims (5, 6, 12, 13)
- - 5. The method of claim 4 further comprising:
    - storing a connection blocking policy;
      
      wherein the processing step includes;
      
      obtaining from the received monitored connection packets connection information sets that identify the monitored connections; and
      
      determining from the obtained connection information sets which ones of the monitored connections satisfy the stored connection blocking policy.
  - 6. The method of claim 5 further comprising the steps of:
    - receiving management packets over the computer network that are transmitted by an administrating one of the host computers;
      
      processing the received management packets to obtain management information sets from the received management packets;
      
      performing management operations at the network connection blocker based on the obtained management information sets; and
      
      generating management packets to provide results of the management operations to the administrating host computer; and
      
      transmitting the generated management packets over the computer network to the administrating host computer.
  - 12. The method of claim 4 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise reset packets containing the reset flag of the TCP protocol.
  - 13. The method of claim 4 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise connection closing packets containing the finish flag of the TCP protocol.

7. A computer readable memory for directing a computer in a computer network to monitor connections between host computers in the computer network and block unwanted ones of the connections, the host computers transmitting monitored connection packets over the computer network that are addressed to each other and, in accordance with a connection oriented transport layer protocol, establish, provide network services with, and close the monitored connections, the computer being configured to receive the monitored connection packets over the computer network without blocking their reception by the host computers and to transmit generated blocking connection packets over the computer network to those of the host computers that have the unwanted connections therebetween, the memory comprising:
- a blocking module configured to (a) run on the computer, (b) process the received monitored connection packets to detect the unwanted connections, and (c) generate the generated blocking connection packets so that they are addressed to those of the host computers that have the detected unwanted connections therebetween and, in accordance with the connection oriented transport layer protocol, cause the detected unwanted connections to be closed by the host computers that have the unwanted connections therebetween.
- View Dependent Claims (14, 15)
- - 14. The computer readable memory of claim 7 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise reset packets containing the reset flag of the TCP protocol.
  - 15. The computer readable memory of claim 7 wherein the connection oriented transport layer protocol is the TCP protocol, the monitored connections are TCP connections, and the generated connection packets comprise connection closing packets containing the finish flag of the TCP protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iowa State University Research Foundation Incorporated (Iowa State University)
Original Assignee
Iowa State University Research Foundation Incorporated (Iowa State University)
Inventors
Davis, James A., Jacobson, Douglas W.
Primary Examiner(s)
VU, VIET DUY

Application Number

US08/887,044
Time in Patent Office

1,000 Days
Field of Search

709/217, 709/219, 709/218, 709/223, 709/225, 709/227, 709/228, 709/229, 709/250, 709/224, 713/201
US Class Current

709/225
CPC Class Codes

H04L 41/08   Configuration management of...

H04L 41/12   Discovery or management of ...

H04L 43/00   Arrangements for monitoring...

H04L 49/90   Buffering arrangements

H04L 63/1408   by monitoring network traff...

Network connection blocker, method, and computer readable memory for monitoring connections in a computer network and blocking the unwanted connections

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Network connection blocker, method, and computer readable memory for monitoring connections in a computer network and blocking the unwanted connections

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links