Blended SYN cookies
First Claim
1. A method of producing a blended synchronization (SYN) cookie for use in a three-way handshake process comprising the steps of:
- identifying within a SYN packet a source network address and desired communications session parameters;
retrieving an index value into a table of pre-configured sets of communications session parameters, said index value referencing one of said sets which approximates said desired communications parameters;
computing a hash value based upon said source network address, a constant seed and current date and time data; and
,combining said computed hash value with said index value, said combination forming the blended SYN cookie.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of producing a blended SYN cookie can include identifying within a SYN packet a source network address and desired communications session parameters. Subsequently, an index value into a table of pre-configured sets of communications session parameters can be retrieved. Notably, the index value can reference one of the sets which approximates the desired communications parameters. A hash value can be computed based upon the source network address, a constant seed and current date and time data. Finally, the computed hash value can be combined with the index value, the combination forming the blended SYN cookie.
-
Citations
15 Claims
-
1. A method of producing a blended synchronization (SYN) cookie for use in a three-way handshake process comprising the steps of:
-
identifying within a SYN packet a source network address and desired communications session parameters; retrieving an index value into a table of pre-configured sets of communications session parameters, said index value referencing one of said sets which approximates said desired communications parameters; computing a hash value based upon said source network address, a constant seed and current date and time data; and
,combining said computed hash value with said index value, said combination forming the blended SYN cookie. - View Dependent Claims (2)
-
-
3. A three-way handshake method, the three-way handshake comprising an initial request, an intermediate response to the initial request, and a final acknowledgment of the intermediate response, the method comprising the steps of:
-
extracting synchronization data from the initial request; storing said synchronization data in a fixed length, wrap-around table; based upon session parameters contained in said synchronization data, acquiring an index into a table of pre-configured sets of session parameters; computing an initial hash value based upon at least part of said synchronization data; combining said initial hash value and said acquired index and placing said combination into the intermediate response to the initial request; and
,responsive to receiving the final acknowledgment of the intermediate response, extracting acknowledgment data from the final acknowledgment, identifying said initial hash value in said acknowledgment data, computing a new hash value based upon at least part of said acknowledgment data, comparing said new hash value with said initial hash value, and if said hash values do not match, discarding the final acknowledgment. - View Dependent Claims (4, 5, 6, 7)
-
-
8. A communications handshake system comprising:
-
a communications process configured to receive and respond to requests to establish data communications sessions, said requests comprising synchronization (SYN) packets and acknowledgment (ACK) packets; a fixed length, wrap-around table configured to store desired session parameters extracted from said SYN packets; a table of pre-configured session parameters which can be used to approximate said desired session parameters; and
,a blended SYN cookie generator configured to combine SYN cookies with an index into said table of pre-configured session parameters, said index referencing a set of pre-configured session parameters which approximate corresponding ones of said desired session parameters;
whereby said communications process both can authenticate said ACK packets by comparing hash values contained in said SYN cookies with hash values generated in response to receiving said ACK packets, and also can establish said data communication sessions using said desired session parameters in said fixed length, wrap-around table, or said approximated session parameters where said desired session parameters are not found in said fixed length wrap-around table. - View Dependent Claims (9, 10)
-
-
11. A machine readable storage having stored thereon a computer program for performing a three-way handshake method, the three-way handshake comprising an initial request, an intermediate response to the initial request, and a final acknowledgment of the intermediate response, the computer program comprising a routine set of instructions for causing the machine to perform the steps of:
-
extracting synchronization data from the initial request; storing said synchronization data in a fixed length, wrap-around table; based upon session parameters contained in said synchronization data, acquiring an index into a table of pre-configured sets of session parameters; computing an initial hash value based upon at least part of said synchronization data; combining said initial hash value and said acquired index and placing said combination into the intermediate response to the initial request; and
,responsive to receiving the final acknowledgment of the intermediate response, extracting acknowledgment data from the final acknowledgment, identifying said initial hash value in said acknowledgment data, computing a new hash value based upon at least part of said acknowledgment data, comparing said new hash value with said initial hash value, and if said hash values do not match, discarding the final acknowledgment. - View Dependent Claims (12, 13, 14, 15)
-
Specification