Method and apparatus for transparently proxying a connection

US 7,136,359 B1
Filed: 06/11/2004
Issued: 11/14/2006
Est. Priority Date: 07/31/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for transparently proxying a connection, comprising:

receiving a communication packet at a proxy device, the communication packet being sent from a source device and destined for a protected device, the source device not necessarily being aware that the communication packet is received at the proxy device;

determining whether the communication packet is associated with a proxied connection between the source device and the protected device;

forwarding the communication packet to the protected device in response to the communication packet being associated with a proxied connection;

determining whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for transparently proxying a connection to a protected machine. The method includes monitoring a communication packet on a network at a proxy machine. The communication packet has a communication packet source address, source port number, destination address, and destination port number. The proxy determines whether to intercept the communication packet based on whether the communication packet destination address and the communication packet destination port number correspond to a protected destination address and a protected destination port number stored in a proxy list. The proxy machine then determines whether to proxy a proxied connection associated with the communication packet based on the communication packet source address and the communication packet source port number. A protected connection is terminated from the proxy machine to a protected machine. The protected machine corresponds to the communication packet destination address and the communication packet destination port number.

Citations

20 Claims

1. A method for transparently proxying a connection, comprising:
- receiving a communication packet at a proxy device, the communication packet being sent from a source device and destined for a protected device, the source device not necessarily being aware that the communication packet is received at the proxy device;
  
  determining whether the communication packet is associated with a proxied connection between the source device and the protected device;
  
  forwarding the communication packet to the protected device in response to the communication packet being associated with a proxied connection;
  
  determining whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - dropping the communication packet in response to the communication packet not being an initial connection packet.
  - 3. The method of claim 1, further comprising:
    - establishing a proxied connection between the source device and the protected device in response to the communication packet being an initial connection packet.
  - 4. The method of claim 1, further comprising:
    - determining whether the communication packet is destined for the proxy device;
      
      forwarding the packet to a local application in the proxy device for processing in response to the communication packet being destined for the proxy device.

5. A system for transparently proxying a connection, comprising:
- means for receiving a communication packet at a proxy device, the communication packet being sent from a source device and destined for a protected device, the source device not necessarily being aware that the communication packet is received at the proxy device;
  
  means for determining whether the communication packet is associated with a proxied connection between the source device and the protected device;
  
  means for forwarding the communication packet to the protected device in response to the communication packet being associated with a proxied connection;
  
  means for determining whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprising:
    - means for dropping the communication packet in response to the communication packet not being an initial connection packet.
  - 7. The method of claim 5, further comprising:
    - means for establishing a proxied connection between the source device and the protected device in response to the communication packet being an initial connection packet.
  - 8. The method of claim 5, further comprising:
    - means for determining whether the communication packet is destined for the proxy device;
      
      means for forwarding the packet to a local application in the proxy device for processing in response to the communication packet being destined for the proxy device.

9. Logic encoded in a media for transparently proxying a connection, the logic operable to:
- receive a communication packet at a proxy device, the communication packet being sent from a source device and destined for a protected device, the source device not necessarily being aware that the communication packet is received at the proxy device;
  
  determine whether the communication packet is associated with a proxied connection between the source device and the protected device;
  
  forward the communication packet to the protected device in response to the communication packet being associated with a proxied connection;
  
  determine whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.
- View Dependent Claims (10, 11, 12)
- - 10. The logic of claim 9, further operable to:
    - drop the communication packet in response to the communication packet not being an initial connection packet.
  - 11. The logic of claim 9, further operable to:
    - establish a proxied connection between the source device and the protected device in response to the communication packet being an initial connection packet.
  - 12. The logic of claim 9, further operable to:
    - determine whether the communication packet is destined for the proxy device;
      
      forward the packet to a local application in the proxy device for processing in response to the communication packet being destined for the proxy device.

13. An apparatus for transparently proxying a connection, comprising:
- a proxy device operable to receive a communication packet, the communication packet being sent from a source device and destined for a protected device, the source device not necessarily being aware that the communication packet is received at the proxy device, the proxy device operable to determine whether the communication packet is associated with a proxied connection between the source device and the protected device, the proxy device operable to forward the communication packet to the protected device in response to the communication packet being associated with a proxied connection;
  
  wherein the proxy device is operable to determine whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.
- View Dependent Claims (14, 15, 16)
- - 14. The apparatus of claim 13, wherein the proxy device is operable to drop the communication packet in response to the communication packet not being an initial connection packet.
  - 15. The apparatus of claim 13, wherein the proxy device is operable to establish a proxied connection between the source device and the protected device in response to the communication packet being an initial connection packet.
  - 16. The apparatus of claim 13, wherein the proxy device is operable to determine whether the communication packet is destined for the proxy device, the proxy device operable to forward the packet to a local application in the proxy device for processing in response to the communication packet being destined for the proxy device.

17. A system for transparently proxying a connection, comprising:
- a source device operable to generate a communication packet;
  
  a protected device destined to process the communication packet;
  
  a proxy device operable to intercept the communication packet, the source device not necessarily being aware that the communication packet destined for the protected device is to be intercepted by the proxy device, the proxy device operable to determine whether the communication packet is associated with a proxied connection between the source device and the protected device, the proxy device operable to forward the communication packet to the protected device in response to the communication packet being associated with a proxied connection;
  
  wherein the proxy device is operable to determine whether the communication packet is an initial connection packet generated by the source device in response to the communication packet not being associated with a proxied connection.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the proxy device is operable to drop the communication packet in response to the communication packet not being an initial connection packet.
  - 19. The system of claim 17, wherein the proxy device is operable to establish a proxied connection between the source device and the protected device in response to the communication packet being an initial connection packet.
  - 20. The system of claim 17, wherein the proxy device is operable to determine whether the communication packet is destined for the proxy device, the proxy device operable to forward the packet to a local application in the proxy device for processing in response to the communication packet being destined for the proxy device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Coile, Brantley W., Howes, Richard A., LeBlanc, William M.
Primary Examiner(s)
Phan, Man U.

Application Number

US10/865,964
Time in Patent Office

886 Days
Field of Search

370217-222, 370248-355, 370401-403, 709203-219, 709224-230, 709238-249, 726 12- 14
US Class Current

370/248
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0281   Proxies

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

Method and apparatus for transparently proxying a connection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for transparently proxying a connection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links