Network system with TCP/IP protocol spoofing

US 7,337,233 B2
Filed: 12/31/2003
Issued: 02/26/2008
Est. Priority Date: 06/08/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

TCP packet receiving means for receiving a TCP packet sent by a first apparatus on a TCP/IP network; and

protocol spoofing means for sending a TCP ACK to the first apparatus in response to said TCP packet receiving means receiving the TCP packet from the first apparatus so as to spoof receipt of the TCP packet by a second apparatus on the TCP/IP network,wherein said TCP packet receiving means and said protocol spoofing means are provided in an apparatus.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system in which a personal computer sends messages into a TCP/IP network using a conventional dial-up link and downloads data from the TCP/IP network using a high-speed one-way satellite link. A preferred embodiment uses a conventional SLIP provider to connect to the TCP/IP network and uses a commercial software TCP/IP package that has a standard driver interface. A spoofing protocol compensates for the long propagation delays inherent to satellite communication.

Citations

79 Claims

1. A system comprising:
- TCP packet receiving means for receiving a TCP packet sent by a first apparatus on a TCP/IP network; and
  
  protocol spoofing means for sending a TCP ACK to the first apparatus in response to said TCP packet receiving means receiving the TCP packet from the first apparatus so as to spoof receipt of the TCP packet by a second apparatus on the TCP/IP network,wherein said TCP packet receiving means and said protocol spoofing means are provided in an apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A system according to claim 1, further comprising sending means for sending data comprising the data field of the TCP packet to the second apparatus via a satellite link.
  - 3. A system according to claim 2, wherein the data comprises the entire TCP packet.
  - 4. A system according to claim 1, further comprising TCP ACK receiving means for receiving a TCP ACK from the second apparatus, the TCP ACK having been sent by the second apparatus in response to receipt by the second apparatus of the data, the TCP ACK having been sent in an IP packet addressed to the first apparatus.
  - 5. A system according to claim 4, further comprising means for discarding the TCP ACK received from the second apparatus without forwarding the TCP ACK to the first apparatus in response to the TCP ACK not containing data in its data field.
  - 6. A system according to claim 4, further comprising modifying means for modifying the TCP ACK received from the second apparatus and for forwarding the modified TCP ACK to the first apparatus, said modifying means comprising means for changing the acknowledgement number of the TCP ACK received from the second apparatus.
  - 7. A system according to claim 6, wherein said modifying means further comprises means for recalculating the TCP checksum in response to the acknowledgement number being changed.
  - 8. A system according to claim 1, further comprising information sending means for sending information to the second apparatus via a satellite link in response to receipt of the TCP packet sent by the first apparatus.
  - 9. A system according to claim 1, wherein data comprising the data field of the TCP packet is sent to the second apparatus via a connection comprising a satellite link, andwherein for the satellite link, the data comprising the data field of the TCP packet is formatted for transmission including providing a first address field that identifies an IP address of the second apparatus and a second address field that identifies a destination satellite receiver.
  - 10. A system according to claim 9, wherein the destination satellite receiver comprises a device that is configured to interface the second apparatus to a satellite antenna.
  - 11. A system according to claim 10, wherein the device is disposed within the second apparatus and is embodied as an adapter card.
  - 12. A system according to claim 9, wherein the second address field is a six byte destination address.
  - 13. A system according to claim 12, wherein the six byte destination address comprises the bytes of an IP address in reverse order.
  - 14. A system according to claim 1, wherein the TCP packet is sent by the first apparatus in an IP packet having, as its destination IP address, the IP address of the second apparatus.
  - 15. A system according to claim 1, wherein the second apparatus has a web browser, and the first apparatus sends the TCP packet in response to a request from the web browser.
  - 16. A system according to claim 1, wherein the TCP/IP network is the Internet.

17. A method comprising:
- a TCP packet receiving step of receiving a TCP packet sent by a first apparatus on a TCP/IP network; and
  
  a protocol spoofing step of sending a TCP ACK to the first apparatus in response to said TCP packet receiving means receiving the TCP packet from the first apparatus so as to spoof receipt of the TCP packet by a second apparatus on the TCP/IP network.

18. A system comprising:
- a TCP packet receiving unit configured to receive a TCP packet sent by a first apparatus on a network; and
  
  a protocol spoofer configured to send a TCP ACK to the first apparatus on the network in response to said TCP packet receiving unit receiving the TCP packet from the first apparatus on the network so as to spoof receipt of the TCP packet by a second apparatus on the network.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. A system according to claim 18, further comprising a data sending unit configured to send data comprising the data field of the TCP packet to the second apparatus via a satellite link.
  - 20. A system according to claim 19, wherein the data comprises the entire TCP packet.
  - 21. A system according to claim 18, further comprising a TCP ACK receiving unit configured to receive a TCP ACK from the second apparatus, the TCP ACK having been sent by the second apparatus in response to receipt by the second apparatus of the data sent by said data sending unit, the TCP ACK having been sent in an IP packet addressed to the first apparatus.
  - 22. A system according to claim 21, further comprising a TCP ACK discarding unit configured to discard the TCP ACK received from the second apparatus without forwarding the TCP ACK to the first apparatus in response to the TCP ACK not containing data in its data field.
  - 23. A system according to claim 21, further comprising a TCP ACK modifying unit configured to modify the TCP ACK received from the second apparatus and to forward the modified TCP ACK to the first apparatus, said TCP ACK modifying unit comprising an acknowledgement number changing unit configured to change the acknowledgement number of the TCP ACK received from the second apparatus.
  - 24. A system according to claim 23, wherein said TCP ACK modifying unit further comprises a checksum recalculating unit configured to recalculate the TCP checksum after the acknowledgment number is changed.
  - 25. A system according to claim 18, further comprising information sending means for sending information to the second apparatus via a satellite link in response to receipt of the TCP packet sent by the first apparatus.
  - 26. A system according to claim 18, wherein data comprising the data field of the TCP packet is sent to the second apparatus via a connection comprising a satellite link, andwherein for the satellite link, the data comprising the data field of the TCP packet is formatted for transmission including providing a first address field that identifies an IP address of the second apparatus and a second address field that identifies a destination satellite receiver.
  - 27. A system according to claim 26, wherein the second address field is a six byte destination address.
  - 28. A system according to claim 18, wherein the second apparatus has a web browser, and the first apparatus sends the TCP packet in response to a request from the web browser.
  - 29. A system according to claim 18, wherein said TCP packet receiving unit and said protocol spoofer are provided in an apparatus.

30. A system comprising:
- a receiving unit that is configured to receive data sent from a source apparatus, the data being addressed at the IP level to a destination apparatus; and
  
  a TCP ACK generator that is configured to generate a TCP ACK to be sent to the source apparatus in an IP packet addressed to the source apparatus, the TCP ACK being arranged to spoof receipt of the data by the destination apparatus,wherein the destination apparatus receives the data via a communication path comprising a satellite link.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 31. A system according to claim 30, wherein when the destination apparatus sends data addressed to the source apparatus, the ACK number of a TCP packet containing the data and addressed to the source apparatus is set by an apparatus other than the destination apparatus to be equal to a highest in-sequence sequence number.
  - 32. A system according to claim 30, wherein the destination apparatus is a personal computing device, and the source apparatus is an application server.
  - 33. A system according to claim 30, further comprising a data sending unit that is configured to send the data to the destination apparatus in a packet via the communication path comprising a satellite link.
  - 34. A system according to claim 33, wherein said data sending unit resends the data in response to non-receipt of an acknowledgement from the destination apparatus within a predetermined amount of time.
  - 35. A system according to claim 34, wherein the acknowledgment is a TCP ACK.
  - 36. A system according to claim 30, further comprising a data sending unit that is configured to effect the receipt of the data by the destination apparatus via the communication path comprising a satellite link,wherein said data sending unit stores the data in a memory, andwherein said data sending unit deletes the data from the memory in response to receipt of an acknowledgement that the destination apparatus has received the data.
  - 37. A system according to claim 36, wherein the acknowledgment is a TCP ACK.
  - 38. A system according to claim 30, further comprising an ACK editing unit that is configured so that upon receipt from the destination apparatus of a TCP ACK for the data, the TCP ACK containing data and being sent in an IP packet addressed to the source apparatus, said ACK editing unit edits the TCP ACK by replacing the ACK number in the TCP ACK with a highest in-sequence sequence number received from the source apparatus and sends the edited TCP ACK to the source apparatus.
  - 39. A system according to claim 38, wherein the TCP checksum of the TCP ACK is recalculated by said ACK editing unit after the ACK number is replaced.
  - 40. A system according to claim 38, wherein the TCP checksum is recalculated after the ACK number is replaced.
  - 41. A system according to claim 30, wherein when the destination apparatus sends a TCP ACK for the data, the TCP ACK containing data and being sent in an IP packet addressed to the source apparatus, the ACK number in the TCP ACK is replaced with the highest in-sequence sequence number received from the source apparatus and the resulting TCP ACK is then sent to the source apparatus.
  - 42. A system according to claim 30, wherein the TCP ACK has a source port corresponding to the destination apparatus.
  - 43. A system according to claim 30, further comprising a data sending unit that is configured to address the data for transmission to the destination apparatus.
  - 44. A system according to claim 43, wherein said data sending unit sends the data in a packet.
  - 45. A system according to claim 43, wherein said data sending unit effects retransmission of the data in response to non-receipt of an acknowledgment for the data within an amount of time.
  - 46. A system according to claim 45, wherein the acknowledgment is a TCP ACK.
  - 47. A system according to claim 43, wherein said data sending unit stores the data in a memory until receiving an acknowledgment for the data.
  - 48. A system according to claim 47, wherein said data sending unit deletes the data from the memory in response to receiving the acknowledgment.
  - 49. A system according to claim 47, wherein the acknowledgment is a TCP ACK.
  - 50. A system according to claim 30, wherein the data is sent to the destination apparatus via the communication path comprising a satellite link, andwherein for the satellite link, the data is formatted for transmission including providing a first address field that identifies an IP address of the destination apparatus and a second address field that identifies a destination satellite receiver.
  - 51. A system according to claim 45, wherein the destination apparatus has a web browser, and the source apparatus sends the TCP packet in response to a request from the web browser.
  - 52. A system according to claim 50, wherein the second address field is a six byte destination address.
  - 53. A system according to claim 30, wherein the destination apparatus has a web browser, and the source apparatus sends the TCP packet in response to a request from the web browser.
  - 54. A system according to claim 30, wherein said receiving unit and said TCP ACK generator are provided in an apparatus.

55. A system comprising:
- receiving means for receiving data sent from a source apparatus, the data being addressed at the IP level to a destination apparatus; and
  
  TCP ACK generating means for generating a TCP ACK to be sent to the source apparatus in an IP packet addressed to the source apparatus, the TCP ACK being arranged to spoof receipt of the data by the destination apparatus,wherein the destination apparatus receives the data via a communication path comprising a satellite link, andwherein said receiving means and sais TCP ACK generating means are provided in an apparatus.

56. A method comprising:
- a data receiving step of receiving, at a first apparatus on a network, data sent by a second apparatus on the network; and
  
  a TCP ACK generating step of generating, by the first apparatus on the network, of a TCP ACK spoofing receipt of the data by a third apparatus on the network; and
  
  receiving, by the third apparatus on the network, of the data via a communication path comprising a wireless link of the network.
- View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 57. A method according to claim 56, wherein the first apparatus is a gateway, the second apparatus is an application server, and the third apparatus is a personal computer, and the wireless link comprises a satellite link.
  - 58. A method according to claim 56, further comprising a step of sending by the first apparatus to the third apparatus of the data via the communication path.
  - 59. A method according to claim 58, further comprising a step of resending by the first apparatus to the third apparatus of the data in response to non-receipt of a TCP ACK from the third apparatus within a predetermined amount of time.
  - 60. A method according to claim 56, further comprising a step of selectively discarding a TCP ACK to prevent the TCP ACK from reaching the second apparatus, the TCP ACK having been sent by the third apparatus in response to receipt of the data.
  - 61. A method according to claim 56, further comprising a step of resending to the third apparatus of the data in response to non-receipt of a TCP ACK from the third apparatus within a predetermined amount of time.
  - 62. A method according to claim 56, further comprising a step of editing a TCP ACK, which contains data and which was sent by the third apparatus, to replace the ACK number with a highest in-sequence sequence number.
  - 63. A method according to claim 56, wherein said generating step comprises setting the source port of the TCP ACK to correspond to the third apparatus, and wherein said method further comprises sending the TCP ACK in an IP packet having a source IP address corresponding to the third apparatus.
  - 64. A method according to claim 56, wherein the data is sent from the first apparatus to the third apparatus via the communication path, andwherein for the wireless link, the data is formatted for transmission including providing a first address field that identifies an IP address of the third apparatus and a second address field that identifies a destination satellite receiver.
  - 65. A method according to claim 64, wherein the second address field is a six byte destination address.
  - 66. A method according to claim 56, wherein the third apparatus has a web browser, and the second apparatus sends the data in response to a request from the web browser.

67. A system comprising:
- an ACK spoofing subsystem for performing transport level ACK spoofing on a transport level connection between a first apparatus on a network and a second apparatus on the network, wherein said subsystem is configured to;
  
  (1) receive data sent from the first apparatus toward the second apparatus,(2) send a transport level ACK to the first apparatus in response to receipt of the data from the first apparatus, the transport level ACK being arranged to spoof receipt of the data by the second apparatus, and(3) in the case that the second apparatus sends toward the first apparatus a transport level ACK in response to receipt of the data, which transport level ACK contains data, receive the transport level ACK and forward it to the first apparatus after ensuring that its ACK number is set equal to a highest in-sequence sequence number received from the first apparatus over the connection.
- View Dependent Claims (68, 69, 70, 71)
- - 68. A system according to claim 67, wherein said ACK spoofing subsystem ensures that the ACK number of the received transport level ACK is set equal to the highest in-sequence sequence number received from the first apparatus over the connection by replacing the ACK number with the highest in-sequence sequence number received from the first apparatus over the connection.
  - 69. A system according to claim 68, wherein when replacing the ACK number, said ACK spoofing subsystem also recalculates the checksum of the received transport level ACK.
  - 70. A system according to claim 67, further comprising the first apparatus and the second apparatus.
  - 71. A system according to claim 67, wherein said ACK spoofing subsystem is provided in an apparatus.

72. A system comprising:
- an ACK spoofing subsystem for performing TCP ACK spoofing on a TCP connection between a first apparatus on a network and a second apparatus on the network, wherein said subsystem is configured to;
  
  (1) receive a TCP packet indicating that a new TCP connection is being formed between the first apparatus and the second apparatus;
  
  (2) initialize, in response to receiving the TCP packet, a data structure in a memory, the data structure being arranged to store data sent on the TCP connection by the first apparatus toward the second apparatus;
  
  (3) receive data sent on the TCP connection by the first apparatus toward the second apparatus;
  
  (4) generate a TCP ACK in response to receipt of the data, the TCP ACK being arranged to spoof receipt by the second apparatus of the data;
  
  (5) store the data in the data structure;
  
  (6) forward the data toward the second apparatus;
  
  (7) in response to an acknowledgement for the data not being received within a predetermined amount of time, forward the data stored in the data structure toward the second apparatus to thereby forward the data again;
  
  (8) delete the data from the data structure in response to receipt of an acknowledgement for the data;
  
  (9) keep track of a highest in-sequence sequence number on the TCP connection; and
  
  (10) in the case that the second apparatus sends toward the first apparatus a TCP ACK for the data, the TCP ACK containing data, receive the TCP ACK and forward it toward the first apparatus after ensuring that its ACK number is set equal to the number.
- View Dependent Claims (73, 74, 75, 76, 77)
- - 73. A system according to claim 72, wherein said ACK spoofing subsystem is further configured to delete the data structure in response to receipt of a TCP close connection packet.
  - 74. A system according to claim 72, further comprising the first apparatus and the second apparatus.
  - 75. A system according to claim 72, wherein the ensuring comprises replacing the ACK number of the TCP ACK with the number and recalculating the checksum of the TCP ACK.
  - 76. A system according to claim 72, wherein the packet indicating that a new TCP connection is being formed is sent in an IP packet having, as its source address, the IP address of the first apparatus, and having, as its destination address, the IP address of the second apparatus.
  - 77. A system according to claim 72, wherein said ACK spoofing subsystem is provided in an apparatus.

78. A system comprising:
- a forwarding unit that is configured to receive data from a first apparatus on a network, which data is addressed to a second apparatus on the network, and to forward the data toward the second apparatus;
  
  a TCP ACK sender that is configured to send a TCP ACK to the first apparatus, the TCP ACK being arranged to spoof receipt of the data by the second apparatus; and
  
  a TCP ACK processor that, when the second apparatus sends a TCP ACK to the first apparatus and the TCP ACK contains data, edits the TCP ACK'"'"'s ACK number.
- View Dependent Claims (79)
- - 79. A system according to claim 78, wherein said forwarding unit, said TCP ACK sender, and said TCP ACK processor are provided in an apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hughes Network Systems LLC (Echostar Corporation)
Original Assignee
Hughes Network Systems Incorporated (Echostar Corporation)
Inventors
Dillon, Douglas M.
Primary Examiner(s)
Avellino; Joseph E

Application Number

US10/750,356
Publication Number

US 20040202166A1
Time in Patent Office

1,518 Days
Field of Search

709217-219, 709227-229, 709230-235
US Class Current

709/232
CPC Class Codes

H04B 7/18584   Arrangements for data netwo...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/5692   Selection among different n...

H04L 2212/00   Encapsulation of packets

H04L 47/10   Flow control; Congestion co...

H04L 47/43   Assembling or disassembling...

H04L 61/00   Network arrangements, proto...

H04L 61/10   of different types

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/168   specially adapted for link ...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Network system with TCP/IP protocol spoofing

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

79 Claims

Specification

Solutions

Use Cases

Quick Links

Network system with TCP/IP protocol spoofing

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

79 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links