Method for customizing processing and response for intrusion prevention
First Claim
1. A method for preventing intrusions to a computer system, comprising:
- using a network-based appliance to intercept data packets;
deciding whether to forward the intercepted packets or whether to route the intercepted packets to a virtual proxy;
performing TCP or UDP processing on the intercepted packets before routing them to the virtual proxy;
using the virtual proxy to analyze the packets that have been routed to the virtual proxy to detect intrusions using a processing engine having at least one processing procedure that detects intrusions; and
when the virtual proxy detects an attack or violation in the packets, using the virtual proxy to direct a transport layer to modify the packets,wherein the virtual proxy directs the transport layer to modify the packets using packet stream modification requests, the method further comprising sending the packet stream modification requests from the network-based appliance to a standby network-based appliance to support fault tolerance.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for customizing the response for network based intrusion prevention comprising of: 1) virtual proxying the application data to enable custom response 2) enhancing transport layer (TCP/IP) to enable selective processing and selective modification of the stream for intrusion prevention. The invention also discloses a method for customizing the processing for both network or host based intrusion prevention comprising of: 1) loading externally defined processing procedures for the detection and prevention of intrusions 2) combining multiple of these processing procedures to form a unified processing engine that can be used for intrusion detection and prevention 3) unloading processing procedures that are not needed any more 4) loading new processing procedures that improve the intrusion detection and prevention.
31 Citations
3 Claims
-
1. A method for preventing intrusions to a computer system, comprising:
-
using a network-based appliance to intercept data packets; deciding whether to forward the intercepted packets or whether to route the intercepted packets to a virtual proxy; performing TCP or UDP processing on the intercepted packets before routing them to the virtual proxy; using the virtual proxy to analyze the packets that have been routed to the virtual proxy to detect intrusions using a processing engine having at least one processing procedure that detects intrusions; and when the virtual proxy detects an attack or violation in the packets, using the virtual proxy to direct a transport layer to modify the packets, wherein the virtual proxy directs the transport layer to modify the packets using packet stream modification requests, the method further comprising sending the packet stream modification requests from the network-based appliance to a standby network-based appliance to support fault tolerance. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneeVmware LLC (Broadcom, Inc.)
-
Original AssigneeVMware, Inc. (Broadcom, Inc.)
-
InventorsKumar, Dileep
-
Primary Examiner(s)Dinh; Minh
-
Application NumberUS10/751,234Time in Patent Office2,223 DaysField of SearchNoneUS Class Current726/23CPC Class CodesH04L 63/0245 Filtering by information in...H04L 63/1416 Event detection, e.g. attac...H04L 63/166 at the transport layer
