×

Device, system and method for analysis of segments in a transmission control protocol (TCP) session

  • US 7,701,945 B2
  • Filed: 08/10/2006
  • Issued: 04/20/2010
  • Est. Priority Date: 08/10/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method performed in a processor of an intrusion detection/prevention system, for analyzing segments in a transmission in a communication network, the transmission including a plurality of segments in the same transmission control protocol (TCP) session, comprising:

  • (A) monitoring, in a processor of an intrusion detection/prevention system, a plurality of segments in a transmission and determining a kind of host of a destination of the segments in response to receiving the segments; and

    (B) reassembling, in the processor, data in the segments in the transmission in an order indicated by a segment reassembly policy selected from plural different processor-resident segment reassembly policies corresponding to different kinds of hosts based on the determined kind of host of the destination of the segments,the segment reassembly policy indicating an order specific to comprehensively overlapped segments,when the data is in the comprehensively overlapped segments, the order of the data indicated by the segment reassembly policy is different from the order of the data when in segments which are not comprehensively overlapped,the data in comprehensively overlapped segments further being reassembled in a different order in the different segment reassembly policies.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×