System and method to spoof a TCP reset for an out-of-band security device
US10382481B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 18, 2017 |
| Grant date | Aug 13, 2019 |
| Priority date | — |
| Expiry date | Jan 16, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/22
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods are provided to reset a TCP connection such as in response to a security policy violation. To address reset conditions under RFC 5961, for example, TCP RST segments may be spoofed and injected into communications between endpoints (e.g. client and server). In one example, three segments may be spoofed with two having respective predicted sequence numbers to invoke a reset and the third having a sequence number to invoke a challenge ACK. If a challenge ACK is received, one or more additional TCP RST segments may be injected using segment information from the challenge ACK to predict new sequence numbers, one to invoke a reset and the other, if used, to invoke a further challenge ACK. Further responsive pairs of additional TCP RST segments may be sent in response to any further challenge ACK observed until the reset is successful.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.