Patent · US Expired

Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches

US7257840B2 · kind B2 · utility

7Cited by

1References

32Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Anantha Ramaiah · Sunnyvale, US
Randall Stewart · Chapin, US
Peter Lei · Arlington Heights, US
Patrick Lee Mahan · Soquel, US

Key dates

Filing date	Mar 30, 2004
Grant date	Aug 14, 2007
Priority date	—
Expiry date	Sep 30, 2024

Classification

Technology area (CPC H)Electricity
CPC primaryH04L69/163
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.