Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session
US8069352B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 28, 2007 |
| Grant date | Nov 29, 2011 |
| Priority date | — |
| Expiry date | Feb 9, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method performed in an intrusion detection/prevention system, a system or a device for determining whether a transmission control protocol (TCP) segment in a TCP connection in a communication network is acceptable. The TCP connection can include TCP segments beginning with a three way handshake. A TCP segment can include a field for a timestamp. A timestamp policy of plural timestamp policies is identified, the timestamp policy corresponding to a target associated with the segments in a TCP connection. A baseline timestamp is identified based on a three way handshake in the TCP connection. Segments in the TCP connection are monitored. The segments in the TCP connection are filtered as indicated in the timestamp policy corresponding to the target, the timestamp policy indicating whether the segments are to be filtered out or forwarded to the target by comparing the timestamp of the segments to the baseline timestamp.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.