Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
US8272055B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Oct 8, 2009 |
| Grant date | Sep 18, 2012 |
| Priority date | — |
| Expiry date | Nov 3, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method performed in a processor of an intrusion detection/prevention system (IDS/IPS) checks for valid packets in an SMB named pipe in a communication network. In a processor configured as an IDS/IPS, a packet in a transmission is received and a kind of application of a target of the packet is determined. Also, the data in the packet is inspected by the IDS/IPS as part of the SMB named pipe on only one of a condition that: (a) the FID in an SMB command header of the packet is valid (i) for segments/fragments in the SMB named pipe and (ii) for the determined kind of application of the target of the packet, as indicated by a reassembly table, and (b) the determined kind of application of the target of the packet does not check the FID, as indicated by the reassembly table.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.