会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Methods and systems to detect an evasion attack
    • 检测逃避攻击的方法和系统
    • US08613088B2
    • 2013-12-17
    • US11552025
    • 2006-10-23
    • George VargheseFlavio Giovanni BonomiJohn Andrew Fingerhut
    • George VargheseFlavio Giovanni BonomiJohn Andrew Fingerhut
    • G06F12/14
    • H04L63/1408H04L63/145
    • A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.
    • 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器,用于存储一起构成攻击签名的签名片段,拦截与网络连接相关联的数据分组的拦截器,字符串匹配模块,用于确定数据分组的有效载荷是否包括任何存储的签名 片段,从而识别匹配,响应者执行响应于匹配的预防动作;以及检测器,用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机,以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。
    • 2. 发明申请
    • METHODS AND SYSTEMS TO DETECT AN EVASION ATTACK
    • 检测事件攻击的方法和系统
    • US20070192861A1
    • 2007-08-16
    • US11552025
    • 2006-10-23
    • George VargheseFlavio Giovanni BonomiJohn Andrew Fingerhut
    • George VargheseFlavio Giovanni BonomiJohn Andrew Fingerhut
    • G06F12/14
    • H04L63/1408H04L63/145
    • A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.
    • 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器,用于存储一起构成攻击签名的签名片段,拦截与网络连接相关联的数据分组的拦截器,字符串匹配模块,用于确定数据分组的有效载荷是否包括任何存储的签名 片段,从而识别匹配,响应者执行响应于匹配的预防动作;以及检测器,用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机,以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。
    • 3. 发明授权
    • Multi-threaded packet processing architecture with global packet memory, packet recirculation, and coprocessor
    • 具有全局分组存储器,分组再循环和协处理器的多线程分组处理架构
    • US07551617B2
    • 2009-06-23
    • US11054076
    • 2005-02-08
    • Will EathertonEarl T. CohenJohn Andrew FingerhutDonald E. SteissJohn Williams
    • Will EathertonEarl T. CohenJohn Andrew FingerhutDonald E. SteissJohn Williams
    • H04L12/56
    • H04L47/56H04L45/60H04L47/50
    • A network processor has numerous novel features including a multi-threaded processor array, a multi-pass processing model, and Global Packet Memory (GPM) with hardware managed packet storage. These unique features allow the network processor to perform high-touch packet processing at high data rates. The packet processor can also be coded using a stack-based high-level programming language, such as C or C++. This allows quicker and higher quality porting of software features into the network processor.Processor performance also does not severely drop off when additional processing features are added. For example, packets can be more intelligently processed by assigning processing elements to different bounded duration arrival processing tasks and variable duration main processing tasks. A recirculation path moves packets between the different arrival and main processing tasks. Other novel hardware features include a hardware architecture that efficiently intermixes co-processor operations with multi-threaded processing operations and improved cache affinity.
    • 网络处理器具有许多新颖的特征,包括多线程处理器阵列,多遍处理模型和具有硬件管理分组存储的全局分组存储器(GPM)。 这些独特的功能允许网络处理器以高数据速率执行高触摸数据包处理。 分组处理器也可以使用基于堆栈的高级编程语言(例如C或C ++)进行编码。 这样可以更快速地将软件功能移植到网络处理器中。 当添加额外的处理功能时,处理器性能也不会严重下降。 例如,可以通过将处理元素分配给不同的有界持续时间到达处理任务和可变持续时间主处理任务来更智能地处理分组。 再循环路径在不同的到达和主要处理任务之间移动分组。 其他新颖的硬件功能包括硬件架构,可以将协处理器操作与多线程处理操作高效地混合,并提高缓存关联度。
    • 4. 发明授权
    • Distributing packets and packets fragments possibly received out of sequence into an expandable set of queues of particular use in packet resequencing and reassembly
    • 将可能接收到的序列中的数据包和数据包片段分配到数据包重新排序和重新组合中特别使用的可扩展队列中
    • US07480308B1
    • 2009-01-20
    • US10812207
    • 2004-03-29
    • Earl T. CohenJohn Andrew FingerhutJohn J. Williams, Jr.
    • Earl T. CohenJohn Andrew FingerhutJohn J. Williams, Jr.
    • H04L12/56
    • H04L47/10H04L47/34H04L49/90H04L49/9094
    • Packets and packets fragments possibly received out of sequence are distributed into an expandable set of queues. For each particular packet or fragment, a queue within a set of queues is identified that does not contain a packet or packet fragment that is subsequent to the particular packet or fragment, and the particular packet or fragment is enqueued therein. If there is not such a queue available, a new queue is added to the set of queues. A data structure is typically updated for packet fragments to identify when all fragments have been received and the order of queues containing the packet fragments in order of their position within the reassembled packet. This ordered list of the queues is communicated to a reassembly mechanism to retrieve the packet fragments and to reassemble the packet. Resequencing of packets is similarly performed, and may be part of the reassembly process. The list of queues is not always used by the reassembly/resequencing mechanism as the enqueued fragments/packets typically contain sequence numbers.
    • 可能从序列中接收到的数据包和数据包片段分布到一组可扩展的队列中。 对于每个特定的分组或片段,识别出一组队列内的队列不包含特定分组或片段之后的分组或分组片段,并且特定分组或片段入队。 如果没有这样的队列可用,则将新队列添加到队列集合中。 典型地,对于分组片段来更新数据结构以识别何时已经接收到所有片段,并且包含分组片段的队列的顺序依次是它们在重新组装的分组内的位置。 队列的有序列表被传送到重新组装机制以检索分组片段并重新组合分组。 类似地执行分组的重新排序,并且可以是重新组装过程的一部分。 队列列表并不总是被重新组装/重新排序机制使用,因为入队的片段/包通常包含序列号。
    • 5. 发明授权
    • Using ordered locking mechanisms to maintain sequences of items such as packets
    • 使用有序锁定机制来维护诸如数据包的项目序列
    • US07626987B2
    • 2009-12-01
    • US10706704
    • 2003-11-12
    • John J. Williams, Jr.John Andrew FingerhutKenneth Harvey Potter, Jr.
    • John J. Williams, Jr.John Andrew FingerhutKenneth Harvey Potter, Jr.
    • H04L12/56
    • H04L49/9094G06F9/526H04L45/10H04L47/2416H04L47/50H04L47/624Y10S707/99938
    • Sequences of items may be maintained using ordered locks. These items may correspond to anything, but using ordered locks to maintain sequences of packets may be particularly useful. One implementation uses a locking request, acceptance, and release protocol. One implementation associates instructions with locking requests such that when a lock is acquired, the locking mechanism executes or causes to be executed the associated instructions as an acceptance request of the lock is implied by the association of instructions (or may be explicitly requested). In some applications, the ordering of the entire sequence of packets is not required to be preserved, but rather only among certain sub-sequences of the entire sequence of items, which can be accomplished by converting an initial root ordered lock (maintaining the sequence of the entire stream of items) to various other locks (each maintaining a sequence of different sub-streams of items).
    • 可以使用有序锁来维护物品的顺序。 这些项目可以对应于任何东西,但是使用有序锁来维护分组的序列可能是特别有用的。 一个实现使用锁定请求,接受和释放协议。 一个实现将指令与锁定请求相关联,使得当获取锁时,锁定机制执行或导致执行相关联的指令,因为锁的接受请求由指令的关联(或可以被明确请求)所暗示。 在一些应用中,整个数据包序列的顺序不需要被保留,而是仅在整个项目序列的某些子序列之中,这可以通过转换初始的根有序锁来实现 整个项目流)到各种其他锁(每个保持一系列不同子项目的子流)。
    • 6. 发明授权
    • Distributing fault indications and maintaining and using a data structure indicating faults to route traffic in a packet switching system
    • 分发故障指示,维护和使用指示故障的数据结构,在分组交换系统中路由流量
    • US06990063B1
    • 2006-01-24
    • US09519282
    • 2000-03-07
    • Daniel E. LenoskiWilliam N. EathertonJohn Andrew FingerhutJonathan S. Turner
    • Daniel E. LenoskiWilliam N. EathertonJohn Andrew FingerhutJonathan S. Turner
    • G01R31/08H04Q11/00
    • H04Q3/68H04L49/1523H04L49/55
    • Methods and apparatus are disclosed for distributing fault indications and maintaining and using a data structure indicating faults to route traffic in a packet switching system. In one embodiment, a packet switching system detects faults and propagates indications of these faults to the input interfaces of a packet switch, so the packet switch can adapt the selection of a route over which to send a particular packet. Faults are identified by various components of the packet switching system and relayed to one or more switching components to generate a broadcast packet destined for all input ports (i.e., to each I/O interface in a packet switch having folded input and output interfaces). Other embodiments, generate one or more multicast or unicast packets. The I/O interface maintains one or more data structures indicating the state of various portions of the packet switching system. In one embodiment, an output availability table is maintained indicating over which path a particular destination may be reached, as well as a link availability vector indicating which output likes of the input interface may be currently used. Using these as masks against possible routes in a fully functional system, the packet switching component (e.g., I/O interface) can identify which routes are currently available for reaching the destination of the received packet. These routes can then be selected between using one of numerous deterministic and non-deterministic methods.
    • 公开了用于分发故障指示和维护和使用指示故障的数据结构以在分组交换系统中路由业务的方法和装置。 在一个实施例中,分组交换系统检测故障并将这些故障的指示传播到分组交换机的输入接口,因此分组交换机可以适应对其发送特定分组的路由的选择。 故障由分组交换系统的各种组件识别,并被中继到一个或多个交换组件以产生目的地为所有输入端口(即,具有折叠的输入和输出接口的分组交换机中的每个I / O接口)的广播分组。 其他实施例,生成一个或多个多播或单播分组。 I / O接口保持指示分组交换系统的各个部分的状态的一个或多个数据结构。 在一个实施例中,保持输出可用性表,指示可以到达特定目的地的哪个路径,以及指示可能当前使用输入接口的哪个输出像的链路可用性向量。 使用这些作为针对全功能系统中的可能路由的掩码,分组交换组件(例如,I / O接口)可以识别当前可用于到达所接收分组的目的地的哪些路由。 然后可以使用许多确定性和非确定性方法之一来选择这些路线。
    • 7. 发明授权
    • Distributed packet processing with ordered locks to maintain requisite packet orderings
    • 使用有序锁定的分布式数据包处理来维护必要的数据包排序
    • US07630376B2
    • 2009-12-08
    • US12062477
    • 2008-04-03
    • John J. Williams, Jr.John Andrew FingerhutDoron ShohamShimon Listman
    • John J. Williams, Jr.John Andrew FingerhutDoron ShohamShimon Listman
    • H04L12/56
    • H04L47/10H04L45/10H04L47/34H04L47/50H04L47/624H04L49/9094Y10S707/99938
    • Sequences of items may be maintained using ordered locks. These items may correspond to anything, but using ordered locks to maintain sequences of packets, especially for maintaining requisite packet orderings when distributing packets to be processed to different packet processing engines, may be particularly useful. For example, in response to a particular packet processing engine completing processing of a particular packet, a gather instruction is attached to the particular identifier of a particular ordered lock associated with the particular packet. If no longer needed for further processing, the packet processing engine is immediately released to be able to process another packet or perform another function. The gather instruction is typically performed in response to the particular ordered lock being acquired by the particular identifier, with the gather instruction causing the processed particular packet to be sent.
    • 可以使用有序锁来维护物品的顺序。 这些项目可以对应于任何东西,但是使用有序锁来维护分组的序列,特别是当将待处理的分组分发到不同的分组处理引擎时,特别是用于维持必需的分组顺序可能是特别有用的。 例如,响应于特定分组处理引擎完成特定分组的处理,收集指令附加到与特定分组相关联的特定有序锁定的特定标识符。 如果不再需要进一步处理,则分组处理引擎立即被释放以能够处理另一个分组或执行另一个功能。 通常,响应于由特定标识符获取的特定有序锁定执行收集指令,其中采集指令导致经处理的特定分组被发送。