专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070171828A1 Method of determining a maximum transmission unit value of a network path using transport layer feedback 有权
标题翻译：使用传输层反馈来确定网络路径的最大传输单元值的方法
公开(公告)号：US20070171828A1
公开(公告)日：2007-07-26
申请号：US11338591
申请日：2006-01-23
申请人： Mitesh Dalal , Randall Stewart , Amol Khare , Vineet Dixit , Srinivas Subramanian
发明人： Mitesh Dalal , Randall Stewart , Amol Khare , Vineet Dixit , Srinivas Subramanian
IPC分类号： H04L12/26 , H04J1/16 , H04J3/24
CPC分类号： H04L47/10 , H04L47/365
摘要： A network element implementing a method for determining an optimal maximum transmission unit (MTU) value on a path between two nodes in a network is described. A sending node interested in learning the optimal MTU path value allows fragmentation of datagrams sent on the path, selects an initial MTU, and sends one or more data packets to a receiving node. Upon receiving the data the receiver determines if fragmentation occurred. If no fragmentation occurred then the MTU path selected is the optimal MTU for the given path between the nodes. If fragmentation did occur then the sender is notified that the selected MTU was not the optimal MTU for the path. Either the receiver proposes a new MTU for the path, or the sender selects a new, smaller MTU. The process repeats until the receiver detects no fragmentation.
摘要翻译：描述了实现用于确定网络中两个节点之间的路径上的最佳最大传输单元（MTU）值的方法的网络元件。有兴趣学习最佳MTU路径值的发送节点允许在路径上发送的数据报的分段，选择初始MTU，并将一个或多个数据分组发送到接收节点。在接收到数据后，接收机确定是否发生分段。如果没有发生碎片，则选择的MTU路径是节点之间给定路径的最优MTU。如果发生碎片，则发送者被通知所选择的MTU不是该路径的最佳MTU。接收方为路径提出新的MTU，或者发送方选择一个新的较小的MTU。该过程重复，直到接收器没有检测到碎片。

2. 发明授权

US07458097B2 Preventing network reset denial of service attacks 有权
标题翻译：防止网络重置拒绝服务攻击
公开(公告)号：US07458097B2
公开(公告)日：2008-11-25
申请号：US11540526
申请日：2006-09-28
申请人： Mitesh Dalal , Amol Khare , Randall Stewart
发明人： Mitesh Dalal , Amol Khare , Randall Stewart
IPC分类号： G06F11/00 , G06F15/16 , H04L1/00
CPC分类号： H04L63/1458 , H04L1/16
摘要： Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.
摘要翻译：公开了在分组交换网络中防止TCP RST攻击和TCP SYN攻击的方法。在一种方法中，在接收到TCP RST分组时，第一端点节点使用确认消息来挑战当前连接中的第二端点节点。如果连接真正关闭，则第二端点节点用携带预期下一个序列值的RST分组进行响应。如果没有接收到RST数据包，则第一个端点节点不采取任何操作。因此，攻击被阻止，因为攻击者没有收到确认消息，因此无法提供确切的预期下一个序列值。

3. 发明授权

US07203961B1 Preventing network reset denial of service attacks 有权
公开(公告)号：US07203961B1
公开(公告)日：2007-04-10
申请号：US10755146
申请日：2004-01-09
申请人： Mitesh Dalal , Amol Khare , Randall Stewart
发明人： Mitesh Dalal , Amol Khare , Randall Stewart
IPC分类号： G06F11/00 , G06F15/16 , H04L1/00
CPC分类号： H04L63/1458 , H04L1/16
摘要： Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

4. 发明申请

US20070044150A1 Preventing network reset denial of service attacks 有权
标题翻译：防止网络重置拒绝服务攻击
公开(公告)号：US20070044150A1
公开(公告)日：2007-02-22
申请号：US11540526
申请日：2006-09-28
申请人： Mitesh Dalal , Amol Khare , Randall Stewart
发明人： Mitesh Dalal , Amol Khare , Randall Stewart
IPC分类号： G06F12/14
CPC分类号： H04L63/1458 , H04L1/16
摘要： Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.
摘要翻译：公开了在分组交换网络中防止TCP RST攻击和TCP SYN攻击的方法。在一种方法中，在接收到TCP RST分组时，第一端点节点使用确认消息来挑战当前连接中的第二端点节点。如果连接真正关闭，则第二端点节点用携带预期下一个序列值的RST分组进行响应。如果没有接收到RST数据包，则第一个端点节点不采取任何操作。因此，攻击被阻止，因为攻击者没有收到确认消息，因此无法提供确切的预期下一个序列值。

5. 发明申请

US20070159977A1 Selecting paths in multi-homed transport-layer network associations 有权
标题翻译：选择多宿主传输层网络关联中的路径
公开(公告)号：US20070159977A1
公开(公告)日：2007-07-12
申请号：US11326841
申请日：2006-01-06
申请人： Mitesh Dalal , Randall Stewart
发明人： Mitesh Dalal , Randall Stewart
IPC分类号： H04J1/16 , H04J3/14 , H04L12/56
CPC分类号： H04L45/22 , H04L45/02 , H04L47/10 , H04L47/11 , H04L47/122 , H04L47/26
摘要： A multi-homed network node comprises an interface that is addressable using a primary network address and a secondary network address. Network packets identifying the primary network address traverse a first network path and packets identifying the second network address traverse a second network path that is routed physically separately from the first network path. A transport layer network protocol association is established in the network between a first node and the multi-homed node. One or more data messages are sent to the second node and identify the primary network address. Network feedback information indicates one or more performance characteristics of the first network path. In response, the data messages are automatically modified to identify the secondary network address.
摘要翻译：多宿主网络节点包括使用主网络地址和辅助网络地址可寻址的接口。标识主网络地址的网络分组穿过第一网络路径，标识第二网络地址的分组穿过与第一网络路径物理分开路由的第二网络路径。在第一节点和多归位节点之间的网络中建立传输层网络协议关联。将一个或多个数据消息发送到第二个节点并识别主要网络地址。网络反馈信息指示第一网络路径的一个或多个性能特征。作为响应，数据消息被自动修改以识别辅助网络地址。

6. 发明授权

US07808998B2 Disconnected transport protocol connectivity 有权
标题翻译：断开传输协议连接
公开(公告)号：US07808998B2
公开(公告)日：2010-10-05
申请号：US12024031
申请日：2008-01-31
申请人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
发明人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
IPC分类号： H04L12/28 , H04J3/06
CPC分类号： H04L69/16 , H04W80/06
摘要： In an embodiment, an existing transport protocol connection though a mobile device is recognized as having entered a state of disconnect. A lowest received sequence number is determined from received messages to be transmitted over a disconnected transport protocol connection. A disconnect acknowledgement message with a receive window of zero and a sequence number of one less than the lowest received sequence number is transmitted. The disconnect acknowledge message with a receive window of zero and a sequence number of one less than the lowest received sequence number is continued to be transmitted until the transport protocol connection exits the disconnect state to a connect state.
摘要翻译：在一个实施例中，通过移动设备的现有传输协议连接被识别为已经进入断开状态。从接收到的消息中确定最低的接收序列号，以通过断开的传输协议连接发送。发送具有接收窗口为零且序列号小于最低接收序列号的序列号的断开确认消息。继续发送接收窗口为零且序列号小于最低接收序列号的断开确认消息，直到传输协议连接退出断开状态为连接状态。

7. 发明授权

US07257840B2 Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches 有权
标题翻译：使用重复ACK和重组间隙方法防止网络数据注入攻击
公开(公告)号：US07257840B2
公开(公告)日：2007-08-14
申请号：US10815218
申请日：2004-03-30
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G01R31/08 , G06F11/00 , G06F15/16 , G08C15/00 , H04J3/14 , H04J1/16 , H04L12/26
CPC分类号： H04L63/1466 , G06F21/552 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1416 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。发送ACK消息或虚拟段以验证重新组装缓冲区中的数据的真实性，并帮助更快地丢弃伪数据。这些方法涉及发送方检测虚假数据，并且改进了用于处理典型TCP实现本身的ACK消息的机制。可以在不修改发送者的TCP实现的情况下实现后一种方法。此外，接收机的TCP实现保持与RFC 793的兼容性。

8. 发明申请

US20050160478A1 Preventing network data injection attacks 有权
标题翻译：防止网络数据注入攻击
公开(公告)号：US20050160478A1
公开(公告)日：2005-07-21
申请号：US10792146
申请日：2004-03-02
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G06F15/173 , H04L9/00 , H04L9/32 , H04L12/56 , H04L29/06
CPC分类号： H04L63/1416 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. A first approach provides for dropping received segments that carry ACK values smaller than the next unacknowledged sequence number expected minus the maximum window size. This approach helps keep spurious injected segments out of the TCP re-assembly buffer. In a second approach, heuristics are used to examine the sequence number of a newly arrived segment, and when the sequence number is the next expected, then the newly arrived segment is used and the contents of the re-assembly buffer are not considered. Further, if the data payload of the newly arrived segment overlaps in sequential order with segments already in the re-assembly buffer, the overlapped segments in the re-assembly buffer are considered spurious and are discarded. Thus, this approach helps remove spurious data from the re-assembly buffer if the first approach somehow fails to prevent the data from entering the re-assembly buffer.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。第一种方法提供丢弃接收的段，其携带ACK值小于预期的下一个未确认序列号减去最大窗口大小。这种方法有助于将伪注入的段保留在TCP重新组装缓冲区之外。在第二种方法中，启发式用于检查新到达的段的序列号，当序列号是下一个预期序列号时，则使用新到达的段，并且不考虑重新组装缓冲区的内容。此外，如果新到达的段的数据有效载荷与已经在重新组装缓冲区中的段按顺序重叠，则重组缓冲区中的重叠段被认为是虚假的并被丢弃。因此，如果第一种方法无法防止数据进入重新组装缓冲区，则此方法有助于从重新组装缓冲区中清除虚假数据。

9. 发明授权

US09118494B2 Method for group-based multicast with non-uniform receivers 有权
标题翻译：使用非均匀接收机的组播组播方法
公开(公告)号：US09118494B2
公开(公告)日：2015-08-25
申请号：US12985832
申请日：2011-01-06
申请人： Weiqian Dai , Ming Li , Renwei Li , Xuesong Dong , Yang Yu , Randall Stewart
发明人： Weiqian Dai , Ming Li , Renwei Li , Xuesong Dong , Yang Yu , Randall Stewart
IPC分类号： H04L12/18
CPC分类号： H04L12/184 , H04L12/185 , H04L12/1868 , H04L12/1877 , H04L12/1881
摘要： An apparatus comprising a proxy configured to couple to a sender and a receiver and to receive data from the sender at a first rate and forward the data to the receiver at a second rate that is less than the first rate. A method comprising detecting a reception speed for each of a plurality of receivers in a multicast group, assigning the receivers to a first group and a second group based on the reception speed of each of the receivers, wherein the first group has a reception speed that is faster than a reception speed of the second group, and sending multicast data intended for all of the receivers to the receivers in the first group and to a proxy at a first rate, wherein the proxy buffers the multicast data and sends the multicast data to the receivers in the second group at a second rate.
摘要翻译：一种包括被配置为耦合到发送器和接收器并且以第一速率从发送器接收数据的代理的设备，并且以小于第一速率的第二速率将数据转发到接收器。一种方法，包括检测多播组中的多个接收机中的每一个的接收速度，基于每个接收机的接收速度将接收机分配给第一组和第二组，其中第一组的接收速度为比第二组的接收速度快，并且将针对所有接收机的组播数据发送到第一组中的接收机，并以第一速率发送给代理，其中代理缓存多播数据并将多播数据发送到第二组中的接收机以第二速率。

10. 发明申请

US20140010088A1 NETWORK CONGESTION CONTROL 有权
标题翻译：网络约束控制
公开(公告)号：US20140010088A1
公开(公告)日：2014-01-09
申请号：US13543539
申请日：2012-07-06
申请人： Randall Stewart
发明人： Randall Stewart
IPC分类号： H04L12/26
CPC分类号： H04L47/33 , H04L47/263 , H04L47/27
摘要： Exemplary methods, apparatuses, and systems include a router receiving a first network packet being transmitted across a network path from a first endpoint to a second endpoint, determining that the first network packet does not include a requested rate, modifying the first network packet to include a requested rate in response to determining that the received network packet does not include a requested rate, and transmitting the modified first network packet along the network path to the second endpoint.
摘要翻译：示例性方法，装置和系统包括接收通过跨越从第一端点到第二端点的网络路径传输的第一网络分组的路由器，确定第一网络分组不包括所请求的速率，修改第一网络分组以包括响应于确定所接收的网络分组不包括所请求的速率并且将修改的第一网络分组沿着网络路径发送到第二端点的请求速率。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式