发明名称 |
Preventing network data injection attacks using duplicate ACK and re-assembly gap approaches |
摘要 |
<p>Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.</p> |
申请公布号 |
EP1716488(B1) |
申请公布日期 |
2014.04.30 |
申请号 |
EP20050705601 |
申请日期 |
2005.01.11 |
申请人 |
CISCO TECHNOLOGY, INC. |
发明人 |
RAMAIAH, ANANTHA;STEWART, RANDALL;LEI, PETER;MAHAN, PATRICK |
分类号 |
H04L29/06;G06F11/30;G06F15/173;G06F21/55;H04L9/00;H04L9/32;H04L12/56 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|