PREVENTING NETWORK DATA INJECTION ATTACKS USING DUPLICATE-ACK AND REASSEMBLY GAP APPROACHES
摘要
Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
申请公布号
WO2005072118(A3)
申请公布日期
2006.05.26
申请号
WO2005US01020
申请日期
2005.01.11
申请人
CISCO TECHNOLOGY, INC.;RAMAIAH, ANANTHA;STEWART, RANDALL;LEI, PETER;MAHAN, PATRICK
发明人
RAMAIAH, ANANTHA;STEWART, RANDALL;LEI, PETER;MAHAN, PATRICK