CA2325652A1 - A method for intercepting network packets in a computing device - Google Patents
A method for intercepting network packets in a computing device Download PDFInfo
- Publication number
- CA2325652A1 CA2325652A1 CA002325652A CA2325652A CA2325652A1 CA 2325652 A1 CA2325652 A1 CA 2325652A1 CA 002325652 A CA002325652 A CA 002325652A CA 2325652 A CA2325652 A CA 2325652A CA 2325652 A1 CA2325652 A1 CA 2325652A1
- Authority
- CA
- Canada
- Prior art keywords
- network
- replacement
- function
- module
- network adapter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
Abstract
A method is provided for intercepting network packets in a computer system, where a number of functions are used to communicate network packets between a network adapter and a protocols entity. A first network adapter and a first protocols entity installed in the computer system are identified. A set of replacement functions is provided within a packet interceptor module. At least one function used for transmitting network packets from said first protocols entity to said first network adapter is hooked into a first replacement function. At least one function used for transmitting network packets from said first network adapter to said first protocols entity is hooked into a second replacement function. At least one function used for receiving information about the status of the network interface implemented by said first network adapter is hooked into a third replacement function.
Claims (47)
1. A method for intercepting network packets in a computer system, where network packets are communicated between a first network adapter and a first protocols entity, of which the network adapter implements a certain network interface, the method comprising the steps of - providing a set of replacement functions within a packet interceptor module;
- hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function;
and - hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
- hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function;
and - hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
2. A method according to claim 1, additionally comprising the steps of - determining, whether or not a dynamic IP address has been allocated for the network interface implemented by said first network adapter; and - in a case where a dynamic IP address has been allocated for the network interface implemented by said first network adapter, determining which said dynamic IP
address is.
address is.
3. A method according to claim 1, additionally comprising a step of identifying a first network adapter and a first protocols entity installed in the computer system, so arranged that this step comprises first the substep of - hooking a certain mechanism, meant to be used by network adapters and protocols entities to register themselves to the computer system, into a certain replacement mechanism;
and after that without any specific order the substeps of - identifying said first network adapter when it uses said replacement mechanism to register itself to the computer system and - identifying said first protocols entity when it uses said replacement mechanism to register itself to the computer system.
and after that without any specific order the substeps of - identifying said first network adapter when it uses said replacement mechanism to register itself to the computer system and - identifying said first protocols entity when it uses said replacement mechanism to register itself to the computer system.
4. A method according to claim 3, wherein the step of hooking a certain mechanism used by network adapters and protocols entities to register themselves comprises, without any specific order, the substeps of - loading an interface module that determines said certain mechanism;
- loading a packet interceptor module that determines said replacement mechanism;
and - hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism.
- loading a packet interceptor module that determines said replacement mechanism;
and - hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism.
5. A method according to claim 4, wherein the step of loading an interface module that determines said certain mechanism comprises the step of loading an NDIS
interface module, and the step of hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism comprises the substeps of - hooking the NdisRegisterProtocol function determined by said NDIS interface module into a replacement protocol registering function determined by said packet interceptor module; and - hooking the NdisOpenAdapter function determined by said NDIS interface module into a replacement network adapter opening function determined by said packet interceptor module.
interface module, and the step of hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism comprises the substeps of - hooking the NdisRegisterProtocol function determined by said NDIS interface module into a replacement protocol registering function determined by said packet interceptor module; and - hooking the NdisOpenAdapter function determined by said NDIS interface module into a replacement network adapter opening function determined by said packet interceptor module.
6. A method according to claim 5, wherein the step of hooking the NdisRegisterProtocol function comprises the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure determined by said NDIS
interface module.
interface module.
7. A method according to claim 6, wherein the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure comprises the step of replacing the ReceiveHandler, ReceiveCompleteHandler and TransferData-CompleteHandler functions determined by said NDIS interface module.
8. A method according to claim 7, wherein the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure comprises additionally the step of replacing the SendCompleteHandler and RequestComplete-Handler functions determined by said NDIS interface module.
9. A method according to claim 5, additionally comprising the step of determining, which bindings connect said first network adapter and said first protocols entity, by calling said replacement adapter opening function.
10. A method according to claim 1, additionally comprising the steps of - loading said first network adapter and said first protocols entity and - determining, which bindings connect said first network adapter and said first protocols entity, by analyzing data structures after said first network adapter and said first protocols entity have been loaded.
11. A method according to claim 10, wherein said step of analyzing data structures after said first network adapter and said first protocols entity have been loaded comprises the step of reading a piece of system configuration information from a memory.
12. A method according to claim 11, wherein said step of reading a piece of system configuration information comprises the step of reading a registry.
13. A method according to claim 1, additionally comprising the step of identifying the first network adapter and the first protocols entity, so that this step comprises the substep of reading a piece of system configuration information from a memory.
14. A method according to claim 13, wherein the substep of reading a piece of system configuration information from a memory comprises the reading of a registry.
15. A method according to claim 1, additionally comprising the steps of - loading said first network adapter and said first protocols entity and - identifying the first network adapter and the first protocols entity by traversing data structures after adapters and protocols have been loaded into the computer system.
16. A method according to claim 15, comprising first without any specific order the steps of - loading said first protocols entity into the computer system; and - loading said first network adapter into the computer system;
and after that, in the following order, the steps of - loading a dynamically loadable packet interceptor module into the computer system; and - traversing data structures to identify said first network adapter and said first protocols entity.
and after that, in the following order, the steps of - loading a dynamically loadable packet interceptor module into the computer system; and - traversing data structures to identify said first network adapter and said first protocols entity.
17. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating the beginning of the executable program code of a certain first function that is to be hooked into a certain first replacement function;
- saving a copy of a certain passage of executable program code starting from said beginning; and - replacing said certain passage of executable program code starting from said beginning with another passage of executable program code that transfers execution to said first replacement function.
- saving a copy of a certain passage of executable program code starting from said beginning; and - replacing said certain passage of executable program code starting from said beginning with another passage of executable program code that transfers execution to said first replacement function.
18. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating, in a data structure, a function pointer that points to a certain first function that is to be hooked into a certain first replacement function;
- saving a copy of said function pointer; and - replacing said function pointer with another function pointer that points to said first replacement function.
- saving a copy of said function pointer; and - replacing said function pointer with another function pointer that points to said first replacement function.
19. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating a dispatch table in a dynamically loaded module; and - modifying said dispatch table.
20. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of calling a system function that installs a hook for a system service.
21. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of adding a first replacement function - into which a certain first function is hooked - to a system-provided hook list.
22. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of redirecting an interrupt vector.
23. A method according to claim 1, additionally comprising the step of handling a network packet with a certain first replacement function without passing said network packet to the function which is hooked into said first replacement function.
24. A method according to claim 1, additionally comprising the step of calling a certain first function from a certain first replacement function into which said first function is hooked.
25. A method according to claim 1, additionally comprising, in the following order, the steps of - modifying a network packet with a certain first replacement function and - passing the modified network packet to the function which is hooked into said first replacement function.
26. A method according to claim 1, additionally comprising the step of copying a network packet by applying a certain first replacement function.
27. A method according to claim 1, additionally comprising the step of calling a certain first function, which is hooked into a certain first replacement function, without first calling said first replacement function.
28. A method according to claim 1, additionally comprising the steps of - determining whether a dial-up link is up or down; and - providing information about said dial-up link being up or down to said packet interceptor module.
29. A method according to claim 1, additionally comprising the steps of - determining at least one network address used for said first network interface; and - providing information about determined network addresses to said packet interceptor module.
30. A method according to claim 29, wherein the step of determining at least one network address comprises the substep of examining link-layer protocol packets.
31. A method according to claim 30, wherein the step of examining link-layer protocol packets comprises the substep of examining IPCP packets where IPCP is a subprotocol of PPP.
32. A method according to claim 30, wherein the step of examining link-layer protocol packets comprises the substep of examining ARP protocol packets.
33. A method according to claim 29, wherein the step of determining at least one network address comprises the substep of examining the DHCP protocol.
34. A method according to claim 29, wherein the step of determining at least one network address comprises the substeps of - hooking a certain first function that is to be called when there is a change in the address information into a certain replacement function;
- traversing a number of predetermined data structures at the time of calling said replacement function; and - comparing information read from said data structures against a predetermined piece of earlier saved corresponding information.
- traversing a number of predetermined data structures at the time of calling said replacement function; and - comparing information read from said data structures against a predetermined piece of earlier saved corresponding information.
35. A method according to claim 1, further comprising the step of - modifying information passed between said first network adapter and said first protocols entity about link-layer characteristics; and - as a result of said modification of information, reducing the maximum transmitted packet size known to said first protocols entity on a link.
36. A method for intercepting network packets in a computer system, where a number of functions are used to communicate network packets between a plurality of network adapters and a plurality of protocols entities, of which the network adapters implement certain network interfaces, the method comprising the steps of - providing a set of replacement functions within a packet interceptor module;
- hooking a plurality of functions used for transmitting network packets from protocols entities to network adapters into a first set of replacement functions;
- hooking a plurality of functions used for transmitting network packets from network adapters to protocols entities into a second set of replacement functions; and - hooking a plurality of functions used for receiving information about the status of the network interfaces implemented by network adapters into a third set of replacement functions.
- hooking a plurality of functions used for transmitting network packets from protocols entities to network adapters into a first set of replacement functions;
- hooking a plurality of functions used for transmitting network packets from network adapters to protocols entities into a second set of replacement functions; and - hooking a plurality of functions used for receiving information about the status of the network interfaces implemented by network adapters into a third set of replacement functions.
37. A method according to claim 36, additionally comprising the step of identifying a number of network adapters and protocols entities which are installed in the computer system.
38. A method according to claim 37, wherein the step of identifying a number of network adapters and protocols entities comprises the substep of ignoring one or more member of the group of said network adapters and protocols.
39. A method for intercepting network packets in a computer system, where a certain first operating system module is used to implement network functionality and said first operating system module implements a certain programming interface with a plurality of entry points, the method comprising the steps of - replacing said first operating system module with a certain first replacement module that implements a programming interface equal to said programming interface of the first operating system module and calls said first operating system module from a plurality of the entry points of the programming interface;
- using said replacement module to identify at least one network adapter and at least one protocols entity installed in the computer system;
- using said replacement module to replace at least one function used for transmitting network packets from said first protocols entity to said first network adapter;
- using said replacement module to to replace at least one function used for transmitting network packets from said first network adapter to said first protocols entity;
- using said replacement module to replace at least one function used for receiving information about the status of the network interface implemented by said first net-work adapter;
- using said replacement module to determine, whether or not a dynamic IP
address has been allocated for the network interface implemented by said first network adapter; and - in a case where a dynamic IP address has been allocated for the network interface implemented by said first network adapter, using said replacement module to determine, which said dynamic IP address is.
- using said replacement module to identify at least one network adapter and at least one protocols entity installed in the computer system;
- using said replacement module to replace at least one function used for transmitting network packets from said first protocols entity to said first network adapter;
- using said replacement module to to replace at least one function used for transmitting network packets from said first network adapter to said first protocols entity;
- using said replacement module to replace at least one function used for receiving information about the status of the network interface implemented by said first net-work adapter;
- using said replacement module to determine, whether or not a dynamic IP
address has been allocated for the network interface implemented by said first network adapter; and - in a case where a dynamic IP address has been allocated for the network interface implemented by said first network adapter, using said replacement module to determine, which said dynamic IP address is.
40. A method according to claim 39, additionally comprising the step of calling said first operating system module from said replacement module.
41. A method according to claim 39, wherein the step of replacing said first operating system module with said replacement module comprises the substeps of - moving said first operating system module aside at installation time and - replacing said first operating system module with said first replacement module.
42. A method according to claim 39, wherein said step of replacing said first operating system module with said replacement module is performed when the computer system boots but before said first operating system module is loaded.
43. A method according to claim 42, additionally comprising the step of undoing the replacing by said replacement module after said first operating system module has been loaded.
44. A method according to claim 39, additionally comprising the step of automatically generating said replacement module based on the said first operating system module.
45. A computer system for handling network packets, comprising - a first network adapter arranged to implement a network interface;
- a first protocols entity;
- a number of predetermined functions for communicating network packets between said network adapter and said protocols entity;
- a packet interceptor module for determining a set of replacement functions;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - within said packet interceptor module, means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
- a first protocols entity;
- a number of predetermined functions for communicating network packets between said network adapter and said protocols entity;
- a packet interceptor module for determining a set of replacement functions;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - within said packet interceptor module, means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
46. A computer system according to claim 45, additionally comprising means for identifying said first network adapter and said first protocols entity.
47. A packet interceptor module for intercepting network packets in a computer system which comprises a first network adapter, a first protocols entity and a number of predetermined functions for communicating network packets between said network adapter and said protocols entity; said packet interceptor module comprising - the definition of a set of replacement functions;
- means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
- means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/439,419 US6678734B1 (en) | 1999-11-13 | 1999-11-13 | Method for intercepting network packets in a computing device |
US09/439,419 | 1999-11-13 |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2325652A1 true CA2325652A1 (en) | 2001-05-13 |
CA2325652C CA2325652C (en) | 2010-08-17 |
Family
ID=23744629
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2325652A Expired - Lifetime CA2325652C (en) | 1999-11-13 | 2000-11-10 | A method for intercepting network packets in a computing device |
Country Status (5)
Country | Link |
---|---|
US (1) | US6678734B1 (en) |
CA (1) | CA2325652C (en) |
DE (1) | DE10054923B4 (en) |
FI (1) | FI113927B (en) |
IL (1) | IL139415A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1320238A2 (en) * | 2001-12-11 | 2003-06-18 | Microsoft Corporation | Architecture and run-time environment for network filter drivers |
Families Citing this family (98)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7089591B1 (en) | 1999-07-30 | 2006-08-08 | Symantec Corporation | Generic detection and elimination of marco viruses |
US6775657B1 (en) * | 1999-12-22 | 2004-08-10 | Cisco Technology, Inc. | Multilayered intrusion detection system and method |
US6754709B1 (en) * | 2000-03-29 | 2004-06-22 | Microsoft Corporation | Application programming interface and generalized network address translator for intelligent transparent application gateway processes |
GB0017201D0 (en) * | 2000-07-14 | 2000-08-30 | Ibm | Generalised program hooks |
US7630398B2 (en) * | 2000-09-27 | 2009-12-08 | Intel Corporation | Subnet independent transparent bridge |
US20020092003A1 (en) * | 2000-11-29 | 2002-07-11 | Brad Calder | Method and process for the rewriting of binaries to intercept system calls in a secure execution environment |
US20020065876A1 (en) * | 2000-11-29 | 2002-05-30 | Andrew Chien | Method and process for the virtualization of system databases and stored information |
US20020065874A1 (en) * | 2000-11-29 | 2002-05-30 | Andrew Chien | Method and process for virtualizing network interfaces |
WO2002093334A2 (en) * | 2001-04-06 | 2002-11-21 | Symantec Corporation | Temporal access control for computer virus outbreaks |
US7290266B2 (en) * | 2001-06-14 | 2007-10-30 | Cisco Technology, Inc. | Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy |
US7231665B1 (en) * | 2001-07-05 | 2007-06-12 | Mcafee, Inc. | Prevention of operating system identification through fingerprinting techniques |
US20030084321A1 (en) * | 2001-10-31 | 2003-05-01 | Tarquini Richard Paul | Node and mobile device for a mobile telecommunications network providing intrusion detection |
US20030084319A1 (en) * | 2001-10-31 | 2003-05-01 | Tarquini Richard Paul | Node, method and computer readable medium for inserting an intrusion prevention system into a network stack |
US7737134B2 (en) * | 2002-03-13 | 2010-06-15 | The Texas A & M University System | Anticancer agents and use |
US6959297B2 (en) | 2002-04-25 | 2005-10-25 | Winnow Technology, Llc | System and process for searching within a data stream using a pointer matrix and a trap matrix |
US7155742B1 (en) * | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
US7367056B1 (en) | 2002-06-04 | 2008-04-29 | Symantec Corporation | Countering malicious code infections to computer files that have been infected more than once |
US7418729B2 (en) * | 2002-07-19 | 2008-08-26 | Symantec Corporation | Heuristic detection of malicious computer code by page tracking |
US7380277B2 (en) | 2002-07-22 | 2008-05-27 | Symantec Corporation | Preventing e-mail propagation of malicious computer code |
US20040019895A1 (en) * | 2002-07-29 | 2004-01-29 | Intel Corporation | Dynamic communication tuning apparatus, systems, and methods |
US7478431B1 (en) | 2002-08-02 | 2009-01-13 | Symantec Corporation | Heuristic detection of computer viruses |
US7469419B2 (en) * | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
US7159149B2 (en) * | 2002-10-24 | 2007-01-02 | Symantec Corporation | Heuristic detection and termination of fast spreading network worm attacks |
US7278019B2 (en) * | 2002-11-04 | 2007-10-02 | Hewlett-Packard Development Company, L.P. | Method of hindering the propagation of a computer virus |
US7249187B2 (en) * | 2002-11-27 | 2007-07-24 | Symantec Corporation | Enforcement of compliance with network security policies |
US7941854B2 (en) * | 2002-12-05 | 2011-05-10 | International Business Machines Corporation | Method and system for responding to a computer intrusion |
US7631353B2 (en) * | 2002-12-17 | 2009-12-08 | Symantec Corporation | Blocking replication of e-mail worms |
US7296293B2 (en) * | 2002-12-31 | 2007-11-13 | Symantec Corporation | Using a benevolent worm to assess and correct computer security vulnerabilities |
US7203959B2 (en) | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
JP2004289561A (en) * | 2003-03-24 | 2004-10-14 | Sony Corp | Management method of network connection, and electronic equipment |
US7398386B2 (en) * | 2003-04-12 | 2008-07-08 | Cavium Networks, Inc. | Transparent IPSec processing inline between a framer and a network component |
US7496662B1 (en) | 2003-05-12 | 2009-02-24 | Sourcefire, Inc. | Systems and methods for determining characteristics of a network and assessing confidence |
US8271774B1 (en) | 2003-08-11 | 2012-09-18 | Symantec Corporation | Circumstantial blocking of incoming network traffic containing code |
US20050091558A1 (en) * | 2003-10-28 | 2005-04-28 | International Business Machines Corporation | System, method and program product for detecting malicious software |
US7978716B2 (en) * | 2003-11-24 | 2011-07-12 | Citrix Systems, Inc. | Systems and methods for providing a VPN solution |
US7426574B2 (en) * | 2003-12-16 | 2008-09-16 | Trend Micro Incorporated | Technique for intercepting data in a peer-to-peer network |
US7337327B1 (en) | 2004-03-30 | 2008-02-26 | Symantec Corporation | Using mobility tokens to observe malicious mobile code |
US7533415B2 (en) * | 2004-04-21 | 2009-05-12 | Trend Micro Incorporated | Method and apparatus for controlling traffic in a computer network |
US7484094B1 (en) | 2004-05-14 | 2009-01-27 | Symantec Corporation | Opening computer files quickly and safely over a network |
US7373667B1 (en) | 2004-05-14 | 2008-05-13 | Symantec Corporation | Protecting a computer coupled to a network from malicious code infections |
US7370233B1 (en) | 2004-05-21 | 2008-05-06 | Symantec Corporation | Verification of desired end-state using a virtual machine environment |
US7953814B1 (en) | 2005-02-28 | 2011-05-31 | Mcafee, Inc. | Stopping and remediating outbound messaging abuse |
US8495305B2 (en) | 2004-06-30 | 2013-07-23 | Citrix Systems, Inc. | Method and device for performing caching of dynamically generated objects in a data communication network |
US8739274B2 (en) * | 2004-06-30 | 2014-05-27 | Citrix Systems, Inc. | Method and device for performing integrated caching in a data communication network |
US7757074B2 (en) * | 2004-06-30 | 2010-07-13 | Citrix Application Networking, Llc | System and method for establishing a virtual private network |
CA2574776A1 (en) * | 2004-07-23 | 2006-02-02 | Citrix Systems, Inc. | Systems and methods for optimizing communications between network nodes |
EP1771979B1 (en) | 2004-07-23 | 2011-11-23 | Citrix Systems, Inc. | A method and systems for securing remote access to private networks |
US7539681B2 (en) * | 2004-07-26 | 2009-05-26 | Sourcefire, Inc. | Methods and systems for multi-pattern searching |
US7441042B1 (en) | 2004-08-25 | 2008-10-21 | Symanetc Corporation | System and method for correlating network traffic and corresponding file input/output traffic |
US7567573B2 (en) * | 2004-09-07 | 2009-07-28 | F5 Networks, Inc. | Method for automatic traffic interception |
US7690034B1 (en) | 2004-09-10 | 2010-03-30 | Symantec Corporation | Using behavior blocking mobility tokens to facilitate distributed worm detection |
US7565686B1 (en) | 2004-11-08 | 2009-07-21 | Symantec Corporation | Preventing unauthorized loading of late binding code into a process |
US9160755B2 (en) | 2004-12-21 | 2015-10-13 | Mcafee, Inc. | Trusted communication network |
US9015472B1 (en) | 2005-03-10 | 2015-04-21 | Mcafee, Inc. | Marking electronic messages to indicate human origination |
US8700695B2 (en) * | 2004-12-30 | 2014-04-15 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP pooling |
US7810089B2 (en) * | 2004-12-30 | 2010-10-05 | Citrix Systems, Inc. | Systems and methods for automatic installation and execution of a client-side acceleration program |
US8706877B2 (en) * | 2004-12-30 | 2014-04-22 | Citrix Systems, Inc. | Systems and methods for providing client-side dynamic redirection to bypass an intermediary |
US8549149B2 (en) * | 2004-12-30 | 2013-10-01 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing |
US8954595B2 (en) * | 2004-12-30 | 2015-02-10 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP buffering |
US8255456B2 (en) | 2005-12-30 | 2012-08-28 | Citrix Systems, Inc. | System and method for performing flash caching of dynamically generated objects in a data communication network |
US8104086B1 (en) | 2005-03-03 | 2012-01-24 | Symantec Corporation | Heuristically detecting spyware/adware registry activity |
US20060288096A1 (en) * | 2005-06-17 | 2006-12-21 | Wai Yim | Integrated monitoring for network and local internet protocol traffic |
US7486673B2 (en) | 2005-08-29 | 2009-02-03 | Connect Technologies Corporation | Method and system for reassembling packets prior to searching |
US7639715B1 (en) * | 2005-09-09 | 2009-12-29 | Qlogic, Corporation | Dedicated application interface for network systems |
US7779422B1 (en) | 2005-10-05 | 2010-08-17 | Mcafee, Inc. | System, method, and computer program product for compatibility among hooking applications |
US8046833B2 (en) | 2005-11-14 | 2011-10-25 | Sourcefire, Inc. | Intrusion event correlation with network discovery information |
US7733803B2 (en) * | 2005-11-14 | 2010-06-08 | Sourcefire, Inc. | Systems and methods for modifying network map attributes |
US7735099B1 (en) | 2005-12-23 | 2010-06-08 | Qlogic, Corporation | Method and system for processing network data |
US8301839B2 (en) * | 2005-12-30 | 2012-10-30 | Citrix Systems, Inc. | System and method for performing granular invalidation of cached dynamically generated objects in a data communication network |
US7921184B2 (en) * | 2005-12-30 | 2011-04-05 | Citrix Systems, Inc. | System and method for performing flash crowd caching of dynamically generated objects in a data communication network |
US8131667B1 (en) * | 2006-04-28 | 2012-03-06 | Netapp, Inc. | System and method for generating synthetic clients |
US8239915B1 (en) | 2006-06-30 | 2012-08-07 | Symantec Corporation | Endpoint management using trust rating data |
US7948988B2 (en) * | 2006-07-27 | 2011-05-24 | Sourcefire, Inc. | Device, system and method for analysis of fragments in a fragment train |
US7701945B2 (en) * | 2006-08-10 | 2010-04-20 | Sourcefire, Inc. | Device, system and method for analysis of segments in a transmission control protocol (TCP) session |
US8997074B1 (en) * | 2006-09-29 | 2015-03-31 | Trend Micro Incorporated | Dynamic linking library (DLL) replacement in an embedded operating system environment |
CA2672908A1 (en) * | 2006-10-06 | 2008-04-17 | Sourcefire, Inc. | Device, system and method for use of micro-policies in intrusion detection/prevention |
US8069352B2 (en) * | 2007-02-28 | 2011-11-29 | Sourcefire, Inc. | Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session |
US7987065B1 (en) * | 2007-04-17 | 2011-07-26 | Nvidia Corporation | Automatic quality testing of multimedia rendering by software drivers |
US8127353B2 (en) * | 2007-04-30 | 2012-02-28 | Sourcefire, Inc. | Real-time user awareness for a computer network |
US20080306815A1 (en) * | 2007-06-06 | 2008-12-11 | Nebuad, Inc. | Method and system for inserting targeted data in available spaces of a webpage |
EP2079191A3 (en) * | 2008-01-09 | 2010-01-13 | Verint Systems Inc. | Method and system for direct data recording |
US8474043B2 (en) * | 2008-04-17 | 2013-06-25 | Sourcefire, Inc. | Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing |
US10354229B2 (en) | 2008-08-04 | 2019-07-16 | Mcafee, Llc | Method and system for centralized contact management |
US8272055B2 (en) | 2008-10-08 | 2012-09-18 | Sourcefire, Inc. | Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system |
US8893260B2 (en) * | 2008-12-17 | 2014-11-18 | Rockstar Consortium Us Lp | Secure remote access public communication environment |
CN101640923A (en) * | 2009-08-20 | 2010-02-03 | 深圳华为通信技术有限公司 | Method and device for acquiring network configuration information |
US10235216B1 (en) * | 2009-10-15 | 2019-03-19 | Ivanti, Inc. | Modifying system-defined user interface control functionality on a computing device |
CA2789824C (en) | 2010-04-16 | 2018-11-06 | Sourcefire, Inc. | System and method for near-real time network attack detection, and system and method for unified detection via detection routing |
US8433790B2 (en) | 2010-06-11 | 2013-04-30 | Sourcefire, Inc. | System and method for assigning network blocks to sensors |
US8671182B2 (en) | 2010-06-22 | 2014-03-11 | Sourcefire, Inc. | System and method for resolving operating system or service identity conflicts |
US8479292B1 (en) * | 2010-11-19 | 2013-07-02 | Symantec Corporation | Disabling malware that infects boot drivers |
US8601034B2 (en) | 2011-03-11 | 2013-12-03 | Sourcefire, Inc. | System and method for real time data awareness |
US8527665B2 (en) * | 2011-04-15 | 2013-09-03 | Ixia | Redirecting function calls |
US9560504B2 (en) * | 2011-08-01 | 2017-01-31 | Samsung Electronics Co., Ltd. | Secondary mobile device |
EP2792104B1 (en) | 2011-12-21 | 2021-06-30 | SSH Communications Security Oyj | Automated access, key, certificate, and credential management |
US20140380300A1 (en) * | 2013-06-25 | 2014-12-25 | Bank Of America Corporation | Dynamic configuration framework |
CN103957214A (en) * | 2014-05-06 | 2014-07-30 | 重庆邮电大学 | Computer network data package grabbing method for teaching |
WO2018058182A1 (en) * | 2016-09-27 | 2018-04-05 | Cog Systems Pty Ltd | A network connectable computing system and a method for processing a plurality of messages |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6085234A (en) * | 1994-11-28 | 2000-07-04 | Inca Technology, Inc. | Remote file services network-infrastructure cache |
GB2301735B (en) * | 1995-06-02 | 1999-07-28 | Dsc Communications | Message handling in a telecommunications network |
US5862362A (en) | 1995-10-05 | 1999-01-19 | Microsoft Corporation | Network failure simulator |
US5822520A (en) * | 1995-12-26 | 1998-10-13 | Sun Microsystems, Inc. | Method and apparatus for building network test packets |
US5781550A (en) | 1996-02-02 | 1998-07-14 | Digital Equipment Corporation | Transparent and secure network gateway |
US5774660A (en) | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US6366958B1 (en) * | 1996-10-21 | 2002-04-02 | International Business Machines Corporation | NETBIOS protocol support for a DCE RPC mechanism |
US6026086A (en) * | 1997-01-08 | 2000-02-15 | Motorola, Inc. | Apparatus, system and method for a unified circuit switched and packet-based communications system architecture with network interworking functionality |
US5983274A (en) * | 1997-05-08 | 1999-11-09 | Microsoft Corporation | Creation and use of control information associated with packetized network data by protocol drivers and device drivers |
US6289388B1 (en) * | 1997-06-02 | 2001-09-11 | Unisys Corporation | System for communicating heterogeneous computers that are coupled through an I/O interconnection subsystem and have distinct network addresses, via a single network interface card |
US6473406B1 (en) * | 1997-07-31 | 2002-10-29 | Cisco Technology, Inc. | Method and apparatus for transparently proxying a connection |
US6111894A (en) * | 1997-08-26 | 2000-08-29 | International Business Machines Corporation | Hardware interface between a switch adapter and a communications subsystem in a data processing system |
US6226680B1 (en) * | 1997-10-14 | 2001-05-01 | Alacritech, Inc. | Intelligent network interface system method for protocol processing |
US6272551B1 (en) * | 1998-04-08 | 2001-08-07 | Intel Corporation | Network adapter for transmitting network packets between a host device and a power line network |
US6295554B1 (en) * | 1998-05-27 | 2001-09-25 | 3Com Corporation | System and method for communicating with a telco-return cable modem as a single communications device |
US6363423B1 (en) * | 1999-04-26 | 2002-03-26 | 3Com Corporation | System and method for remotely generating, assigning and updating network adapter card in a computing system |
-
1999
- 1999-11-13 US US09/439,419 patent/US6678734B1/en not_active Expired - Lifetime
-
2000
- 2000-11-01 IL IL13941500A patent/IL139415A/en active IP Right Grant
- 2000-11-06 DE DE10054923A patent/DE10054923B4/en not_active Expired - Lifetime
- 2000-11-10 CA CA2325652A patent/CA2325652C/en not_active Expired - Lifetime
- 2000-11-13 FI FI20002477A patent/FI113927B/en not_active IP Right Cessation
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1320238A2 (en) * | 2001-12-11 | 2003-06-18 | Microsoft Corporation | Architecture and run-time environment for network filter drivers |
EP1320238A3 (en) * | 2001-12-11 | 2005-12-07 | Microsoft Corporation | Architecture and run-time environment for network filter drivers |
US7209971B1 (en) | 2001-12-11 | 2007-04-24 | Microsoft Corporation | Architecture and run-time environment for network filter drivers |
Also Published As
Publication number | Publication date |
---|---|
DE10054923B4 (en) | 2013-11-14 |
FI113927B (en) | 2004-06-30 |
IL139415A0 (en) | 2001-11-25 |
US6678734B1 (en) | 2004-01-13 |
DE10054923A1 (en) | 2001-05-31 |
IL139415A (en) | 2005-06-19 |
FI20002477A (en) | 2001-05-14 |
FI20002477A0 (en) | 2000-11-13 |
CA2325652C (en) | 2010-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2325652A1 (en) | A method for intercepting network packets in a computing device | |
US5446680A (en) | System and method for obtaining network performance data | |
US5815682A (en) | Device independent modem interface | |
US7929539B2 (en) | Multiple queue pair access with a single doorbell | |
US5870610A (en) | Autoconfigurable method and system having automated downloading | |
US5638517A (en) | Method and apparatus for transmitting a message from a computer system over a network adapter to the network by performing format conversion and memory verification | |
CN101490637B (en) | Dynamic bus-based virtual channel multiplexing device driver architecture | |
US20110069710A1 (en) | Switching Method | |
US6550006B1 (en) | Method and apparatus to perform a remote boot | |
US20040122988A1 (en) | System for controlling data transfer protocol with a host bus interface | |
WO1999026377A3 (en) | A high performance interoperable network communications architecture (inca) | |
CN101135980A (en) | Device and method for realizing zero copy based on Linux operating system | |
US7082524B2 (en) | I/O bus abstraction for a cluster interconnection fabric | |
EP1204916A2 (en) | Method, system and computer readable storage medium for automatic device driver configuration | |
US5454078A (en) | System for sharing name among network adapters by, dynamically linking adapters having same logical name and maintaining linked state of remaining adapters | |
US5541853A (en) | Processor configurable for both virtual mode and protected mode | |
US6708229B2 (en) | Configuring computer components | |
US20020029302A1 (en) | Method, computer program product, and system for managing connection-oriented media | |
US6591320B1 (en) | Method and system for selective disablement of expansion bus slots in a multibus data processing system | |
GB2436627A (en) | Message handling using a wrapper | |
US6259532B1 (en) | Method and apparatus for communicating with a plurality of peripheral devices through a single parallel port | |
CN115454896A (en) | SMBUS-based SSD MCTP control message verification method and device, computer equipment and storage medium | |
US7546611B2 (en) | Driver agent device for supporting remote device driver development environment in embedded system and operation method thereof | |
US7336664B2 (en) | Data processing device and its input/output method and program | |
EP1234235B1 (en) | Method and apparatus for remotely debugging computer software over a serial bus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20201110 |