Invention Grant
US09055094B2 Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
有权
用于入侵检测系统或入侵防御系统的基于目标的SMB和DCE / RPC处理
- Patent Title: Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
- Patent Title (中): 用于入侵检测系统或入侵防御系统的基于目标的SMB和DCE / RPC处理
-
Application No.: US13484628Application Date: 2012-05-31
-
Publication No.: US09055094B2Publication Date: 2015-06-09
- Inventor: Kenneth Todd Wease
- Applicant: Kenneth Todd Wease
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Edell, Shapiro & Finnan LLC
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A method performed in a processor of an intrusion detection/prevention system (IDS/IPS) checks for valid packets in an SMB named pipe in a communication network. In a processor configured as an IDS/IPS, a packet in a transmission is received and a kind of application of a target of the packet is determined. Also, the data in the packet is inspected by the IDS/IPS as part of the SMB named pipe on only one of a condition that: (a) the FID in an SMB command header of the packet is valid (i) for segments/fragments in the SMB named pipe and (ii) for the determined kind of application of the target of the packet, as indicated by a reassembly table, and (b) the determined kind of application of the target of the packet does not check the FID, as indicated by the reassembly table.
Public/Granted literature
Information query
