Browse Prior Art Database

Abstract IP Proxy

IP.com Disclosure Number: IPCOM000021204D
Original Publication Date: 2004-Jan-02
Included in the Prior Art Database: 2004-Jan-02
Document File: 2 page(s) / 8K

Publishing Venue

IBM

Abstract

This disclosure is for an interactive proxy that allows for the manipulation of any type of network packet.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 1 of 2

Abstract IP Proxy

Disclosed is the idea for a program which allows a user to manipulate network packets as they enter and leave a computer system. This manipulation includes changing all aspects of a packet such as source, destination, payload, flags etc.. Additionally, the manipulation includes being able to destroy the packet and prevent it from continuing to its destination.

This invention is different than others in that it allows for completely interactive manipulation of packets. Typically manipulation is automated in firewalls, network address translations, and routing. This invention however provides a user with the ability to uniquely modify each packet that is intercepted. In addition, this invention is different than others because all aspects of a packet can be changed, not just a few aspects as is the case in network address translation. This invention is intended primarily for security testing. It allows a security professional to test the security of any product that utilizes a network. How this is done varies on the product being tested. For instance, if the product is an application, this invention could be used to form malicious packets that spoof a user's identity, inject traffic into a transfer, overflow an internal buffer, cause the program to crash etc.. Often times, this type of testing can be done with other tools and custom code. However, this procedure is slow and relatively ineffective compared to using this invention. This is because the security professional is forced to recreate a valid session with the product. Here session refers to the correct utilization of a product's networking capabilities. With this invention however, a professional doesn't have to recreate a session, but can manipulate an existing session. The invention can be implemented in a variety of ways. The following is an explanation of one such implementation. In this case, the implementation is done on a Linux-based system. It consists of two primary components: one that operates at the user level and one that operates at the kernel level. The component that operates at kernel level handles all low level packet manipulation. It utilizes Netfilter kernel hooks for the actual packet interce...