Patents by Inventor Craig Cantrell
Craig Cantrell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7454499Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: GrantFiled: November 7, 2002Date of Patent: November 18, 2008Assignee: Tippingpoint Technologies, Inc.Inventors: Craig Cantrell, Marc Willebeek-LeMair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Patent number: 7454792Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: GrantFiled: August 31, 2004Date of Patent: November 18, 2008Assignee: TippingPoint Technologies, Inc.Inventors: Craig Cantrell, Marc Willebeek-Lemair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Patent number: 7451489Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: GrantFiled: August 31, 2004Date of Patent: November 11, 2008Assignee: TippingPoint Technologies, Inc.Inventors: Craig Cantrell, Marc Willebeek-Lemair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Patent number: 7359962Abstract: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.Type: GrantFiled: April 30, 2002Date of Patent: April 15, 2008Assignee: 3Com CorporationInventors: Marc Willebeek-LeMair, Craig Cantrell, Dennis Cox, John McHale, Brian Smith
-
Publication number: 20070226483Abstract: A method of encoding network packets for storage and later transmitting emulated packets includes determining a protocol for the packet and validating the protocol as belonging to a list of recognized protocols. Upon validating the packet, a protocol attribute value from the packet is parsed and a dictionary is referenced using the protocol attribute value to obtain a binary encoding, which is stored as an encoded packet. The packet, for example, may be an HTTP protocol request packet and parsing may include parsing a TYPE attribute value where the TYPE attribute value indicates whether the packet is a GET, POST, PUT or OTHER type of HTTP request. The method may further include modifying environmental data in the packet when the packet is later generated for transmission on a network. The method may further include, for packets of unrecognized protocols, learning and creating an encoding for new protocols.Type: ApplicationFiled: March 24, 2006Publication date: September 27, 2007Inventors: Dennis Cox, William Brewer, Craig Cantrell, Brent Cook, H.D. Moore
-
Publication number: 20060239273Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.Type: ApplicationFiled: June 23, 2006Publication date: October 26, 2006Inventors: Charles Buckman, Dennis Cox, Donovan Kolbly, Craig Cantrell, Brian Smith, Jon Werner, Marc Willebeek-LeMair, Joe Blackard, Francis Webster
-
Patent number: 6983323Abstract: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.Type: GrantFiled: August 12, 2002Date of Patent: January 3, 2006Assignee: TippingPoint Technologies, Inc.Inventors: Craig Cantrell, Marc Willebeek-LeMair, Dennis Cox, Donovan Kolbly, Brian Smith
-
Publication number: 20050044422Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: ApplicationFiled: August 31, 2004Publication date: February 24, 2005Inventors: Craig Cantrell, Marc Willebeek-Lemair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Publication number: 20050028013Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: ApplicationFiled: August 31, 2004Publication date: February 3, 2005Inventors: Craig Cantrell, Marc Willebeek-LeMair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Publication number: 20040093513Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.Type: ApplicationFiled: November 7, 2002Publication date: May 13, 2004Applicant: TippingPoint Technologies, Inc.Inventors: Craig Cantrell, Marc Willebeek-LeMair, Dennis Cox, John McHale, Brian Smith, Donovan Kolbly
-
Publication number: 20040030776Abstract: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.Type: ApplicationFiled: August 12, 2002Publication date: February 12, 2004Applicant: TippingPoint Technologies Inc.,Inventors: Craig Cantrell, Marc Willebeek-LeMair, Dennis Cox, Donovan Kolbly, Brian Smith
-
Publication number: 20030204632Abstract: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.Type: ApplicationFiled: April 30, 2002Publication date: October 30, 2003Applicant: TippingPoint Technologies, Inc.Inventors: Marc Willebeek-LeMair, Craig Cantrell, Dennis Cox, John McHale, Brian Smith
-
Publication number: 20020188732Abstract: A system and method for allocating bandwidth across a network to and from different end point nodes improves the predictability and efficiency of best effort network architectures. Advanced traffic processors associated with end point nodes detect and classify packets transferred across a network and allocate bandwidth. A packet policy module of the advanced traffic processor allocates bandwidth by applying policy definitions, flow ID rules, and flow policy maps to prioritize packet flows. In one embodiment, bandwidth is allocated on demand on a per-download basis so that bulk file transfers are provided substantially reduced download times through allocation of bandwidth for a premium fee.Type: ApplicationFiled: June 6, 2001Publication date: December 12, 2002Inventors: Charles R. Buckman, Dennis J. Cox, Donovan M. Kolbly, Craig Cantrell, Brian C. Smith, Jon H. Werner, Marc Willebeek-LeMair, Joe Wayne Blackard, Francis S. Webster
-
Patent number: 6278728Abstract: A remote XDSL transceiver unit (16) includes an XDSL transceiver (19) and a control block (18). The XDSL transceiver (19) is operable to establish and communicate across an XDSL physical layer. The control block (18) is coupled to the XDSL transceiver (19) and operates to transmit a request for service to a loop termination point. The control block (18) also operates to identify a signal received from the loop termination point (14) and respond based upon a current context of the remote XDSL transceiver unit (16). Further, the control block (18) operates to control power-up and training of the XDSL transceiver (19) such that the XDSL physical layer can be dynamically brought up and down. In one embodiment, the control block (18) operates to store profile information for an established XDSL physical layer to use for future re-establishing of the XDSL physical layer.Type: GrantFiled: March 18, 1998Date of Patent: August 21, 2001Assignee: Cisco Technology, Inc.Inventors: John F. McHale, Robert H. Locklear, Jr., James R. Sisk, Craig Cantrell, Kip McClanahan, Jonathan Harrod
-
Patent number: 5106330Abstract: The invention provides a marine propulsion device comprising a powerhead including an exhaust gas discharge port, a gearcase rotatably supporting a propeller shaft connected to the powerhead and including an exhaust gas discharge, and a lower unit including an upper portion supporting the powerhead and a lower portion connected to the gearcase, with the lower unit comprising an inner exhaust housing having a generally vertical wall, an open top in communication with the powerhead exhaust gas discharge port, a bottom having therein a first exhaust gas outlet and a second exhaust gas outlet at the top portion of the wall, and an outer exhaust housing also having a generally vertical wall in surrounding relation to the inner exhaust gas housing and defining a vertically extending generally annular space between the inner and outer exhaust gas housings, the space communicating with the second exhaust gas outlet.Type: GrantFiled: September 28, 1990Date of Patent: April 21, 1992Assignee: Outboard Marine CorporationInventors: Dan E. Nelson, Louis R. Neal, Charles F. Erbach, Craig A. Cantrell, Chunyuen R. Cheng