Patents by Inventor Shashidhara Nanjundaswamy
Shashidhara Nanjundaswamy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9497281Abstract: The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device.Type: GrantFiled: April 4, 2014Date of Patent: November 15, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Ashwin Jagadish, Mahesh Mylarappa, Sandhya Gopinath, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Patent number: 9432399Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.Type: GrantFiled: May 26, 2015Date of Patent: August 30, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: Meghashree Iyengar, Krishna Khanal, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Publication number: 20150281272Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.Type: ApplicationFiled: May 26, 2015Publication date: October 1, 2015Inventors: Meghashree Iyengar, Krishna Khanal, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Patent number: 9055100Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.Type: GrantFiled: April 6, 2013Date of Patent: June 9, 2015Assignee: CITRIX SYSTEMS, INC.Inventors: Meghashree Iyengar, Krishna Khanal, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Publication number: 20140304798Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.Type: ApplicationFiled: April 6, 2013Publication date: October 9, 2014Applicant: Citrix Systems, Inc.Inventors: Meghashree Iyengar, Krishna Khanal, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Publication number: 20140301388Abstract: The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device.Type: ApplicationFiled: April 4, 2014Publication date: October 9, 2014Applicant: Citrix Systems, Inc.Inventors: Ashwin Jagadish, Mahesh Mylarappa, Sandhya Gopinath, Saravana Annamalaisami, Shashidhara Nanjundaswamy
-
Patent number: 8726006Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.Type: GrantFiled: August 21, 2012Date of Patent: May 13, 2014Assignee: Citrix Systems, Inc.Inventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar
-
Patent number: 8261057Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.Type: GrantFiled: June 4, 2010Date of Patent: September 4, 2012Assignee: Citrix Systems, Inc.Inventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar
-
Publication number: 20100241846Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.Type: ApplicationFiled: June 4, 2010Publication date: September 23, 2010Inventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar
-
Patent number: 7757074Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.Type: GrantFiled: January 24, 2005Date of Patent: July 13, 2010Assignee: Citrix Application Networking, LLCInventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar
-
Publication number: 20060005240Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.Type: ApplicationFiled: January 24, 2005Publication date: January 5, 2006Inventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar