Infotecs develops and sells security solutions that make the everyday work more flexible, easier and above all safer than ever before.
The disclosure relates to a method for managing connections in a firewall. The method includes receiving packets from an external network; generating a connection table; determining the total number of currently established connections; determining a level of firewall load by comparing the number of established connections with a threshold; identifying new and established connections based on two-way exchange of packets between a client and server; identifying closed connections based on processing ICMP error messages or flags in a TCP header; and dynamically determining current timeout values for connections from the network protocol type, the connection state, and the firewall load level. The method also includes modifying the last packet processing timestamp if any packet is passed within a given connection or a group of connections; and removing the connection if the last packet processing timestamp differs from the current time by a value greater than the timeout of said connection.
The disclosure relates to methods of transmitting data over TCP/IP through HTTP. The method includes establishing a connection between a client and a server through at least two proxies; generating a tunnel message in the client; sending the tunnel message to the server; choosing a delay value T based on a maximum transmission rate of the tunnel message; and determining a size Q of a dummy data packet by .times..times. ##EQU00001## where MSS.sub.i is a maximum segment size in TCP connections between the i-th proxy and the (i+1)-th proxy, and N is the number of proxies. The method also includes sending, from the client, a dummy data packet of size Q in T seconds after the last transmission of non-dummy data via the HTTP tunnel; receiving the tunnel message by the server; and disabling usage of Nagle's algorithm and TCP delayed acknowledgement algorithm for the TCP connection in the client and server.
The disclosure relates to parallel processing of multiple digital data
streams. The method includes transferring portions of incoming streams
and attributes thereof to processors and obtaining respective portions
of output streams and providing a sequence of the portions. Providing
includes searching for a processor which is processing a portion of a
particular incoming stream that has been located in a particular first
stream before a portion already processed in said processor, and when
several such processors are found, selecting a processor which is
processing a portion of the particular incoming stream that is closest
to the processed portion of the particular incoming stream. The
processed portion of the particular incoming stream (and previously
processed portions of the incoming stream from other processors) is
transferred to the selected processor. If no such processors are found,
the processed portions of the incoming stream are transferred to a
respective output stream.
The present invention relates to means for detecting malware. The method is realized on a computer with an operating system (OS) installed thereon, and comprises a step in which a point of interrupt is established when a system call is made by a user application requesting the transfer of control via an address in the kernel of the loaded OS. Next, the data structure of the loaded OS is checked. As this check is carried out, the address of the command in the random-access memory of the computer, by means of which command control will be trans-ferred during the system call, is determined and the addresses of the commands to be executed during the system call are checked to see if they belong to the normal range of addresses of the OS kernel and OS kernel modules in the random-access memory. The presence of malware is then detected in the event that a command address does not belong to the normal range of addresses. The proposed method includes a dynamic check of the execution of the OS kernel code in order to detect the illegal interception and alteration of the code in the kernel and in the kernel modules (drivers) that are to he loaded. The proposed method enables the detection of both known and previously unregistered malware in an OS kernel and in OS kernel modules that are to be loaded.
The disclosure generally relates to computer engineering, in particular, to a method for synchronizing access to shared resources of a computing system, and for detecting and eliminating deadlocks using lock files. The disclosure advantageously improves reliability of detection and elimination of deadlocks. The method grants access to a shared resource to other processes and ensures that there will be no deadlock in cases where the process, whose data is indicated in the lock file, does not currently exist in the computing system (for example, an application was aborted from RAM by the operating system due to an internal software failure). The method can be preferably implemented in POSIX- compatible operating systems, in particular, the GNU/Linux operating system.