International Business Machines Corporation
Graceful termination of security-violation client connections in a network protection system (NPS)

Abstract:

A network protection system (NPS) is augmented to provide additional functionality--preferably within the SSL/TLS connection at the OSI presentation layer--to enable efficient management and handling of security-violating client connections. When the NPS determines to suspend a suspect application client connection, the NPS modifies the request (the TLS encrypted packet) at a random offset to include a random byte value. When the modified request is then received at the server, a TLS decryption error occurs. In response, the server drops the request gracefully and, in particular, a termination response is returned from the server to the NPS, which then passes the termination response back to the requesting client.