Tommy Lucas Mclane

US Patent:

7471684, Dec 30, 2008

Filed:

Oct 21, 2004

Appl. No.:

10/970301

Inventors:

Tommy Lucas McLane - Hutto TX, US
Eduardo Lazaro Reyes - Austin TX, US

Assignee:

International Machines Corporation - Armonk NY

International Classification:

H04L 12/28

US Classification:

370392, 370401

Abstract:

A method and system for preventing address resolution protocol (ARP) cache poisoning in a network system with multiple hosts. Multiple hosts representing and/or located in separate local area networks (LANS) are tapped (via a shared agreement) to utilize a trusted ARP cache for each LAN represented. Whenever a new ARP response is detected in one network, a request for validation is sent to a separate host in a different network. The separate host initiates a verification process for the ARP, which involves checking whether duplication of one of the IP address or MAC address of the ARP response exists within the address pairings in the ARP cache. If the ARP response is not validated, then the trusted ARP cache is not updated and the system administrator is notified of the failed attempt.

US Patent:

8196110, Jun 5, 2012

Filed:

Nov 30, 2007

Appl. No.:

11/947961

Inventors:

Marco A. Cabrera Escandell - Austin TX, US
Tommy L. McLane - Hutto TX, US
Elizabeth J. Murray - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 9/44
G06F 9/45
G06F 11/30
H04L 29/06

US Classification:

717126, 717127, 717141, 717155, 713166, 713190, 713193, 713194, 726 22, 726 23, 726 24, 726 25

Abstract:

The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.

US Patent:

8261323, Sep 4, 2012

Filed:

Jul 11, 2008

Appl. No.:

12/171951

Inventors:

Dwip N. Banerjee - Austin TX, US
Marco A. Cabrera - Austin TX, US
Tommy L. McLane - Hutto TX, US
Eduardo L. Reyes - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/04

US Classification:

726 3, 726 1, 726 2, 709223, 709224, 709225, 709226, 709227, 709228

Abstract:

Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.

US Patent:

8391495, Mar 5, 2013

Filed:

May 8, 2008

Appl. No.:

12/117448

Inventors:

Tommy Lucas McLane - Hutto TX, US
Shawn Patrick Mullen - Buda TX, US
Jyoti Basavaraj Tenginakai - Karnataka, IN

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 9/00
H04L 9/08
H04L 29/06
G06F 17/30

US Classification:

380279, 380277, 380282, 726 4, 726 5, 726 17, 726 21, 713170, 713171

Abstract:

The present invention provides a computer implemented method, apparatus, and data processing system for associating a private part of a keystore of a user with a user authentication process in an encrypting file system. A secure shell daemon server establishes the user authentication process with a secure shell client such that the user authentication process is associated with a user and the user is authenticated. The secure shell daemon server obtains an acknowledgment from the secure shell client. The secure shell daemon server accesses a user public key of the user from the keystore of the user, responsive to receiving the acknowledgment. The secure shell daemon obtains a public secure shell cookie associated with the user from the keystore of the user. The public secure shell cookie is an access key in encrypted form. The access key is based on the user's public key to form the public secure shell cookie.

US Patent:

8484702, Jul 9, 2013

Filed:

Aug 1, 2012

Appl. No.:

13/564581

Inventors:

Dwip N. Banerjee - Austin TX, US
Marco A. Cabrera - Austin TX, US
Tommy L. McLane - Austin TX, US
Eduardo L. Reyes - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/04

US Classification:

726 3, 709223, 709228

Abstract:

A method includes receiving a request from a network source to create a logical socket on a logical port. The method includes accessing a structure that indicates a plurality of logical socket allocation policies to select a first of the plurality of socket allocation policies that corresponds to the logical port. Each of the plurality of logical socket allocation policies governs logical socket allocation for one or more ports, wherein logical allocation policies govern at least one of 1) the number of logical sockets that are allocated to the one or more logical ports, 2) a maximum number of logical sockets shared between a grouping of two or more logical ports, and 3) a maximum number of logical sockets. The method includes determining if the first logical socket allocation policy allows for allocation of the logical socket for the network source to communicate. The method includes allocating a logical socket.

US Patent:

20040249784, Dec 9, 2004

Filed:

Jun 5, 2003

Appl. No.:

10/455179

Inventors:

Janel Barfield - Round Rock TX, US
Joseph Lampitt - Austin TX, US
Tommy McLane - Hutto TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F007/00

US Classification:

707/001000

Abstract:

A method, apparatus, and computer instructions for use in an operating system for managing requests for file. A request for a switch file from an application is received. The application points to the switch file. Many files may point to the same switch file. Location information for the switch file points to a set of files. A file from the set of files based on system information to form an identified file is identified. The identified file passes to the application. The system information may be already present within the system or passed to the system by a user or process.

US Patent:

20100046538, Feb 25, 2010

Filed:

Aug 25, 2008

Appl. No.:

12/197807

Inventors:

Marco A. Cabrera Escandell - Bellevue WA, US
Tommy L. McLane - Hutto TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 12/56

US Classification:

370419

Abstract:

Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceeds the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.

US Patent:

20120331543, Dec 27, 2012

Filed:

Jun 27, 2011

Appl. No.:

13/169163

Inventors:

Paul S. Bostrom - Austin TX, US
Jason J. Jaramillo - Austin TX, US
Tommy L. McLane - Hutto TX, US
Eduardo L. Reyes - Austin TX, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

G06F 21/20

US Classification:

726 13

Abstract:

Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.