-
公开(公告)号:US20060168304A1
公开(公告)日:2006-07-27
申请号:US10535123
申请日:2003-10-28
申请人: Daniel Bauer , John Rooney , Paolo Scotton , Marcel Waldvogel
发明人: Daniel Bauer , John Rooney , Paolo Scotton , Marcel Waldvogel
IPC分类号: G06F15/16
CPC分类号: H04L67/104 , H04L67/1046 , H04L67/2814 , H04L67/2819 , H04L69/329
摘要: A method and an electronic unit are disclosed for controlling traffic on a network, especially for controlling peer-to-peer related traffic. A filter unit is intercepting messages related to peer-to-peer application from a network line, irrespective of the messages' destination, A control logic then manages a request represented by an intercepted message subject to its content and subject to peering specific information.
-
公开(公告)号:US20060020749A1
公开(公告)日:2006-01-26
申请号:US11186566
申请日:2005-07-21
申请人: Marcel Waldvogel
发明人: Marcel Waldvogel
IPC分类号: G06F12/00
CPC分类号: G06F3/0659 , G06F3/061 , G06F3/064 , G06F3/0676
摘要: Provides methods, systems and devices for reading a storage medium. A method for reading a storage medium according to the invention includes the following steps: First, it is determined if an access sequence requested by an application to data stored on the disk drive is a part of a known access sequence. Then, if the requested access sequence is part of a known access sequence, the data are read from a data arrangement stored on the medium in addition to an original data arrangement which additional data arrangement differs in its arrangement of data from the arrangement of data in the original data arrangement.
摘要翻译: 提供读取存储介质的方法,系统和设备。 根据本发明的用于读取存储介质的方法包括以下步骤:首先,确定由应用程序请求的访问序列是否存储在磁盘驱动器上的数据是已知访问序列的一部分。 然后,如果请求的访问序列是已知访问序列的一部分,则除了原始数据排列之外,从存储在介质上的数据排列中读取数据,该附加数据排列在数据排列方面与数据排列不同 原始数据安排。
-
23.发明申请Identifying a distributed denial of service (DDoS) attack within a network and defending against such an attack 审中-公开识别网络中的分布式拒绝服务(DDoS)攻击并防范此类攻击公开(公告)号:US20060010389A1
公开(公告)日:2006-01-12
申请号:US11177573
申请日:2005-07-08
申请人: John Rooney , Christopher Giblin , Marcel Waldvogel , Paul Hurley
发明人: John Rooney , Christopher Giblin , Marcel Waldvogel , Paul Hurley
IPC分类号: G06F17/00
CPC分类号: H04L63/1425 , H04L63/1458 , H04L2463/141
摘要: The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.
摘要翻译: 本发明提供了通过在因特网骨干连接点或点采样分组来检测因特网内的分布式拒绝服务(DDoS)攻击的方法,装置和系统,以确定分组度量参数。 可以根据发送分组的主机所在的指定地理位置的选定时间间隔分析可能包括接收到的分组量的分组度量参数。 可以使用预期的行为来识别暴露DDoS攻击的流量扭曲。 在互补的方面,本发明提供了一种在路由器上认证分组的方法,以便提高认证分组的QoS。 该方法可用于阻止或过滤报文,并可与DDoS攻击检测系统结合使用,以分布式的方式防范互联网内的DDoS攻击。
-
24.发明申请公开(公告)号:US20050010630A1
公开(公告)日:2005-01-13
申请号:US10844798
申请日:2004-05-13
申请人: Andreas Doering , Marcel Waldvogel
发明人: Andreas Doering , Marcel Waldvogel
CPC分类号: H03M13/2906 , H03M13/093 , H03M13/6508 , H03M13/6588
摘要: The present invention relates to a method and an apparatus for determining a remainder in a polynomial ring. The apparatus for determining a remainder in a polynomial ring according to the invention comprises a value buffer (18) for storing a polynomial value, a factor memory (8.1, 8.2) for storing factors and a polynomial multiply unit (1) connected to the factor memory (8.1, 8.2) for generating a polynomial product out of the factors and an input polynomial. The apparatus further comprises a matrix multiply unit (5) connected to the polynomial multiply unit for generating a reduced product with reduced polynomial degree by multiplying the polynomial product with a reduction matrix. Finally the apparatus includes a multiplexer means (13.1, 13.2, 17, 39.1, 39.2) for either conducting the reduced product or the polynomial value as the input polynomial to the to the polynomial multiply unit (1).
摘要翻译: 本发明涉及一种用于确定多项式环中的余数的方法和装置。 根据本发明的用于确定多项式环中的余数的装置包括用于存储多项式值的值缓冲器(18),用于存储因子的因子存储器(8.1,8.2)和连接到因子的多项式乘法单元(1) 用于从所述因子中生成多项式乘积的存储器(8.1,8.2)和输入多项式。 该装置还包括连接到多项式乘法单元的矩阵乘法单元(5),用于通过将多项式乘积与减少矩阵相乘来产生具有降低的多项式度的减少乘积。 最后,该装置包括用于将减少乘积或多项式值作为到多项式乘法单元(1)的输入多项式的多路复用器装置(13.1,13.2,17,39.1,39.2)。
-
25.发明授权Port scanning method and device, port scanning detection method and device, port scanning system, computer program and computer program product 有权端口扫描方法和设备,端口扫描检测方法和设备,端口扫描系统,计算机程序和计算机程序产品公开(公告)号:US08245298B2
公开(公告)日:2012-08-14
申请号:US11465112
申请日:2006-08-16
申请人: Roman A. Pletka , Marcel Waldvogel
发明人: Roman A. Pletka , Marcel Waldvogel
IPC分类号: G06F11/00
CPC分类号: H04L63/08 , H04L63/1458
摘要: For port scanning an authentication bit sequence is created as an output of an authentication transformation, the authentication transformation having as input at least a given destination address and a given secret key. The authentication bit sequence is embedded in at least one authentication port scan event packet comprising the given destination address. At least one authentication port scan event packet is broadcast. Then, further port scan event packets are broadcast with given port identifiers and the given destination address. For port scanning detection, a received authentication bit sequence is derived from a least one authentication port scan event packet with identical source and destination addresses. Further port scan event packets are accepted with given port identifiers and the given destination address if authentication is given.
摘要翻译: 对于端口扫描,创建认证比特序列作为认证转换的输出,认证转换具有至少给定目的地地址和给定秘密密钥的输入。 验证比特序列被嵌入到包括给定目的地地址的至少一个认证端口扫描事件分组中。 至少一个认证端口扫描事件包被广播。 然后,使用给定的端口标识符和给定的目的地址广播进一步的端口扫描事件分组。 对于端口扫描检测,从具有相同源和目的地址的至少一个认证端口扫描事件分组导出接收到的认证位序列。 使用给定的端口标识符接收进一步的端口扫描事件数据包,如果给出了认证,则接收给定的目的地址。
-
26.发明申请Identifying a distributed denial of service (DDoS) attack within a network and defending against such an attack 失效识别网络中的分布式拒绝服务(DDoS)攻击并防范此类攻击公开(公告)号:US20080271146A1
公开(公告)日:2008-10-30
申请号:US12126976
申请日:2008-05-26
IPC分类号: G06F21/00
CPC分类号: H04L63/1425 , H04L63/1458 , H04L2463/141
摘要: The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.
摘要翻译: 本发明提供了通过在因特网骨干连接点或点采样分组来检测因特网内的分布式拒绝服务(DDoS)攻击的方法,装置和系统,以确定分组度量参数。 可以根据发送分组的主机所在的指定地理位置的选定时间间隔分析可能包括接收到的分组量的分组度量参数。 可以使用预期的行为来识别暴露DDoS攻击的流量扭曲。 在互补的方面,本发明提供了一种在路由器上认证分组的方法,以便提高认证分组的QoS。 该方法可用于阻止或过滤报文,并可与DDoS攻击检测系统结合使用,以分布式的方式防范互联网内的DDoS攻击。
-
公开(公告)号:US07437504B2
公开(公告)日:2008-10-14
申请号:US11186566
申请日:2005-07-21
申请人: Marcel Waldvogel
发明人: Marcel Waldvogel
IPC分类号: G06F12/00
CPC分类号: G06F3/0659 , G06F3/061 , G06F3/064 , G06F3/0676
摘要: Provides methods, systems and devices for reading a storage medium. A method for reading a storage medium according to the invention includes the following steps: First, it is determined if an access sequence requested by an application to data stored on the disk drive is a part of a known access sequence. Then, if the requested access sequence is part of a known access sequence, the data are read from a data arrangement stored on the medium in addition to an original data arrangement which additional data arrangement differs in its arrangement of data from the arrangement of data in the original data arrangement.
摘要翻译: 提供读取存储介质的方法,系统和设备。 根据本发明的用于读取存储介质的方法包括以下步骤:首先,确定由应用程序请求的访问序列是否存储在磁盘驱动器上的数据是已知访问序列的一部分。 然后,如果请求的访问序列是已知访问序列的一部分,则除了原始数据排列之外,从存储在介质上的数据排列中读取数据,该附加数据排列在数据排列方面与数据排列不同 原始数据安排。
-
28.发明申请PORT SCANNING METHOD AND DEVICE, PORT SCANNING DETECTION METHOD AND DEVICE, PORT SCANNING SYSTEM, COMPUTER PROGRAM AND COMPUTER PROGRAM PRODUCT 有权端口扫描方法和设备,端口扫描检测方法和设备,端口扫描系统,计算机程序和计算机程序产品公开(公告)号:US20070044155A1
公开(公告)日:2007-02-22
申请号:US11465112
申请日:2006-08-16
申请人: Roman Pletka , Marcel Waldvogel
发明人: Roman Pletka , Marcel Waldvogel
IPC分类号: G06F11/00
CPC分类号: H04L63/08 , H04L63/1458
摘要: For port scanning an authentication bit sequence is created as an output of an authentication transformation, the authentication transformation having as input at least a given destination address and a given secret key. The authentication bit sequence is embedded in at least one authentication port scan event packet comprising the given destination address. At least one authentication port scan event packet is broadcast. Then, further port scan event packets are broadcast with given port identifiers and the given destination address. For port scanning detection, a received authentication bit sequence is derived from a least one authentication port scan event packet with identical source and destination addresses. Further port scan event packets are accepted with given port identifiers and the given destination address if authentication is given.
摘要翻译: 对于端口扫描,创建认证比特序列作为认证转换的输出,认证转换具有至少给定目的地地址和给定秘密密钥的输入。 验证比特序列被嵌入到包括给定目的地地址的至少一个认证端口扫描事件分组中。 至少一个认证端口扫描事件包被广播。 然后,使用给定的端口标识符和给定的目的地址广播进一步的端口扫描事件分组。 对于端口扫描检测,从具有相同源和目的地址的至少一个认证端口扫描事件分组导出接收到的认证位序列。 使用给定的端口标识符接收进一步的端口扫描事件数据包,如果给出了认证,则接收给定的目标地址。
-
公开(公告)号:US20060029000A1
公开(公告)日:2006-02-09
申请号:US11127617
申请日:2005-05-12
申请人: Marcel Waldvogel
发明人: Marcel Waldvogel
IPC分类号: H04L12/28
CPC分类号: H04L69/16 , H04L67/1002 , H04L67/1019 , H04L67/14 , H04L67/2804 , H04L69/163
摘要: A group of servers (GS) comprising a proxy server (PS) and one or more server computers (SCx). The group of servers (GS) is designed for supporting a mechanism for connection establishment which mechanism comprises an allocation of a predictable sequence number according to a given function shared between the group of servers (GS).
摘要翻译: 一组服务器(GS),包括代理服务器(PS)和一个或多个服务器计算机(SCx)。 服务器组(GS)被设计用于支持用于连接建立的机制,该机制包括根据服务器组(GS)之间共享的给定功能来分配可预测的序列号。
-
30.发明申请Searching a range in a set of values in a network with distributed storage entities 有权在具有分布式存储实体的网络中搜索一组值中的范围公开(公告)号:US20050203901A1
公开(公告)日:2005-09-15
申请号:US11079554
申请日:2005-03-14
申请人: Marcel Waldvogel , Roman Pletka
发明人: Marcel Waldvogel , Roman Pletka
IPC分类号: G06F7/00
CPC分类号: G06F17/30545 , G06F17/30575 , H04L67/1097
摘要: Methods for searching a range in a set of values in a network with distributed storage nodes. An example of a method for searching a range in a set of values in a network with distributed storage nodes according to the invention comprises the following steps. First, the range is divided up into a set of subranges by means of a hierarchical structure. Then, a query packet is generated for said set of subranges and transmitted to the distributed storage nodes for performing the query.
摘要翻译: 用于在具有分布式存储节点的网络中搜索一组值中的范围的方法。 根据本发明的用于搜索具有分布式存储节点的网络中的一组值中的范围的方法的示例包括以下步骤。 首先,通过层次结构将范围分为一组子范围。 然后,为所述一组子范围生成查询分组,并发送到分布式存储节点以执行查询。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.025 秒)
