公开(公告)号：US07124197B2

公开(公告)日：2006-10-17

申请号：US10277765

申请日：2002-10-22

申请人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

发明人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F7/04

CPC分类号： H04L63/08 ,  H04L29/12009 ,  H04L29/12018 ,  H04L61/10

摘要： The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.

公开(公告)号：US07469418B1

公开(公告)日：2008-12-23

申请号：US10676637

申请日：2003-10-01

申请人： Mark L. Wilkinson ,  Ronald J. Miller ,  Michael J. McDaniels

发明人： Mark L. Wilkinson ,  Ronald J. Miller ,  Michael J. McDaniels

IPC分类号： G06F11/00

CPC分类号： H04L63/1441

摘要： A system, method, and computer-readable medium for deterring network incursion by formulating appropriate responses to attacks. Once an attack is detected, the system may respond in such a manner as to imitate a network device. The system may respond in a manner that provides a high cost to pursue further communication with the system. For example, the system may respond to TCP syn requests and window probes with messages indicating small packet and window sizes. As such, attempts to send packets to the system have a high network and processing cost. An attacking computer running multiple threads may ultimately slow or be disabled as a result of the receiving the responses and attempting to continue to communicate with the system.

摘要翻译： 一种用于通过制定对攻击的适当响应来阻止网络入侵的系统，方法和计算机可读介质。 一旦检测到攻击，系统可以以模仿网络设备的方式进行响应。 系统可以以提供高成本以追求与系统的进一步通信的方式进行响应。 例如，系统可以对指示小数据包和窗口大小的消息响应TCP ​​syn请求和窗口探测。 因此，向系统发送数据包的尝试具有很高的网络和处理成本。 运行多个线程的攻击计算机可能由于接收到响应并尝试继续与系统通信而最终减慢或被禁用。

公开(公告)号：US07506360B1

公开(公告)日：2009-03-17

申请号：US10676541

申请日：2003-10-01

申请人： Mark L. Wilkinson ,  Ronald J. Miller ,  Michael J. McDaniels

发明人： Mark L. Wilkinson ,  Ronald J. Miller ,  Michael J. McDaniels

IPC分类号： H04L9/32

CPC分类号： H04L61/10 ,  H04L29/12028 ,  H04L61/103 ,  H04L63/1433

摘要： A system and method for tracking communication for determining device states. Communication between devices is observed and a respective state of at least one device is inferred. The inference is formed without directly communicating with the device. Various states of the devices include unknown, used, unfulfilled, virtual, omitted, and automatic. The respective state of a device is unknown when the observation shows that the device fails to respond to communication. The respective state of the device is unfulfilled when an ARP request comprising a destination address for the device is observed, and the device does not respond to the ARP request prior to expiration of a time limit. The respective state of a device is determined to be virtual when the observation shows that the device received a packet when its respective state was unfulfilled, and the device did not send a reply to the packet within a time limit.

摘要翻译： 用于跟踪用于确定设备状态的通信的系统和方法。 观察设备之间的通信，并推断至少一个设备的相应状态。 推理是与设备直接通信而形成的。 设备的各种状态包括未知，已使用，未实现，虚拟，省略和自动。 当观察结果显示设备无法响应通信时，设备的相应状态是未知的。 当观察到包含设备的目的地地址的ARP请求时，设备的相应状态未被实现，并且设备在时限期满之前不响应ARP请求。 当观察结果表明设备在其各自的状态未实现时接收到分组时，设备的相应状态被确定为虚拟的，并且设备在时间限制内没有发送对分组的回复。

公开(公告)号：US07499999B2

公开(公告)日：2009-03-03

申请号：US11443653

申请日：2006-05-31

申请人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

发明人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

IPC分类号： G06F15/16 ,  G06F15/173 ,  H04L9/32

CPC分类号： H04L63/08 ,  H04L29/12009 ,  H04L29/12018 ,  H04L61/10

摘要： The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.

摘要翻译： 本发明包括一种用于通过客户端设备控制对计算机网络上受保护服务器的数据链路层访问的方法和装置。 接收到客户端设备在网络上广播寻求任何网络设备访问的地址解析请求，然后进行处理，以确定客户端设备是否未知。 如果客户端设备未知，则将限制地址解析答复传送到受保护设备，以限制客户端设备访问受保护设备并允许访问认证服务器。 监视认证服务器以确定客户端设备是否被认证服务器授权或未授权。 如果客户端设备被授权，允许访问受保护的设备。 如果客户端设备未经授权，则阻止地址解析应答在计算机网络上传输，以阻止客户端设备访问所有其他网络设备。

公开(公告)号：US07448076B2

公开(公告)日：2008-11-04

申请号：US10277762

申请日：2002-10-22

申请人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

发明人： Steven R. Ocepek ,  Brian A. Lauer ,  David A. Dziadziola

IPC分类号： G06F9/00

CPC分类号： H04L63/08 ,  H04L29/12009 ,  H04L29/12018 ,  H04L61/10 ,  H04L63/0876

摘要： A peer connected device for controlling access by a client device to protected devices on a computer network. The peer connected device has a central processing unit and a network interface configured to receive address resolution requests broadcast on the computer network by the client device seeking access to one of the protected devices and to transmit address resolution replies generated by the apparatus on the computer network. Additionally, a security module is running on the central processing unit and configured to (a) process the address resolution requests from the client device to determine whether the client device is unknown; (b) transmit address resolution replies on the computer network to block access to the protected devices and allow access to an authentication server, if the client device is unknown; (c) monitor the authentication server to determine if the client device is authorized or unauthorized by the authentication server, if the client device is unknown; (d) allow access to the protected devices, if the client device is authorized; and (e) transmit blocking address resolution replies on the computer network to block access to the protected devices, if the client device is unauthorized.

摘要翻译： 用于控制客户端设备访问计算机网络上的受保护设备的对等连接设备。 对等连接设备具有中央处理单元和网络接口，网络接口被配置为接收客户设备在计算机网络上广播的地址解析请求，寻求对受保护设备之一的访问，并且传送由计算机网络上的设备产生的地址解析应答 。 此外，安全模块在中央处理单元上运行并且被配置为（a）处理来自客户端设备的地址解析请求以确定客户端设备是否未知; （b）如果客户端设备未知，则在计算机网络上发送地址解析回复以阻止对受保护设备的访问，并允许访问认证服务器; （c）如果客户端设备未知，则监视认证服务器以确定客户端设备是否被认证服务器授权或未授权; （d）如果客户端设备被授权，允许访问受保护的设备; 以及（e）如果客户端设备未经授权，则在计算机网络上传输阻塞地址解析应答以阻止对受保护设备的访问。