-
公开(公告)号:US08819285B1
公开(公告)日:2014-08-26
申请号:US10749718
申请日:2003-12-31
IPC分类号: G06F15/16
CPC分类号: H04L63/0263 , H04L61/103 , H04L61/6009 , H04L63/1441
摘要: The invention relates to managing network communications packets on a local segment of a network. If an attack on the network segment is detected, the system creates one or more synthetic hardware addresses for substitution with existing hardware address. If this substitution is maintained in address resolution tables, packets sent to or from an attacker may be monitored, managed, dropped, or responded to in a controlled manner while preventing communication with sensitive devices on the local network segment. If a permissible packet is sent to the synthetic hardware address, the packet may be reformulated by a server, workstation, smart router, or security device, among others and sent with the appropriate hardware address. The synthetic hardware address may be a hardware address not associated with a device on the local network segment. For example, the synthetic hardware address may be synthetic MAC address.
摘要翻译: 本发明涉及在网络的本地分段上管理网络通信分组。 如果检测到对网段的攻击,则系统创建一个或多个合成硬件地址以替代现有的硬件地址。 如果在地址解析表中维护这种替换,那么发送到攻击者或从攻击者发送的数据包可能受到监控,管理,丢弃或以受控的方式响应,同时防止与本地网段上的敏感设备进行通信。 如果允许的分组被发送到合成硬件地址,则分组可以由服务器,工作站,智能路由器或安全设备等重新配置,并且以适当的硬件地址发送。 合成硬件地址可以是与本地网段上的设备无关的硬件地址。 例如,合成硬件地址可以是合成MAC地址。
-
公开(公告)号:US07596808B1
公开(公告)日:2009-09-29
申请号:US10836871
申请日:2004-04-30
IPC分类号: G06F11/00
CPC分类号: H04L63/0272 , H04L63/1441 , H04L63/145
摘要: A method, system, apparatus, and computer-readable medium to enable a set of security device interfaces within a broadcast domain to identify and mitigate attacks. For each address of a device communicating within the broadcast domain, a responsible interface is determined by a zero hop ownership determination algorithm. The algorithm operates by counting a respective number of replies observed by each of multiple interfaces. Each reply is made in response to a respective request for one address. A responsible interface is assigned to the one address using the respective number of replies observed by each respective interface. The algorithm approximates the security device interface physically closest to the address in question without querying the switches themselves and without requiring the security device interface to be in-line on the network.
摘要翻译: 一种方法,系统,装置和计算机可读介质,以使广播域内的一组安全设备接口能够识别和减轻攻击。 对于在广播域内通信的设备的每个地址,负责的接口由零跳跃所有权确定算法确定。 算法通过计数由多个接口中的每一个观察到的相应回复数来进行操作。 每个回复是针对一个地址的相应请求作出的。 使用每个相应接口观察到的相应回复次数,将一个负责的接口分配给一个地址。 该算法近似于物理上最接近所述地址的安全设备接口,而无需查询交换机本身,并且不要求安全设备接口在网络上在线。
-
公开(公告)号:US09667589B2
公开(公告)日:2017-05-30
申请号:US13603388
申请日:2012-09-04
IPC分类号: G06F15/173 , G06F15/16 , H04L29/12 , H04L29/06
CPC分类号: H04L61/10 , H04L29/12028 , H04L61/103 , H04L63/1433
摘要: A system and method for managing logical and physical address state lifecycles. A state of unknown can be assigned to an address when the state has not been assigned. The state of the address is changed when communication is targeted to the address. The state can be changed to unfulfilled when the communication includes an address resolution protocol request sent to a device having the address when a time limit for a response to the address resolution protocol request has not expired. The state can be changed to virtual when the communication is received at the address when the state of the address is unfulfilled, and a time limit for responding to the communication expires before a response is sent. The state can be changed to unknown when the state of the address is not unknown, and the address does not participate in the communication within a time limit.
-
公开(公告)号:US07873998B1
公开(公告)日:2011-01-18
申请号:US11184941
申请日:2005-07-19
申请人: Mark L. Wilkinson , Dirk Ourston
发明人: Mark L. Wilkinson , Dirk Ourston
IPC分类号: G08B23/00 , G06F15/173
CPC分类号: H04L63/1416 , G06F21/566 , G06F21/577 , G06F21/88 , G06F2221/2101
摘要: A method, system, apparatus, and computer-readable medium to detect rapidly propagating threats in a network. A rapidly propagating threat is detected by capturing a series of packets as the packets are communicated to nodes of the organizational network. The rapidly propagating threat can be detected without relying upon a known signature for the threat. Behavior of nodes when sending and receiving packets is examined for patterns typical of worm propagation.
摘要翻译: 一种用于检测网络中快速传播威胁的方法,系统,装置和计算机可读介质。 当分组被传送到组织网络的节点时,通过捕获一系列分组来检测快速传播的威胁。 可以在不依赖威胁的已知签名的情况下检测到迅速传播的威胁。 检查发送和接收数据包时节点的行为是针对蠕虫传播典型的模式。
-
公开(公告)号:US07506360B1
公开(公告)日:2009-03-17
申请号:US10676541
申请日:2003-10-01
IPC分类号: H04L9/32
CPC分类号: H04L61/10 , H04L29/12028 , H04L61/103 , H04L63/1433
摘要: A system and method for tracking communication for determining device states. Communication between devices is observed and a respective state of at least one device is inferred. The inference is formed without directly communicating with the device. Various states of the devices include unknown, used, unfulfilled, virtual, omitted, and automatic. The respective state of a device is unknown when the observation shows that the device fails to respond to communication. The respective state of the device is unfulfilled when an ARP request comprising a destination address for the device is observed, and the device does not respond to the ARP request prior to expiration of a time limit. The respective state of a device is determined to be virtual when the observation shows that the device received a packet when its respective state was unfulfilled, and the device did not send a reply to the packet within a time limit.
摘要翻译: 用于跟踪用于确定设备状态的通信的系统和方法。 观察设备之间的通信,并推断至少一个设备的相应状态。 推理是与设备直接通信而形成的。 设备的各种状态包括未知,已使用,未实现,虚拟,省略和自动。 当观察结果显示设备无法响应通信时,设备的相应状态是未知的。 当观察到包含设备的目的地地址的ARP请求时,设备的相应状态未被实现,并且设备在时限期满之前不响应ARP请求。 当观察结果表明设备在其各自的状态未实现时接收到分组时,设备的相应状态被确定为虚拟的,并且设备在时间限制内没有发送对分组的回复。
-
公开(公告)号:US20130311676A1
公开(公告)日:2013-11-21
申请号:US13603388
申请日:2012-09-04
IPC分类号: H04L29/12
CPC分类号: H04L61/10 , H04L29/12028 , H04L61/103 , H04L63/1433
摘要: A system and method for managing logical and physical address state lifecycles. A state of unknown can be assigned to an address when the state has not been assigned. The state of the address is changed when communication is targeted to the address. The state can be changed to unfulfilled when the communication includes an address resolution protocol request sent to a device having the address when a time limit for a response to the address resolution protocol request has not expired. The state can be changed to virtual when the communication is received at the address when the state of the address is unfulfilled, and a time limit for responding to the communication expires before a response is sent. The state can be changed to unknown when the state of the address is not unknown, and the address does not participate in the communication within a time limit.
摘要翻译: 一种用于管理逻辑和物理地址状态生命周期的系统和方法。 当状态未分配时,可以将未知状态分配给地址。 当通信针对地址时,地址的状态会发生变化。 当通信包括发送到具有地址的设备的地址解析协议请求时,当对地址解析协议请求的响应的时间限制未过期时,可以将状态改变为未实现。 当地址的状态未被满足时在地址处接收到通信时,可以将状态改变为虚拟状态,并且响应通信的时间限制在发送响应之前到期。 当地址的状态不知道时,状态可以改变为未知,并且地址在一定期限内不参与通信。
-
公开(公告)号:US08260961B1
公开(公告)日:2012-09-04
申请号:US10676505
申请日:2003-10-01
IPC分类号: G06F15/16 , G06F15/173 , G06F12/16
CPC分类号: H04L61/10 , H04L29/12028 , H04L61/103 , H04L63/1433
摘要: A system and method for managing logical and physical address state lifecycles. A state of unknown can be assigned to an address when the state has not been assigned. The state of the address is changed when communication is targeted to the address. The state can be changed to unfulfilled when the communication includes an address resolution protocol request sent to a device having the address when a time limit for a response to the address resolution protocol request has not expired. The state can be changed to virtual when the communication is received at the address when the state of the address is unfulfilled, and a time limit for responding to the communication expires before a response is sent. The state can be changed to unknown when the state of the address is not unknown, and the address does not participate in the communication within a time limit.
摘要翻译: 一种用于管理逻辑和物理地址状态生命周期的系统和方法。 当状态未分配时,可以将未知状态分配给地址。 当通信针对地址时,地址的状态会发生变化。 当通信包括发送到具有地址的设备的地址解析协议请求时,当对地址解析协议请求的响应的时间限制未过期时,可以将状态改变为未实现。 当地址的状态未被满足时在地址处接收到通信时,可以将状态改变为虚拟状态,并且响应通信的时间限制在发送响应之前到期。 当地址的状态不知道时,状态可以改变为未知,并且地址在一定期限内不参与通信。
-
公开(公告)号:US07469418B1
公开(公告)日:2008-12-23
申请号:US10676637
申请日:2003-10-01
IPC分类号: G06F11/00
CPC分类号: H04L63/1441
摘要: A system, method, and computer-readable medium for deterring network incursion by formulating appropriate responses to attacks. Once an attack is detected, the system may respond in such a manner as to imitate a network device. The system may respond in a manner that provides a high cost to pursue further communication with the system. For example, the system may respond to TCP syn requests and window probes with messages indicating small packet and window sizes. As such, attempts to send packets to the system have a high network and processing cost. An attacking computer running multiple threads may ultimately slow or be disabled as a result of the receiving the responses and attempting to continue to communicate with the system.
摘要翻译: 一种用于通过制定对攻击的适当响应来阻止网络入侵的系统,方法和计算机可读介质。 一旦检测到攻击,系统可以以模仿网络设备的方式进行响应。 系统可以以提供高成本以追求与系统的进一步通信的方式进行响应。 例如,系统可以对指示小数据包和窗口大小的消息响应TCP syn请求和窗口探测。 因此,向系统发送数据包的尝试具有很高的网络和处理成本。 运行多个线程的攻击计算机可能由于接收到响应并尝试继续与系统通信而最终减慢或被禁用。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.018 秒)
