公开(公告)号：US07761918B2

公开(公告)日：2010-07-20

申请号：US11016761

申请日：2004-12-21

Applicant: Ronald Joseph Gula ,  Renaud Marie Maurice Deraison ,  Matthew Todd Hayton

Inventor： Ronald Joseph Gula ,  Renaud Marie Maurice Deraison ,  Matthew Todd Hayton

IPC: H04L9/00

CPC classification number: H04L63/1408 ,  H04L63/1433

Abstract: Systems and methods to passively scan a network are disclosed herein. The passive scanner sniffs a plurality of packets traveling across the network. The passive scanner analyzes information from the sniffed packets to build a topology of network devices and services that are active on the network. In addition, the passive scanner analyzes the information to detect vulnerabilities in network devices and services. Finally, the passive scanner prepares a report containing the detected vulnerabilities and the topology when it observes a minimum number of sessions. Because the passive scanner operates passively, it may operate continuously without burdening the network. Similarly, it also may obtain information regarding client-side and server side vulnerabilities.

Abstract translation: 本文公开了被动扫描网络的系统和方法。 被动扫描仪嗅探穿过网络传播的多个数据包。 被动扫描仪分析来自嗅探数据包的信息，以构建在网络上处于活动状态的网络设备和服务的拓扑。 此外，被动扫描仪分析信息以检测网络设备和服务中的漏洞。 最后，当被动扫描仪观察到最少数量的会话时，被动扫描仪将准备一个包含检测到的漏洞和拓扑的报告。 由于被动扫描仪被动地进行操作，因此可以不间断地运行网络。 同样，它也可能获得有关客户端和服务器端漏洞的信息。

公开(公告)号：US07926113B1

公开(公告)日：2011-04-12

申请号：US10863238

申请日：2004-06-09

Applicant: Ronald Joseph Gula ,  Renaud Marie Maurice Deraison ,  Matthew Todd Hayton

Inventor： Ronald Joseph Gula ,  Renaud Marie Maurice Deraison ,  Matthew Todd Hayton

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC classification number: H04L41/22 ,  H04L63/1425

Abstract: Systems and methods to manage multiple vulnerability scanners distributed across one or more networks using a distributed security management system, herein called a Lightning Console. By distributing multiple scanners across a network, the work load of each scanner may be reduced to significantly reduce the impact on the network routing and switching infrastructure. In addition, scanners may be placed directly behind firewalls for more thorough scanning. Further, scanners may be placed closer to their scanned networks. By placing vulnerability scanners closer, the actual scanning traffic does not cross the core network switch and routing fabric, thereby avoiding potential network outages due to scanning activity. In addition, the closer distance of the scanners to the scanned targets speeds scan times by reducing the distance that the packets must traverse.

Abstract translation: 使用分布式安全管理系统（这里称为闪电控制台）管理分布在一个或多个网络上的多个漏洞扫描程序的系统和方法。 通过跨网络分发多个扫描仪，可以减少每个扫描仪的工作负载，以显着减少对网络路由和交换基础架构的影响。 此外，扫描仪可以直接放置在防火墙后面，以便更彻底的扫描。 此外，扫描仪可以放置在更靠近扫描网络的位置。 通过将漏洞扫描器置于更靠近的位置，实际的扫描流量不会跨越核心网络交换机和路由结构，从而避免由于扫描活动而造成的网络中断。 此外，扫描仪与扫描目标的距离越近，通过减少数据包必须穿过的距离来加快扫描时间。