公开(公告)号：US11347896B1

公开(公告)日：2022-05-31

申请号：US14738693

申请日：2015-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Dennis Naylor Brown, Jr. ,  Eric Dawson LaMothe

IPC: G06F21/55 ,  G06F21/73

Abstract: Horizontal port scanning enables an attacker to gain information about the services running on a host computer system and/or about the users of the computer system so that the subsequent attacks can be targeted to those services and/or those users. A horizontal port scanning detection system enables a network administrator to use a system of cascading ring buffers to maximize network resources to detect attackers. The horizontal port scanning system employs a series of ring buffers, where each ring buffer is associated with a specific port and each cascade of ring buffers is associated with a specific source. As communications requests are received, the destination address is stored in the ring buffer associated with the requested port and a process is run across each ring buffer, such that when a threshold is passed, an alarm is raised.

公开(公告)号：US09602536B1

公开(公告)日：2017-03-21

申请号：US14560613

申请日：2014-12-04

Applicant: Amazon Technologies, Inc.

Inventor： Dennis Naylor Brown, Jr. ,  Volker Helmut Mosthaf

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L63/1491 ,  G06F2221/2111 ,  H04L63/083

Abstract: Disclosed are various embodiments for virtualized network honeypots. In one embodiment, client computing devices that are coupled to a network are each configured with both a primary host and a secondary virtualized host. The primary host provides workstation functionality for users having permission. The secondary virtualized host is configured to route network traffic to and from a honeypot server. The honeypot server is configured to provide a honeypot environment. In another embodiment, a network connection request for a requested service is received from a connecting device. If the connecting device is authorized, the network connection request is routed to the requested service. If the connecting device is not authorized, the network connection request is routed to a honeypot server.

公开(公告)号：US09923922B1

公开(公告)日：2018-03-20

申请号：US15459465

申请日：2017-03-15

Applicant: Amazon Technologies, Inc.

Inventor： Dennis Naylor Brown, Jr. ,  Volker Helmut Mosthaf

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L63/1491 ,  G06F2221/2111 ,  H04L63/083

Abstract: Disclosed are various embodiments for virtualized network honeypots. In one embodiment, client computing devices that are coupled to a network are each configured with both a primary operating system and a honeypot operating system. The primary operating system is configured to provide workstation functionality for a user having permission, and the honeypot operating system is configured to route unauthorized network traffic to a honeypot server. The honeypot server is configured to provide a honeypot environment that mimics characteristics of client or server computing devices.