公开(公告)号：US06687833B1

公开(公告)日：2004-02-03

申请号：US09405652

申请日：1999-09-24

申请人： Anthony Charles Osborne ,  Bruce Robert Leidl ,  Gerhard Eschelbeck ,  Andrea Emilio Villa

发明人： Anthony Charles Osborne ,  Bruce Robert Leidl ,  Gerhard Eschelbeck ,  Andrea Emilio Villa

IPC分类号： H04L900

CPC分类号： H04L63/10 ,  H04L63/1416 ,  H04L63/1491

摘要： A system and method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack are described. A hierarchical network protocol stack is functionally defined and includes a plurality of communicatively interfaced protocol layers. A request frame originating from a remote host is received. The request frame includes a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack. At each protocol layer, processing a header associated with the encapsulated data segment demultiplexs each encapsulated data segment in the request frame. Any requested network service is performed and any recursively encapsulated portion is forwarded to the next successive protocol layer. A plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack is formed. Each pseudo data segment includes a header and data portion. The header includes network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host. Each of the pseudo data segments within a response frame is recursively encapsulated. A network address for the pseudo host different than the network address for the virtual host is inserted into the response frame. The response frame is sent to the remote host.

摘要翻译： 描述了使用网络协议栈的伪实现在虚拟主机上提供网络主机诱饵的系统和方法。 分层网络协议栈在功能上被定义并且包括多个通信接口的协议层。 收到源自远程主机的请求帧。 请求帧包括多个递归封装的数据段，每个数据段对应于网络协议栈中的连续协议层。 在每个协议层，处理与封装的数据段相关联的报头对请求帧中的每个封装的数据段进行解复用。 执行任何请求的网络服务，并将任何递归封装的部分转发到下一个连续的协议层。 形成与网​​络协议栈中的每个协议层对应的多个伪数据段。 每个伪数据段包括报头和数据部分。 该报头包括与虚拟主机的网络协议栈特性不同的伪主机的网络协议栈特性。 响应帧内的每个伪数据段被递归地封装。 与虚拟主机的网络地址不同的伪主机的网络地址插入到响应帧中。 响应帧发送到远程主机。

公开(公告)号：US07277937B2

公开(公告)日：2007-10-02

申请号：US10621840

申请日：2003-07-16

申请人： Maximiliano Gabriel Caceres ,  Javier Burroni ,  Gustavo Ajzenman ,  Ricardo Quesada ,  Gerardo Gabriel Richarte ,  Luciano Notarfrancesco ,  Bruce Robert Leidl ,  Agustin Azubel Friedman ,  Gabriel Martin Becedillas Ruiz

发明人： Maximiliano Gabriel Caceres ,  Javier Burroni ,  Gustavo Ajzenman ,  Ricardo Quesada ,  Gerardo Gabriel Richarte ,  Luciano Notarfrancesco ,  Bruce Robert Leidl ,  Agustin Azubel Friedman ,  Gabriel Martin Becedillas Ruiz

IPC分类号： G06F15/173

CPC分类号： G06F9/547 ,  G06F21/50 ,  G06F21/52 ,  H04L63/1433

摘要： A system is provided for executing a system call originating in a local computer on a first remote computer connected to the local computer via a network. Communication is established between the local computer and the first remote computer via the network. A syscall server is installed in the first remote computer. A reference address is sent from the first remote computer to the local computer via the network through execution of code by the syscall server. A syscall request is built in the local computer with arguments determined using the reference address received from the first remote computer. The syscall request is sent from the local computer to the first remote computer via the network. The syscall request is copied into a stack of the first remote computer through execution of code by the syscall server. Registers are popped from the syscall request in the stack. Execution of a syscall request is initiated on the first remote computer. The result of the syscall request is pushed onto the stack. At least a portion of the result of the syscall request is sent to the local computer via the network through execution of code by the syscall server.

摘要翻译： 提供了一种用于在经由网络连接到本地计算机的第一远程计算机上执行源自本地计算机的系统呼叫的系统。 通过网络在本地计算机和第一远程计算机之间建立通信。 系统调用服务器安装在第一台远程计算机中。 通过系统呼叫服务器执行代码，通过网络将参考地址从第一个远程计算机发送到本地计算机。 在本地计算机中构建系统调用请求，其参数使用从第一台远程计算机接收的参考地址确定。 系统调用请求通过网络从本地计算机发送到第一个远程计算机。 通过系统调用服务器执行代码将系统调用请求复制到第一个远程计算机的堆栈中。 寄存器从堆栈中的系统调用请求弹出。 在第一台远程计算机上启动系统调用请求的执行。 系统调用请求的结果被推入堆栈。 系统调用请求的结果的至少一部分通过系统呼叫服务器执行代码通过网络发送到本地计算机。