公开(公告)号：US08423645B2

公开(公告)日：2013-04-16

申请号：US10940558

申请日：2004-09-14

申请人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

发明人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

IPC分类号： G06F15/173 ,  G06F15/16 ,  G06F11/00 ,  G06F12/16 ,  H04L29/06

CPC分类号： G06F21/55 ,  G06F11/349 ,  G06F11/3495 ,  G06F2201/81 ,  H04L63/1416 ,  H04L63/1458 ,  H04L2463/141 ,  H04L2463/144 ,  Y02D10/34

摘要： A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.

摘要翻译： 一种用于在多处理器环境中管理拒绝服务攻击的方法，系统和产品，包括： 第一步是在多处理器环境中建立正常的流量使用基线。 一旦基线建立，下一步就是监测输出流量，以检测发送到特定目的地地址的大部分数据包，以及与所述基线相比较的大量出站分组。 接下来是监控端口和协议，以检测发送到特定端口的大部分数据包，并且一致地使用该端口的所有数据包的协议。 如果对该端口的所有数据包使用协议一致，以证明拒绝服务攻击，就会开始阻止措施来减轻明显的拒绝服务攻击。

公开(公告)号：US20080091637A1

公开(公告)日：2008-04-17

申请号：US11550196

申请日：2006-10-17

申请人： Terry Dwain Escamilla ,  Darren Scott Jeppson ,  Grant Douglas Miller ,  Joan LaVerne Mitchell

发明人： Terry Dwain Escamilla ,  Darren Scott Jeppson ,  Grant Douglas Miller ,  Joan LaVerne Mitchell

IPC分类号： G06F17/30

CPC分类号： G06F16/951

摘要： A computer implemented method, data processing system, and computer program product for preserving temporal associations between assets located across a plurality of datastores in a network. Metadata about each asset located in the plurality of datastores is stored, wherein the metadata includes one or more time attributes of each asset. Temporal associations are created between the assets using the time attributes of each asset. The temporal associations between the assets are then stored. Responsive to receiving a request from a user to view a set of assets in the datastores, the temporal associations of the set of assets or links to associated assets may be displayed to the user.

摘要翻译： 一种计算机实现的方法，数据处理系统和计算机程序产品，用于保持位于网络中的多个数据存储区之间的资产之间的时间关联。 存储关于位于多个数据存储中的每个资产的元数据，其中所述元数据包括每个资产的一个或多个时间属性。 使用每个资产的时间属性在资产之间创建时间关联。 然后存储资产之间的时间关联。 响应于从用户接收到查看数据存储中的一组资产的请求，可以向用户显示资产集合或链接到关联资产的时间关联。

公开(公告)号：US20130291067A1

公开(公告)日：2013-10-31

申请号：US13459383

申请日：2012-04-30

申请人： Terry Dwain Escamilla ,  Charles Steven Lingafelt ,  David Robert Safford

发明人： Terry Dwain Escamilla ,  Charles Steven Lingafelt ,  David Robert Safford

IPC分类号： G06F21/00 ,  H04W12/00

CPC分类号： H04W24/06 ,  H04W12/12

摘要： A method for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes the steps of: an agent running on an endpoint in the communication network locating one or more WAPs in the communication network; the agent reporting at least one located WAP to a central entity; and the central entity performing steps of applying prescribed criteria to determine whether the located WAP needs to be probed, and initiating active probing of the located WAP when it is determined that the located WAP needs to be probed to thereby determine whether the located WAP is unauthorized and/or misconfigured.

摘要翻译： 一种用于识别通信网络中的未授权和/或配置错误的无线接入点（WAP）的方法，包括以下步骤：在通信网络中的端点上运行的定位一个或多个WAP的通信网络中的代理; 该代理向中央实体报告至少一个定位的WAP; 并且中央实体执行执行步骤的步骤以确定是否需要探测所定位的WAP，并且当确定需要探测所位于的WAP以确定所定位的WAP是否是未授权的时候，启动所位于的WAP的主动探测 和/或配置错误。

公开(公告)号：US20130291063A1

公开(公告)日：2013-10-31

申请号：US13455419

申请日：2012-04-25

申请人： Terry Dwain Escamilla ,  Charles Steven Lingafelt ,  David Robert Safford

发明人： Terry Dwain Escamilla ,  Charles Steven Lingafelt ,  David Robert Safford

IPC分类号： G06F21/00 ,  H04W8/00

CPC分类号： H04W24/06 ,  H04W12/12

摘要： A system for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes multiple network endpoints and multiple agents running on endpoints. The agents are adapted to periodically locate WAPs and to report located WAPs to a central entity. The system further includes a central entity operative to receive information from the agents regarding located WAPs, to determine whether at least a given one of the located WAPs needs to be probed, and to initiate active probing of located WAPs when it is determined that the given one of the located WAPs needs to be probed.

摘要翻译： 用于识别通信网络中的未授权和/或配置错误的无线接入点（WAP）的系统包括多个网络端点和在端点上运行的多个代理。 代理适用于定期定位WAP并将位置的WAP报告给中央实体。 该系统进一步包括中央实体，其操作以从代理接收关于定位的WAP的信息，以确定是否需要探测至少一个所定位的WAP中的给定的一个，并且当确定给定的WAP时，启动所位于的WAP的主动探测 需要探测到一个位于WAP中的WAP。

公开(公告)号：US06772217B1

公开(公告)日：2004-08-03

申请号：US09644494

申请日：2000-08-23

申请人： Gerald Walter Baumann ,  Terry Dwain Escamilla ,  Grant Douglas Miller

发明人： Gerald Walter Baumann ,  Terry Dwain Escamilla ,  Grant Douglas Miller

IPC分类号： G06F1516

CPC分类号： H04L47/193 ,  H04L47/10 ,  H04L47/125

摘要： Available bandwidth utilization during transfer of large files over a TCP/IP network, is improved by segmenting the file and concurrently transmitting portions in an optimal number of logical distinct data streams which may all utilize a single physical medium and communications path. An initial number of data streams, is used to begin transmission of segments, each on a different data stream. During the first seconds of the transfer, individual and aggregate transmission bandwidths are determined, together with a backbone limit computed from the sliding window and round trip times. If the individual transmission bandwidths are approximately equal to the backbone limit, additional data stream(s) and segment(s) are started. Individual and aggregate transmission bandwidths are again determined, and the process is repeated until no substantial increase in aggregate bandwidth is achieved by adding an additional data stream. Aggregate transmission bandwidths are checked upon completion of each segment to determine if a data stream should be terminated.

摘要翻译： 通过分段文件并同时发送最佳数量的逻辑不同数据流中可能都使用单个物理介质和通信路径的部分来改进通过TCP / IP网络传输大文件期间的可用带宽利用率。 数据流的初始数量被用于开始段的传输，每个段在不同的数据流上。 在传输的第一秒期间，确定单个和总体传输带宽以及从滑动窗口计算的主干极限和往返时间。 如果单个传输带宽近似等于骨干极限，则启动附加数据流和段。 再次确定个体和聚合传输带宽，重复该过程，直到通过添加附加数据流来实现聚合带宽的实质增加。 在每个段完成时检查汇总传输带宽，以确定是否应终止数据流。

公开(公告)号：US5991401A

公开(公告)日：1999-11-23

申请号：US761548

申请日：1996-12-06

申请人： Scott Leonard Daniels ,  Terry Dwain Escamilla ,  Danny Marvin Neal ,  Yat Hung Ng

发明人： Scott Leonard Daniels ,  Terry Dwain Escamilla ,  Danny Marvin Neal ,  Yat Hung Ng

IPC分类号： G06F21/00 ,  H04L9/32 ,  H04L29/06 ,  H04K1/06 ,  H04L9/12 ,  H04L9/28

CPC分类号： H04L63/0464 ,  G06F21/31 ,  H04L9/32 ,  G06F2211/007 ,  H04L2209/56

摘要： A method for checking security of data received by a computer system within a network environment is disclosed. In accordance with a preferred embodiment of the present invention, an incoming packet from a client is first decrypted within a receiving communications adapter by utilizing a master decryption key. The decrypted incoming packet is then encrypted by utilizing an encryption key identical to an encryption key employed by the client. A determination is made as to whether or not a packet produced from the encryption is identical to the incoming packet. In response to a determination that a packet produced from the encryption is identical to the incoming packet, the decrypted incoming packet is forwarded to a system memory of the computer system. As such, any incoming packet that does not meet this criterion will be rejected as a security threat.

摘要翻译： 公开了一种用于检查由网络环境中的计算机系统接收的数据的安全性的方法。 根据本发明的优选实施例，来自客户端的输入分组首先通过利用主解密密钥在接收通信适配器内被解密。 然后，通过利用与客户端使用的加密密钥相同的加密密钥来对经解密的进入分组进行加密。 确定从加密产生的分组是否与输入分组相同。 响应于从加密产生的分组与输入分组相同的确定，解密的传入分组被转发到计算机系统的系统存储器。 因此，不符合此标准的任何传入数据包将被拒绝作为安全威胁。