-
公开(公告)号:US20050044422A1
公开(公告)日:2005-02-24
申请号:US10930392
申请日:2004-08-31
申请人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
发明人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
CPC分类号: H04L63/0227 , H04L43/00 , H04L43/028 , H04L43/0888 , H04L43/16 , H04L63/0254 , H04L63/0263 , H04L63/0442 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.
-
公开(公告)号:US07451489B2
公开(公告)日:2008-11-11
申请号:US10930392
申请日:2004-08-31
申请人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
发明人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
IPC分类号: H04L9/00 , G06F11/30 , G06F15/173
CPC分类号: H04L63/0227 , H04L43/00 , H04L43/028 , H04L43/0888 , H04L43/16 , H04L63/0254 , H04L63/0263 , H04L63/0442 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.
摘要翻译: 提供了一种主动的网络防御系统,其可操作以自动化方式监视和阻止业务。 作为网络基础设施的一部分,该活动的网络防御系统相对于分组业务数据流在线地放置。 在这种配置中,可以检查和操纵每个通过的包。 算法过滤操作将统计阈值过滤应用于数据流,以便识别跨多个会话存在的威胁。 触发器过滤操作将头部和内容匹配过滤应用于数据流,以便识别各个会话中存在的威胁。 威胁数据包流量被阻止,威胁性会话终止。 从数据流中提取可疑流量进行进一步检查,具有更全面的内容匹配和资产风险分析。 提供流控制机制来控制通过数据流的分组的通过速率。
-
公开(公告)号:US07454792B2
公开(公告)日:2008-11-18
申请号:US10930922
申请日:2004-08-31
申请人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
发明人: Craig Cantrell , Marc Willebeek-Lemair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
IPC分类号: H04L9/00 , G06F11/30 , G06F15/173
CPC分类号: H04L63/0227 , H04L43/00 , H04L43/028 , H04L43/0888 , H04L43/16 , H04L63/0254 , H04L63/0263 , H04L63/0442 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.
-
公开(公告)号:US07454499B2
公开(公告)日:2008-11-18
申请号:US10291095
申请日:2002-11-07
申请人: Craig Cantrell , Marc Willebeek-LeMair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
发明人: Craig Cantrell , Marc Willebeek-LeMair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
IPC分类号: G06F15/173
CPC分类号: H04L63/0227 , H04L43/00 , H04L43/028 , H04L43/0888 , H04L43/16 , H04L63/0254 , H04L63/0263 , H04L63/0442 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.
-
公开(公告)号:US20050028013A1
公开(公告)日:2005-02-03
申请号:US10930922
申请日:2004-08-31
申请人: Craig Cantrell , Marc Willebeek-LeMair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
发明人: Craig Cantrell , Marc Willebeek-LeMair , Dennis Cox , John McHale , Brian Smith , Donovan Kolbly
CPC分类号: H04L63/0227 , H04L43/00 , H04L43/028 , H04L43/0888 , H04L43/16 , H04L63/0254 , H04L63/0263 , H04L63/0442 , H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.
摘要翻译: 提供了一种主动的网络防御系统,其可操作以自动化方式监视和阻止业务。 作为网络基础设施的一部分,该活动的网络防御系统相对于分组业务数据流在线地放置。 在这种配置中,可以检查和操纵每个通过的包。 算法过滤操作将统计阈值过滤应用于数据流,以便识别跨多个会话存在的威胁。 触发器过滤操作将头部和内容匹配过滤应用于数据流,以便识别各个会话中存在的威胁。 威胁数据包流量被阻止,威胁性会话终止。 从数据流中提取可疑流量进行进一步检查,具有更全面的内容匹配和资产风险分析。 提供流控制机制来控制通过数据流的分组的通过速率。
-
公开(公告)号:US20060239273A1
公开(公告)日:2006-10-26
申请号:US11473885
申请日:2006-06-23
申请人: Charles Buckman , Dennis Cox , Donovan Kolbly , Craig Cantrell , Brian Smith , Jon Werner , Marc Willebeek-LeMair , Joe Blackard , Francis Webster
发明人: Charles Buckman , Dennis Cox , Donovan Kolbly , Craig Cantrell , Brian Smith , Jon Werner , Marc Willebeek-LeMair , Joe Blackard , Francis Webster
CPC分类号: H04L47/10 , H04L12/14 , H04L12/1485 , H04L47/22 , H04L47/2416 , H04L47/2441 , H04L47/2475 , H04L69/12 , H04L69/16 , H04L69/163
摘要: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.
-
7.发明授权公开(公告)号:US06983323B2
公开(公告)日:2006-01-03
申请号:US10217862
申请日:2002-08-12
IPC分类号: G06F13/00
CPC分类号: H04L63/0263 , H04L29/06 , H04L63/0209 , H04L63/1408 , H04L69/16 , H04L69/161 , H04L69/22
摘要: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.
摘要翻译: 包过滤操作实现分层技术。 接收到的数据包流量首先用第一个过滤条件进行过滤。 该第一过滤动作从接收到的分组流量生成第一通过业务部分和故障业务部分。 然后以第二过滤标准对故障业务部分进行第二次过滤。 该第二过滤动作产生第二通过业务部分和拒绝业务部分。 第一个过滤标准提供更高的吞吐量,更低的精度处理,而第二个过滤标准提供较低的吞吐量,更高的精度处理。 可以对第一和第二过滤标准进行动态调整,以实现更好的整体包过滤性能。 例如,测量负载并调整过滤标准以更好地平衡分层过滤动作之间的负载。
-
公开(公告)号:US07359962B2
公开(公告)日:2008-04-15
申请号:US10136889
申请日:2002-04-30
申请人: Marc Willebeek-LeMair , Craig Cantrell , Dennis Cox , John McHale , Brian Smith
发明人: Marc Willebeek-LeMair , Craig Cantrell , Dennis Cox , John McHale , Brian Smith
IPC分类号: G06F15/173
CPC分类号: H04L63/0227 , H04L29/06 , H04L63/1416 , H04L63/1433 , H04L67/02 , H04L69/329
摘要: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.
摘要翻译: 网络发现功能,入侵检测器功能和防火墙功能集成在一起,形成网络安全系统,为网络呈现自我部署和自强化的安全防御。
-
9.发明申请公开(公告)号:US20070226483A1
公开(公告)日:2007-09-27
申请号:US11388805
申请日:2006-03-24
申请人: Dennis Cox , William Brewer , Craig Cantrell , Brent Cook , H.D. Moore
发明人: Dennis Cox , William Brewer , Craig Cantrell , Brent Cook , H.D. Moore
IPC分类号: H04L9/00
CPC分类号: H04L41/145 , H04L43/18 , H04L43/50 , H04L67/02 , H04L67/2823 , H04L67/2828 , H04L69/04 , H04L69/18 , H04L69/22
摘要: A method of encoding network packets for storage and later transmitting emulated packets includes determining a protocol for the packet and validating the protocol as belonging to a list of recognized protocols. Upon validating the packet, a protocol attribute value from the packet is parsed and a dictionary is referenced using the protocol attribute value to obtain a binary encoding, which is stored as an encoded packet. The packet, for example, may be an HTTP protocol request packet and parsing may include parsing a TYPE attribute value where the TYPE attribute value indicates whether the packet is a GET, POST, PUT or OTHER type of HTTP request. The method may further include modifying environmental data in the packet when the packet is later generated for transmission on a network. The method may further include, for packets of unrecognized protocols, learning and creating an encoding for new protocols.
摘要翻译: 编码用于存储和随后发送模拟分组的网络分组的方法包括确定用于分组的协议并将协议验证为属于识别协议的列表。 在验证分组时,解析来自分组的协议属性值,并使用协议属性值引用字典来获得作为编码分组存储的二进制编码。 分组例如可以是HTTP协议请求分组,并且解析可以包括解析TYPE属性值,其中TYPE属性值指示分组是否是GET,POST,PUT或其他类型的HTTP请求。 该方法还可以包括当分组稍后生成用于在网络上传输时修改分组中的环境数据。 该方法还可以包括对于未识别的协议的分组,学习和创建用于新协议的编码。
-
10.发明授权Method for blocking denial of service and address spoofing attacks on a private network 有权阻止拒绝服务和对专网进行欺骗攻击的方法公开(公告)号:US07836296B2
公开(公告)日:2010-11-16
申请号:US10808629
申请日:2004-03-24
申请人: Dennis Cox , Kip McClanahan
发明人: Dennis Cox , Kip McClanahan
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/0236 , H04L63/1458 , H04L63/1466 , H04Q3/62 , H04Q2213/13097 , H04Q2213/13141 , H04Q2213/13164 , H04Q2213/13166 , H04Q2213/13196 , H04Q2213/13204 , H04Q2213/13339 , H04Q2213/13372 , H04Q2213/13384 , H04Q2213/13389
摘要: A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).
摘要翻译: 提供一种阻止私有网络攻击的方法(12)。 该方法由将专用网络(12)互连到公共网络(14)的路由设备(10)来实现。 该方法包括分析来自公共网络(14)的输入数据分组。 然后将输入的数据分组与已知模式与专用网络(12)上的已知形式的攻击相关联的已知模式进行匹配。 然后,基于匹配,数据分组的源被识别为恶意或非恶意的。 在一个实施例中,已知形式的攻击之一是拒绝服务攻击,并且相关联的已知模式是未确认的数据分组。 在另一个实施例中,已知攻击形式之一是地址欺骗攻击,相关联的已知模式是具有与专用网络(12)的内部地址匹配的源地址的数据分组。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.027 秒)
