公开(公告)号：US09219655B1

公开(公告)日：2015-12-22

申请号：US13660574

申请日：2012-10-25

申请人： Darrell Kienzle ,  Nathan Evans ,  Matthew Elder

发明人： Darrell Kienzle ,  Nathan Evans ,  Matthew Elder

IPC分类号： H04L12/24

CPC分类号： H04L41/12

摘要： A computer-implemented method for discovering network topologies. The method may include (1) receiving, on a host system within a network, a switch-protocol message that includes a switch identifier, a port identifier, and/or a root path cost, (2) identifying a set of switches within the network based on the switch-protocol message, (3) determining how the set of switches are connected based on the switch-protocol message, and (4) mapping a topology of the network based on determining how the set of switches are connected. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于发现网络拓扑的计算机实现的方法。 该方法可以包括：（1）在网络中的主机系统上接收包括交换机标识符，端口标识符和/或根路径开销的交换机协议消息，（2）识别所述交换机 基于交换协议消息的网络，（3）基于交换协议消息确定交换机集合如何连接，以及（4）基于确定如何连接交换机的集合来映射网络的拓扑。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08844041B1

公开(公告)日：2014-09-23

申请号：US12713606

申请日：2010-02-26

申请人： Darrell Kienzle ,  William Gauvin ,  Matthew Elder ,  Robert Walters ,  Adam Schepis ,  Brian Hernacki

发明人： Darrell Kienzle ,  William Gauvin ,  Matthew Elder ,  Robert Walters ,  Adam Schepis ,  Brian Hernacki

IPC分类号： G06F11/30 ,  G06F15/173 ,  H04L12/24 ,  H04L12/751 ,  H04L29/06

CPC分类号： H04L41/12 ,  H04L45/02 ,  H04L63/1408 ,  H04L63/1433

摘要： Detection of network devices (e.g., stealth devices) and mapping network topology are performed via network introspection by collaborating endpoints/nodes. The method includes receiving (e.g., by a node on a network) an assignment to be a supernode that will manage multiple agents of a subnetwork within an overall network. This assigned supernode instructs two or more of the agents to perform a set of network traffic fingerprinting tests of the subnetwork by passing information across the subnetwork to each other. The supernode receives results of the tests from the clients and detects one or more intermediate devices located between the clients based on an effect of the intermediate devices on the information passed between the clients. The supernode can further map the topology of the subnetwork (including the detected devices) which can be used in mapping the overall network topology.

摘要翻译： 网络设备（例如隐形设备）和映射网络拓扑的检测通过协作端点/节点的网络内省来执行。 该方法包括接收（例如，由网络上的节点）作为将管理整个网络内的子网络的多个代理的超级节点的分配。 该分配的超节点指示两个或更多个代理通过将信息跨越子网彼此传递来执行子网的一组网络流量指纹测试。 超级节点从客户端接收测试结果，并基于中间设备对客户端之间传递的信息的影响，检测位于客户端之间的一个或多个中间设备。 超级节点可以进一步映射可用于映射整个网络拓扑的子网（包括检测到的设备）的拓扑。

公开(公告)号：US07634811B1

公开(公告)日：2009-12-15

申请号：US11134696

申请日：2005-05-20

申请人： Darrell Kienzle ,  Matthew Elder

发明人： Darrell Kienzle ,  Matthew Elder

IPC分类号： G08B23/00

CPC分类号： H04L63/02 ,  G06F21/33 ,  H04L63/0823 ,  H04L63/126 ,  H04L63/1408 ,  H04L63/166

摘要： Computer-implemented methods, apparati, and computer-readable media for thwarting computer attacks. A method embodiment of the present invention comprises the steps of examining (52) a digital certificate (20) presented by a server computer (2); compiling (53) a set of suspicion indications (31) gleaned from said examining step (52); and feeding (54) said suspicion indications (31) to a consequence engine (30).

摘要翻译： 用于阻止计算机攻击的计算机实现的方法，设备和计算机可读介质。 本发明的方法实施例包括检查（52）由服务器计算机（2）呈现的数字证书（20）的步骤; 编译（53）从所述检查步骤（52）收集的一组怀疑指示（31）; 以及将所述怀疑指示（31）馈送（54）到结果引擎（30）。

公开(公告)号：US07516488B1

公开(公告)日：2009-04-07

申请号：US11064170

申请日：2005-02-23

申请人： Darrell Kienzle ,  James Croall

发明人： Darrell Kienzle ,  James Croall

IPC分类号： G06F11/00

CPC分类号： H04L63/0236 ,  H04L51/12 ,  H04L63/1441 ,  H04L63/1483

摘要： An electronic message manager (100) examines (210) incoming electronic messages and determines (220) whether an incoming electronic message comprises at least one suspect link associated with a remote system. In response to the determination (220) that the incoming message comprises at least one suspect link, the electronic message manager (100) replaces (230) each suspect link with a redirection link. In response to a user attempting (240) to connect to the remote system by clicking on the redirection link, the electronic message manager directs the user to a remote analysis site for deciding (260) whether that incoming message comprises a phishing message.

摘要翻译： 电子消息管理器（100）检查（210）传入的电子消息，并且确定（220）传入电子消息是否包括与远程系统相关联的至少一个可疑链路。 响应于所述确定（220）所述输入消息包括至少一个可疑链接，所述电子消息管理器（100）用重定向链接替换（230）每个可疑链路。 响应于用户通过点击重定向链接尝试（240）连接到远程系统，电子消息管理器将用户指导到远程分析站点，以决定（260）该传入消息是否包括钓鱼消息。

公开(公告)号：US09007955B1

公开(公告)日：2015-04-14

申请号：US13043038

申请日：2011-03-08

申请人： Darrell Kienzle ,  Matthew Cruz Elder ,  Ryan Persaud

发明人： Darrell Kienzle ,  Matthew Cruz Elder ,  Ryan Persaud

IPC分类号： H04L12/28 ,  H04L12/24

CPC分类号： H04L41/12 ,  H04L43/10

摘要： A computer-implemented method for mapping network topologies may include (1) identifying a network including a plurality of network switches and a plurality of host systems, (2) identifying a host system within the plurality of host systems connected to the network via a network switch within the plurality of network switches, (3) refreshing an address of the host system within the network switch, (4) allowing the address of the host system to expire from each network switch within the plurality of network switches except the network switch, (5) transmitting a probing frame from a probing host system within the plurality of host systems to the address of the host system, (6) identifying a subset of host systems within the plurality of host systems that received the probing frame, and then (7) mapping a topology of the network based on the identified subset. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于映射网络拓扑的计算机实现的方法可以包括（1）识别包括多个网络交换机和多个主机系统的网络，（2）通过网络识别连接到网络的多个主机系统内的主机系统 切换多个网络交换机，（3）刷新网络交换机内的主机系统的地址，（4）允许主机系统的地址从网络交换机以外的多个网络交换机内的每个网络交换机过期， （5）将探测帧从所述多个主机系统内的探测主机系统发送到所述主机系统的地址;（6）识别接收到所述探测帧的所述多个主机系统内的主机系统的子集，然后（ 7）基于所识别的子集来映射网络的拓扑。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US07934257B1

公开(公告)日：2011-04-26

申请号：US11030139

申请日：2005-01-07

申请人： Darrell Kienzle ,  Paul Swinton

发明人： Darrell Kienzle ,  Paul Swinton

IPC分类号： H04L29/14

CPC分类号： H04L63/1408 ,  H04L41/0604 ,  H04L41/0631 ,  H04L41/0681 ,  H04L69/28

摘要： A method of monitoring events in a network associated with a node. An agent collects event information associated with the monitored activities, based on a set of collection rules. A determination is made whether a portion of the collected event information complies or potentially complies with one of a set of patterns. An agent selects event information from the collection based on the determination, and makes the selected event information available to a manager associated with the node and other nodes in the network. The agent manager receives event information from a plurality of agents. A triggering event is identified, as a function of the set of patterns, based on the event information. The agent manager sends at least one request to a selected set of the agents for additional event information when a triggering event is identified.

摘要翻译： 监视与节点相关联的网络中的事件的方法。 代理根据一组收集规则收集与被监视活动相关联的事件信息。 确定所收集的事件信息的一部分是否符合或潜在地符合一组模式之一。 代理人根据确定从集合中选择事件信息，并使所选择的事件信息可用于与网络中的节点和其他节点相关联的管理器。 代理管理器从多个代理接收事件信息。 基于事件信息，识别触发事件，作为模式集合的函数。 当识别出触发事件时，代理管理器向选定的代理集合发送至少一个请求以用于附加事件信息。