-
公开(公告)号:US20090028067A1
公开(公告)日:2009-01-29
申请号:US11919516
申请日:2006-04-27
申请人: Glenn Mansfield Keeni , Takeo Saito
发明人: Glenn Mansfield Keeni , Takeo Saito
IPC分类号: H04L12/28
CPC分类号: H04L41/22 , H04L41/0213 , H04L41/046 , H04L41/12 , H04L49/65
摘要: By synthesizing the map of an entire network, it provides a method for detecting OSI Reference Model layer-2 switches and evaluating the status of the inter-connection of the layer-2 switches. The NMT(102) which implements the SNMP manager queries the specified management IP-addresses and receives responses from the SNMP agents implemented on the layer-2 switches (103,104,105). From the management information in the responses, the existence of the layer-2 switches is confirmed and the MAC address and port information mapping table MvP table is constructed. Based on the MvP table the inter-connection information of the layer-2 switches is detected.
摘要翻译: 通过合成整个网络的映射,提供了一种检测OSI参考模型第2层交换机并评估第2层交换机的互连状态的方法。 实现SNMP管理员的NMT(102)查询指定的管理IP地址,并从第二层交换机(103,104,105)上实现的SNMP代理接收响应。 从响应中的管理信息中,确定了二层交换机的存在,构建了MAC地址和端口信息映射表MvP表。 根据MvP表,检测到二层交换机的连接信息。
-
2.发明授权Unauthorized information detection system and unauthorized attack source search system 有权未经授权的信息检测系统和未经授权的攻击源搜索系统公开(公告)号:US08020205B2
公开(公告)日:2011-09-13
申请号:US10588188
申请日:2005-02-02
CPC分类号: H04L63/1408 , H04L63/1458 , H04L69/22 , H04L69/28 , H04L2463/146
摘要: A system for detecting and tracing a (D)DoS attack and identifying the attack source, which system simplifies the judgment reference to determine whether a (D)DoS attack is present. The number of source addresses of the packets transmitted via the Internet line is monitored. When the number of the source addresses has reached a predetermined number or a predetermined ratio within a predetermined time, it is judged that an unauthorized attack is present. Moreover, where the hop number of the packet is different from a hop number corresponding to the transmission source information, the packet is judged to be malicious.
摘要翻译: 一种用于检测和跟踪(D)DoS攻击并识别攻击源的系统,该系统简化了判断参考以确定是否存在(D)DoS攻击。 通过Internet线路发送的数据包的源地址数量被监视。 当源地址的数量在预定时间内达到预定数量或预定比率时,判断出存在未经授权的攻击。 此外,在分组的跳数不同于与发送源信息对应的跳数的情况下,判断为分组是恶意的。
-
3.发明授权公开(公告)号:US07966392B2
公开(公告)日:2011-06-21
申请号:US11997191
申请日:2006-07-28
IPC分类号: G06F15/173
CPC分类号: H04L41/046 , H04L41/0213 , H04W48/16 , H04W74/06 , H04W76/30
摘要: This invention aims to provide a technique that, in wireless network environments, enables the Manager to collect network management information (MIB data in the case of SNMP based network management), which the Agent has stored during periods of disconnection, after connectivity to the mobile nodes has recovered. In a wireless network environment, the Agent (201) has a unit for storing the management information related to network devices with appropriate label information, while the Manager (101) has a unit for sending the Agent a request for a label-specified data, and getting the data which the Agent has stored in Management Information Store 207. The above unit enables the Manager (101) to seamlessly collect the information pertaining to the period of disconnection, which the Agent (201) has stored in Management Information Store 207, after detecting recovery of the connectivity.
摘要翻译: 本发明旨在提供一种技术,其在无线网络环境中使得管理者可以在连接到移动终端之后收集代理在断开期间存储的网络管理信息(在SNMP的网络管理的情况下的MIB数据) 节点已恢复。 在无线网络环境中,代理(201)具有用于存储与适当标签信息相关的网络设备的管理信息的单元,而管理器(101)具有用于向代理发送对标签指定数据的请求的单元, 并且获取代理已经存储在管理信息存储区207中的数据。上述单元使得管理器101无缝地收集与代理(201)已经存储在管理信息存储区207中的断开时段有关的信息, 检测到连接恢复后。
-
公开(公告)号:US07821968B2
公开(公告)日:2010-10-26
申请号:US11919516
申请日:2006-04-27
申请人: Glenn Mansfield Keeni , Takeo Saito
发明人: Glenn Mansfield Keeni , Takeo Saito
IPC分类号: H04L12/28
CPC分类号: H04L41/22 , H04L41/0213 , H04L41/046 , H04L41/12 , H04L49/65
摘要: By synthesizing the map of an entire network, it provides a method for detecting OSI Reference Model layer-2 switches and evaluating the status of the inter-connection of the layer-2 switches. The NMT (102) which implements the SNMP manager queries the specified management IP-addresses and receives responses from the SNMP agents implemented on the layer-2 switches (103,104,105). From the management information in the responses, the existence of the layer-2 switches is confirmed and the MAC address and port information mapping table MvP table is constructed. Based on the MvP table the inter-connection information of the layer-2 switches is detected.
摘要翻译: 通过合成整个网络的映射,提供了一种检测OSI参考模型第2层交换机并评估第2层交换机的互连状态的方法。 实现SNMP管理员的NMT(102)查询指定的管理IP地址,并从第二层交换机(103,104,105)上实现的SNMP代理接收响应。 从响应中的管理信息中,确定了二层交换机的存在,构建了MAC地址和端口信息映射表MvP表。 根据MvP表,检测到二层交换机的连接信息。
-
公开(公告)号:US20140165143A1
公开(公告)日:2014-06-12
申请号:US13812994
申请日:2011-02-18
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L12/462 , H04L61/103 , H04L63/101 , H04L63/1441
摘要: Disclosed are a method and program for controlling communication of the target apparatus, specifically, blocking the communication of the target apparatus immediately and certainly in case where illegal connection to the target apparatus is detected in the network arranged one or more Layer-2 switches. The network monitoring manager H carries out blocking communication of the target apparatus immediately and certainly by detecting automatically the Layer-2 switch port connected to the communication apparatus, that is identified as the target apparatus including illegal connection, based on the MvP table, and blocking the communication of the target apparatus by administratively disabling the Layer-2 switch port connected to the target apparatus, in case where the network monitoring manager H detects illegal connection to the communication apparatus in the network.
摘要翻译: 公开了一种用于控制目标设备的通信的方法和程序,具体地,在布置有一个或多个二层交换机的网络中检测到与目标设备的非法连接的情况下,立即阻止目标设备的通信。 网络监视管理器H通过基于MvP表自动检测连接到通信装置的被识别为包括非法连接的目标设备的第二层交换机端口,并且当前通过阻塞 在网络监视管理器H检测到与网络中的通信设备的非法连接的情况下,通过管理地禁用连接到目标设备的二层交换机端口来进行目标设备的通信。
-
6.发明授权Device for analyzing and diagnosing network traffic, a system for analyzing and diagnosing network traffic, and a system for tracing network traffic 有权用于分析和诊断网络流量的设备,用于分析和诊断网络流量的系统,以及用于跟踪网络流量的系统公开(公告)号:US08689326B2
公开(公告)日:2014-04-01
申请号:US12161139
申请日:2007-01-16
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L43/16 , H04L43/18 , H04L63/1458
摘要: A system detects the presence of illegal access attacks. The device for analyzing and diagnosing network traffic divides packets into k (k>0) types based on protocol type and port number, etc., a component observing the number of distinct values of one or more pre-specified fields in packet header for each packet type, for all packets that have transited the observation points in a network, an element observing the number of distinct values of one or more pre-specified fields in the packet payload for each packet type, for all packets that have transited the observation points in a network, and a diagnosis element determining whether the network is abnormal when the number of distinct values observed in fields of each packet type crosses a specified ratio-threshold within a predetermined interval. This enables detection of small-scale DoS attacks with little change in addresses number, improving illegal access detection accuracy.
摘要翻译: 系统检测到非法访问攻击的存在。 用于分析和诊断网络流量的设备基于协议类型和端口号等将分组划分为k(k> 0)种类型,每个组件观察每个分组报头中一个或多个预定义字段的不同值的数量 对于已经转移了网络中的观测点的所有分组的分组类型,对于已经过渡观察点的所有分组,观察每个分组类型的分组有效载荷中的一个或多个预定义字段的不同值的数量的元素 以及当在每个分组类型的字段中观察到的不同值的数量在预定间隔内跨越指定的比率阈值时确定网络是否异常的诊断元素。 这样可以检测小规模DoS攻击,地址数量几乎没有变化,从而提高了非法访问检测的准确性。
-
7.发明申请Unauthorized Information Detection System and Unauthorized Attack Source Search System 有权未经授权的信息检测系统和未经授权的攻击源搜索系统公开(公告)号:US20080016562A1
公开(公告)日:2008-01-17
申请号:US10588188
申请日:2005-02-02
IPC分类号: G08B23/00
CPC分类号: H04L63/1408 , H04L63/1458 , H04L69/22 , H04L69/28 , H04L2463/146
摘要: There is provided a system for detecting and tracing a (D)DoS attack and identifying the attack source, which system simplifies the judgment reference to determine whether a (D)DoS attack is present. The number of source addresses of the pockets transmitted via the Internet line is monitored. When the number of the source addresses has reached a predetermined number or a predetermined ratio within a predetermined time, it is judged that an unauthorized attack is present. Moreover, the packet of the HOP number different from the HOP number corresponding to the transmission source information is judged to be unauthorized information.
摘要翻译: 提供了一种用于检测和跟踪(D)DoS攻击并识别攻击源的系统,该系统简化了判断参考以确定是否存在(D)DoS攻击。 监控通过因特网线路传输的口袋的源地址数量。 当源地址的数量在预定时间内达到预定数量或预定比率时,判断出存在未经授权的攻击。 此外,与对应于发送源信息的HOP号码不同的HOP号码的分组被判定为未经授权的信息。
-
公开(公告)号:US08955049B2
公开(公告)日:2015-02-10
申请号:US13812994
申请日:2011-02-18
CPC分类号: H04L63/10 , H04L12/462 , H04L61/103 , H04L63/101 , H04L63/1441
摘要: Disclosed are a method and program for controlling communication of the target apparatus, specifically, blocking the communication of the target apparatus immediately and certainly in case where illegal connection to the target apparatus is detected in the network arranged one or more Layer-2 switches. The network monitoring manager H carries out blocking communication of the target apparatus immediately and certainly by detecting automatically the Layer-2 switch port connected to the communication apparatus, that is identified as the target apparatus including illegal connection, based on the MvP table, and blocking the communication of the target apparatus by administratively disabling the Layer-2 switch port connected to the target apparatus, in case where the network monitoring manager H detects illegal connection to the communication apparatus in the network.
摘要翻译: 公开了一种用于控制目标设备的通信的方法和程序,具体地,在布置有一个或多个二层交换机的网络中检测到与目标设备的非法连接的情况下,立即阻止目标设备的通信。 网络监视管理器H通过基于MvP表自动检测连接到通信装置的被识别为包括非法连接的目标设备的第二层交换机端口,并且当前通过阻塞 在网络监视管理器H检测到与网络中的通信设备的非法连接的情况下,通过管理地禁用连接到目标设备的二层交换机端口来进行目标设备的通信。
-
公开(公告)号:US08819764B2
公开(公告)日:2014-08-26
申请号:US12676833
申请日:2008-08-28
IPC分类号: G06F17/00
CPC分类号: H04L63/20 , H04L63/101 , H04L63/1491
摘要: A network security monitoring apparatus and a network security monitoring system manages “permitted” or “not permitted” communication between nodes based on an access policy. A network security monitoring system includes nodes 31,32,33, application server 20, router 40, and network security monitoring apparatus 10 deployed in the network. The network security monitoring apparatus 10 judges whether the nodes are permitted to communicate with other nodes in the network or not based on the access policy, and repeatedly transmits data to block the communication between nodes judged as “not permitted” at fixed time intervals until the access policy is changed from “not permitted” to “permitted”. This invention enables to block communication between nodes defined as “not permitted” for communicating with other nodes in the access policy, and to allow communication between nodes defined as “permitted” for communicating with other nodes in the access policy.
摘要翻译: 网络安全监控装置和网络安全监控系统基于访问策略管理节点之间的“允许”或“不允许”通信。 网络安全监控系统包括部署在网络中的节点31,32,33,应用服务器20,路由器40和网络安全监控设备10。 网络安全监控装置10基于访问策略判断节点是否允许与网络中的其他节点通信,并且以固定的时间间隔重复发送数据以阻止被判断为“不允许”的节点之间的通信,直到 访问策略从“不允许”更改为“允许”。 本发明能够阻止被定义为“不允许”的节点之间的通信,以便与接入策略中的其他节点进行通信,并且允许被定义为“允许”的节点之间的通信与接入策略中的其他节点进行通信。
-
10.发明申请DEVICE FOR ANALYZING AND DIAGNOSING NETWORK TRAFFIC, A SYSTEM FOR ANALYZING AND DIAGNOSING NETWORK TRAFFIC, AND A SYSTEM FOR TRACING NETWORK TRAFFIC 有权用于分析和诊断网络交通的装置,用于分析和诊断网络交通的系统以及用于跟踪网络交通的系统公开(公告)号:US20110317566A1
公开(公告)日:2011-12-29
申请号:US12161139
申请日:2007-01-16
IPC分类号: H04L12/26
CPC分类号: H04L63/1425 , H04L43/16 , H04L43/18 , H04L63/1458
摘要: A system detects the presence of illegal access attacks. The device for analyzing and diagnosing network traffic divides packets into k (k>0) types based on protocol type and port number, etc., a component observing the number of distinct values of one or more pre-specified fields in packet header for each packet type, for all packets that have transited the observation points in a network, an element observing the number of distinct values of one or more pre-specified fields in the packet payload for each packet type, for all packets that have transited the observation points in a network, and a diagnosis element determining whether the network is abnormal when the number of distinct values observed in fields of each packet type crosses a specified ratio-threshold within a predetermined interval. This enables detection of small-scale DoS attacks with little change in addresses number, improving illegal access detection accuracy.
摘要翻译: 系统检测到非法访问攻击的存在。 用于分析和诊断网络流量的设备基于协议类型和端口号等将分组划分为k(k> 0)种类型,每个组件观察每个分组报头中一个或多个预定义字段的不同值的数量 对于已经转移了网络中的观测点的所有分组的分组类型,对于已经过渡观察点的所有分组,观察每个分组类型的分组有效载荷中的一个或多个预定义字段的不同值的数量的元素 以及当在每个分组类型的字段中观察到的不同值的数量在预定间隔内跨越指定的比率阈值时确定网络是否异常的诊断元素。 这样可以检测小规模DoS攻击,地址数量几乎没有变化,从而提高了非法访问检测的准确性。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.039 秒)
