公开(公告)号：US20050243826A1

公开(公告)日：2005-11-03

申请号：US10833377

申请日：2004-04-28

申请人： Michael Smith ,  Douglas Gourlay ,  Jeffrey Wang ,  Ali Golshan

发明人： Michael Smith ,  Douglas Gourlay ,  Jeffrey Wang ,  Ali Golshan

IPC分类号： H04L12/28

CPC分类号： H04L41/0813 ,  H04L12/08 ,  H04L12/2854 ,  H04L41/04 ,  H04L41/082 ,  H04L41/12 ,  H04L47/10

摘要： An adjunct network device includes several ports, an uplink interface, and an adjunct forwarding engine coupled to the ports and the uplink interface. A first port is configured to receive a packet, which includes a destination address. The adjunct forwarding engine is configured to send the packet to the uplink interface if the destination address is not associated with any of the ports. The packet is sent to one of the ports if the destination address is associated with the one of the ports.

摘要翻译： 辅助网络设备包括多个端口，上行链路接口和耦合到端口和上行链路接口的辅助转发引擎。 第一端口被配置为接收包括目的地地址的分组。 如果目的地址不与任何端口相关联，则附加转发引擎被配置为将该分组发送到上行链路接口。 如果目的地址与其中一个端口相关联，则将数据包发送到其中一个端口。

公开(公告)号：US20050198371A1

公开(公告)日：2005-09-08

申请号：US10782314

申请日：2004-02-19

申请人： Michael Smith ,  Jeffrey Wang ,  Ali Golshan

发明人： Michael Smith ,  Jeffrey Wang ,  Ali Golshan

IPC分类号： H04L12/56 ,  G06F15/173

CPC分类号： H04L49/552 ,  H04L45/02 ,  H04L45/583 ,  H04L45/586 ,  H04L49/1553 ,  H04L49/30 ,  H04L49/354 ,  H04L49/70

摘要： A virtual network device includes several different virtual network device sub-units, which collectively operate as a single logical network device. An interface bundle includes interfaces in more than one of the different virtual network device sub-units included in the virtual network device. The interface bundle is coupled to a virtual link bundle, which connects the virtual network device to another device. The interface bundle is managed as a single logical interface.

摘要翻译： 虚拟网络设备包括几个不同的虚拟网络设备子单元，它们共同作为单个逻辑网络设备操作。 接口束包括虚拟网络设备中包含的不同虚拟网络设备子单元中的一个以上的接口。 接口束耦合到将虚拟网络设备连接到另一设备的虚拟链路束。 接口束作为单个逻辑接口进行管理。

公开(公告)号：US20050063395A1

公开(公告)日：2005-03-24

申请号：US10666306

申请日：2003-09-18

申请人： Michael Smith ,  Ali Golshan ,  Jeffrey Wang ,  Neelima Mehta ,  Venkatesh Janakiraman

发明人： Michael Smith ,  Ali Golshan ,  Jeffrey Wang ,  Neelima Mehta ,  Venkatesh Janakiraman

IPC分类号： H04L12/24 ,  H04L12/46 ,  H04L12/56

CPC分类号： H04L45/00 ,  H04L12/46 ,  H04L41/0806 ,  H04L41/082 ,  H04L45/586 ,  H04L49/70

摘要： Method and devices are provided to form virtual switches for data networks. As noted above, the term “switch” as used herein will apply to switches, routers and similar network devices. Each virtual switch acts as a single logical unit, while encompassing at least two physical chassis. Accordingly, each virtual switch may be treated as a single point of management. Each virtual switch includes a master chassis and at least one slave chassis. The master chassis is configured to control the slave chassis. The master chassis includes at least one master supervisor card and the slave chassis includes at least one slave supervisor card. The master chassis and the slave chassis communicate via a virtual switch link according to a virtual switch link protocol.

摘要翻译： 提供方法和设备以形成用于数据网络的虚拟交换机。 如上所述，本文所用的术语“交换机”将适用于交换机，路由器和类似的网络设备。 每个虚拟交换机充当单个逻辑单元，同时包含至少两个物理机箱。 因此，每个虚拟交换机可以被视为单个管理点。 每个虚拟交换机包括主机箱和至少一个从机箱。 主机箱配置为控制从机箱。 主机箱包括至少一个主管理卡，从机箱包括至少一个从主管理卡。 主机箱和从机框架根据虚拟交换机链路协议通过虚拟交换机链路进行通信。

公开(公告)号：US20060002299A1

公开(公告)日：2006-01-05

申请号：US10881074

申请日：2004-06-30

申请人： Faisal Mushtaq ,  Sitaram Dontu ,  Shreeram Bhide ,  Ali Golshan ,  Michael Smith

发明人： Faisal Mushtaq ,  Sitaram Dontu ,  Shreeram Bhide ,  Ali Golshan ,  Michael Smith

IPC分类号： G01R31/08

CPC分类号： H04L12/413

摘要： Various methods and systems for detecting whether a network device supports a protocol, which defines a supplemental header, are disclosed. One method involves detecting a value within a preamble generated by a sending device and verifying that a header format of a header, also generated by the sending device, conforms to a header format definition of a protocol. The header format definition of the protocol defines a supplemental header. The preamble can be an Ethernet preamble. In one embodiment, the preamble is a converged data link (CDL) preamble or other type of preamble that is used to convey operation, administration and management (OAM) information.

摘要翻译： 公开了用于检测网络设备是否支持定义辅助头部的协议的各种方法和系统。 一种方法涉及检测由发送设备产生的前同步码内的值，并验证由发送设备生成的报头的报头格式是否符合协议的报头格式定义。 协议的报头格式定义定义了一个补充报头。 前导码可以是以太网前导码。 在一个实施例中，前导码是用于传送操作，管理和管理（OAM）信息的汇聚数据链路（CDL）前导码或其他类型的前同步码。

公开(公告)号：US07751416B2

公开(公告)日：2010-07-06

申请号：US10666306

申请日：2003-09-18

申请人： Michael Smith ,  Ali Golshan ,  Jeffrey Ym Wang ,  Neelima Mehta ,  Venkatesh Janakiraman

发明人： Michael Smith ,  Ali Golshan ,  Jeffrey Ym Wang ,  Neelima Mehta ,  Venkatesh Janakiraman

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L12/46 ,  H04L41/0806 ,  H04L41/082 ,  H04L45/586 ,  H04L49/70

摘要： Method and devices are provided to form virtual switches for data networks. As noted above, the term “switch” as used herein will apply to switches, routers and similar network devices. Each virtual switch acts as a single logical unit, while encompassing at least two physical chassis. Accordingly, each virtual switch may be treated as a single point of management. Each virtual switch includes a master chassis and at least one slave chassis. The master chassis is configured to control the slave chassis. The master chassis includes at least one master supervisor card and the slave chassis includes at least one slave supervisor card. The master chassis and the slave chassis communicate via a virtual switch link according to a virtual switch link protocol.

摘要翻译： 提供方法和设备以形成用于数据网络的虚拟交换机。 如上所述，本文所用的术语“交换机”将适用于交换机，路由器和类似的网络设备。 每个虚拟交换机充当单个逻辑单元，同时包含至少两个物理机箱。 因此，每个虚拟交换机可以被视为单个管理点。 每个虚拟交换机包括主机箱和至少一个从机箱。 主机箱配置为控制从机箱。 主机箱包括至少一个主管理卡，从机箱包括至少一个从主管理卡。 主机箱和从机框架根据虚拟交换机链路协议通过虚拟交换机链路进行通信。

公开(公告)号：US20050163115A1

公开(公告)日：2005-07-28

申请号：US10826888

申请日：2004-04-16

申请人： Sitaram Dontu ,  Faisal Mushtaq ,  Shreeram Bhide ,  Michael Smith ,  Ali Golshan

发明人： Sitaram Dontu ,  Faisal Mushtaq ,  Shreeram Bhide ,  Michael Smith ,  Ali Golshan

IPC分类号： H04L12/24 ,  H04L12/46 ,  H04L12/56

CPC分类号： H04L45/00 ,  H04L12/46 ,  H04L12/4641 ,  H04L41/0806 ,  H04L41/082 ,  H04L45/18 ,  H04L45/586 ,  H04L45/742

摘要： A virtual network device sub-unit includes an interface to a virtual network device link and a distributed forwarding module. The interface receives a packet, and the distributed forwarding module forwards the packet received by the interface. The distributed forwarding module performs an ingress lookup if the packet includes a multicast destination address and an egress lookup if the packet includes a unicast destination address. If the packet includes a multicast destination address, the distributed forwarding module replicates the packet for each of several outgoing VLANs associated with the multicast destination address. If an additional multicast packet is received via an interface that is not coupled to a virtual network device link, the distributed forwarding module sends at most one copy of the additional multicast packet via the virtual network device link.

摘要翻译： 虚拟网络设备子单元包括到虚拟网络设备链路的接口和分布式转发模块。 接口接收报文，分布式转发模块转发接口收到的报文。 如果分组包括多播目的地地址和分组包括单播目的地地址的出口查找，则分布式转发模块执行入口查找。 如果分组包含组播目的地址，则分布式转发模块复制与组播目的地址相关联的多个出局VLAN中的每一个的分组。 如果经由未耦合到虚拟网络设备链路的接口接收到附加的多播分组，则分布式转发模块经由虚拟网络设备链路最多发送附加多播分组的一个副本。

公开(公告)号：US09519781B2

公开(公告)日：2016-12-13

申请号：US13288905

申请日：2011-11-03

申请人： Ali Golshan ,  James S. Binder

发明人： Ali Golshan ,  James S. Binder

IPC分类号： G06F21/56 ,  H04L29/06 ,  G06F21/53 ,  G06F21/55 ,  G06F9/455

CPC分类号： G06F21/566 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/552 ,  G06F21/554 ,  G06F21/567 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145 ,  H04L2463/144

摘要： Systems and methods for virtualization and emulation assisted malware detection are described. In some embodiments, a method comprises intercepting an object; instantiating and processing the object in a virtualization environment; tracing operations of the object while processing within the virtualization environment; detecting suspicious behavior associated with the object; instantiating an emulation environment in response to the detected suspicious behavior; processing, recording responses to, and tracing operations of the object within the emulation environment; detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment; re-instantiating the virtualization environment; providing the recorded response from the emulation environment to the object in the virtualization environment; monitoring the operations of the object within the re-instantiation of the virtualization environment; identifying untrusted actions from the monitored operations; and generating a report regarding the identified untrusted actions of the object.

摘要翻译： 描述了用于虚拟化和仿真辅助恶意软件检测的系统和方法。 在一些实施例中，一种方法包括拦截对象; 在虚拟化环境中实例化和处理对象; 在虚拟化环境中处理时跟踪对象的操作; 检测与该对象相关联的可疑行为; 响应于检测到的可疑行为来实例化仿真环境; 在仿真环境中对对象的处理，记录响应和跟踪操作; 检测虚拟化环境内的对象的跟踪操作与仿真环境内对象的跟踪操作之间的差异; 重新实例化虚拟化环境; 在仿真环境中向对象提供记录的响应; 在虚拟化环境的重新实例化过程中监控对象的操作; 从受监视的操作中识别不受信任的操作; 并且生成关于所述对象的所识别的不受信任的动作的报告。

公开(公告)号：US20130117849A1

公开(公告)日：2013-05-09

申请号：US13288917

申请日：2011-11-03

申请人： Ali Golshan ,  James S. Binder

发明人： Ali Golshan ,  James S. Binder

IPC分类号： G06F21/00

CPC分类号： G06F21/53 ,  G06F21/552 ,  G06F21/566

摘要： Systems and methods for virtualized malware enabled detection are described. In some embodiments, a method comprises intercepting an object provided from a first digital device, determining one or more resources the object requires, instantiating a virtual environment with the one or more resources, processing the object within the virtual environment, tainting operations of the object within the virtual environment, monitoring the operations of the object, identifying an additional resource of the object while processing that is not provided in the virtual environment, re-instantiating the virtual environment with the additional resource, monitoring the operations of the object while processing within the re-instantiated virtual environment, identifying untrusted actions from the monitored operations, and generating a report identifying the operations and the untrusted actions of the object.

摘要翻译： 描述了启用虚拟化恶意软件检测的系统和方法。 在一些实施例中，一种方法包括截取从第一数字设备提供的对象，确定对象所需的一个或多个资源，使用一个或多个资源实例化虚拟环境，在虚拟环境内处理对象，污染对象的操作 在虚拟环境中，监视对象的操作，在虚拟环境中未提供的处理中识别对象的附加资源，用附加资源重新实例化虚拟环境，在处理内部监视对象的操作 重新实例化的虚拟环境，从监视的操作中识别不信任的动作，以及生成标识对象的操作和不可信操作的报告。

公开(公告)号：US20130117848A1

公开(公告)日：2013-05-09

申请号：US13288905

申请日：2011-11-03

申请人： Ali Golshan ,  James S. Binder

发明人： Ali Golshan ,  James S. Binder

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/552 ,  G06F21/554 ,  G06F21/567 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145 ,  H04L2463/144

摘要： Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

摘要翻译： 描述了虚拟化和仿真恶意软件启用检测的系统和方法。 在一些实施例中，一种方法包括拦截对象，在虚拟化环境中实例化和处理对象，在虚拟化环境内处理时跟踪对象的操作，检测与对象相关联的可疑行为，响应于检测到的实例化仿真环境 在仿真环境中对对象的可疑行为，处理，记录响应和跟踪操作，检测虚拟化环境内的对象的跟踪操作与仿真环境中对象的跟踪操作之间的差异，重新实例化 虚拟化环境，从仿真环境向虚拟化环境中的对象提供记录的响应，在虚拟化环境的重新实例化过程中监视对象的操作，从监视的操作中识别不可信的动作，并生成ar 关于被查明的对象的不信任动作。

公开(公告)号：US07889733B2

公开(公告)日：2011-02-15

申请号：US10833377

申请日：2004-04-28

申请人： Michael R. Smith ,  Douglas Alan Gourlay ,  Jeffrey Y M Wang ,  Ali Golshan

发明人： Michael R. Smith ,  Douglas Alan Gourlay ,  Jeffrey Y M Wang ,  Ali Golshan

IPC分类号： H04L12/28

CPC分类号： H04L41/0813 ,  H04L12/08 ,  H04L12/2854 ,  H04L41/04 ,  H04L41/082 ,  H04L41/12 ,  H04L47/10

摘要： An adjunct network device includes several ports, an uplink interface, and an adjunct forwarding engine coupled to the ports and the uplink interface. A first port is configured to receive a packet, which includes a destination address. The adjunct forwarding engine is configured to send the packet to the uplink interface if the destination address is not associated with any of the ports. The packet is sent to one of the ports if the destination address is associated with the one of the ports.

摘要翻译： 辅助网络设备包括多个端口，上行链路接口和耦合到端口和上行链路接口的辅助转发引擎。 第一端口被配置为接收包括目的地地址的分组。 如果目的地址不与任何端口相关联，则附加转发引擎被配置为将该分组发送到上行链路接口。 如果目的地址与其中一个端口相关联，则将数据包发送到其中一个端口。