公开(公告)号：US07707633B2

公开(公告)日：2010-04-27

申请号：US11871188

申请日：2007-10-12

申请人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

发明人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

IPC分类号： G06F11/30 ,  G08B23/00 ,  G06F11/18

CPC分类号： H04L63/1458

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-apply the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果异常不再明显，则返回到准备状态。 否则，执行一个循环以在指定的持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。 如果检测到异常，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到异常，则该方法返回到准备状态。

公开(公告)号：US07308716B2

公开(公告)日：2007-12-11

申请号：US10442008

申请日：2003-05-20

申请人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

发明人： Robert William Danford ,  Kenneth M. Farmer ,  Clark Debs Jeffries ,  Robert B. Sisk ,  Michael A. Walter

IPC分类号： G06F15/08 ,  G08B23/00

CPC分类号： H04L63/1458

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果异常不再明显，则返回到准备状态。 否则，执行一个循环以在特定持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。 如果检测到异常，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到异常，则该方法返回到准备状态。

公开(公告)号：US07669240B2

公开(公告)日：2010-02-23

申请号：US10896680

申请日：2004-07-22

申请人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

发明人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

IPC分类号： H04L29/02 ,  H04L29/08

CPC分类号： H04L63/145 ,  H04L43/00 ,  H04L63/0236 ,  H04L63/1416

摘要： A detection and response system including a set of algorithms for detection within a stream of normal computer traffic a subset of TCP packets with one IP Source Address (SA), one Destination Port (DP), and a number exceeding a threshold of distinct Destination Addresses (DA). There is efficient use of a lookup mechanism such as a Direct Table and Patricia search tree to record sets of packets with one SA and one DP as well as the set of DA values observed for the given SA, DP combination. The existence of such a subset and the header values including SA, DP, and multiple DAs of the subset are reported to a network administrator. In addition, various administrative responses to reports are provided.

摘要翻译： 一种检测和响应系统，包括用于在正常计算机业务流内检测的一组算法，具有一个IP源地址（SA）的TCP分组的子集，一个目的地端口（DP）以及超过不同目的地址的阈值的数量 （DA）。 有效利用诸如直接表和帕特里夏搜索树之类的查找机制来记录具有一个SA和一个DP的分组集合以及针对给定的SA，DP组合观察到的一组DA值。 这样的子集的存在和包括该子集的SA，DP和多个DA的标题值被报告给网络管理员。 此外，还提供了各种对报告的行政回应。

公开(公告)号：US08423645B2

公开(公告)日：2013-04-16

申请号：US10940558

申请日：2004-09-14

申请人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

发明人： Clark Debs Jeffries ,  Robert William Danford ,  Terry Dwain Escamilla ,  Kevin David Himberger

IPC分类号： G06F15/173 ,  G06F15/16 ,  G06F11/00 ,  G06F12/16 ,  H04L29/06

CPC分类号： G06F21/55 ,  G06F11/349 ,  G06F11/3495 ,  G06F2201/81 ,  H04L63/1416 ,  H04L63/1458 ,  H04L2463/141 ,  H04L2463/144 ,  Y02D10/34

摘要： A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.

摘要翻译： 一种用于在多处理器环境中管理拒绝服务攻击的方法，系统和产品，包括： 第一步是在多处理器环境中建立正常的流量使用基线。 一旦基线建立，下一步就是监测输出流量，以检测发送到特定目的地地址的大部分数据包，以及与所述基线相比较的大量出站分组。 接下来是监控端口和协议，以检测发送到特定端口的大部分数据包，并且一致地使用该端口的所有数据包的协议。 如果对该端口的所有数据包使用协议一致，以证明拒绝服务攻击，就会开始阻止措施来减轻明显的拒绝服务攻击。

公开(公告)号：US07957372B2

公开(公告)日：2011-06-07

申请号：US10896733

申请日：2004-07-22

申请人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

发明人： Alan David Boulanger ,  Robert William Danford ,  Kevin David Himberger ,  Clark Debs Jeffries

IPC分类号： H04L12/28 ,  G06F9/00 ,  G06F11/00

CPC分类号： H04L63/1416 ,  H04L63/1466

摘要： A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.

摘要翻译： 一种检测和响应系统，包括一组用于在正常计算机业务流内检测的一组算法（应该侧重于引发响应的网络业务）具有一个IP源地址（SA）值的TCP或UDP分组，一个或几个 目标地址（DA）值和超过不同目标端口（DP）值阈值的数字。 一个查找机制，如直接表和帕特里夏搜索树记录，跟踪一组SA和一个DA的数据包以及给定SA，DA组合观察到的一组DP值。 检测和响应系统报告这样的子集的存在以及包括SA，DA和子集的多个DP的标题值。 检测和响应系统还包括对报告的各种管理响应。

公开(公告)号：US08468208B2

公开(公告)日：2013-06-18

申请号：US13532061

申请日：2012-06-25

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16

CPC分类号： H04L63/0236 ,  H04L51/12 ,  H04L63/0263

摘要： A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.

摘要翻译： 用于阻止不必要的电子邮件的系统，方法和程序产品。 电子邮件被标识为不需要的。 确定不需要的电子邮件的源IP地址。 确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。 源IP地址和其他IP地址的后续电子邮件被阻止。 这将阻止垃圾邮件发送者转移到新的源IP地址，当其垃圾邮件被一个源IP地址阻止时。

公开(公告)号：US07911960B1

公开(公告)日：2011-03-22

申请号：US09373837

申请日：1999-08-13

申请人： Metin Aydemir ,  Marco C. Heddes ,  Clark Debs Jeffries ,  Steven Paul Woolet

发明人： Metin Aydemir ,  Marco C. Heddes ,  Clark Debs Jeffries ,  Steven Paul Woolet

IPC分类号： H04L1/00 ,  H04L12/26 ,  H04J3/14 ,  G08C15/00 ,  G06F11/00

CPC分类号： H04L49/506 ,  H04L47/266 ,  H04L47/30

摘要： A data flow control method and system within a data switch. The data switch includes a plurality of input sections each having an associated input buffer and each transmitting data to an output section. In response to a detection of congestion within the output section, data transmissions from the plurality of input sections to the output section are paused. Input buffer occupancies of each of the input sections are then determined. Thereafter, and in response to a backpressure relief signal, the restart of said data transmission from each of the input sections to the output section is delayed in inverse proportion to each of the determined input buffer occupancies.

摘要翻译： 数据交换机内的数据流控制方法和系统。 数据开关包括多个输入部分，每个输入部分具有相关联的输入缓冲器，并且每个输入部分将数据发送到输出部分。 响应于输出部分内的拥塞的检测，暂停从多个输入部分到输出部分的数据传输。 然后确定每个输入部分的输入缓冲器占用。 此后，并且响应于背压释放信号，从每个输入部分到输出部分的所述数据传输的重新开始被延迟与所确定的输入缓冲器占用中的每一个成反比。

公开(公告)号：US07475252B2

公开(公告)日：2009-01-06

申请号：US10918523

申请日：2004-08-12

申请人： Clark Debs Jeffries ,  Mohammad Peyravian

发明人： Clark Debs Jeffries ,  Mohammad Peyravian

IPC分类号： H04L9/32

CPC分类号： H04L63/083 ,  G06F21/31 ,  G06F2221/2103 ,  G06F2221/2151 ,  H04L63/1441

摘要： System, method and computer program for authenticating a user of a client computer to a remote server computer. A client computer initially sends a userID but not a password of the user to the remote server computer. In response to the userID, the server computer determines a subsequent time window during which the server computer will consider for authentication submission of a combination of the userID and a password. The server computer notifies the client computer of the time window. After receipt of the notification from the server computer, during the time window, the client computer sends the userID and a corresponding password to the server computer. In response to receipt of the userID and the corresponding password from the client computer, the server computer determines if the combination of the userID and the corresponding password is valid. If the combination of the userID and the corresponding password is valid, the server computer notifies the client computer that the combination of the userID and the corresponding password is valid. In response, the client computer establishes a session with the server computer and accesses a resource requiring a valid combination of userID and password to access. The server computer ignores combinations of userIDs and passwords submitted before or after the time window.

摘要翻译： 用于向远程服务器计算机认证客户端计算机的用户的系统，方法和计算机程序。 客户端计算机最初向远程服务器计算机发送用户ID而不是用户的密码。 响应于用户ID，服务器计算机确定服务器计算机将考虑为用户ID和密码的组合的认证提交的后续时间窗口。 服务器计算机通知客户端计算机的时间窗口。 在从服务器计算机接收到通知之后，在时间窗口期间，客户端计算机向服务器计算机发送用户ID和相应的密码。 响应于从客户端计算机接收到用户ID和相应的密码，服务器计算机确定用户ID和对应密码的组合是否有效。 如果userID和相应密码的组合有效，则服务器计算机通知客户端计算机userID和相应密码的组合有效。 作为响应，客户端计算机与服务器计算机建立会话，并访问需要用户ID和密码的有效组合以访问的资源。 服务器计算机忽略在时间窗口之前或之后提交的用户ID和密码的组合。

公开(公告)号：US07434050B2

公开(公告)日：2008-10-07

申请号：US10733713

申请日：2003-12-11

申请人： Clark Debs Jeffries ,  Mohammad Peyravian

发明人： Clark Debs Jeffries ,  Mohammad Peyravian

IPC分类号： H04L9/30

CPC分类号： H04L9/3228 ,  H04L9/3242 ,  H04L9/3271

摘要： A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.

摘要翻译： 远程用户双向认证和密码更改协议，还允许各方可选地建立可用于保护后续通信的会话密钥。 在优选实施例中，生成和交换挑战令牌，其是包括从会话到会话改变的随机值的一次值。 挑战令牌的构建和使用避免了密码的传输，甚至传输密码本身的摘要。 因此，挑战令牌不会显示关于密码的秘密密码或摘要的任何信息。

公开(公告)号：US07142552B2

公开(公告)日：2006-11-28

申请号：US10117814

申请日：2002-04-08

申请人： Clark Debs Jeffries ,  Andreas Kind

发明人： Clark Debs Jeffries ,  Andreas Kind

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L47/32 ,  H04L47/10 ,  H04L47/11 ,  H04L47/2441 ,  H04L47/263 ,  H04L47/30 ,  H04L47/762 ,  H04L47/805 ,  Y02D50/10

摘要： A method and system for controlling a plurality of pipes in a computer network, including at least one processor for a switch, the at least one processor having a queue, the plurality of pipes utilizing the queue for transmitting traffic through the switch, wherein each pipe is assigned a priority ranking class, each class has a unique priority rank with respect to each of the other classes, the ranks ranging from a highest priority rank to a lowest priority rank. A transmission probability is calculated for each pipe responsive to its priority rank. If excess bandwidth exists for the queue, the transmission probability of each pipe is linearly increased. Alternatively, if excess bandwidth does not exist, the transmission probability for each pipe is exponentially decreased. Packets are transferred from a pipe to the queue responsive to the pipe transmission probability and priority rank.