-
1.发明授权Methods for operating virtual networks, data network system, computer program and computer program product 有权操作虚拟网络,数据网络系统,计算机程序和计算机程序产品的方法公开(公告)号:US07908350B2
公开(公告)日:2011-03-15
申请号:US12097349
申请日:2006-12-12
IPC分类号: G06F15/173 , G06F15/177
CPC分类号: H04L12/4641
摘要: The invention relates to a method for operating virtual networks. The method comprises providing a first virtual network comprising a first set of network ports assigned to a first virtualization tag (T1) and a second virtual network comprising a second set of network ports assigned to a second virtualization tag (T2), the first and the second virtual network having compatible address ranges and being adapted to only pass data packets within them, providing a first network node having a source address (SA) in the first virtual network and being operationally connected to a first port (P1) assigned to the first virtual network by means of the first virtualization tag (T1), monitoring the first network node in order to detect a predetermined condition, and, on detection of the predetermined condition, reassigning the first port (P1) to the second virtual network by means of assigning the second virtualization tag (T2) to the first port (P1), such that no data packet can be passed from the first network node (N1) to a second network node (N2) connected to a second port (P2) assigned to the first virtual network by means of the first virtualization tag (T1) directly and keeping of the source address (SA) for the first network node (N1) in the second virtual network (104). The invention further relates to a further method for operation virtual networks, a data network system and a computer program product adapted to perform the inventive methods.
摘要翻译: 本发明涉及一种运行虚拟网络的方法。 该方法包括提供包括分配给第一虚拟化标签(T1)的第一组网络端口和包括分配给第二虚拟化标签(T2)的第二组网络端口的第二虚拟网络的第一虚拟网络,所述第一和第 第二虚拟网络具有兼容的地址范围并且适于仅传递其中的数据分组,提供在第一虚拟网络中具有源地址(SA)的第一网络节点并且可操作地连接到分配给第一虚拟网络的第一端口(P1) 虚拟网络通过第一虚拟化标签(T1)进行监视,监视第一网络节点以便检测预定条件,并且在检测到预定条件时,通过以下方式将第一端口(P1)重新分配给第二虚拟网络: 将第二虚拟化标签(T2)分配给第一端口(P1),使得没有数据分组可以从第一网络节点(N1)传递到连接的第二网络节点(N2) 通过第一虚拟化标签(T1)直接分配给第一虚拟网络的第二端口(P2),并保持第二虚拟网络(104)中的第一网络节点(N1)的源地址(SA)。 本发明还涉及用于操作虚拟网络的另一方法,数据网络系统和适于执行本发明方法的计算机程序产品。
-
2.发明申请Methods for Operating Virtual Networks, Data Network System, Computer Program and Computer Program Product 有权操作虚拟网络,数据网络系统,计算机程序和计算机程序产品的方法公开(公告)号:US20090006603A1
公开(公告)日:2009-01-01
申请号:US12097349
申请日:2006-12-12
IPC分类号: G06F15/173
CPC分类号: H04L12/4641
摘要: The invention relates to a method for operating virtual networks. The method comprises providing a first virtual network (103) comprising a first set (101) of network ports assigned to a first virtualization tag (T1) and a second virtual network (104) comprising a second set (105) of network ports assigned to a second virtualization tag (T2), the first and the second virtual network (103, 104) having compatible address ranges and being adapted to only pass data packets within them, providing a first network node (N1) having a source address (SA) in the first virtual network (103) and being operationally connected to a first port (P1) assigned to the first virtual network (103) by means of the first virtualization tag (T1), monitoring the first network node (N1) in order to detect a predetermined condition, and, on detection of the predetermined condition, reassigning the first port (P1) to the second virtual network (104) by means of assigning the second virtualization tag (T2) to the first port (P1), such that no data packet can be passed from the first network node (N1) to a second network node (N2) connected to a second port (P2) assigned to the first virtual network (103) by means of the first virtualization tag (T1) directly and keeping of the source address (SA) for the first network node (N1) in the second virtual network (104). The invention further relates to a further method for operation virtual networks, a data network system, a computer program and a computer program product adapted to perform the inventive methods.
摘要翻译: 本发明涉及一种运行虚拟网络的方法。 该方法包括提供包括分配给第一虚拟化标签(T1)的第一组(101)网络端口和第二虚拟网络(104)的第一虚拟网络(103),所述第二虚拟网络(104)包括分配给 第二虚拟化标签(T2),所述第一和第二虚拟网络(103,104)具有兼容的地址范围,并且仅适于在其中传递数据分组,提供具有源地址(SA)的第一网络节点(N1) 在第一虚拟网络(103)中并且通过第一虚拟化标签(T1)可操作地连接到分配给第一虚拟网络(103)的第一端口(P1),监视第一网络节点(N1),以便 检测预定条件,并且在检测到预定条件时,通过将第二虚拟化标签(T2)分配给第一端口(P1)将第一端口(P1)重新分配给第二虚拟网络(104),使得 没有数据包可以从f传递 第一网络节点(N1)通过第一虚拟化标签(T1)直接连接到分配给第一虚拟网络(103)的第二端口(P2)的第二网络节点(N2),并保持源地址 )用于第二虚拟网络(104)中的第一网络节点(N1)。 本发明还涉及用于操作虚拟网络的另一方法,数据网络系统,计算机程序和适于执行本发明方法的计算机程序产品。
-
3.发明授权IP network management based on automatically acquired network entity status information 失效IP网络管理基于自动获取的网络实体状态信息公开(公告)号:US08055751B2
公开(公告)日:2011-11-08
申请号:US12274717
申请日:2008-11-20
IPC分类号: G06F15/173
CPC分类号: H04L61/2015 , H04L29/12066 , H04L29/12301 , H04L43/00 , H04L61/1511 , H04L61/2076 , H04L63/20
摘要: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).
摘要翻译: 提供了用于管理互连多个网络主机(2)的IP网络的方法和装置。 从主机(2)自动获取表示主机状态的状态信息。 从主机(2)获取的状态信息(例如MAC地址,安全性和/或操作信息)被自动记录在与DNS服务器的主机(2)的IP地址相关联的至少一个DNS记录中 4)。 然后可以访问DNS记录中的主机状态信息以进行网络管理操作。 在向主机(2)分配动态IP地址时,由网络的DHCP服务器(3)执行状态信息的自动采集和记录。
-
公开(公告)号:US20090144419A1
公开(公告)日:2009-06-04
申请号:US12274717
申请日:2008-11-20
IPC分类号: G06F15/173
CPC分类号: H04L61/2015 , H04L29/12066 , H04L29/12301 , H04L43/00 , H04L61/1511 , H04L61/2076 , H04L63/20
摘要: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).
摘要翻译: 提供了用于管理互连多个网络主机(2)的IP网络的方法和装置。 从主机(2)自动获取表示主机状态的状态信息。 从主机(2)获取的状态信息(例如MAC地址,安全性和/或操作信息)被自动记录在与DNS服务器的主机(2)的IP地址相关联的至少一个DNS记录中 4)。 然后可以访问DNS记录中的主机状态信息以进行网络管理操作。 在向主机(2)分配动态IP地址时,由网络的DHCP服务器(3)执行状态信息的自动采集和记录。
-
公开(公告)号:US20120096548A1
公开(公告)日:2012-04-19
申请号:US11909495
申请日:2006-02-21
IPC分类号: G06F21/00
CPC分类号: H04L63/1441 , H04L63/1408 , H04L63/1491
摘要: A method and apparatus are provided for detecting attacks on a data communication network. The apparatus includes a router with a mechanism for monitoring return messages addressed to an originating user system local to the router. The mechanism includes a message checker for identifying a return message of a specified nature and a rerouter for temporarily routing subsequent messages from the originating user system to the intrusion detection sensor.
摘要翻译: 提供了一种用于检测对数据通信网络的攻击的方法和装置。 该装置包括具有用于监视寻址到路由器本地的始发用户系统的返回消息的机制的路由器。 该机制包括用于识别特定性质的返回消息的消息检查器和用于临时路由从始发用户系统到入侵检测传感器的后续消息的重新路由器。
-
公开(公告)号:US09131167B2
公开(公告)日:2015-09-08
申请号:US13330487
申请日:2011-12-19
CPC分类号: H04N1/32101 , G06F17/30265 , H04N2201/3253 , H04N2201/3274 , H04N2201/3278
摘要: A broker service that acquires location based image data receives a request from a requestor. The request comprises request criteria that at least include a location criterion and a time criterion for obtaining image data, which comprises at least one of a still image and a video. The broker service determines that a position indication of a first producer of a plurality of producers fulfils the location criterion at least to an extent. The plurality of producers comprises devices remote from the requestor and having capabilities of image capture and location determination. The broker service transmits an image request to the first producer. The image request corresponds to the request. The broker service receives image data from the first producer responsive to the image request. The broker service determines that the image data fulfils the time criterion. The broker service transmits the image data to the requestor.
摘要翻译: 获取基于位置的图像数据的代理服务从请求者接收请求。 该请求包括至少包括用于获取图像数据的位置标准和时间标准的请求标准,其包括静止图像和视频中的至少一个。 代理服务确定多个生产者的第一生产者的位置指示至少在一定程度上满足位置标准。 多个生成器包括远离请求者并具有图像捕获和位置确定能力的设备。 代理服务向第一制作者发送图像请求。 图像请求对应于请求。 代理服务器响应于图像请求从第一制片人接收图像数据。 代理服务确定图像数据满足时间标准。 代理服务将图像数据发送到请求者。
-
公开(公告)号:US08984598B2
公开(公告)日:2015-03-17
申请号:US13534065
申请日:2012-06-27
CPC分类号: H04L41/0853 , H04L41/0213 , H04L41/0843 , H04L41/28 , H04L63/0884 , H04L63/101 , H04L63/168
摘要: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.
摘要翻译: 提供了用于从受管计算系统环境的组件收集配置数据的机制。 在数据处理系统中,从没有安全凭证的数据收集系统获得代码的一部分,以允许数据收集系统直接访问受管计算系统环境。 代码的部分由数据处理系统使用在数据处理系统中维护的安全凭证执行。 执行代码部分导致数据处理系统访问受管计算系统环境,并从受管计算系统环境收集配置数据。 数据处理系统通过代码部分,将从被管理计算系统收集的配置数据提供给将收集的配置数据存储在数据存储器中的数据收集系统。
-
公开(公告)号:US20130246606A1
公开(公告)日:2013-09-19
申请号:US13418761
申请日:2012-03-13
IPC分类号: G06F15/173
CPC分类号: H04L41/0853 , H04L41/12 , H04L43/12
摘要: Mechanisms are provided for identifying transparent network communication interception appliances in a network topology. The mechanisms collect network configuration data from a plurality of devices in the network topology and analyze the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance. The mechanisms calculate a confidence measure value based on results of the analysis of the collected network configuration data. The mechanisms further send a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value.
摘要翻译: 提供了用于识别网络拓扑中的透明网络通信拦截设备的机制。 这些机制从网络拓扑中的多个设备收集网络配置数据,并使用一个或多个启发式分析收集的网络配置数据,以识别收集的网络配置数据中指示透明网络通信拦截设备的存在的模式。 这些机制基于收集的网络配置数据的分析结果计算置信度量值。 所述机构响应于所计算的置信度量值满足或超过至少一个阈值,将检测到的透明网络通信拦截设备的存在的通知发送到计算设备。
-
公开(公告)号:US09094309B2
公开(公告)日:2015-07-28
申请号:US13418761
申请日:2012-03-13
IPC分类号: H04L12/24 , H04L12/751 , H04L12/733 , H04L12/26
CPC分类号: H04L41/0853 , H04L41/12 , H04L43/12
摘要: Mechanisms are provided for identifying transparent network communication interception appliances in a network topology. The mechanisms collect network configuration data from a plurality of devices in the network topology and analyze the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance. The mechanisms calculate a confidence measure value based on results of the analysis of the collected network configuration data. The mechanisms further send a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value.
摘要翻译: 提供了用于识别网络拓扑中的透明网络通信拦截设备的机制。 这些机制从网络拓扑中的多个设备收集网络配置数据,并使用一个或多个启发式分析收集的网络配置数据,以识别收集的网络配置数据中指示透明网络通信拦截设备的存在的模式。 这些机制基于收集的网络配置数据的分析结果计算置信度量值。 所述机构响应于所计算的置信度量值满足或超过至少一个阈值,将检测到的透明网络通信拦截设备的存在的通知发送到计算设备。
-
公开(公告)号:US08990904B2
公开(公告)日:2015-03-24
申请号:US13537865
申请日:2012-06-29
CPC分类号: H04L41/0853 , H04L41/0213 , H04L41/0843 , H04L41/28 , H04L63/0884 , H04L63/101 , H04L63/168
摘要: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.023 秒)