基本信息:
- 专利标题: METHOD AND APPARATUS FOR TRACING PACKETS
- 专利标题(中):跟踪包包的方法和装置
- 申请号:US12249804 申请日:2008-10-10
- 公开(公告)号:US20090313339A1 公开(公告)日:2009-12-17
- 发明人: Walter Clark Milliken , William Timothy Strayer , Stephen Douglas Milligan , Luis Sanchez , Craig Patridge
- 申请人: Walter Clark Milliken , William Timothy Strayer , Stephen Douglas Milligan , Luis Sanchez , Craig Patridge
- 主分类号: G06F15/173
- IPC分类号: G06F15/173 ; G06F11/00
摘要:
A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.
摘要(中):
一种用于在网络中执行源路径隔离的系统和方法。 该系统包括入侵检测系统(IDS),源路径隔离服务器(SS1)和至少一个被配置为在自主系统内操作的源路径隔离路由器(SR1)的路由器。 当IDS检测到恶意数据包时,会向SS1发送一条消息。 SS1又产生包含至少一部分恶意数据包的查询消息(QM)。 然后,QM被发送到位于一跳的参与路由器。 SR1使用查询消息来确定是否通过与通过SR1的数据包的本地存储信息进行比较来观察恶意数据包。 SR1向SS1发送回复,SS1使用该回复来识别恶意数据包网络中的入口点。
IPC结构图谱:
| G | 物理 |
| --G06 | 计算;推算;计数 |
| ----G06F | 电数字数据处理 |
| ------G06F15/00 | 电方式操作的数字计算机 |
| --------G06F15/08 | .应用插接板编制程序的 |
| ----------G06F15/163 | ..处理器之间的通讯 |
| ------------G06F15/173 | ...使用一互连网络的,例如,矩阵、正移、棱锥、星、雪片 |