专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20090265785A1 SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY 有权
公开(公告)号：US20090265785A1
公开(公告)日：2009-10-22
申请号：US12478229
申请日：2009-06-04
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F21/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.

22. 发明授权

US07562390B1 System and method for ARP anti-spoofing security 有权
标题翻译：防ARP欺骗安全的系统和方法
公开(公告)号：US07562390B1
公开(公告)日：2009-07-14
申请号：US10631091
申请日：2003-07-31
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

23. 发明授权

US07516487B1 System and method for source IP anti-spoofing security 有权
标题翻译：源IP防欺骗安全的系统和方法
公开(公告)号：US07516487B1
公开(公告)日：2009-04-07
申请号：US10850505
申请日：2004-05-20
申请人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
发明人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
IPC分类号： G06F7/04
CPC分类号： H04L63/0263 , H04L63/101 , H04L63/1441 , H04L2463/146
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。此外，系统和方法提供用于验证初始学习的源IP地址，并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平，并且其中该数量超过阈值数目，系统和方法可以提供用于在可能的攻击模式下操作。

24. 发明申请

US20050025125A1 System, method and apparatus for providing multiple access modes in a data communications network 有权
标题翻译：用于在数据通信网络中提供多种接入模式的系统，方法和装置
公开(公告)号：US20050025125A1
公开(公告)日：2005-02-03
申请号：US10631898
申请日：2003-08-01
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： H04L12/66 , H04L29/06
CPC分类号： H04L63/10 , H04L63/08
摘要： A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network.
摘要翻译：一种用于在数据通信网络中提供多种接入模式的系统，方法和装置，包括具有多个输入端口，多个输出端口和交换结构的网络接入设备，用于将在多个输入端口上接收的数据路由到多个输出端口中的至少一个。网络接入设备内的控制逻辑适于确定耦合到多个输入端口之一的用户设备是否支持主机网络使用的用户认证协议。如果不支持用户认证协议，则将网络接入设备耦合到的输入端口置于半授权访问状态，该访问状态限制对经由主机网络可访问的预配置网络的访问。

25. 发明授权

US08918875B2 System and method for ARP anti-spoofing security 有权
标题翻译：防ARP欺骗安全的系统和方法
公开(公告)号：US08918875B2
公开(公告)日：2014-12-23
申请号：US13184748
申请日：2011-07-18
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F11/00 , H04L29/06 , H04L29/12
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

26. 发明授权

US08245300B2 System and method for ARP anti-spoofing security 有权
标题翻译：防ARP欺骗安全的系统和方法
公开(公告)号：US08245300B2
公开(公告)日：2012-08-14
申请号：US12478229
申请日：2009-06-04
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

27. 发明授权

US07979903B2 System and method for source IP anti-spoofing security 有权
标题翻译：源IP防欺骗安全的系统和方法
公开(公告)号：US07979903B2
公开(公告)日：2011-07-12
申请号：US12392398
申请日：2009-02-25
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F12/14
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。

28. 发明申请

US20100333191A1 SYSTEM AND METHOD FOR PROTECTING CPU AGAINST REMOTE ACCESS ATTACKS 有权
标题翻译：保护CPU防范远程访问攻击的系统和方法
公开(公告)号：US20100333191A1
公开(公告)日：2010-12-30
申请号：US12827235
申请日：2010-06-30
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

29. 发明授权

US07774833B1 System and method for protecting CPU against remote access attacks 有权
标题翻译：防止CPU远程访问攻击的系统和方法
公开(公告)号：US07774833B1
公开(公告)日：2010-08-10
申请号：US10668455
申请日：2003-09-23
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

30. 发明申请

US20090254973A1 SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY 有权
标题翻译：源IP防盗安全系统和方法
公开(公告)号：US20090254973A1
公开(公告)日：2009-10-08
申请号：US12392398
申请日：2009-02-25
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F7/04
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式