公开(公告)号：CA2698317A1

公开(公告)日：2009-04-09

申请号：CA2698317

申请日：2008-09-22

Applicant: IBM

Inventor： KEOHANE SUSANN MARIE ,  MCBREARTY GERALD FRANCIS ,  MULLEN SHAWN PATRICK ,  MURILLO JESSICA CAROL ,  SHIEH JOHNNY MENG-HAN

IPC: H04L12/56 ,  H04L45/122

Abstract: A computer implemented method, data processing system, and computer program product for discovering an unauthorized router in a network. The process in the illustrative embodiments first obtains a physical address of a suspected router or destination device. A data packet is created which comprises at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address, and wherein the time-to-live field comprises a value indicating the data packet has exceeded a time limit. The data packet is sent to the destination device using the physical address in the destination media access control field. If a time exceeded message is received from the destination device, the destination device is determined to be enabled for routing.

公开(公告)号：AU8552801A

公开(公告)日：2002-05-23

申请号：AU8552801

申请日：2001-10-30

Applicant: IBM

Inventor： MCBREARTY GERALD FRANCIS ,  SHIEH JOHNNY MENG-HAN ,  MULLEN SHAWN PATRICK

IPC: G06F17/30 ,  G06F17/21 ,  G06F15/163 ,  G06F17/60

公开(公告)号：CA2783394A1

公开(公告)日：2011-06-30

申请号：CA2783394

申请日：2010-12-08

Applicant: IBM

Inventor： MULLEN SHAWN PATRICK ,  SHIEH JOHNNY MENG-HAN ,  MURILLO JESSICA CAROL ,  MCBREARTY GERALD FRANCIS ,  KEOHANE SUSANN MARIE

IPC: H04L29/06 ,  H04L12/22

Abstract: Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or "heartbeat," may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attack is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.

公开(公告)号：DE60232643D1

公开(公告)日：2009-07-30

申请号：DE60232643

申请日：2002-03-04

Applicant: IBM

Inventor： MULLEN SHAWN PATRICK ,  VENKATARAMAN GUHA PRASAD

IPC: H04L9/16 ,  H04L29/06 ,  H04L9/32

Abstract: Encryption is provided in wireless personal palm type computer devices for Internet transmitted documents despite the limited data processing and memory functions in such devices. The palm type device initially encrypts only a portion of a text document which is then wirelessly transmitted to the server computer which normally functions as the Web server, i.e. the server through which Web computer terminals are wired or connected into the Web. This Web server then further encrypts the received text document and then further transmits this further encrypted document to a terminal in said network. Preferably, the further encryption in the server involves two steps: decrypting the lower level encryption (necessitated by the limited CPU and memory resources in the palm device) to restore the text document at the server before the server may then re-encrypt the whole document using a higher level conventional 128 bit Web encryption protocols such as SSL.

公开(公告)号：CA2630664A1

公开(公告)日：2007-05-31

申请号：CA2630664

申请日：2006-10-09

Applicant: IBM

Inventor： BROWN TRISTAN ANTHONY ,  VENKATSUBRA VENKAT ,  MULLEN SHAWN PATRICK

IPC: H04L29/06

Abstract: A mechanism is provided for identifying a snooping device in a network environment. A snoop echo response extractor generates an echo request packe t with a bogus MAC address that will only be received by a snooping device. Th e snoop echo response extractor also uses an IP address that will cause the snooping device to respond to the echo request.

公开(公告)号：DE60208810D1

公开(公告)日：2006-04-06

申请号：DE60208810

申请日：2002-10-28

Applicant: IBM

Inventor： MCBREARTY GERALD FRANCIS ,  MULLEN SHAWN PATRICK ,  SHIEH JOHNNY MENG-HAN ,  TESAURO JAMES STANLEY

IPC: H04L9/16 ,  H04L29/06 ,  H04L12/28 ,  H04L12/56 ,  H04W12/02 ,  H04W84/12

Abstract: Apparatus for eavesdropping within an area layer adjacent to and surrounding a LAN area periphery for potential wireless transmissions of an intruder having a lower frequency within a level below the LAN frequency; and an implementation responsive to said eavesdropping apparatus for changing the encryption code of said encrypted wireless transmission upon the eavesdropping detection of a wireless transmission of said lower frequency addressed to a network location of one of the terminals in said LAN.

公开(公告)号：GB2356765B

公开(公告)日：2003-09-24

申请号：GB0019673

申请日：2000-08-11

Applicant: IBM

Inventor： GENTY DENISE MARIE ,  MCBREARTY GERALD FRANCIS ,  MULLEN SHAWN PATRICK ,  SHIEH JOHNNY MENG-HAN ,  UNNKRISHNAN RAMACHANDRAN

IPC: H04L12/46 ,  H04L29/06 ,  H04L29/12 ,  H04Q11/04 ,  H04L12/56

Abstract: A method and system for an algorithm-based network snoop avoider is provided. A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second data processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the third network address to the first data processing system and the fourth network address to the second data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by the second data processing system using the fourth network address. The data packets may be transmitted using Internet Protocol (IP), and a portion of the network may include the Internet.

公开(公告)号：CA2783394C

公开(公告)日：2019-03-05

申请号：CA2783394

申请日：2010-12-08

Applicant: IBM

Inventor： MULLEN SHAWN PATRICK ,  SHIEH JOHNNY MENG-HAN ,  MURILLO JESSICA CAROL ,  MCBREARTY GERALD FRANCIS ,  KEOHANE SUSANN MARIE

IPC: H04L29/06 ,  H04L12/22

Abstract: Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or "heartbeat," may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attack is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.

公开(公告)号：CA2698317C

公开(公告)日：2017-02-28

申请号：CA2698317

申请日：2008-09-22

Applicant: IBM

Inventor： KEOHANE SUSANN MARIE ,  MCBREARTY GERALD FRANCIS ,  MULLEN SHAWN PATRICK ,  MURILLO JESSICA CAROL ,  SHIEH JOHNNY MENG-HAN

IPC: H04L45/122

Abstract: A computer implemented method, data processing system, and computer program product for discovering an unauthorized router in a network. The process in the illustrative embodiments first obtains a physical address of a suspected router or destination device. A data packet is created which comprises at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address, and wherein the time-to-live field comprises a value indicating the data packet has exceeded a time limit. The data packet is sent to the destination device using the physical address in the destination media access control field. If a time exceeded message is received from the destination device, the destination device is determined to be enabled for routing.

公开(公告)号：MX2009011403A

公开(公告)日：2009-11-05

申请号：MX2009011403

申请日：2008-04-16

Applicant: IBM

Inventor： KEOHANE SUSANN MARIE ,  MCBREARTY GERALD FRANCIS ,  MULLEN SHAWN PATRICK ,  MURILLO JESSICA CAROL ,  SHIEH JOHNNY MENG-HAN

IPC: H04L29/06 ,  H04L12/22

Abstract: Se describe un método implementado por computadora, aparato y producto de computadora para la protección de barrido de puertos. Un paquete de datos de respuesta que tiene un encabezado de protocolo de control de transmisión modificado es generado para formar un paquete de datos de respuesta modificado en respuesta a la detección de un barrido de puertos. El paquete de datos de respuesta modificados producirá alguna respuesta de un receptor del paquete de datos modificado. El paquete de datos de respuesta es enviado a una primera dirección de protocolo de Internet asociada con el barrido de puertos. Una segunda dirección de protocolo de Internet es identificada de un encabezado de respuesta al paquete de datos de respuesta modificado. La segunda dirección de protocolo de Internet es una dirección de promotor de Internet de una fuente de barrido de puertos. Todo el tráfico de red de la segunda dirección de protocolo de Internet puede ser bloqueado para impedir un ataque sobre cualesquier puertos abiertos de la fuente del barrido de puertos.