System and method for providing a network host decoy using a pseudo network protocol stack implementation
First Claim
1. A system for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack, wherein the network protocol stack comprises an Internet Protocol (IP) layer, comprising:
- a hierarchical network protocol stack comprising a plurality of communicatively interfaced protocol layers, each protocol layer performing a set of defined functions on data segments exchanged therebetween;
an input buffer receiving a request frame originating from a remote host, the request frame comprising a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack, further comprising;
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer modifying a checksum field in a header of the IP datagram and including the modified checksum field in a reply IP datagram formed as a pseudo data segments; and
a packet formatter, comprising;
each protocol layer demultiplexing each encapsulated data segment in the request frame by processing a header associated with the encapsulated data segment, performing any requested network service and forwarding any recursively encapsulated portion to the next successive protocol layer;
a plurality of pseudo protocol layers corresponding to each of the protocol layers in the network protocol stack, each pseudo protocol layer forming a pseudo data segment comprising a header and data portion with the header including network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host and recursively encapsulating each of the pseudo data segments within a response frame and inserting into the response frame a network address for the pseudo host different than the network address for the virtual host; and
an output buffer sending the response frame to the remote host.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack are described. A hierarchical network protocol stack is functionally defined and includes a plurality of communicatively interfaced protocol layers. A request frame originating from a remote host is received. The request frame includes a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack. At each protocol layer, processing a header associated with the encapsulated data segment demultiplexs each encapsulated data segment in the request frame. Any requested network service is performed and any recursively encapsulated portion is forwarded to the next successive protocol layer. A plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack is formed. Each pseudo data segment includes a header and data portion. The header includes network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host. Each of the pseudo data segments within a response frame is recursively encapsulated. A network address for the pseudo host different than the network address for the virtual host is inserted into the response frame. The response frame is sent to the remote host.
-
Citations
33 Claims
-
1. A system for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack, wherein the network protocol stack comprises an Internet Protocol (IP) layer, comprising:
-
a hierarchical network protocol stack comprising a plurality of communicatively interfaced protocol layers, each protocol layer performing a set of defined functions on data segments exchanged therebetween;
an input buffer receiving a request frame originating from a remote host, the request frame comprising a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack, further comprising;
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer modifying a checksum field in a header of the IP datagram and including the modified checksum field in a reply IP datagram formed as a pseudo data segments; and
a packet formatter, comprising;
each protocol layer demultiplexing each encapsulated data segment in the request frame by processing a header associated with the encapsulated data segment, performing any requested network service and forwarding any recursively encapsulated portion to the next successive protocol layer;
a plurality of pseudo protocol layers corresponding to each of the protocol layers in the network protocol stack, each pseudo protocol layer forming a pseudo data segment comprising a header and data portion with the header including network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host and recursively encapsulating each of the pseudo data segments within a response frame and inserting into the response frame a network address for the pseudo host different than the network address for the virtual host; and
an output buffer sending the response frame to the remote host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo ICMP layer forming an ICMP message as a pseudo data segment in response to an invalid field in a header of the IP datagram.
-
-
3. A system according to claim 1, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer forming an IP datagram as a pseudo data segment in response to the IP datagram being invalid.
-
-
4. A system according to claim 1, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer modifying an options field in a header of the IP datagram and including the modified options field in a reply IP datagram formed as a pseudo data segment.
-
-
5. A system according to claim 1, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer modifying at least one of a header length field and a total length field in a header of the IP datagram and including the modified header length field and total length field in a reply IP datagram formed as a pseudo data segment.
-
-
6. A system according to claim 1, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
the IP layer interpreting an IP datagram encapsulated as a data segment within the request frame; and
a pseudo IP layer modifying a type of service field in a header for each of a series of packet fragments collectively comprising the IP datagram and including the modified type of service field in a reply IP datagram formed as a series of pseudo data segments, each corresponding to one of the packet fragments.
-
-
7. A system according to claim 1, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
the TCP layer interpreting a TCP segment encapsulated as a data segment within the request frame; and
an pseudo TCP layer modifying at least one of a source port number field and a destination port number field in a header of the TCP segment and including the modified at least one of a source port number field and a destination port number field in a reply TCP segment formed as a pseudo data segment.
-
-
8. A system according to claim 1, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
the TCP layer interpreting a TCP segment encapsulated as a data segment within the request frame; and
a pseudo TCP layer modifying an options field in a header of the TCP segment and including the modified options field in a reply TCP segment formed as a pseudo data segment.
-
-
9. A system according to claim 1, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
the TCP layer interpreting a TCP segment encapsulated as a data segment within the request frame;
a pseudo TCP layer modifying a flags field in a header of the TCP segment and including the modified flags field in a synchronize TCP segment formed as a pseudo data segment;
the TCP layer interpreting a second TCP segment encapsulated as a data segment within a subsequent request frame; and
the pseudo TCP layer modifying a flags field in a header of the second TCP segment and including the modified flags field in an acknowledgement TCP segment formed as a pseudo data segment.
-
-
10. A system according to claim 1, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
the TCP layer interpreting a TCP segment encapsulated as a data segment within the request frame; and
a pseudo TCP layer modifying at least one field in a header of the TCP segment selected from the group consisting of a sequence number field, an acknowledgement number field, a reserved field, and a window size field and including the modified at least one field in a reply TCP segment formed as a pseudo data segment.
-
-
11. A system according to claim 1, wherein the network protocol stack comprises a User Datagram Protocol (UDP) layer, further comprising:
-
the UDP layer interpreting a UDP datagram encapsulated as a data segment within the request frame; and
a pseudo UDP layer modifying at least one of a source port number field and a destination port number field in a header of the UDP datagram and including the modified at least one of a source port number field and a destination port number field in a reply UDP datagram formed as a pseudo data segment.
-
-
12. A method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack, wherein the network protocol stack comprises an Internet Protocol (IP) layer, comprising:
-
functionally defining a hierarchical network protocol stack comprising a plurality of communicatively interfaced protocol layers;
receiving a request frame originating from a remote host the request frame comprising a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack, further comprising;
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying a checksum field in a header of the IP datagram; and
including the modified checksum field in a reply IP datagram formed as a pseudo data segment; and
demultiplexing, at each protocol layer, each encapsulated data segment in the request frame by processing a header associated with the encapsulated data segment, performing any requested network service and forwarding any recursively encapsulated portion to the next successive protocol layer;
forming a plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack, each pseudo data segment comprising a header and data portion with the header including network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host;
recursively encapsulating each of the pseudo data segments within a response frame and inserting into the response frame a network address for the pseudo host different than the network address for the virtual host; and
sending the response frame to the remote host. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
interpreting an IP datagram encapsulated as a data segment within the request frame; and
forming an ICMP message as a pseudo data segment in response to an invalid field in a header of the IP datagram.
-
-
14. A method according to claim 12, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame; and
forming an IP datagram as a pseudo data segment in response to the IP datagram being invalid.
-
-
15. A method according to claim 12, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying an options field in a header of the IP datagram; and
including the modified options field in a reply IP datagram formed as a pseudo data segment.
-
-
16. A method according to claim 12, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying at least one of a header length field and a total length field in a header of the IP datagram; and
including the modified header length field and total length field in a reply IP datagram formed as a pseudo data segment.
-
-
17. A method according to claim 12, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying a type of service field in a header for each of a series of packet fragments collectively comprising the IP datagram; and
including the modified type of service field in a reply IP datagram formed as a series of pseudo data segments, each corresponding to one of the packet fragments.
-
-
18. A method according to claim 12, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying at least one of a source port number field and a destination port number field in a header of the TCP segment; and
including the modified at least one of a source port number field and a destination port number field in a reply TCP segment formed as a pseudo data segment.
-
-
19. A method according to claim 12, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying an options field in a header of the TCP segment; and
including the modified options field in a reply TCP segment formed as a pseudo data segment.
-
-
20. A method according to claim 12, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying a flags field in a header of the TCP segment;
including the modified flags field in a synchronize TCP segment formed as a pseudo data segment;
interpreting a second TCP segment encapsulated as a data segment within a subsequent request frame;
modifying a flags field in a header of the second TCP segment; and
including the modified flags field in an acknowledgement TCP segment formed as a pseudo data segment.
-
-
21. A method according to claim 12, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying at least one field in a header of the TCP segment selected from the group consisting of a sequence number field, an acknowledgement number field, a reserved field, and a window size field; and
including the modified at least one field in a reply TCP segment formed as a pseudo data segment.
-
-
22. A method according to claim 12, wherein the network protocol stack comprises a User Datagram Protocol (UDP) layer, further comprising:
-
interpreting a UDP datagram encapsulated as a data segment within the request frame;
modifying at least one of a source port number field and a destination port number field in a header of the UDP datagram; and
including the modified at least one of a source port number field and a destination port number field in a reply UDP datagram formed as a pseudo data segment.
-
-
23. A computer-readable storage medium holding code for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack, wherein the network protocol stack comprises an Internet Protocol (IP) layer, comprising:
-
functionally defining a hierarchical network protocol stack comprising a plurality of communicatively interfaced protocol layers;
receiving a request frame originating from a remote host, the request frame comprising a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack, further comprising;
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying a checksum field in a header of the IP datagram; and
including the modified checksum field in a reply IP datagram formed as a pseudo data segment; and
demultiplexing, at each protocol layer, each encapsulated data segment in the request frame by processing a header associated with the encapsulated data segment, performing any requested network service and forwarding any recursively encapsulated portion to the next successive protocol layer;
forming a plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack, each pseudo data segment comprising a header and data portion with the header including network protocol stack characteristics for a pseudo host different than the network protocol stack characteristics for the virtual host;
recursively encapsulating each of the pseudo data segments within a response frame and inserting into the response frame a network address for the pseudo host different than the network address for the virtual host; and
sending the response frame to the remote host. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
interpreting an IP datagram encapsulated as a data segment within the request frame; and
forming an ICMP message as a pseudo data segment in response to an invalid field in a header of the IP datagram.
-
-
25. A storage medium according to claim 23, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame; and
forming an IP datagram as a pseudo data segment in response to the IP datagram being invalid.
-
-
26. A storage medium according to claim 23, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying an options field in a header of the IP datagram; and
including the modified options field in a reply IP datagram formed as a pseudo data segment.
-
-
27. A storage medium according to claim 23, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying at least one of a header length field and a total length field in a header of the IP datagram; and
including the modified header length field and total length field in a reply IP datagram formed as a pseudo data segment.
-
-
28. A storage medium according to claim 23, wherein the network protocol stack comprises an Internet Protocol (IP) layer, further comprising:
-
interpreting an IP datagram encapsulated as a data segment within the request frame;
modifying a type of service field in a header for each of a series of packet fragments collectively comprising the IP datagram; and
including the modified type of service field in a reply IP datagram formed as a series of pseudo data segments, each corresponding to one of the packet fragments.
-
-
29. A storage medium according to claim 23, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying at least one of a source port number field and a destination port number field in a header of the TCP segment; and
including the modified at least one of a source port number field and a destination port number field in a reply TCP segment formed as a pseudo data segment.
-
-
30. A storage medium according to claim 23, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying an options field in a header of the TCP segment; and
including the modified options field in a reply TCP segment formed as a pseudo data segment.
-
-
31. A storage medium according to claim 23, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying a flags field in a header of the TCP segment;
including the modified flags field in a synchronize TCP segment formed as a pseudo data segment;
interpreting a second TCP segment encapsulated as a data segment within a subsequent request frame;
modifying a flags field in a header of the second TCP segment; and
including the modified flags field in an acknowledgement TCP segment formed as a pseudo data segment.
-
-
32. A storage medium according to claim 23, wherein the network protocol stack comprises a Transmission Control Protocol (TCP) layer, further comprising:
-
interpreting a TCP segment encapsulated as a data segment within the request frame;
modifying at least one field in a header of the TCP segment selected from the group consisting of a sequence number field, an acknowledgement number field, a reserved field, and a window size field; and
including the modified at least one field in a reply TCP segment formed as a pseudo data segment.
-
-
33. A storage medium according to claim 23, wherein the network protocol stack comprises a User Datagram Protocol (UDP) layer, further comprising:
-
interpreting a UDP datagram encapsulated as a data segment within the request frame;
modifying at least one of a source port number field and a destination port number field in a header of the UDP datagram; and
including the modified at least one of a source port number field and a destination port number field in a reply UDP datagram formed as a pseudo data segment.
-
Specification