Method and apparatus for network deception/emulation

US 7,516,227 B2
Filed: 08/08/2006
Issued: 04/07/2009
Est. Priority Date: 11/15/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A computer network emulation wall and emulation system comprising:

two or more emulation computer systems of at least two distinct types;

a network able to deliver datagrams to said two or more emulation computer systems through said emulation wall; and

wherein two or more of said two or more emulation computer systems provide emulation responses of multiple emulated computer systems at multiple addresses;

each emulation computer system providing emulation responses of emulated computers appropriate to said emulation computer system'"'"'s type;

and further comprising;

receiving a response at an inside of said emulation wall from said emulation subnetwork;

translating a response emulation original address indication to a response proxy address indication;

passing said datagram into said network from said emulation subnetwork while translating said response proxy address indication back to a response original address indication;

wherein said passing comprises;

receiving said datagram at a first network gateway;

translating said original address indication of said datagram into a proxy address indication at said first network gateway;

routing said datagram with said proxy address indication to a second network gateway;

translating said proxy address indication of said datagram into said emulation original address indication at said second network gateway; and

forwarding said datagram with said emulation original address indication to said emulation subnetwork.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A number of innovations in the field of networking are disclosed. These techniques use multiple address translation to achieve effective deceptions, emulations, extended private networks and related goals. A further embodiment using a deception network having a number of different actual computer systems each performing emulation where deceived datagrams are routed to an actual machine that is particularly able to perform the desired emulation. The invention allows the emulation to receive a datagram just at it would appear at an external access point, operate on that datagram and return a datagram which is then passed through a deception wall using multiple address translations.

Citations

20 Claims

1. A computer network emulation wall and emulation system comprising:
- two or more emulation computer systems of at least two distinct types;
  
  a network able to deliver datagrams to said two or more emulation computer systems through said emulation wall; and
  
  wherein two or more of said two or more emulation computer systems provide emulation responses of multiple emulated computer systems at multiple addresses;
  
  each emulation computer system providing emulation responses of emulated computers appropriate to said emulation computer system'"'"'s type;
  
  and further comprising;
  
  receiving a response at an inside of said emulation wall from said emulation subnetwork;
  
  translating a response emulation original address indication to a response proxy address indication;
  
  passing said datagram into said network from said emulation subnetwork while translating said response proxy address indication back to a response original address indication;
  
  wherein said passing comprises;
  
  receiving said datagram at a first network gateway;
  
  translating said original address indication of said datagram into a proxy address indication at said first network gateway;
  
  routing said datagram with said proxy address indication to a second network gateway;
  
  translating said proxy address indication of said datagram into said emulation original address indication at said second network gateway; and
  
  forwarding said datagram with said emulation original address indication to said emulation subnetwork.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The device according to claim 1 further comprising:
    - at least one of said emulation computer systems responding to multiple incoming addresses on said communication channel as though said at least one emulation system were multiple logic systems.
  - 3. The device according to claim 2 further comprising:
    - on at least one of said emulation systems, providing varying responses.
  - 4. The device according to claim 3 wherein said responses vary based on an incoming address.
  - 5. The device according to claim 3 wherein said varying responses comprise varying time and use characteristics.
  - 6. The system according to claim 1 further comprising:
    - a transmission control system able to establish and vary delivery paths to said emulation computer systems.
  - 7. The system according to claim 1 further comprising:
    - an emulation control system able to establish and vary emulations provided by said two or more emulation computer systems.
  - 8. The method according to claim 1 wherein address indications comprise source and destination addresses according to a standard networking protocol.
  - 9. The method according to claim 8 wherein address indications comprise source and destination addresses according to an IP networking protocol.
  - 10. The method according to claim 1 wherein said emulation original address indication is identical to said original address indication.
  - 11. The method according to claim 1 wherein said first network gateway is a standard network gateway;
    - said translating said original address indication of said datagram into a proxy address indication at said first standard network gateway uses using-a standard translation procedure;
      
      said second network gateway is a standard network gateway;
      
      said translating said proxy address indication of said datagram into said emulation original address indication at said second standard network gateway using a standard translation procedure.
  - 12. The method according to claim 1 wherein said emulations vary based on one or more parameters including datagram addresses, time, or usage statistics.
  - 13. The method according to claim 1 wherein an emulation at a particular IP address translates same services differently for different remote access points, creating for a first set of remote access points, an illusion of a first network, for a second set of remote access points, an illusion of a service system with a vulnerable deception target, and for a third set of remote access points, access to other systems.
  - 14. The system according to claim 1 further wherein:
    - said two or more emulation computer systems of at least two distinct types comprise two or more simulated computer systems.
  - 15. The system according to claim 1 further wherein:
    - said at least two distinct types comprise two types selected from the group consisting of;
      
      a first server application;
      
      a second server application;
      
      a first version of a personal computer operating system;
      
      a second version of said personal computer operating system;
      
      a firewall;
      
      a private network.
  - 16. The system according to claim 15 further wherein:
    - said emulation responses of multiple emulated computer systems at multiple addresses are not detectable as emulations but are perceived as multiple individual computer systems by any system connecting through said emulation wall.
  - 17. The system according to claim 1 further wherein said network emulation wall and emulation system execute on a hardware device connected on said network.
  - 18. The system according to claim 1 further wherein said emulation wall and emulation system reside on a computer network with a plurality of nodes, at least some of said nodes able to forward packets to said system.
  - 19. The system according to claim 1 further wherein said emulation wall and emulation system are embodied in a single network device.
  - 20. The system according to claim 1 further wherein said emulation wall and emulation system are embodied in multiple network devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fred Cohen
Original Assignee
Fred Cohen
Inventors
Cohen, Fred
Primary Examiner(s)
DINH, KHANH Q

Application Number

US11/463,301
Publication Number

US 20070115993A1
Time in Patent Office

973 Days
Field of Search

709/224, 709/228, 709/220, 726/25, 370/396, 713/400
US Class Current

709/228
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/25   of the same type

H04L 63/0218   Distributed architectures, ...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

Method and apparatus for network deception/emulation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for network deception/emulation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links