METHOD AND APPARATUS FOR PROVIDING ADAPTIVE SELF-SYNCHRONIZED DYNAMIC ADDRESS TRANSLATION AS AN INTRUSION DETECTION SENSOR
5 Assignments
0 Petitions
Accused Products
Abstract
A translator is provided for translating predetermined portions of packet header information including an address of a data packet according to a cipher algorithm keyed by a cipher key derived by a key exchanger. A mapping device is also provided for mapping the address to a host table stored in memory. If the address does not match an entry in the host table, a security device is triggered.
11 Citations
50 Claims
-
1-30. -30. (canceled)
-
31. A system, comprising:
a bastion host configured to; determine, based on a destination address included in packet header information of a data packet, whether a remote bastion host is configured to perform adaptive self-synchronized dynamic address translation (ASD); generate a cipher key by the bastion host when the remote bastion host is not configured to perform ASD; generate the cipher key according to a handshake with the remote bastion host when the remote bastion host is configured to perform ASD; and add an entry to an active connection table including the generated cipher key and at least a subset of the packet header information of the data packet. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 45, 46, 47)
-
39. A method, comprising:
-
receiving, at a bastion host, a packet including packet header information, the packet information including a destination address; determining, by a bastion host, whether the destination address is associated with a remote bastion host configured to perform adaptive self-synchronized dynamic address translation (ASD); generating a cipher key by the bastion host based on a determination that the remote bastion host is not configured to perform ASD; generating the cipher key according to a handshake with the remote bastion host based on a determination that the remote bastion host is configured to perform ASD; and adding an entry to an active connection table including the cipher key and destination address. - View Dependent Claims (40, 41, 42, 43, 44, 48, 49, 50)
-
Specification