Unauthorized access information collection system
First Claim
1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
- a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and
an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses,wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, andthe unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, and wherein the unauthorized access information collection device comprises;
a first communication unit that conducts communication with the Internet;
a second communication unit that conducts communication with the honeynet;
a storage unit which stores the routing table; and
an arithmetic control unit which controls the unauthorized access information collection device and which;
records a packet received through the first communication unit in the storage unit;
writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet;
if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet,wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and
if the destination global address of the received packet is not present in the routing table, discards the received packet.
1 Assignment
0 Petitions
Accused Products
Abstract
In an unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system includes: a plurality of honey pots in which a private address or a global address is respectively set and which construct the honeynet; and an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to the private address or the global address by setting of a routing table to transfer a received packet and which performs a communication control from the honeynet side to the Internet side based on a communication control list and records the packets passing through the unauthorized access information collection device.
39 Citations
11 Claims
-
1. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
-
a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses, wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, and the unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, and wherein the unauthorized access information collection device comprises; a first communication unit that conducts communication with the Internet; a second communication unit that conducts communication with the honeynet; a storage unit which stores the routing table; and an arithmetic control unit which controls the unauthorized access information collection device and which; records a packet received through the first communication unit in the storage unit; writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet; if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet, wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and if the destination global address of the received packet is not present in the routing table, discards the received packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An unauthorized access information collection system for monitoring unauthorized access to a honeynet so as to collect unauthorized access information, the system comprising:
-
a honeynet comprising a plurality of honey pots, each honey pot being allocated an internet protocol (IP) address; and an unauthorized access information collection device which is disposed between an Internet and the honeynet and which allocates a plurality of global addresses to each of the IP addresses and generates a routing table comprising the IP addresses and their respective corresponding global addresses, wherein the unauthorized access information collection device uses the routing table to transfer packets received from the Internet to the honeynet, and transfers received packets from the honeynet to the Internet according to a communication control list, and the unauthorized access information collection device records packets that pass through the unauthorized access information collection device from the Internet to the honeynet and vice versa, wherein the unauthorized access information collection device comprises; a first communication unit that conducts communication with the Internet; a second communication unit that conducts communication with the honeynet; a storage unit which stores the communication control list; and an arithmetic control unit which controls the unauthorized access information collection device and which; records a packet received through the first communication unit in the storage unit; writes a first detection point identifier, a destination global address of the received packet, and a destination port number of the received packet into a payload of the recorded packet; if the destination global address of the received packet is present in the routing table, records a new packet in the storage unit, the new packet having an IP address from the routing table that corresponds to the destination global address of the received packet as a destination address and writes a second detection point identifier, the destination global address of the received packet and the destination port number of the received packet into a payload of the new recorded packet, and transfers the new recorded packet through the second communication unit to the honeynet, if limit information about a source IP address of a packet received from the honeynet through the second communication unit is not registered in the communication control list, records the received packet in the storage unit and writes a third detection point identifier into a payload of the recorded packet and writes a source global address from the routing table that corresponds to the source IP address of the received packet as a source address of the recorded packet, and transfers the recorded packet through the first communication unit, wherein the first detection point identifier indicates a point of receipt of a packet from the Internet and the second detection point identifier indicates a point of rewriting into a private address; and if the limit information is present in the communication control list, records the received packet in the storage unit, writes a fourth detection point identifier into a payload of the recorded packet, and discards the received packet.
-
Specification