Method and apparatus for providing adaptive self-synchronized dynamic address translation as an intrusion detection sensor
First Claim
Patent Images
1. A system, comprising:
- a bastion host configured to;
determine, based on a destination address included in packet header information of a data packet, whether a remote bastion host is configured to perform adaptive self-synchronized dynamic address translation (ASD);
generate a cipher key by the bastion host when the remote bastion host is not configured to perform ASD;
generate the cipher key according to a handshake with the remote bastion host when the remote bastion host is configured to perform ASD; and
add an entry to an active connection table including the generated cipher key and at least a subset of the packet header information of the data packet.
5 Assignments
0 Petitions
Accused Products
Abstract
A translator is provided for translating predetermined portions of packet header information including an address of a data packet according to a cipher algorithm keyed by a cipher key derived by a key exchanger. A mapping device is also provided for mapping the address to a host table stored in memory. If the address does not match an entry in the host table, a security device is triggered.
32 Citations
20 Claims
-
1. A system, comprising:
a bastion host configured to; determine, based on a destination address included in packet header information of a data packet, whether a remote bastion host is configured to perform adaptive self-synchronized dynamic address translation (ASD); generate a cipher key by the bastion host when the remote bastion host is not configured to perform ASD; generate the cipher key according to a handshake with the remote bastion host when the remote bastion host is configured to perform ASD; and add an entry to an active connection table including the generated cipher key and at least a subset of the packet header information of the data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 17)
-
9. A method, comprising:
-
receiving, at a bastion host, a packet including packet header information, the packet information including a destination address; determining, by a bastion host, whether the destination address is associated with a remote bastion host configured to perform adaptive self-synchronized dynamic address translation (ASD); generating a cipher key by the bastion host based on a determination that the remote bastion host is not configured to perform ASD; generating the cipher key according to a handshake with the remote bastion host based on a determination that the remote bastion host is configured to perform ASD; and adding an entry to an active connection table including the cipher key and destination address. - View Dependent Claims (10, 11, 12, 13, 14, 18, 19, 20)
-
Specification