| 发明名称 | Countering service enumeration through optimistic response | ||
| 摘要 | Techniques for improving computer system security by detecting and responding to attacks on computer systems are described herein. A computer system monitors communications requests from external systems and, as a result of detecting one or more attacks on the computer system, the computer system responds to the attacks by modifying the behavior of the computer system. The behavior of the computer system is modified so that responses to communications requests to ports on the computer system are altered, presenting the attacker with an altered representation of the computer system and thereby delaying or frustrating the attack and the attacker. | ||
| 申请公布号 | US9350748(B1) | 申请公布日期 | 2016.05.24 |
| 申请号 | US201314108222 | 申请日期 | 2013.12.16 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | McClintock Jon Arron;Stathakopoulos George Nikolaos |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Davis Wright Tremaine LLP | 代理人 | Davis Wright Tremaine LLP |
| 主权项 | 1. A computer-implemented method for enhancing security, comprising: under the control of one or more computer systems configured with executable instructions, monitoring connection attempts to a server computer system;detecting, as part of said monitoring, an in-progress port scan of the server computer system by an attacker computer system; andas a result of detecting the in-progress port scan, modifying the server computer system to: accept connection attempts at least from the attacker computer system on both a first set of ports open until detecting the in-progress port scan and a second set of ports closed for an amount of time until detecting the in-progress port scan;provide attack responses to the attacker computer system from at least a first subset of the first set of ports and at least a second subset of the second set of ports, the attack responses from the first subset of the first set of ports configured to be different than responses that would have been provided to the attacker computer system had the in-progress port scan been undetected, the attack responses including at least one response misidentifying a service behind a particular in-use port of the first set of ports and falsely indicating existence of a particular service behind a particular port of the second set of ports; andwherein misidentifying the service is accomplished by providing, to an attacker, a service response on the particular in-use port, the service response corresponds to a different known service than the service on the particular in-use port. | ||
| 地址 | Seattle WA US | ||