Identifying communicating network nodes in the same local network

US 10,498,803 B1
Filed: 08/11/2019
Issued: 12/03/2019
Est. Priority Date: 04/08/2018
Status: Active Grant

First Claim

Patent Images

1. A method for distributing a common set of data to multiple network nodes of a networked system by a data distribution system, where the data distribution system comprises (A) a data distribution server software module installed on a data distribution remote computing device and (B) a data distribution agent software module installed on at least a first network node and a second network node of the networked system, the method for distributing the common set of data comprising:

a. receiving, by the data distribution server software module and from the first network node, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node, wherein execution of computer code of the data distribution agent software module by one or more processors of the first network node causes the one or more processors of the first network node to send the first information;

b. receiving, by the data distribution server software module and from the second network node, second information about a second data packet of the second network node, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node, wherein execution of computer code of the data distribution agent software module by one or more processors of the second network node causes the one or more processors of the second network node to send the second information;

c. checking, by the data distribution server software module, whether the first information and the second information satisfy a matching condition; and

d. in response to a determination by the checking that the first information and the second information satisfy the matching condition, carrying out the following steps;

i. concluding, by the data distribution server software module, that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain; and

ii. delivering the common set of data to multiple network nodes of the common broadcast domain, the delivering comprising;

(A) transmitting the common set of data to the first network node, and(B) causing the first network node to transmit the common set of data from the first network node to the second network node.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Citations

20 Claims

1. A method for distributing a common set of data to multiple network nodes of a networked system by a data distribution system, where the data distribution system comprises (A) a data distribution server software module installed on a data distribution remote computing device and (B) a data distribution agent software module installed on at least a first network node and a second network node of the networked system, the method for distributing the common set of data comprising:
- a. receiving, by the data distribution server software module and from the first network node, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node, wherein execution of computer code of the data distribution agent software module by one or more processors of the first network node causes the one or more processors of the first network node to send the first information;
  
  b. receiving, by the data distribution server software module and from the second network node, second information about a second data packet of the second network node, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node, wherein execution of computer code of the data distribution agent software module by one or more processors of the second network node causes the one or more processors of the second network node to send the second information;
  
  c. checking, by the data distribution server software module, whether the first information and the second information satisfy a matching condition; and
  
  d. in response to a determination by the checking that the first information and the second information satisfy the matching condition, carrying out the following steps;
  
  i. concluding, by the data distribution server software module, that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain; and
  
  ii. delivering the common set of data to multiple network nodes of the common broadcast domain, the delivering comprising;
  
  (A) transmitting the common set of data to the first network node, and(B) causing the first network node to transmit the common set of data from the first network node to the second network node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the transmitting of the common set of data to the first network node is performed by the data distribution remote computing device.
  - 3. The method of claim 1, wherein the transmitting of the common set of data to the first network node is performed by a computing device other than the data distribution remote computing device.
  - 4. The method of claim 1, wherein the common set of data includes media data.
  - 5. The method of claim 1, wherein the common set of data includes an installation package of a software application.
  - 6. The method of claim 1, wherein the common set of data includes an update for a software application.
  - 7. The method of claim 1, wherein the first data packet is a member of the data packets group consisting of an Address Resolution Protocol (ARP) data packet, a Link-Local Multicast Name Resolution (LLMNR) data packet and a NetBIOS over TCP/IP Name Service (NBNS) data packet.
  - 8. The method of claim 1, wherein the first data packet is an Internet Protocol (IP) data packet including an IP destination address that is an IP broadcast address.
  - 9. The method of claim 1, wherein (i) the first information includes a first indication that indicates whether the first data packet is an inbound or an outbound data packet, (ii) the second information includes a second indication that indicates whether the second data packet is an inbound or an outbound data packet, and (iii) a necessary condition for the first information and the second information to satisfy the matching condition is that the first indication is different from the second indication.
  - 10. The method of claim 1, wherein (i) the first information includes a value of a given field in the first data packet, (ii) the second information includes a value of the given field in the second data packet, and (iii) a necessary condition for the first information and the second information to satisfy the matching condition is that the value of the given field in the first data packet equals the value of the given field in the second data packet.
  - 11. The method of claim 10, wherein the given field is a member of the group consisting of an Internet Protocol (IP) address field, a Media Access Control (MAC) address field, and a protocol type field.
  - 12. The method of claim 1, wherein (i) the first information includes respective values of multiple given fields in the first data packet, (ii) the second information includes respective values of the multiple given fields in the second data packet, and (iii) a necessary condition for the first information and the second information to satisfy the matching condition is that for each specific given field of the multiple given fields, the respective value in the first data packet equals the respective value in the second data packet.
  - 13. The method of claim 12, wherein the multiple given fields include an Internet Protocol (IP) address field and a Media Access Control (MAC) address field.
  - 14. The method of claim 1, wherein (i) the first information includes a first result of a first computation based on corresponding values of one or more given fields in the first data packet, (ii) the second information includes a second result of a second computation based on corresponding values of the one or more given fields in the second data packet, and (iii) a necessary condition for the first information and the second information to satisfy the matching condition is that the first result equals the second result.
  - 15. The method of claim 14, wherein the first computation is a computation of a hash function.
  - 16. The method of claim 14, wherein the first computation is a computation of an Exclusive OR (XOR) function.
  - 17. The method of claim 1, wherein a necessary condition for the first information and the second information to satisfy the matching condition is that an absolute value of a difference in time between the receiving of the first information and the receiving of the second information is lower than a given threshold.
  - 18. The method of claim 1, wherein a necessary condition for the first information and the second information to satisfy the matching condition is that an absolute value of a difference between a first time stamp included in the first information and a second time stamp included in the second information is lower than a given threshold.
  - 19. The method of claim 1, further comprising:
    - e. receiving, by the data distribution server software module and from the first network node, third information about a third data packet of the first network node, the third data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node, wherein execution of computer code of the data distribution agent software module by the one or more processors of the first network node causes the one or more processors of the first network node to send the third information;
      
      f. receiving, by the data distribution server software module and from the second network node, fourth information about a fourth data packet of the second network node, the fourth data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node, wherein execution of computer code of the data distribution agent software module by the one or more processors of the second network node causes the one or more processors of the second network node to send the fourth information;
      
      g. further checking, by the data distribution server software module, whether the third information and the fourth information satisfy the matching condition,wherein the concluding is performed in response to occurrence of both (A) a determination by the further checking that the third information and the fourth information satisfy the matching condition and (B) a determination by the checking that the first information and the second information satisfy the matching condition.

20. A data distribution system for distributing a common set of data to multiple network nodes of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks, the data distribution system comprising:
- a. a first distribution-agent non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of a first network node, the first network node being in electronic communication with a data distribution remote computing device, the first distribution-agent non-transitory computer-readable storage medium having stored therein first instructions, that when executed by the one or more processors of the first network node, cause the one or more processors of the first network node to send, to the data distribution remote computing device, first information about a first data packet, the first data packet being one member of the group consisting of (i) a data packet received by the first network node from another network node sharing a common broadcast domain with the first network node, and (ii) a data packet sent by the first network node only to one or more other network nodes sharing a common broadcast domain with the first network node;
  
  b. a second distribution-agent non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of a second network node, the second network node being in electronic communication with the data distribution remote computing device, the second reconnaissance-agent non-transitory computer-readable storage medium having stored therein second instructions, that when executed by the one or more processors of the second network node, cause the one or more processors of the second network node to send, to the data distribution remote computing device, second information about a second data packet of the second network node, the second data packet being one member of the group consisting of (i) a data packet received by the second network node from another network node sharing a common broadcast domain with the second network node, and (ii) a data packet sent by the second network node only to one or more other network nodes sharing a common broadcast domain with the second network node;
  
  c. a distribution-server non-transitory computer-readable storage medium for storage of instructions for execution by one or more processors of the data distribution remote computing device, the distribution-server non-transitory computer-readable storage medium having stored therein;
  
  i. third instructions, that when executed by the one or more processors of the data distribution remote computing device, cause the one or more processors of the data distribution remote computing device to receive, from the first network node, the first information sent by the first network node,ii. fourth instructions, that when executed by the one or more processors of the data distribution remote computing device, cause the one or more processors of the data distribution remote computing device to receive, from the second network node, the second information sent by the second network node,iii. fifth instructions, that when executed by the one or more processors of the data distribution remote computing device, cause the one or more processors of the data distribution remote computing device to check whether the first information and the second information satisfy a matching condition, andiv. sixth instructions, that when executed by the one or more processors of the data distribution remote computing device, cause the one or more processors of the data distribution remote computing device to carry out the following steps in response to a determination made by executing the fifth instructions that the first information and the second information satisfy the matching condition;
  
  A. concluding that the first data packet and the second data packet are a same data packet, and that the first network node and the second network node share a common broadcast domain, andB. delivering the common set of data to multiple network nodes of the common broadcast domain shared by the first network node and the second network node, the delivering comprising;
  
  (I) transmitting the common set of data to the first network node, and(II) causing the first network node to transmit the common set of data from the first network node to the second network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Inventors
Zini, Shahar, Lasser, Menahem
Primary Examiner(s)
Harris, Christopher C

Application Number

US16/537,601
Publication Number

US 20190364070A1
Time in Patent Office

114 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/103   across network layers, e.g....

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

H04L 67/10   in which an application is ...

Identifying communicating network nodes in the same local network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying communicating network nodes in the same local network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links