Bandwidth throttling in vulnerability scanning applications

US 10,623,325 B1
Filed: 09/19/2017
Issued: 04/14/2020
Est. Priority Date: 11/19/2013
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage devices or memory storing computer-executable instructions that when executed by a computer, cause the computer to perform a method, the instructions comprising:

instructions for a firewall that cause the firewall to;

analyze packets of incoming network traffic and emit the incoming network traffic as marked network traffic,wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to scan data from a device profiler configured to scan one or more target machines for vulnerabilities, andwherein at least one of the packets, which is destined for a server that collects the scan data from the device profiler, is marked by the firewall with a firewall mark;

instructions to analyze the marked network traffic, and based on the class identifier, allocating bandwidth to packets of the marked network traffic; and

instructions to transmit the marked network traffic on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods are disclosed for implementing bandwidth throttling to regulate network traffic as can be used in, for example, vulnerability scanning and detection applications in a computer network environment. According to one embodiment, a method of routing network packets in a networked device having plural network interfaces combines applying traffic class and network interface throttling for marking network packets with a differentiated service code based on input received from a profiler application, throttling the bandwidth of network packets based on a threshold for a designated network interface for the packet, throttling the bandwidth of the bandwidth-throttled packets based on a threshold for its respective differentiated service code, and emitting network packets on each respective designated network interface.

85 Citations

View as Search Results

18 Claims

1. One or more computer-readable storage devices or memory storing computer-executable instructions that when executed by a computer, cause the computer to perform a method, the instructions comprising:
- instructions for a firewall that cause the firewall to;
  
  analyze packets of incoming network traffic and emit the incoming network traffic as marked network traffic,wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to scan data from a device profiler configured to scan one or more target machines for vulnerabilities, andwherein at least one of the packets, which is destined for a server that collects the scan data from the device profiler, is marked by the firewall with a firewall mark;
  
  instructions to analyze the marked network traffic, and based on the class identifier, allocating bandwidth to packets of the marked network traffic; and
  
  instructions to transmit the marked network traffic on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more computer-readable storage devices or memory of claim 1, wherein the instructions to analyze the marked network traffic are configured to be executed in privileged kernel space.
  - 3. The one or more computer-readable storage devices or memory of claim 1, wherein the instructions for the firewall and the instructions to transmit the marked network traffic are configured to be executed in non-privileged user space.
  - 4. The one or more computer-readable storage devices or memory of claim 1, further comprising instructions to analyze the marked network traffic, and to further allocate bandwidth to the packets of marked network traffic based at least in part on a network interface to which the marked network traffic is assigned.
  - 5. The one or more computer-readable storage devices or memory of claim 1, further comprising instructions to send messages to the device profiler indicating the bandwidth allocated to the marked network traffic.
  - 6. The one or more computer-readable storage devices or memory of claim 1, further comprising instructions to remove the class identifier before transmitting the marked network traffic on a computer network.
  - 7. The one or more computer-readable storage devices or memory of claim 1, wherein the incoming network traffic includes data for the device profiler scan, and further comprising instructions that cause the device profiler to reduce a rate at which the device profiler is configured to scan at least one of the target machines based at least in part on the rate at which network traffic is transmitted on the computer network.

8. A method of routing network packets, the method comprising:
- scanning one or more target machines for vulnerabilities;
  
  based on an analysis of incoming network traffic, marking packets of the incoming network traffic and emitting marked packets, the marked packets comprising one or more packets with a class identifier indicating that the respective packet pertains to at least one of the vulnerabilities, at least one of the packets, which is destined for a server that collects data from the scanning, is marked with a firewall mark;
  
  allocating bandwidth to the marked packets based on the class identifier; and
  
  transmitting the marked packets on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked packets are transmitted at a rate selected based at least in part on the allocated bandwidth.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the analysis on the marked packets is executed with a process executed by a processor in non-privileged kernel space, and the allocating bandwidth is executed with a process executed by a processor in privileged kernel space.
  - 10. The method of claim 8, wherein the allocating bandwidth to the marked packets is based at least in part on a network interface to which a respective one of the marked packets is assigned.
  - 11. The method of claim 8, further comprising removing the class identifier before the transmitting the marked packets on the computer network.
  - 12. The method of claim 8, further comprising sending messages to a device profiler indicating the bandwidth allocated to the marked packets.
  - 13. The method of claim 12, wherein:
    - the device profiler is configured to scan at least one of the target machines based at least in part on a rate at which network traffic is transmitted on the computer network; and
      
      the incoming network traffic includes data for configuring a device profiler scan performed by the device profiler.

14. An apparatus, comprising:
- one or more processors;
  
  a first physical network interface and a second physical network interface; and
  
  memory or storage devices storing computer-executable instructions that when executed by the processors, cause the apparatus to perform a method, the method comprising;
  
  scanning one or more target machines for vulnerabilities;
  
  based on an analysis of incoming network traffic, marking packets of the incoming network traffic and emitting the incoming network traffic as marked network traffic, wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to at least one of the vulnerabilities, at least one of the packets, which is destined for a server that collects data from the scanning, is marked with a firewall mark;
  
  allocating bandwidth to packets of the marked network traffic based on the class identifier; and
  
  transmitting the marked network traffic via the first physical network interface or the second physical interface, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The apparatus of claim 14, wherein the one or more processors execute at least the computer-executable instructions for marking packets in non-privileged user space, and execute at least the computer-executable instructions for allocating bandwidth in privileged user space.
  - 16. The apparatus of claim 14, wherein the method further comprises allocating the bandwidth to the packets of marked network traffic based at least in part on a network interface to which the marked network traffic is assigned.
  - 17. The apparatus of claim 14, wherein the method further comprises sending messages to a device profiler indicating the bandwidth allocated to the marked network traffic.
  - 18. The apparatus of claim 14, wherein the method further comprises removing the class identifier before the transmitting the marked network traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
Pawlukowsky, Chris, Turner, Ian, Appleby, Mike
Primary Examiner(s)
Tran, Jimmy H

Application Number

US15/709,245
Time in Patent Office

938 Days
Field of Search
US Class Current
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/20   Traffic policing

H04L 47/22   Traffic shaping

H04L 47/2408   for supporting different se...

H04L 47/2491   Mapping quality of service ...

H04L 47/263   Rate modification at the so...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/1433   Vulnerability analysis

H04L 67/61   taking into account QoS or ...

Y02D 30/50   in wire-line communication ...

Bandwidth throttling in vulnerability scanning applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Bandwidth throttling in vulnerability scanning applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links