Bandwidth throttling in vulnerability scanning applications
First Claim
1. One or more computer-readable storage devices or memory storing computer-executable instructions that when executed by a computer, cause the computer to perform a method, the instructions comprising:
- instructions for a firewall that cause the firewall to;
analyze packets of incoming network traffic and emit the incoming network traffic as marked network traffic,wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to scan data from a device profiler configured to scan one or more target machines for vulnerabilities, andwherein at least one of the packets, which is destined for a server that collects the scan data from the device profiler, is marked by the firewall with a firewall mark;
instructions to analyze the marked network traffic, and based on the class identifier, allocating bandwidth to packets of the marked network traffic; and
instructions to transmit the marked network traffic on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are disclosed for implementing bandwidth throttling to regulate network traffic as can be used in, for example, vulnerability scanning and detection applications in a computer network environment. According to one embodiment, a method of routing network packets in a networked device having plural network interfaces combines applying traffic class and network interface throttling for marking network packets with a differentiated service code based on input received from a profiler application, throttling the bandwidth of network packets based on a threshold for a designated network interface for the packet, throttling the bandwidth of the bandwidth-throttled packets based on a threshold for its respective differentiated service code, and emitting network packets on each respective designated network interface.
85 Citations
18 Claims
-
1. One or more computer-readable storage devices or memory storing computer-executable instructions that when executed by a computer, cause the computer to perform a method, the instructions comprising:
-
instructions for a firewall that cause the firewall to; analyze packets of incoming network traffic and emit the incoming network traffic as marked network traffic, wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to scan data from a device profiler configured to scan one or more target machines for vulnerabilities, and wherein at least one of the packets, which is destined for a server that collects the scan data from the device profiler, is marked by the firewall with a firewall mark; instructions to analyze the marked network traffic, and based on the class identifier, allocating bandwidth to packets of the marked network traffic; and instructions to transmit the marked network traffic on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of routing network packets, the method comprising:
-
scanning one or more target machines for vulnerabilities; based on an analysis of incoming network traffic, marking packets of the incoming network traffic and emitting marked packets, the marked packets comprising one or more packets with a class identifier indicating that the respective packet pertains to at least one of the vulnerabilities, at least one of the packets, which is destined for a server that collects data from the scanning, is marked with a firewall mark; allocating bandwidth to the marked packets based on the class identifier; and transmitting the marked packets on a computer network, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked packets are transmitted at a rate selected based at least in part on the allocated bandwidth. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
one or more processors; a first physical network interface and a second physical network interface; and memory or storage devices storing computer-executable instructions that when executed by the processors, cause the apparatus to perform a method, the method comprising; scanning one or more target machines for vulnerabilities; based on an analysis of incoming network traffic, marking packets of the incoming network traffic and emitting the incoming network traffic as marked network traffic, wherein the marked network traffic comprises one or more packets with a class identifier indicating that the respective packet pertains to at least one of the vulnerabilities, at least one of the packets, which is destined for a server that collects data from the scanning, is marked with a firewall mark; allocating bandwidth to packets of the marked network traffic based on the class identifier; and transmitting the marked network traffic via the first physical network interface or the second physical interface, wherein the at least one of the packets marked with the firewall mark is transmitted to said server at a rate that is unrestricted by the allocated bandwidth, and remaining packets of the marked network traffic are transmitted at a rate selected based at least in part on the allocated bandwidth. - View Dependent Claims (15, 16, 17, 18)
-
Specification