Method and apparatus for providing situational awareness

US 10,666,544 B1
Filed: 09/26/2014
Issued: 05/26/2020
Est. Priority Date: 09/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method comprising:

at a network router connected to a network of a plurality of routers for transferring data between computing devices;

receiving, network route control plane data advertised by one or more other routers on the network, the network route control plane data comprising data describing one or more routes on the network, at a passive discovery module of the network router, the network router being configured to communicate with the one or more routers using one or more routing protocols but not to advertise route data;

comparing, at the passive discovery module, the received network route control plane data to network element data stored in a network element database;

determining, at the passive discovery module, whether the received network route control plane data meets network element criteria, wherein the received network element criteria includes a criterion that is met when the network route control plane data is a route advertisement transmitted by a router;

in response to a determination that the received network route control plane data meets network element criteria;

determining, at the passive discovery module, whether the received network route control plane data meets unscanned target criteria, wherein the unscanned target criteria includes a criterion that is met when the network route control plane data is transmitted by a router that has not been scanned by an active discovery module of the network router;

in response to a determination that the received network route control plane data meets network element criteria and unscanned target criteria;

delivering, by the passive discovery module, data describing the router that transmitted the received network route control plane data to an active discovery module of the network router, andtransmitting an interrogation request, via the active discovery module of the network router, to the one or more routers described by the received network route control plane data that is indicative of an unscanned router,wherein the network route control plane data used for network element criteria and unscanned target determinations is one of;

an OSPF new consolidated route message, a BGP new consolidated route message, an IS-IS new consolidated route message, an ARP new consolidated route message and a DHCP new consolidated route message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network route control plane data, advertised by one or more routers on a network, is received from a passive discovery module. The passive discovery module is configured to communicate with the routers using one or more routing protocols, but not to advertise route data. The received network route control plane data is compared to network element data stored in a network element database. If the received network route control plane data is not contained in the network element database, the received network route control plane data is stored in the network element database. If the received network route control plane data is contained in the network element data database, the received network route control plane data is compared to target asset data stored in a target asset database. If the received network route control plane data is not contained in the target asset database, the received network route control plane data is stored in the target asset database. The target asset database is analyzed for unscanned targets. Data describing unscanned targets is delivered to an active discovery module.

Citations

10 Claims

1. A computerized method comprising:
- at a network router connected to a network of a plurality of routers for transferring data between computing devices;
  
  receiving, network route control plane data advertised by one or more other routers on the network, the network route control plane data comprising data describing one or more routes on the network, at a passive discovery module of the network router, the network router being configured to communicate with the one or more routers using one or more routing protocols but not to advertise route data;
  
  comparing, at the passive discovery module, the received network route control plane data to network element data stored in a network element database;
  
  determining, at the passive discovery module, whether the received network route control plane data meets network element criteria, wherein the received network element criteria includes a criterion that is met when the network route control plane data is a route advertisement transmitted by a router;
  
  in response to a determination that the received network route control plane data meets network element criteria;
  
  determining, at the passive discovery module, whether the received network route control plane data meets unscanned target criteria, wherein the unscanned target criteria includes a criterion that is met when the network route control plane data is transmitted by a router that has not been scanned by an active discovery module of the network router;
  
  in response to a determination that the received network route control plane data meets network element criteria and unscanned target criteria;
  
  delivering, by the passive discovery module, data describing the router that transmitted the received network route control plane data to an active discovery module of the network router, andtransmitting an interrogation request, via the active discovery module of the network router, to the one or more routers described by the received network route control plane data that is indicative of an unscanned router,wherein the network route control plane data used for network element criteria and unscanned target determinations is one of;
  
  an OSPF new consolidated route message, a BGP new consolidated route message, an IS-IS new consolidated route message, an ARP new consolidated route message and a DHCP new consolidated route message.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computerized method of claim 1, further comprising:
    - receiving, from the active discovery module, in response to the interrogation request, data describing one or more of devices, paths, hosts, and ports associated with the network.
  - 3. The computerized method of claim 1, wherein the passive discovery module is implemented as at least part of a collector module, the collector module further being configured to conduct active discovery.
  - 4. The computerized method of claim 1, wherein the active discovery module is implemented as at least part of a collector module, the collector module further being configured to conduct passive discovery.
  - 5. The computerized method of claim 2, further comprising:
    - storing the data describing the devices, paths, hosts, and ports for forensics and cyber-security analytics.

6. A system comprising:
- a network router connected to a network of a plurality of routers for transferring data between computing devices, the network router including;
  
  one or more memory units each operable to store at least one program; and
  
  at least one processor communicatively coupled to the one or more memory units, in which the at least one program, when executed by the at least one processor, causes the at least one processor to perform the steps of;
  
  receiving, network route control plane data advertised by one or more other routers on the network, the network route control plane data comprising data describing one or more routes on the network, at a passive discovery module of the network router, the network router being configured to communicate with the one or more routers using one or more routing protocols but not to advertise route data;
  
  comparing, at the passive discovery module, the received network route control plane data to network element data stored in a network element database;
  
  determining, at the passive discovery module, whether the received network route control plane data meets network element criteria, wherein the received network element criteria includes a criterion that is met when the network route control plane data is a route advertisement transmitted by a router;
  
  in response to a determination that the received network route control plane data meets network element criteria;
  
  determining, at the passive discovery module, whether the received network route control plane data meets unscanned target criteria, wherein the unscanned target criteria includes a criterion that is met when the network route control plane data is transmitted by a router that has not been scanned by an active discovery module of the network router;
  
  in response to a determination that the received network route control plane data meets network element criteria and unscanned target criteria;
  
  delivering, by the passive discovery module, data describing the router that transmitted the received network route control plane data to an active discovery module of the network router, andtransmitting an interrogation request, via the active discovery module of the network router, to the one or more routers described by the received network route control plane data that is indicative of an unscanned router,wherein the network route control plane data used for network element criteria and unscanned target determinations is one of;
  
  an OSPF new consolidated route message, a BGP new consolidated route message, an IS-IS new consolidated route message, an ARP new consolidated route message and a DHCP new consolidated route message.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, the processor further performing the step of:
    - receiving, from the active discovery module, in response to the interrogation request, data describing one or more of devices, paths, hosts, and ports associated with the network.
  - 8. The system of claim 6, wherein the passive discovery module is implemented as at least part of a collector module, the collector module further being configured to conduct active discovery.
  - 9. The system of claim 6, wherein the active discovery module is implemented as at least part of a collector module, the collector module further being configured to conduct passive discovery.
  - 10. The system of claim 7, the processor further performing the step of:
    - storing the data describing the devices, paths, hosts, and ports for forensics and cyber-security analytics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lumeta Corporation (FireMon, LLC)
Original Assignee
Lumeta Corporation (FireMon, LLC)
Inventors
Robinson, Jr., Bill Calvin, Labbancz, Mark Thomas, Price, Thomas Allen
Primary Examiner(s)
Cheema, Umar
Assistant Examiner(s)
Williams, Tony

Application Number

US14/497,428
Time in Patent Office

2,069 Days
Field of Search

709224
US Class Current
CPC Class Codes

G06F 16/24   Querying

H04L 45/02   Topology update or discovery

H04L 45/04   Interdomain routing, e.g. h...

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Method and apparatus for providing situational awareness

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing situational awareness

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links