Edge adapter apparatus and method

US 20020009079A1
Filed: 05/15/2001
Published: 01/24/2002
Est. Priority Date: 06/23/2000
Status: Active Grant

First Claim

Patent Images

1. A method of processing a first data packet transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, said method comprising:

(a) capturing said first data packet from said network prior to its reception by said first recipient;

(b) analyzing said header layer of said first data packet according to a first rule;

(c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;

(d) determining a first action to be taken on said first data packet according to a third rule; and

(e) performing said first action on said first data packet.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.

Citations

111 Claims

1. A method of processing a first data packet transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, said method comprising:
- (a) capturing said first data packet from said network prior to its reception by said first recipient;
  
  (b) analyzing said header layer of said first data packet according to a first rule;
  
  (c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;
  
  (d) determining a first action to be taken on said first data packet according to a third rule; and
  
  (e) performing said first action on said first data packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 46)
- - 2. The method of claim 1, wherein said first recipient transmits a second data packet over said network to said source in response to receipt of said first data packet, said first action comprising at least storing information about said first data packet, said method further comprising:
    - (a) capturing said second data packet from said network prior to its reception by said source;
      
      (b) analyzing a header layer of said second data packet according to a fourth rule;
      
      (c) examining, selectively, a dynamically specified portion of said application data layer of said second data packet according to a fifth rule;
      
      (d) determining a second action to be taken on said second data packet according to a sixth rule; and
      
      (e) performing said second action on said second data packet; and
      
      wherein at least one of said fourth, fifth and sixth rules is based on said stored information.
  - 3. The method of claim 1, wherein said capturing further comprises intercepting said first data packet prior to receipt by a network router.
  - 4. The method of claim 1, wherein said capturing is performed by a packet interceptor, said method further comprising:
    - (f) allowing redefinition of said first, second and third rules by an entity external to said packet interceptor.
  - 5. The method of claim 4, wherein said allowing further comprises allowing dynamic redefinition.
  - 6. The method of claim 1, further comprising:
    - (f) redefining, remotely, said first, second and third rules.
  - 7. The method of claim 1, wherein said second and third rules are based at least in part on said analysis of said header.
  - 8. The method of claim 1, wherein said analyzing further comprises determining a first result of said first rule, said examining further comprises determining a second result of said second rule, said determining further comprising determining said first action to be taken on said first data packet according to said first and second results.
  - 9. The method of claim 1, wherein further comprising predefining said first, second and third rules.
  - 10. The method of claim 1, wherein said analyzing further comprises no analysis of said header layer according to said first rule.
  - 11. The method of claim 1, wherein said examining further comprises no examination of said application data layer according to said second rule.
  - 12. The method of claim 1, wherein said header layer further comprises a network address, said analyzing further comprises analyzing said network address according to said first rule.
  - 13. The method of claim 12, wherein said first rule comprises determining whether said network address matches a pre-defined criteria.
  - 14. The method of claim 1, wherein said header layer further comprises a network address and said network address comprises a transport control port address.
  - 15. The method of claim 1, wherein said header layer further comprises a network address and said network address comprises an internet protocol address.
  - 16. The method of claim 1, wherein said header layer further comprises a network address and said network address comprises a media access control address.
  - 17. The method of claim 1, wherein said application data layer comprises application data generated by said source.
  - 18. The method of claim 17, wherein said application data comprises a uniform resource locator and further wherein said second rule comprises determining whether said uniform resource locator matches a pre-defined criteria.
  - 19. The method of claim 1, wherein said capturing further comprises capturing by a packet interceptor, said first action comprises:
    - forwarding said first data packet to an entity external to said packet interceptor, said external entity being different from said first recipient.
  - 20. The method of claim 1, wherein said first action comprises:
    - releasing said first data packet to said network.
  - 21. The method of claim 1, wherein said capturing is performed by a packet interceptor, said first action comprises:
    - copying said first data packet to a second data packet; and
      
      forwarding said second data packet to an entity external to said packet interceptor, said external entity being different from said first recipient.
  - 22. The method of claim 21, wherein said first action further comprises:
    - receiving a command from said external entity dictating a second action be taken on said first data packet.
  - 23. The method of claim 22, wherein said second action comprises deleting said first data packet.
  - 24. The method of claim 22, wherein said second action comprises releasing said first data packet to said network.
  - 25. The method of claim 21, wherein said first action further comprises:
    - releasing said first data packet to said network.
  - 26. The method of claim 1, wherein said first action comprises:
    - modifying said first data packet; and
      
      releasing said modified first data packet to said network.
  - 27. The method of claim 26, wherein said modifying further includes:
    - modifying at least a portion of said header layer.
  - 28. The method of claim 26, wherein said modifying further includes:
    - modifying at least a portion of said application data layer.
  - 29. The method of claim 1, wherein said first action comprises:
    - transmitting a response to said source based on said first data packet according to a fourth rule.
  - 30. The method of claim 29, wherein said first action further comprises configuring said response to appear to originate from said first recipient.
  - 31. The method of claim 1, wherein said capturing is performed by a packet interceptor, said packet interceptor comprising a plurality of rule sets and wherein a first rule set of said plurality of rule sets comprises said first, second and third rules and said first action, said method further comprising:
    - (f) determining which of said plurality of rule sets to apply to said first data packet.
  - 32. The method of claim 1, wherein said capturing is performed by a packet interceptor, said method further comprising:
    - (f) facilitating performing (a), (b), (c), (d) and (e) non-invasively with respect to said network for a plurality of entities external to said packet interceptor.
  - 33. The method of claim 1, said method further comprising performing (a), (b), (c), (d) and (e) by a router.
  - 34. The method of claim 1, wherein said capturing is performed by a packet interceptor, said method further comprising:
    - (f) receiving a second data packet from an entity external to said packet interceptor, said second data packet directed to said packet interceptor; and
      
      (g) introducing said second data packet into said network.
  - 35. The method of claim 1, wherein said network is characterized by a wire speed, said method further comprising performing (a)-(e) at least at said wire speed.
  - 36. The method of claim 1, wherein said first data packet is characterized seven Open Systems Interconnection (“
    - OSI”
      
      ) defined layers, said dynamically specified portion comprising any at least one of said seven layers.
  - 37. The method of claim 1, wherein said network comprises an optical network.
  - 38. The method of claim 1, wherein said network comprises an electrical network.
  - 39. The method of claim 1, wherein (b) further comprises determining a first result of said first rule and (c) further comprises determining a second result of said rule, said method further comprising:
    - (f) storing said first and second results;
      
      (g) capturing a second data packet from said network prior to its reception by said first recipient;
      
      (h) analyzing said header layer of said second data packet according to said first rule and at least one of said stored first and second results;
      
      (i) examining, selectively, a dynamically specified portion of said application data layer of said second data packet according to a second rule and at least one of said stored first and second results;
      
      (j) determining a second action to be taken on said second data packet according to said third rule; and
      
      (k) performing said second action on said second data packet.
  - 40. The method of claim 1, further comprising performing (a)-(e) invisibly to at least one of said source and said first recipient.
  - 46. The method of claim 41, further comprising:
    - (j) performing (e) and (h) as a compound operation.

41. A method of processing a first data packet directed to a first recipient over a network, said first data packet comprising header data and application data, said method comprising:
- (a) intercepting said first data packet prior to receipt by said first recipient;
  
  (b) capturing said first data packet in a buffer;
  
  (c) analyzing, selectively, said header data according to a first rule;
  
  (d) analyzing, selectively, a dynamically specified portion of said application data according to a second rule;
  
  (e) copying, selectively, said first data packet and forwarding, selectively, said copied first data packet to a second recipient different from said first recipient according to a third rule;
  
  (f) releasing, selectively, said first data packet back to said network according to a fourth rule;
  
  (g) modifying, selectively, said first data packet and releasing, selectively, said modified first data packet back to said network according to a fifth rule;
  
  (h) deleting, selectively, said first data packet from said buffer according to a sixth rule; and
  
  (i) storing, selectively, information about said first data packet according to a seventh rule.
- View Dependent Claims (42, 43, 44, 45, 47, 48, 49)
- - 42. The method of claim 41, further comprising:
    - (j) receiving a second data packet from said second recipient and introducing said second data packet into said network.
  - 43. The method of claim 41, further comprising:
    - (j) redefining said first, second, third, fourth, fifth, sixth and seventh rules by said second recipient.
  - 44. The method of claim 41, further comprising:
    - (j) performing (e) and (f) as a compound operation.
  - 45. The method of claim 41, further comprising:
    - (j) performing (e) and (g) as a compound operation.
  - 47. The method of claim 41, further comprising:
    - (j) performing (g) and (h) as a compound operation.
  - 48. The method of claim 41, further comprising:
    - (j) generating a second data packet directed to said source in response to said first data packet according to a eighth rule.
  - 49. The method of claim 41, further comprising performing (e), (f), (g) and (h) in response to a command from said second recipient.

50. An apparatus for processing a first packet transmitted over a network from a source to a first destination, said first packet comprising a header layer and an application data layer, said apparatus comprising:
- a network interface operative to receive said first packet from said source;
  
  a routing processor coupled with said network interface and operative to receive said first packet from said network interface and convey said first packet to said first destination; and
  
  a packet processor coupled with said network interface and said routing processor, said packet processor comprising;
  
  a packet analyzer operative to analyze said header layer according to a first rule and selectively analyze a dynamically specified portion of said application data layer according to a second rule; and
  
  a packet redirector coupled with said packet analyzer and said routing processor and operative to selectively perform an action on said first packet according to a third rule prior to said conveyance by said routing processor.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 51. The apparatus of claim 50, wherein said packet processor further comprises a packet interceptor operative to buffer said first packet for analysis by said packet analyzer.
  - 52. The apparatus of claim 50, wherein said packet processor is further coupled between said network interface and said routing processor.
  - 53. The apparatus of claim 51, wherein said packet processor intercepts said first packet prior to receipt by said routing processor.
  - 54. The apparatus of claim 50, wherein said packet processor further comprises an external device interface for communicating with a device external to said apparatus.
  - 55. The apparatus of claim 54, wherein said first, second and third rules are capable of being redefined via said external device interface.
  - 56. The apparatus of claim 54, wherein said action further comprises forwarding said first packet to said device.
  - 57. The apparatus of claim 54, wherein said action further comprises creating a copy of said first packet, storing said first packet in a buffer and forwarding said copy to said device.
  - 58. The apparatus of claim 57, wherein said action further comprises deleting said first packet in response to a command received from said device.
  - 59. The apparatus of claim 57, wherein said action further comprises releasing said first packet to said routing processor in response to a command received from said device.
  - 60. The apparatus of claim 54, wherein said action further comprises receiving a second packet from said external device and releasing said second packet to said routing processor.
  - 61. The apparatus of claim 50, wherein said action further comprises releasing said first packet to said routing processor.
  - 62. The apparatus of claim 50, wherein said action further comprises storing information about said first packet for use in analyzing a second packet transmitted from said first destination to said source over said network.
  - 63. The apparatus of claim 50, wherein said action further comprises modifying said first packet and releasing said modified packet to said routing processor.
  - 64. The apparatus of claim 50, wherein said action further comprises transmitting a second packet to said source in response to said first packet.
  - 65. The apparatus of claim 50, wherein said network is characterized by an operating speed, said apparatus operative to operate at least as fast as said operating speed.
  - 66. The apparatus of claim 50, wherein said network comprises an optical network, said network interface being further operative to couple with said optical network.
  - 67. The apparatus of claim 50, wherein said first, second and third rules are operative to factor in past analysis of prior received packets.
  - 68. The apparatus of claim 50, wherein one of said source and said first destination is unaware of said apparatus.
  - 69. The apparatus of claim 50, is logically invisible to said network.
  - 70. The apparatus of claim 50, wherein said apparatus is selectively visible to at least one of said source and said first destination.
  - 71. The apparatus of claim 70, wherein said apparatus is selectively network addressable.

72. An adapter for a router comprising:
- a router interface operative to couple said adapter with said router;
  
  a packet processor coupled with said router interface and operative to intercept a first packet prior to receipt by said router, said packet processor further comprising;
  
  a buffer operative to receive and store said first packet for processing;
  
  first logic coupled with said buffer, said first logic operative to apply a first function to a header layer of said first packet and produce a first result;
  
  second logic coupled with said buffer, said second logic operative to apply a second function to a dynamically specified portion of said application data layer of said first packet and produce a second result; and
  
  third logic coupled with said buffer and said first and second logic, said third logic operative to perform an operation on said first packet using a third function and said first and second results.
- View Dependent Claims (73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
- - 73. The adapter of claim 72, wherein said first, second and third logic are capable of being dynamically redefined.
  - 74. The adapter of claim 72, wherein said second logic is further coupled with said first logic and further comprises an input for receiving said first result.
  - 75. The adapter of claim 72, further comprising an external device interface operative to interconnect one or more devices to said packet processor, said devices being external to said router and said adapter.
  - 76. The adapter of claim 75, wherein said packet processor is further operative to non-invasively interconnect said one or more devices to said network.
  - 77. The adapter of claim 75, wherein said packet processor is further operative to receive one or more commands from said one or more devices and wherein said first, second and third logic are further operative to respond to said one or more commands.
  - 78. The adapter of claim 75, wherein said third function comprises forwarding said first packet from said buffer to a first of said one or more devices based on said first and second results.
  - 79. The adapter of claim 75, wherein said third function comprises forwarding a copy of said first packet to a first of said one or more devices and retaining said first packet in said buffer based on said first and second results.
  - 80. The adapter of claim 79, wherein said third function further comprises forwarding said first packet from said buffer to said router in response to a command received from said first of said one or more devices.
  - 81. The adapter of claim 79, wherein said third function further comprises purging said first packet from said buffer in response to a command received from said first of said one or more devices.
  - 82. The adapter of claim 75, wherein said packet processor is further operative to receive a second packet from a first of said one or more devices and forward said second packet to said router.
  - 83. The adapter of claim 72, wherein said first function comprises a comparison function.
  - 84. The adapter of claim 72, wherein said second function comprises a comparison function.
  - 85. The adapter of claim 72, wherein said third function comprises forwarding said first packet from said buffer to said router based on said first and second results.
  - 86. The adapter of claim 72, wherein said third function comprises modifying said first packet in said buffer and forwarding said modified packet from said buffer to said router based on said first and second results.
  - 87. The adapter of claim 72, wherein said first packet comprises a packet transmitted from a source to a destination over a network, said third function comprises storing information about said first packet for subsequent processing by said adapter of a second packet transmitted from said destination to said source over said network.
  - 88. The adapter of claim 72, wherein said third function comprises generating a response packet to said first packet and forwarding said response packet to said router based on said first and second results.
  - 89. The adapter of claim 72, further comprising fourth logic coupled with said first, second and third logic, and operative to store state information related to said first and second results and said operation, said first, second and third logic being further operative to use said state information to produce said first and second results and perform said operation.

90. A system for facilitating a non-invasive interface to a network comprising:
- a router coupled with said network and operative to route a first packet from a first source to a first destination; and
  
  a packet processor coupled with said router and operative to receive said first packet from said first source and process said first packet prior to routing by said router, said packet processor including;
  
  a rule set comprising first, second and third rules;
  
  first logic operative to analyze a header layer of said first packet according to said first rule;
  
  second logic operative to analyze a dynamically specified portion of said application data layer of said first packet according to said second rule;
  
  third logic operative to perform a function on said first packet according to said third rule; and
  
  an external interface operative to transparently couple a first external device to said packet processor.
- View Dependent Claims (91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107)
- - 91. The system of claim 90, wherein said function comprises forwarding a copy of said first packet to said first external device.
  - 92. The system of claim 91, wherein said function further comprises forwarding said first packet to said router.
  - 93. The system of claim 92, wherein said forwarding is in response to a command from said first external device.
  - 94. The system of claim 91, wherein said function further comprises deleting said first packet.
  - 95. The system of claim 94, wherein said deleting is in response to a command from said first external device.
  - 96. The system of claim 90, wherein said function comprises forwarding said first packet to said router.
  - 97. The system of claim 90, wherein said function further comprises storing information about said first packet.
  - 98. The system of claim 97, wherein said packet processor is further operative to receive a second packet from said first destination for routing to said first source and process said second packet prior to routing by said router, at least one of said first, second and third rules being based on said stored information.
  - 99. The system of claim 90, wherein said function comprises deleting said first packet.
  - 100. The system of claim 90, wherein said function comprises modifying said first packet and forwarding said modified first packet to said router.
  - 101. The system of claim 100, wherein said function further comprises adapting a content of said application data layer.
  - 102. The system of claim 90, wherein said packet processor further comprises an external packet receiver operative to receive a second packet generated by said first external device and forward said second packet to said router.
  - 103. The system of claim 90, wherein said function comprises formulating a response packet to said first packet and forwarding said response packet to said router for routing to said first source.
  - 104. The system of claim 90, wherein said rule set is operative to be modified by said first external device.
  - 105. The system of claim 90, wherein said first packet is allowed to be received by said router in parallel with said reception by said packet processor and wherein said function further comprises preventing said routing of said first packet.
  - 106. The system of claim 90, wherein said packet processor is characterized by a first latency and said router is characterized by a second latency, said system latency being substantially equivalent to the sum of said first and second latencies and wherein said external device is characterized by a third latency, said system latency being unaffected by said third latency.
  - 107. The system of claim 90, wherein said external interface is operative to couple one or more of said external devices with said packet processor in parallel with the others of said one or more of said external devices.

108. An edge server coupled between a point-of-presence (“
- POP”
  
  ) and a network and operative to monitor a network traffic stream passing between said POP and said network, said edge server comprising;
  
  a traffic interceptor operative to selectively intercept said network traffic stream between said POP and said network prior to said network traffic stream reaching its intended destination; and
  
  a traffic modifier operative to modify said selectively intercepted traffic and reinsert said modified selectively intercepted traffic into said work.
- View Dependent Claims (109, 110, 111)
- - 109. The edge server of claim 108, wherein said network traffic stream comprises a plurality of packets, said traffic interceptor being further operative to selectively intercept at least one of said plurality of packets.
  - 110. The edge server of claim 108, wherein said network is characterized by a transmission rate, said edge server capable of operating at least at said transmission rate.
  - 111. The edge server of claim 108, wherein said network traffic stream comprises a bi-directional network traffic stream, said traffic interceptor further operative to selectively intercept said bi-directional network traffic stream.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookingglass Cyber Solutions, LLC
Original Assignee
CloudShield Technologies, Inc. (ZeroFox Holdings, Inc.)
Inventors
Jungck, Peder J., Nguyen, Andrew T., Najam, Zahid, Penke, Ramachandra-Rao

Granted Patent

US 7,032,031 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/19   at layers above the network...

H04L 61/4511   using domain name system [DNS]

H04L 63/0263   Rule management

H04L 69/22   Parsing or analysis of headers

Edge adapter apparatus and method

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

111 Claims

Specification

Solutions

Use Cases

Quick Links

Edge adapter apparatus and method

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

111 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links