Method and apparatus for intercepting performance metric packets for improved security and intrusion detection
First Claim
1. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
- generating an information query by the sender;
sending the information query to the recipient;
receiving the information query at a border device of the recipient;
processing the information query at the border device to provide selected information requested by the information query to the sender.
1 Assignment
0 Petitions
Accused Products
Abstract
A method in which a border device of a destination network located outside of a recipient personal computer or network intercepts a performance measurement packet for a specified recipient in order to relieve problems that arise when performance metric packets are interpreted as harmful to a recipient network or server. A border device intercepts the performance metric packet and returns requested information to the sender while masking the source address of the response as the original destination address of the original recipient or the network number of that recipient. The sender of the packet receives ample information on the performance metrics to the perimeter of the recipient for use in its application and the recipient network is protected as well by masking the IP addresses in use on the its network. The method is applicable in both existing performance metric protocols and is adaptable to a new protocol which would also additionally assist in identifying the purpose of the performance metric packets and protecting the destination network from outside interference. The number of performance metrics queried by some applications could also be reduced through the use of CIDR network block tables. These tables would be referenced to determine if a previous response was cached from this network block or to allow for a longer cache time-out due to the static nature of CIDR blocks.
-
Citations
20 Claims
-
1. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
-
generating an information query by the sender;
sending the information query to the recipient;
receiving the information query at a border device of the recipient;
processing the information query at the border device to provide selected information requested by the information query to the sender. - View Dependent Claims (2, 3, 4)
-
-
5. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
-
generating an information query by the sender;
sending the information query to the recipient; and
receiving the information query at a border device of the recipient;
processing the information query at the border device according to a plurality of predetermined rules, wherein said predetermined rules provide for one of;
providing selected information requested by the information query in a response to the information query to be sent to the sender;
discarding the information query; and
passing the information query through the border device to the recipient for response. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A border device positioned between a sender and a recipient for use in gathering information regarding a connection between the sender and the recipient in a network, the border device comprising:
-
a receiver for receiving an information query from the sender addressed to the recipient;
a processor for processing the information query on behalf of the recipient to generate a response to said information query including selected information; and
a transmitter for sending the response including the selected information to the sender. - View Dependent Claims (11, 12, 14, 15, 16, 17, 18, 20)
-
-
13. A method of gathering performance measurement information regarding a connection between a sender and a recipient in a network comprising the steps of:
-
generating an a performance measurement packet by the sender;
sending the performance measurement packet to the recipient;
receiving the performance measurement packet at a border device of the recipient; and
processing the performance measurement packet at the border device according to a plurality of predetermined rules, wherein said predetermined rules provide for one of;
generating a response packet to the performance measurement packet providing performance metric information to be sent to the sender;
discarding the performance measurement packet and passing the performance measurement packet to the recipient.
-
-
19. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
-
generating an information query by the sender;
sending the information query to the recipient;
receiving a response to the information query including selected information from the recipient by the sender;
storing at least the selected information of the response for a predetermined period of time when the destination address of the information query is one of a plurality of predetermined addresses stored at the sender, such that when a subsequent information query includes a destination address corresponding to any of the plurality of predetermined addresses, the stored selected information of the response is used without sending the subsequent information query to the recipient; and
wherein said predetermined period of time is different from a period of time for which the selected information of the response is stored when the destination address of the information query is an address other than one of the plurality of predetermined addresses.
-
Specification