Network Protection Via Embedded Controls

US 20080159152A1
Filed: 12/29/2006
Published: 07/03/2008
Est. Priority Date: 12/29/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an in-line device configured to detect an infected data packet;

a central management server configured to receive a first instruction from the in-line device, the instruction identifying the origin of the infected data packet; and

an infected endpoint device configured to receive a second instruction from the central management server and to mark outgoing data packets to create marked data packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a method for providing network protection. A method according to one embodiment may include detecting an infected data packet at an in-line device. The method may further include receiving a first instruction from the in-line device at a central management server, the instruction identifying the origin of the infected data packet. The method may also include receiving a marking instruction from the central management server at an infected endpoint device and marking outgoing data packets at the infected endpoint device to create marked data packets. Of course, many alternatives, variations and modifications are possible without departing from this embodiment.

14 Citations

View as Search Results

30 Claims

1. A system comprising:
- an in-line device configured to detect an infected data packet;
  
  a central management server configured to receive a first instruction from the in-line device, the instruction identifying the origin of the infected data packet; and
  
  an infected endpoint device configured to receive a second instruction from the central management server and to mark outgoing data packets to create marked data packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein the in-line device is configured to prevent the marked data packets from passing through if a threshold has been reached.
  - 3. The system according to claim 1, wherein the outgoing data packets are marked using a Differentiated Services Code Point (DSCP) field, the DSCP field including Quality of Service (QoS) information.
  - 4. The system according to claim 3, wherein at least one of the marked data packets and at least one expected data packet may be allowed to pass through the in-line device after evaluating the QoS information of the DSCP field.
  - 5. The system according to claim 4, further comprising a switch configured to prevent a marked data packet to pass through the in-line device if a threshold has been reached.
  - 6. The system according to claim 5, wherein the threshold corresponds to a maximum amount of marked data packets supported by the in-line device.
  - 7. The system according to claim 1, wherein the in-line device may be configured to send instructions to the central management server via an interface.
  - 8. The system according to claim 7, wherein the interface is selected from the group consisting of Simple Network Management Protocol (SNMP) or Windows Management Instrumentation (WMI).
  - 9. The system according to claim 1, wherein the infected endpoint device includes OOB management processing circuitry configured to mark the outgoing packets.
  - 10. The system according to claim 1, wherein the in-line device is selected from the group consisting of intrusion prevention systems (IPS), intrusion detection systems (IDS), network accelerators and application gateways.
  - 11. The system according to claim 1, wherein the infected endpoint device, the central management server or an intrusion detection system are configured to detect the infected data packet.

12. An article comprising a storage medium having stored thereon instructions that when executed by a machine result in the following:
- detecting an infected data packet at an in-line device;
  
  receiving a first instruction from the in-line device at a central management server, the instruction identifying the origin of the infected data packet;
  
  receiving a marking instruction from the central management server at an infected endpoint device; and
  
  marking outgoing data packets at the infected endpoint device to create marked data packets.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 30)
- - 13. The article according to claim 12, further comprising preventing the marked data packets from passing through the in-line device if a threshold has been reached.
  - 14. The article according to claim 12, wherein marking the outgoing data packets comprises using a Differentiated Services Code Point (DSCP) field, the DSCP field including Quality of Service (QoS) information.
  - 15. The article according to claim 14, wherein at least one marked data packet and at least one expected data packet may be allowed to pass through the in-line device after evaluating the QoS information of the DSCP field.
  - 16. The article according to claim 15, further comprising preventing a marked data packet to pass through the in-line device if a threshold has been reached using a switch.
  - 17. The article according to claim 16, wherein the threshold corresponds to a maximum amount of marked data packets supported by the in-line device.
  - 18. The article according to claim 12, further comprising sending instructions from the in-line device to the central management server via an interface.
  - 19. The article according to claim 18, wherein the interface is selected from the group consisting of Simple Network Management Protocol (SNMP) or Windows Management Instrumentation (WMI).
  - 20. The article according to claim 12, wherein marking outgoing data packets at the infected endpoint device to create marked data packets is performed via OOB management processing circuitry.
  - 21. The article according to claim 12, wherein the in-line device is selected from the group consisting of intrusion prevention systems (IPS), intrusion detection systems (IDS), network accelerators and application gateways.
  - 22. The article according to claim 12, wherein detecting an infected data packet occurs in the infected endpoint device, the central management server or an intrusion detection system.
  - 30. The method according to claim 21, wherein the in-line device is selected from the group consisting of intrusion prevention systems (IPS), intrusion detection systems (IDS), network accelerators and application gateways.

23. A method of providing network protection comprising:
- detecting an infected data packet at an in-line device;
  
  receiving a first instruction from the in-line device at a central management server, the instruction identifying the origin of the infected data packet;
  
  receiving a marking instruction from the central management server at an infected endpoint device; and
  
  marking outgoing data packets at the infected endpoint device to create marked data packets.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The method according to claim 23, further comprising preventing the marked data packets from passing through the in-line device if a threshold has been reached.
  - 25. The method according to claim 23, wherein marking the outgoing data packets comprises using a Differentiated Services Code Point (DSCP) field, the DSCP field including Quality of Service (QoS) information.
  - 26. The method according to claim 25, wherein at least one marked data packet and at least one expected data packet may be allowed to pass through the in-line device after evaluating the QoS information of the DSCP field.
  - 27. The method according to claim 26, further comprising preventing a marked data packet to pass through the in-line device if a threshold has been reached using a switch.
  - 28. The method according to claim 27, wherein the threshold corresponds to a maximum amount of marked data packets supported by the in-line device.
  - 29. The method according to claim 23, wherein detecting an infected data packet occurs in the infected endpoint device, the central management server or an intrusion detection system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ben-Shalom, Omer, Shaliv, Adi

Granted Patent

US 7,710,887 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/242
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/5022   by giving priorities, e.g. ...

H04L 43/00   Arrangements for monitoring...

H04L 43/0811   by checking connectivity

H04L 43/16   Threshold monitoring

H04L 63/1416   Event detection, e.g. attac...

Network Protection Via Embedded Controls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Network Protection Via Embedded Controls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links