Logical Partition Media Access Control Impostor Detector
First Claim
1. A method, comprising;
- establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a monitored device of a plurality of monitored devices, each monitored device associated with unique address;
transmitting a heartbeat from the;
monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels;
in the event a response to the heartbeat is received, transmitting a second heartbeat from the monitoring device to a second monitored device of the plurality of monitored devices via the first secure channel; and
in the event a response to the heartbeat is not received, executing a spooling detection scheme, comprising;
transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device;
receiving a response to the second heartbeat; and
determining that a spooling attack has occurred by the fact that the response to the second heartbeat has been received; and
in response to a determination that a response to the second heartbeat has not been received, determining that a spooling attack has not occurred.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are techniques to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spooling LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to Whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending as heartbeat that is designed to fail unless the heartbeat is received by as spooling device.
9 Citations
15 Claims
-
1. A method, comprising;
-
establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a monitored device of a plurality of monitored devices, each monitored device associated with unique address; transmitting a heartbeat from the;
monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels;in the event a response to the heartbeat is received, transmitting a second heartbeat from the monitoring device to a second monitored device of the plurality of monitored devices via the first secure channel; and in the event a response to the heartbeat is not received, executing a spooling detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; and determining that a spooling attack has occurred by the fact that the response to the second heartbeat has been received; and
in response to a determination that a response to the second heartbeat has not been received, determining that a spooling attack has not occurred. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computing system, comprising:
-
a processor; a computer-readable storage medium, coupled to the processor; and logic, stored on the computer-readable storage medium and executed on the processor, for;
establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a monitored device of a plurality of monitored devices, each monitored device associated with unique address; transmitting a heartbeat from the monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; in the event a response to the heartbeat is received, transmitting it second heartbeat from the monitoring device to a second monitored device of the plurality of monitored devices via the first secure channel; and in the event a response to the heartbeat is not received, executing a spooling detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; and determining that a spoofing attack has occurred by the fact that the response to the second heartbeat has been received; and
in response to a determination that a response to the second heartbeat has not been received, determining that a spoofing attack has not occurred. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computing programming product, comprising:
-
a computer-readable storage medium; and logic, stored on the computer-readable storage medium for execution on a processor, for;
establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a monitored device of a plurality of monitored devices, each monitored device associated with unique address; transmitting a heartbeat from the monitoring device to a first monitored device of the plurality of monitor devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; in the event a response to the heartbeat is received, transmitting it second heartbeat from the monitoring device to a second monitored device of the plurality of monitored devices via the first secure channel; and in the event a response to the heartbeat is not received, executing a spooling detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; and determining that a spoofing attack has occurred by the fact that the response to the second heartbeat has been received; and
in response to a determination that a response to the second heartbeat has not been received, determining that a spoofing attack has not occurred. - View Dependent Claims (12, 13, 14, 15)
-
Specification