System and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment
First Claim
Patent Images
1. A system for preventing a spoofed remote procedure call denial of service attack in a networked computing environment, comprising:
- a hierarchical protocol stack comprising a plurality of communicatively interfaced protocol layers with at least one protocol layer providing a client service via a remote procedure call interface;
an authentication module, comprising;
a packet module intercepting a request packet sent from a requesting client, the request packet containing a service request being sent to a remote server via a remote procedure call, forwarding the request packet and a token to the remote server indicated in the remote procedure call, and receiving a response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service; and
an identification module generating the token uniquely identifying the request packet using data contained therein and including the token with the request packet and determining whether the response packet includes a token uniquely identifying the response packet as having originated from the requesting client for the provided client service.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment is described. A hierarchical protocol stack defines a plurality of communicatively interfaced protocol layers. At least one protocol layer provides a client service via a remote procedure call interface. A request packet sent from a requesting client is intercepted. The request packet contains a service request being sent to a remote server via a remote procedure call. A token uniquely identifying the request packet is generated using data contained therein. The token is included with the request packet. The request packet and the included token is forwarded to the remote server indicated in the remote procedure call. A response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service is received. The response packet is analyzed to determine whether the response packet includes a token uniquely identifying the response packet as having originated from the requesting client for the provided client service.
-
Citations
29 Claims
-
1. A system for preventing a spoofed remote procedure call denial of service attack in a networked computing environment, comprising:
-
a hierarchical protocol stack comprising a plurality of communicatively interfaced protocol layers with at least one protocol layer providing a client service via a remote procedure call interface;
an authentication module, comprising;
a packet module intercepting a request packet sent from a requesting client, the request packet containing a service request being sent to a remote server via a remote procedure call, forwarding the request packet and a token to the remote server indicated in the remote procedure call, and receiving a response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service; and
an identification module generating the token uniquely identifying the request packet using data contained therein and including the token with the request packet and determining whether the response packet includes a token uniquely identifying the response packet as having originated from the requesting client for the provided client service. - View Dependent Claims (2, 3)
the identification module removing any such token included with the response packet where such token affirmatively identifies the response packet as having originated from the requesting client; and
the packet module forwarding the response packet to the requesting client.
-
-
3. A system according to claim 2, further comprising:
the identification module discarding the response packet where at least one of such token fails to identify the response packet as having originated from the requesting client and the response packet does not include a token.
-
4. A system according to claim 1, further comprising:
-
the identification module associating a timeout variable with the token;
the packet module discarding the response packet where any such token included with the response packet has an expired associated timeout variable.
-
-
5. A system according to claim 1, further comprising:
the identification module providing within the token an indication of keying material used in generating the token.
-
6. A system according to claim 1, further comprising:
the identification module augmenting the request packet with the token, comprising at least one of inserting the token into a header of the request packet for at least one such protocol layer and appending the token onto the end of the request packet.
-
7. A system according to claim 6, further comprising:
the identification module recalculating each such checksum included in the header of the request packet for each such protocol layer that includes a checksum.
-
8. A system according to claim 1, wherein the received request packet is selected from the group comprising an ICMP echo request, an ICMP timestamp request, and a DNS request.
-
9. A system according to claim 1, wherein the token includes a cryptographic checksum.
-
10. A system according to claim 1, wherein the token comprises a magic number, command value, nonce value, key identifier, expiration time, and hash value.
-
11. A system according to claim 1, wherein the hierarchical protocol stack complies with Transmission Control Protocol/Internet Protocol (TCP/IP).
-
12. A method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment, comprising:
-
defining a hierarchical protocol stack comprising a plurality of communicatively interfaced protocol layers with at least one protocol layer providing a client service via a remote procedure call interface;
intercepting a request packet sent from a requesting client, the request packet containing a service request being sent to a remote server via a remote procedure call;
generating a token uniquely identifying the request packet using data contained therein and including the token with the request packet;
forwarding the request packet and the included token to the remote server indicated in the remote procedure call;
receiving a response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service; and
determining whether the response packet includes a token uniquely identifying the response packet as having originated from the requesting client for the provided client service.
-
-
13. A method according to claim 12, further comprising:
-
removing any such token included with the response packet where such token affirmatively identifies the response packet as having originated from the requesting client; and
forwarding the response packet to the requesting client.
-
-
14. A method according to claim 13, further comprising:
discarding the response packet where at least one of such token fails to identify the response packet as having originated from the requesting client and the response packet does not include a token.
-
15. A method according to claim 12, further comprising:
-
associating a timeout variable with the token;
discarding the response packet where any such token included with the response packet has an expired associated timeout variable.
-
-
16. A method according to claim 12, further comprising:
providing within the token an indication of keying material used in generating the token.
-
17. A method according to claim 12, further comprising:
-
augmenting the request packet with the token, comprising at least one of;
inserting the token into a header of the request packet for at least one such protocol layer; and
appending the token onto the end of the request packet.
-
-
18. A method according to claim 17, further comprising:
recalculating each such checksum included in the header of the request packet for each such protocol layer that includes a checksum.
-
19. A method according to claim 12, wherein the received request packet is selected from the group comprising an ICMP echo request, an ICMP timestamp request, and a DNS request.
-
20. A method according to claim 12, wherein the token includes a cryptographic checksum.
-
21. A method according to claim 12, wherein the token comprises a magic number, command value, nonce value, key identifier, expiration time, and hash value.
-
22. A method according to claim 12, wherein the hierarchical protocol stack complies with Transmission Control Protocol/Internet Protocol (TCP/IP).
-
23. A computer-readable storage medium holding code for preventing a spoofed remote procedure call denial of service attack in a networked computing environment, comprising:
-
defining a hierarchical protocol stack comprising a plurality of communicatively interfaced protocol layers with at least one protocol layer providing a client service via a remote procedure call interface;
intercepting a request packet sent from a requesting client, the request packet containing a service request being sent to a remote server via a remote procedure call;
generating a token uniquely identifying the request packet using data contained therein and including the token with the request packet;
forwarding the request packet and the included token to the remote server indicated in the remote procedure call;
receiving a response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service; and
determining whether the response packet includes a token uniquely identifying the response packet as having originated from the requesting client for the provided client service.
-
-
24. A storage medium according to claim 23, further comprising:
-
removing any such token included with the response packet where such token affirmatively identifies the response packet as having originated from the requesting client; and
forwarding the response packet to the requesting client.
-
-
25. A storage medium according to claim 23, further comprising:
discarding the response packet where at least one of such token fails to identify the response packet as having originated from the requesting client and the response packet does not include a token.
-
26. A storage medium according to claim 23, further comprising:
-
associating a timeout variable with the token;
discarding the response packet where any such token included with the response packet has an expired associated timeout variable.
-
-
27. A storage medium according to claim 23, further comprising:
providing within the token an indication of keying material used in generating the token.
-
28. A storage medium according to claim 23, further comprising:
-
augmenting the request packet with the token, comprising at least one of;
inserting the token into a header of the request packet for at least one such protocol layer; and
appending the token onto the end of the request packet.
-
-
29. A storage medium according to claim 23, further comprising:
recalculating each such checksum included in the header of the request packet for each such protocol layer that includes a checksum.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, Inc. (McAfee, LLC)
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsWatson, Robert N. M., Gudmundsson, Olafur
-
Primary Examiner(s)Lim, Krisna
-
Application NumberUS09/750,956Time in Patent Office1,321 DaysField of Search709/203, 709/229, 709/230, 719/330, 713/201US Class Current709/229CPC Class CodesG06F 9/547 Remote procedure calls [RPC...H04L 63/0245 Filtering by information in...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/1458 Denial of ServiceH04L 63/1466 Active attacks involving in...H04L 69/14 Multichannel or multilink p...
