Method and apparatus for intercepting performance metric packets for improved security and intrusion detection
First Claim
1. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
- generating an information query by the sender;
sending the information query to the recipient;
receiving the information query at a border device of the recipient; and
processing the information query at the border device to provide information in a response to the information query, the response from the border device to the sender including address identification information of the recipient that is different than that of the border device and different than that of the sender, and measurement information about a portion of the connection, the portion being that between the sender and the border device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method in which a border device of a destination network located outside of a recipient personal computer or network intercepts a performance measurement packet for a specified recipient in order to relieve problems that arise when performance metric packets are interpreted as harmful to a recipient network or server. A border device intercepts the performance metric packet and returns requested information to the sender while masking the source address of the response as the original destination address of the original recipient or the network number of that recipient. The sender of the packet receives ample information on the performance metrics to the perimeter of the recipient for use in its application and the recipient network is protected as well by masking the IP addresses in use on the its network. The method is applicable in both existing performance metric protocols and is adaptable to a new protocol which would also additionally assist in identifying the purpose of the performance metric packets and protecting the destination network from outside interference. The number of performance metrics queried by some applications could also be reduced through the use of CIDR network block tables. These tables would be referenced to determine if a previous response was cached from this network block or to allow for a longer cache time-out due to the static nature of CIDR blocks.
-
Citations
19 Claims
-
1. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
-
generating an information query by the sender; sending the information query to the recipient; receiving the information query at a border device of the recipient; and processing the information query at the border device to provide information in a response to the information query, the response from the border device to the sender including address identification information of the recipient that is different than that of the border device and different than that of the sender, and measurement information about a portion of the connection, the portion being that between the sender and the border device. - View Dependent Claims (2, 3, 4)
-
-
5. A method of gathering information about a connection between a sender and a recipient in a network comprising the steps of:
-
generating an information query by the sender; sending the information query to the recipient; and receiving the information query at a border device of the recipient; and processing the information query at the border device according to a plurality of predetermined rules, wherein said predetermined rules include; (a) providing information requested by the information query in a response to the information query, the response from the border device to the sender including address identification information of the recipient that is different than that of the border device and different than that of the sender and, measurement information about a portion of the connection; (b) discarding the information query; and (c) passing the information query through the border device to the recipient for response. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A border device positioned between a sender and a recipient for use in gathering information regarding a connection between the sender and the recipient in a network, the border device comprising:
-
a receiver for receiving an information query from the sender addressed to the recipient; a processor for processing the information query on behalf of the recipient to generate a response to the sender including address identification information of the recipient that is different than that of the border device and different than that of the sender, and measurement information about a portion of the connection, the portion being that between the sender and the border device; and a transmitter for sending the response to the sender. - View Dependent Claims (12, 13, 14)
-
-
15. A method of gathering performance measurement information regarding a connection between a sender and a recipient in a network comprising the steps of:
-
generating a performance measurement packet by the sender; sending the performance measurement packet to the recipient; receiving the performance measurement packet at a border device of the recipient; and processing the performance measurement packet at the border device according to a plurality of predetermined rules, wherein said predetermined rules provide for one of; (a) generating a response packet to the performance measurement packet to provide performance metric information to be sent from the border device to the sender, the response packet including address information of the recipient that is different than that of the border device and different than that of the sender and performance metric information about a portion of the connection, the performance metric information being about the portion between the sender and the border device; (b) discarding the performance measurement packet; and
(c) passing the performance measurement packet to the recipient. - View Dependent Claims (16, 17, 18, 19)
-
Specification