×

Method and apparatus for capturing and filtering datagrams for network security monitoring

  • US 7,467,408 B1
  • Filed: 09/09/2002
  • Issued: 12/16/2008
  • Est. Priority Date: 09/09/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method for network security monitoring in a computer network, comprising the steps of:

  • providing a default path in the computer network for suspect datagrams, the computer network configured as a Local Area Network (LAN);

    capturing suspect datagrams transmitted on said default path, the suspect datagrams generated by clients within the computer network the suspect datagrams having destination addresses that do not match any of the destination addresses located in routing tables of network routers within the LAN;

    filtering said captured suspect datagrams and transmitting said filtered datagrams to a network monitor wherein filtering said captured suspect datagrams comprises limiting a rate of the suspect datagrams to be transmitted to the network monitor, a quantity of suspect datagrams to be transmitted to the network monitor, a size of the suspect datagrams to be transmitted to the network monitor, and a bandwidth associated with the suspect datagrams to be transmitted to the network monitor;

    wherein said providing step further comprises advertising a low-cost network perimeter route to a network router such that said router enters said low-cost network perimeter route into a routing table as said default path,identifying, by the network monitor, a compromised client within the LAN based upon the filtered datagrams generated within the LAN and received by the network monitor, anddisabling LAN access for the compromised client within the LAN to disable further propagation of the suspect datagrams within the LAN.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×