System and method for network vulnerability detection and reporting

US 7,673,043 B2
Filed: 05/14/2007
Issued: 03/02/2010
Est. Priority Date: 01/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of conducting an automated vulnerability assessment on a computer network, comprising:

sending a plurality of IP addresses to a network scanning process;

assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and

providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;

wherein an IP address shuffler performs a deterministic shuffling process on a group of IP addresses.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

204 Citations

23 Claims

1. A method of conducting an automated vulnerability assessment on a computer network, comprising:
- sending a plurality of IP addresses to a network scanning process;
  
  assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
  
  providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
  
  wherein an IP address shuffler performs a deterministic shuffling process on a group of IP addresses.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as defined in claim 1, wherein the deterministic shuffling process uses a prime number to determine an order of IP addresses in a shuffled IP address array.
  - 3. The method as defined in claim 1, wherein the network scanning process divides an initial range of IP addresses into a plurality of subranges of IP addresses.
  - 4. The method as defined in claim 3, wherein each of the subranges of IP addresses include contiguous IP addresses.
  - 5. The method as defined in claim 1, wherein each subscanning process reports subscanning results to the network scanning process.

6. A method of conducting an automated vulnerability assessment on a computer network, comprising:
- sending a plurality of IP addresses to a network scanning process;
  
  assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
  
  providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
  
  the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
  
  the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
  
  the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
  
  the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses.

7. A method of conducting an automated vulnerability assessment on a computer network, comprising:
- sending a plurality of IP addresses to a network scanning process;
  
  assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
  
  providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
  
  a first non-ordered sequence and a second non-ordered sequence are generated by applying a deterministic shuffling process to the first group of IP addresses; and
  
  a third non-ordered sequence and a fourth non-ordered sequence are generated by applying a deterministic shuffling process to the second group of IP addresses.

8. A computer program product embodied on a tangible computer readable medium, comprising:
- computer code for sending a plurality of IP addresses to a network scanning process;
  
  computer code for assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
  
  computer code for providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
  
  wherein the computer program product is operable such that;
  
  the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
  
  the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
  
  the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
  
  the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product as defined in claim 8, wherein:
    - the first non-ordered sequence and the second non-ordered sequence are generated by applying a deterministic shuffling process to the first group of IP addresses; and
      
      the third non-ordered sequence and the fourth non-ordered sequence are generated by applying a deterministic shuffling process to the second group of IP addresses.
  - 10. The computer program product as defined in claim 8, wherein an IP address shuffler performs a deterministic shuffling process on a group of IP addresses.
  - 11. The computer program product as defined in claim 10, wherein the deterministic shuffling process uses a prime number to determine an order of IP addresses in a shuffled IP address array.
  - 12. The computer program product as defined in claim 8, wherein the network scanning process divides an initial range of IP addresses into a plurality of subranges of IP addresses.
  - 13. The computer program product as defined in claim 12, wherein each of the subranges of IP addresses include contiguous IP addresses.
  - 14. The computer program product as defined in claim 8, wherein each subscanning process reports subscanning results to the network scanning process.

15. Apparatus, comprising:
- means for sending a plurality of IP addresses to a network scanning process;
  
  means for assigning a first group of IP addresses from the plurality of IP addresses to a first subscanning process and assigning a second group of IP addresses from the plurality of IP addresses to a second subscanning process, the first subscanning process scanning the computer network with a first selected sequence of IP addresses from the first group of IP addresses and receiving and storing a first set of responses from the computer network, the second subscanning process scanning the computer network with a second selected sequence of IP addresses from the second group of IP addresses and receiving and storing a second set of responses from the computer network, the first selected sequence of IP addresses and the second selected sequence of IP addresses being applied in parallel; and
  
  means for providing the first set of responses and the second set of responses as data for performing a vulnerability assessment of the computer network;
  
  wherein the apparatus is operable such that;
  
  the first group of IP addresses applied by the first subscanning process are distributed among at least a first batch of IP addresses and a second batch of IP addresses;
  
  the first batch of IP addresses comprises a first non-ordered sequence of a first portion of the first group of IP addresses and the second batch of IP addresses comprises a second non-ordered sequence of a second portion of the first group of IP addresses;
  
  the second group of IP addresses applied by the second subscanning process are distributed among at least a third batch of IP addresses and a fourth batch of IP addresses; and
  
  the third batch of IP addresses comprises a third non-ordered sequence of a first portion of the second group of IP addresses and the fourth batch of IP addresses comprises a fourth non-ordered sequence of a second portion of the second group of IP addresses.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. Apparatus as defined in claim 15, wherein:
    - the first non-ordered sequence and the second non-ordered sequence are generated by applying a deterministic shuffling process to the first group of IP addresses; and
      
      the third non-ordered sequence and the fourth non-ordered sequence are generated by applying a deterministic shuffling process to the second group of IP addresses.
  - 17. Apparatus as defined in claim 15, wherein an IP address shuffler performs a deterministic shuffling process on a group of IP addresses.
  - 18. Apparatus as defined in claim 17, wherein the deterministic shuffling process uses a prime number to determine an order of IP addresses in a shuffled IP address array.
  - 19. Apparatus as defined in claim 15, wherein the network scanning process divides an initial range of IP addresses into a plurality of subranges of IP addresses.
  - 20. Apparatus as defined in claim 19, wherein each of the subranges of IP addresses include contiguous IP addresses.

21. A method, comprising:
- assigning a first group including one or more IP addresses to a first subscanning process and assigning a second group including one or more IP addresses to a second subscanning process, the first subscanning process scanning the computer network with the one or more IP addresses of the first group and receiving and storing one or more responses from the computer network, the second subscanning process scanning the computer network with the one or more IP addresses of the second group and receiving and storing one or more responses from the computer network, the first subscanning process occurring in parallel with the second subscanning process; and
  
  providing the responses as data for performing a vulnerability assessment of the computer network;
  
  wherein an IP address shuffler performs a deterministic shuffling process on a group of IP addresses.
- View Dependent Claims (22, 23)
- - 22. The method as defined in claim 21, wherein the first group and the second group each includes a single IP address.
  - 23. The method as defined in claim 21, wherein the first group and the second group each includes a plurality of IP addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Ecker, Stephen A., Keir, Robin M.
Primary Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US11/748,445
Publication Number

US 20070283007A1
Time in Patent Office

1,023 Days
Field of Search

709/224, 726 22- 25
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 5/3083   Birefringent or phase retar...

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

204 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

204 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others