Method and system for monitoring control signal traffic over a computer network
First Claim
1. A method for monitoring control signal traffic over a computer network comprising a plurality of routers by a monitoring computer system, the method comprising acts of:
- maintaining, by the monitoring computer, at least one peering session with at least one of the plurality of routers, wherein the act of maintaining includes an act of sending messages by the monitoring computer system to the at least one of the plurality of routers;
configuring the at least one of the plurality of routers to direct control signals relating to control of a routing protocol via the at least one peering session maintained to the monitoring computer system, wherein the monitoring computer system is separate from a router network including the plurality of routers;
receiving, by the computer system from the at least one of the plurality of routers via the at least one peering session, at least one control signal communicated to one or more other routers;
storing the at least one control signal in a database of monitoring the computer system;
identifying, by the monitoring computer system based on the at least one control signal, at least one change to a network topology;
generating an alert message identifying the at least one change to the network topology;
sending the alert message to a computer system of a network administrator;
determining, by the computer system of the network administrator based on the alert message received, an anomaly in the computer network; and
displaying, to the network administrator in a display of the computer system of the network administrator, an indication of the anomaly in the computer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for detecting, tracking and/or blocking control signal attacks, which can occur between local computer systems and/or between remote computer systems, network links, and/or routing systems over a computer network. The system includes a router monitor adapted to receive a plurality of control signals and related information from the computer network and to process the plurality of control signals and related information to detect one or more control signal anomalies. The router monitor is further adapted to generate a plurality of alert signals representing the one or more control signal anomalies. The system further includes a controller that is coupled to the router monitor and is adapted to receive the plurality of alert signals from the router monitor. The controller is constructed and arranged to respond to the plurality of alert signals by tracking attributes related to the one or more control signal anomalies to at least one source, and to block the one or more control signal anomalies using a filtering mechanism executed in close proximity to the at least one source.
132 Citations
30 Claims
-
1. A method for monitoring control signal traffic over a computer network comprising a plurality of routers by a monitoring computer system, the method comprising acts of:
-
maintaining, by the monitoring computer, at least one peering session with at least one of the plurality of routers, wherein the act of maintaining includes an act of sending messages by the monitoring computer system to the at least one of the plurality of routers; configuring the at least one of the plurality of routers to direct control signals relating to control of a routing protocol via the at least one peering session maintained to the monitoring computer system, wherein the monitoring computer system is separate from a router network including the plurality of routers; receiving, by the computer system from the at least one of the plurality of routers via the at least one peering session, at least one control signal communicated to one or more other routers; storing the at least one control signal in a database of monitoring the computer system; identifying, by the monitoring computer system based on the at least one control signal, at least one change to a network topology; generating an alert message identifying the at least one change to the network topology; sending the alert message to a computer system of a network administrator; determining, by the computer system of the network administrator based on the alert message received, an anomaly in the computer network; and displaying, to the network administrator in a display of the computer system of the network administrator, an indication of the anomaly in the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for monitoring control signal traffic over a computer network comprising a plurality of network communication systems, the apparatus comprising:
-
a monitor that receives, from at least one of the plurality of routers configured to direct control signals relating to control of a routing protocol to the monitor, at least one control signal communicated to one or more other routers, the at least one control signal being received via at least one peering session with the at least one of the plurality of routers, and wherein the monitor actively maintains the at least one peering session with the at least one of the plurality of routers by sending messages to the at least one of the plurality of routers, the monitor being configured to store and the monitor being configured to identify; the at least one control signal in a database; and based on the at least one control signal, at least one change to a network topology; a detector that detects an anomaly based on the at least one control signal; and a controller that is configured to receive the detected anomaly from the detector, and is configured to communicate the anomaly in an alert message to a computer system of a network administrator. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer-readable medium encoded with instructions for execution on a monitoring computer system, the instructions when executed, perform a method comprising acts of:
-
configuring a plurality of routers to forward control signals relating to control of a routing protocol to the monitoring computer system; receiving, by the monitoring computer system from at least one of the plurality of routers, at least one control signal communicated to one or more other routers, the at least one control signal being received via at least one peering session with the at least one of the plurality of routers, and wherein the monitoring computer system actively maintains the at least one peering session with the at least one of the plurality of routers by sending messages to the at least one of the plurality of routers; storing the at least one control signal in a database of the computer system; and identifying, by the computer system based on the at least one control signal, at least one change to a network topology; determining, based on the at least one control signal, an anomaly in the computer network; generating an alert signal based on the determined anomaly; sending an alert message comprising the alert signal to a computer system of a network administrator; determining, by the computer system of the network administrator based on the alert message received, an anomaly in the computer network; and displaying, to the network administrator in a display of the computer system of the network administrator, an indication of the anomaly in the computer network. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for monitoring control signal traffic over a computer network comprising a plurality of routers by a monitoring computer system, the method comprising acts of:
-
configuring the plurality of routers to forward control signals relating to control of a routing protocol to the monitoring computer system; receiving, by the monitoring computer system from at least one of the plurality of routers, at least one route control signal communicated to one or more other routers, each of which storing a respective routing table, the at least one route control signal affecting at least one routing table entry within the respective routing table of the one or more other routers, the at least one route control signal being received via at least one peering session with the at least one of the plurality of routers, and wherein the monitoring computer system actively maintains the at least one peering session with the at least one of the plurality of routers by sending messages to the at least one of the plurality of routers; storing the at least one route control signal in a database of the monitoring computer system; and identifying, by the computer system based on the at least one route control signal, at least one change to a network topology among the plurality of routers; generating an alert message identifying the at least one change to the network topology; sending the alert message to a computer system of a network administrator; determining, by the computer system of the network administrator based on the alert message received, an anomaly in the computer network; and displaying, to the network administrator in a display of the computer system of the network administrator, an indication of the anomaly in the computer network.
-
Specification