×

Method of determining network penetration

  • US 7,971,244 B1
  • Filed: 11/19/2003
  • Issued: 06/28/2011
  • Est. Priority Date: 11/19/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method of determining network penetration, the method comprising the computer-implemented steps of:

  • receiving first information that identifies a packet;

    representing a possible travel of the packet in a network based on topology data and on security policy data;

    wherein the step of representing comprises;

    checking the first information against an inbound access control list (ACL), included in the security policy data, of an interface of a network device comprising a network entry point for the packet, wherein checking the first information against the inbound ACL includes determining whether the inbound ACL permits ingress of the packet at the network device;

    if the inbound ACL permits the ingress of the packet at the network device, checking the first information against one or more outbound ACLs for each outbound interface of the network device to determine one or more possible outbound interfaces on which egress of the packet is permitted from the network device;

    checking the topology data to determine one or more neighbor network devices that the packet could reach, wherein the one or more neighbor network devices are respectively connected to the one or more possible outbound interfaces on which the egress of the packet is permitted from the network device;

    repeating the checking steps for each neighbor network device, of the one or more neighbor network devices, that is connected to each of the one or more possible outbound interfaces;

    providing an output that specifies a possible penetration of the packet into the network, based on the step of representing, wherein the output comprises second information that specifies one or more of;

    possible paths that the packet could take in the network, and a set of network devices that the packet could reach in the network;

    wherein the steps of the method are performed by one or more computer systems.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×