Rogue router hunter

US 7,991,877 B2
Filed: 10/05/2007
Issued: 08/02/2011
Est. Priority Date: 10/05/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for detecting unauthorized routers in a distributed network, the computer implemented method comprising:

obtaining a physical address of a destination device;

creating, by a source device, a data packet comprising at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address to cause the destination device receiving the data packet to route the data packet if the destination device is configured for routing, and wherein the time-to-live field comprises a value indicating the data packet has already exceeded a time limit to cause the destination device receiving the data packet to return a time exceeded message to the source device;

sending the data packet to the destination device using the physical address in the destination media access control field; and

responsive to receiving the time exceeded message from the destination device, determining that the destination device is enabled for routing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, data processing system, and computer program product for discovering an unauthorized router in a network. The process in the illustrative embodiments first obtains a physical address of a suspected router or destination device. A data packet is created which comprises at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address, and wherein the time-to-live field comprises a value indicating the data packet has exceeded a time limit. The data packet is sent to the destination device using the physical address in the destination media access control field. If a time exceeded message is received from the destination device, the destination device is determined to be enabled for routing.

Citations

18 Claims

1. A computer implemented method for detecting unauthorized routers in a distributed network, the computer implemented method comprising:
- obtaining a physical address of a destination device;
  
  creating, by a source device, a data packet comprising at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address to cause the destination device receiving the data packet to route the data packet if the destination device is configured for routing, and wherein the time-to-live field comprises a value indicating the data packet has already exceeded a time limit to cause the destination device receiving the data packet to return a time exceeded message to the source device;
  
  sending the data packet to the destination device using the physical address in the destination media access control field; and
  
  responsive to receiving the time exceeded message from the destination device, determining that the destination device is enabled for routing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer implemented method of claim 1, further comprising:
    - responsive to a failure to receive a time exceeded message from the destination device, determining that the destination device is not enabled for routing.
  - 3. The computer implemented method of claim 1, wherein the physical address of the destination device is the media access control address of a network interface card in the destination device.
  - 4. The computer implemented method of claim 1, wherein the data packet further comprises a source media access control field comprising a physical address of a source device and a source internet protocol field comprising an internet protocol address of the source device.
  - 5. The computer implemented method of claim 1, wherein the destination device examines the destination internet protocol address in the data packet, determines if the destination internet protocol address in the data packet matches the internet protocol address of the destination device, examines the value in the time-to-live field in the data packet if routing is enabled on the destination device, and sends the time exceeded message to the internet protocol address in the source internet protocol address field if the value indicates the data packet has exceeded a time limit.
  - 6. The computer implemented method of claim 5, wherein the destination device discards the data packet if routing is not enabled on the destination device.
  - 7. The computer implemented method of claim 1, wherein the determination that the destination device is enabled for routing is performed when the internet protocol address for the destination device is unknown.
  - 8. The computer implemented method of claim 1, wherein the determination that the destination device is enabled for routing is performed when the internet protocol addresses for devices on a subnet of the destination device are unknown.
  - 9. The computer implemented method of claim 1, wherein the physical address of the destination device is obtained using one of a ping utility or an Address Resolution Protocol.

10. A data processing system for detecting unauthorized routers in a distributed network, the data processing system comprising:
- a bus;
  
  a storage device connected to the bus, wherein the storage device contains computer usable code;
  
  at least one managed device connected to the bus;
  
  a communications unit connected to the bus; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code to obtain a physical address of a destination device;
  
  create a data packet comprising at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address to cause the destination device receiving the data packet to route the data packet if the destination device is configured for routing, and wherein the time-to-live field comprises a value indicating the data packet has already exceeded a time limit to cause the destination device receiving the data packet to return a time exceeded message to a source device;
  
  send the data packet to the destination device using the physical address in the destination media access control field; and
  
  determine that the destination device is enabled for routing in response to receiving the time exceeded message from the destination device.

11. A computer program product for detecting unauthorized routers in a distributed network, the computer program product comprising:
- a non-transitory computer usable storage medium having computer usable program code stored thereon, the computer usable program code comprising;
  
  computer usable program code for obtaining a physical address of a destination device;
  
  computer usable program code for creating a data packet comprising at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address to cause the destination device receiving the data packet to route the data packet if the destination device is configured for routing, and wherein the time-to-live field comprises a value indicating the data packet has already exceeded a time limit to cause the destination device receiving the data packet to return a time exceeded message to a source device;
  
  computer usable program code for sending the data packet to the destination device using the physical address in the destination media access control field; and
  
  computer usable program code for determining that the destination device is enabled for routing in response to receiving the time exceeded message from the destination device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer program product of claim 11, further comprising:
    - computer usable program code for determining that the destination device is not enabled for routing in response to a failure to receive a time exceeded message from the destination device.
  - 13. The computer program product of claim 11, wherein the physical address of the destination device is the media access control address of a network interface card in the destination device.
  - 14. The computer program product of claim 11, wherein the data packet further comprises a source media access control field comprising a physical address of a source device and a source internet protocol field comprising an internet protocol address of the source device.
  - 15. The computer program product of claim 11, wherein the destination device examines the destination internet protocol address in the data packet, determines if the destination internet protocol address in the data packet matches the internet protocol address of the destination device, examines the value in the time-to-live field in the data packet if routing is enabled on the destination device, and sends the time exceeded message to the internet protocol address in the source internet protocol address field if the value indicates the data packet has exceeded a time limit.
  - 16. The computer program product of claim 15, wherein the destination device discards the data packet if routing is not enabled on the destination device.
  - 17. The computer program product of claim 11, wherein the determination that the destination device is enabled for routing is performed when the internet protocol address for the destination device is unknown or when the internet protocol addresses for devices on a subnet of the destination device are unknown.
  - 18. The computer program product of claim 11, wherein the physical address of the destination device is obtained using one of a ping utility or an Address Resolution Protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Keohane, Susann Marie, McBrearty, Gerald Francis, Shieh, Johnny Meng-Han, Mullen, Shawn Patrick, Murillo, Jessica Carol
Primary Examiner(s)
Lin; Kenny S
Assistant Examiner(s)
Khajuria; Shripal K

Application Number

US11/867,726
Publication Number

US 20090094357A1
Time in Patent Office

1,397 Days
Field of Search

709/224, 709/225
US Class Current

709/224
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 45/00   Routing or path finding of ...

H04L 45/20   Hop count for routing purpo...

H04L 63/1441   Countermeasures against mal...

Rogue router hunter

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Rogue router hunter

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links