Method and apparatus for communicating intrusion-related information between internet service providers
First Claim
1. A method for communicating intrusion-related information from a first node associated with a first internet service provider to a second node associated with a second internet service provider comprising:
- establishing a peering relationship between the first node and the second node, the peering relationship specifying a peering point;
establishing a direct link between the first internet service provider and second internet service provider for forwarding packets from the second internet service provider to the first internet service provider without routing via a public link, the direct link comprising the peering point;
enabling exchange of private routing information of the first internet service provider and second internet service provider between the first and second node across the direct link, the private routing information specifying a network address for the first node;
identifying, by the first node, first intrusion-related information meeting a first criteria;
receiving, by the first node, second intrusion-related information from the peering point, the second intrusion-related information routed to the first node using the private routing information via the direct link;
determining whether the second intrusion-related information comprises information about an attack at a protocol stack layer;
modifying the peering relationship to generate a modified peering relationship based on the second intrusion-related information and the determining whether the second intrusion-related information comprises information about the attack at the protocol stack layer; and
determining whether to transmit the first intrusion-related information to the second node via the direct link in accordance with the modified peering relationship.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a system and method for the sharing of intrusion-related information. The sharing of intrusion-related information occurs via a peering relationship between a first Internet Service Provider (ISP) and a second ISP. A first node associated with a first ISP transmits intrusion-related information to a second node associated with a second ISP. The first node identifies intrusion-related information meeting a first criteria. The first node then transmits the intrusion-related information to the second node. The intrusion-related information includes one or more of a list of attackers that previously probed the first node, the protocol used, the time of the probes, and the individual alarms raised.
16 Citations
18 Claims
-
1. A method for communicating intrusion-related information from a first node associated with a first internet service provider to a second node associated with a second internet service provider comprising:
-
establishing a peering relationship between the first node and the second node, the peering relationship specifying a peering point; establishing a direct link between the first internet service provider and second internet service provider for forwarding packets from the second internet service provider to the first internet service provider without routing via a public link, the direct link comprising the peering point; enabling exchange of private routing information of the first internet service provider and second internet service provider between the first and second node across the direct link, the private routing information specifying a network address for the first node; identifying, by the first node, first intrusion-related information meeting a first criteria; receiving, by the first node, second intrusion-related information from the peering point, the second intrusion-related information routed to the first node using the private routing information via the direct link; determining whether the second intrusion-related information comprises information about an attack at a protocol stack layer; modifying the peering relationship to generate a modified peering relationship based on the second intrusion-related information and the determining whether the second intrusion-related information comprises information about the attack at the protocol stack layer; and determining whether to transmit the first intrusion-related information to the second node via the direct link in accordance with the modified peering relationship. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A first node associated with a first internet service provider communicating intrusion-related information to with a second node associated with a second internet service provider, the first node comprising:
-
a processor configured to; establish a peering relationship between the first node and the second node, the peering relationship specifying a peering point; establish a direct link between the first internet service provider and second internet service provider for forwarding packets from the second internet service provider to the first internet service provider without routing via a public link, the direct link comprising the peering point; enable exchange of private routing information of the first internet service provider and second internet service provider between the first and second node across the direct link, the private routing information specifying a network address for the first node; identify first intrusion-related information meeting a first criteria designated by the peering relationship; receive, by the first node, second intrusion-related information from the peering point, the second intrusion-related information routed to the first node using the private routing information via the direct link; determine whether the second intrusion-related information comprises information about an attack at a protocol stack layer; modify the peering relationship to generate a modified peering relationship based on the second intrusion-related information and whether the second intrusion-related information comprises information about the attack at the protocol stack layer; and determine whether to transmit the first intrusion-related information to the second node in accordance with the modified peering relationship; and an interface configured to communicate via the direct link the first intrusion-related information to the second node. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification