Coordinated detection of a grey-hole attack in a communication network
First Claim
1. A method, comprising:
- receiving, at a security device in a communication network, a first set of one or more unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device;
receiving, at the security device, a second set of one or more unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device;
comparing the first and second sets of unique identifications; and
determining whether acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.
-
Citations
13 Claims
-
1. A method, comprising:
-
receiving, at a security device in a communication network, a first set of one or more unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device; receiving, at the security device, a second set of one or more unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device; comparing the first and second sets of unique identifications; and determining whether acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets. - View Dependent Claims (2)
-
-
3. A method, comprising:
-
sending one or more packets from a first device in a communication network to a second device; receiving a corresponding acknowledgment purportedly returned by the second device to the first device for the one or more packets; in response to receiving the corresponding acknowledgment, storing a unique identification of one or more correspondingly acknowledged packets; and sending the unique identification to a security device that compares a first set of one or more unique identifications from the first device to a second set of one or more unique identifications from the second device for packets received by the second device from the first device and acknowledged by the second device to the first device to determine whether the acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets. - View Dependent Claims (4, 5)
-
-
6. A method, comprising:
-
receiving one or more packets at a second device in a communication network from a first device; in response, returning a corresponding acknowledgment to the first device for the one or more packets; in response to returning the corresponding acknowledgment, storing a unique identification for each of the correspondingly acknowledged packets; and sending the one or more unique identifications to a security device that compares a second set of one or more unique identifications from the second device to a first set of one or more unique identifications of packets sent by the first device to the second device, for which a corresponding acknowledgment was purportedly returned by the second device to the first device, to determine whether the acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets. - View Dependent Claims (7, 8, 9)
-
-
10. An apparatus, comprising:
-
one or more network interfaces to communicate within a communication network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive a first set of one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device; receive a second set of one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device; compare the first and second sets of unique identifications; and determine whether acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets. - View Dependent Claims (11)
-
-
12. An apparatus, comprising:
-
one or more network interfaces to communicate within a communication network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; send one or more packets to a second device; receive a corresponding acknowledgment purportedly returned by the second device to the apparatus for the one or more packets; in response to receiving the corresponding acknowledgment, store a unique identification of one or more correspondingly acknowledged packets; and send the unique identification to a security device that compares a first set of the one or more unique identifications from the apparatus to a second set of one or more unique identifications from the second device for packets received by the second device from the apparatus and acknowledged by the second device to the apparatus to determine whether the acknowledgments received by the apparatus were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets.
-
-
13. An apparatus, comprising:
-
one or more network interfaces to communicate within a communication network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive one or more packets from a first device; in response, return a corresponding acknowledgment to the first device for the one or more packets; in response to returning the corresponding acknowledgment, store a unique identification for each of the correspondingly acknowledged packets; and send the one or more unique identifications to a security device that compares a second set of the one or more unique identifications from the apparatus to a first set of one or more unique identifications of packets sent by the first device to the apparatus, for which a corresponding acknowledgment was purportedly returned by the apparatus to the first device, to determine whether the acknowledgments received by the first device were truly returned from the apparatus based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets.
-
Specification