Logical partition media access control impostor detector
First Claim
1. A computing system, comprising:
- a plurality of processors, at least one of which is a hardware processor;
a non-transitory computer-readable storage medium, coupled to the plurality of processors; and
logic, stored on the computer-readable storage medium and executed on the plurality of processors, for;
establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a corresponding monitored device of a plurality of monitored devices, each monitored device associated with unique address of a plurality of addresses;
transmitting a first heartbeat from the monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels;
determining that a response to the first heartbeat has not been received; and
in response to the determining that the first heartbeat has not been received, executing a spoofing detection scheme, comprising;
transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device;
receiving a response to the second heartbeat;
determining that a spoofing attack has occurred in response to receiving the response to the second heartbeat; and
in response to a determination that a response to the second heartbeat has not been received, determining that either the first channel is broken or the first monitored device is inoperative.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.
-
Citations
13 Claims
-
1. A computing system, comprising:
-
a plurality of processors, at least one of which is a hardware processor; a non-transitory computer-readable storage medium, coupled to the plurality of processors; and logic, stored on the computer-readable storage medium and executed on the plurality of processors, for; establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a corresponding monitored device of a plurality of monitored devices, each monitored device associated with unique address of a plurality of addresses; transmitting a first heartbeat from the monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; determining that a response to the first heartbeat has not been received; and in response to the determining that the first heartbeat has not been received, executing a spoofing detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; determining that a spoofing attack has occurred in response to receiving the response to the second heartbeat; and in response to a determination that a response to the second heartbeat has not been received, determining that either the first channel is broken or the first monitored device is inoperative. - View Dependent Claims (2, 3, 4)
-
-
5. A computing programming product, comprising:
-
a non-transitory computer-readable storage medium; and logic, stored on the computer-readable storage medium for execution on a plurality of processors, at least one of which is a hardware processor, for; establishing a plurality of cryptographically secure channels, each channel between a monitoring device and a corresponding monitored device of a plurality of monitored devices, each monitored device associated with unique address of a plurality of addresses; transmitting a first heartbeat from the monitoring device to a first monitored device of the plurality of monitor devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; determining that a response to the first heartbeat has not been received; in response to the determining that the first heartbeat has not been received, executing a spoofing detection scheme, comprising; transmitting a second heartbeat to the first monitored device via the corresponding unique address associated with a second monitored device; receiving a response to the second heartbeat; and determining that a spoofing attack has occurred in response to receiving the response to the second heartbeat; and in response to a determination that a response to the second heartbeat has not been received, determining that either the first channel is broken or the first monitored device is inoperative. - View Dependent Claims (6, 7, 8)
-
-
9. A method, comprising:
-
establishing, by a plurality of processors, at least one of which is a hardware processor, a plurality of cryptographically secure channels, each channel between a monitoring device and a corresponding monitored device of a plurality of monitored devices, each monitored device associated with unique address of a plurality of addresses; transmitting a first heartbeat from the monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; determining that a response to the first heartbeat has not been received; in response to the determining that the first heartbeat has not been received, executing a spoofing detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; and determining that a spoofing attack has occurred in response to receiving the response to the second heartbeat; and in response to a determination that a response to the second heartbeat has not been received, determining that either the first channel is broken or the first monitored device is inoperative. - View Dependent Claims (10, 11, 12)
-
-
13. A method, comprising:
-
establishing, by a plurality of processors, at least one of which is a hardware processor, a plurality of cryptographically secure channels, each channel between a monitoring device and a corresponding monitored device of a plurality of monitored devices, each monitored device associated with unique address of a plurality of addresses, wherein the cryptographically secure channels are based on an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) protocol; transmitting a first heartbeat from the monitoring device to a first monitored device of the plurality of monitored devices via a first secure channel, corresponding to the first monitored device, of the plurality of secure channels; determining that a response to the first heartbeat has not been received; in response to the determining that the first heartbeat has not been received, executing a spoofing detection scheme, comprising; transmitting a second heartbeat to the first monitored device via an address associated with a second monitored device; receiving a response to the second heartbeat; determining that a spoofing attack has occurred in response to receiving the response to the second heartbeat; and in response to a determination that a response to the second heartbeat has not been received, determining that either the first channel is broken or the first monitored device is inoperative.
-
Specification