×

Preventing network attacks on baseboard management controllers

  • US 9,800,547 B2
  • Filed: 04/16/2015
  • Issued: 10/24/2017
  • Est. Priority Date: 04/16/2015
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor(s) set to cause the processor set to perform a method comprising:

  • receiving, by a network controller, a packet from a computer networking device on a computer network, where the packet is destined for a baseboard management controller (BMC);

    determining, by the network controller, whether the packet contains a tag identifying that the packet has been determined to be free of suspicious or malicious traffic, wherein the tag is constructed using a secret key shared between the BMC and the computer networking device;

    on condition that the packet has been determined to not contain the tag, sending the packet to a network inspection module, by the network controller, to be inspected for malicious traffic, wherein sending the packet to the network inspection module comprises;

    determining whether a local host is available to inspect the packet for malicious traffic,upon determining that the local host is not available, instantiating a loadable kernel module (LKM) to modify the packet'"'"'s destination MAC address to be the MAC address of a remote host, andtransmitting the modified packet to the remote host; and

    on condition that the packet has been determined to contain the tag, sending the packet to the BMC by the network controller.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×