SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING
First Claim
1. A system for determining whether a target computer is on a network, the system comprising:
- a first set of port identifiers stored in a computer-readable medium, each of said first set of port identifiers representing a port used by computers to receive data packets compliant with a first protocol of said network, each of said first set of port identifiers representing a port associated with known network services;
a first set of data packets, each directed to a port represented by at least one of said first set of port identifiers, each of said first set of data packets compliant with said first protocol and transmitted to said target computer via said network;
a first set of acknowledgement packets received via said network in response to said transmission of said first set of data packets; and
a list of host identifiers, each host identifier representing a computer on said network that transmits data in response to a packet sent to said respective computer, a host identifier representing said target computer added to said list of host identifiers if said first set of acknowledgment packets indicates a responsiveness of said target computer.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
146 Citations
11 Claims
-
1. A system for determining whether a target computer is on a network, the system comprising:
-
a first set of port identifiers stored in a computer-readable medium, each of said first set of port identifiers representing a port used by computers to receive data packets compliant with a first protocol of said network, each of said first set of port identifiers representing a port associated with known network services; a first set of data packets, each directed to a port represented by at least one of said first set of port identifiers, each of said first set of data packets compliant with said first protocol and transmitted to said target computer via said network; a first set of acknowledgement packets received via said network in response to said transmission of said first set of data packets; and a list of host identifiers, each host identifier representing a computer on said network that transmits data in response to a packet sent to said respective computer, a host identifier representing said target computer added to said list of host identifiers if said first set of acknowledgment packets indicates a responsiveness of said target computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for testing the accessibility of a target computer via a network, the system comprising:
-
a set of port identifiers stored in a computer-readable medium, each of said set of port identifiers representing a UDP-compliant port, at least one of said port identifiers representing a port associated with known network services; a set of UDP-compliant data packets, each associated with a port represented by at least one of said set of port identifiers, each of said UDP-compliant data packets transmitted continuously to said target computer for a duration approximately the same as the latency period of said target computer, at least one of said UDP-compliant data packets including data associated with said known network services; a first list representing computers accessible via said network, said first list including said target computer if a nonzero set of UDP data response packets is received in response to said transmission of said data packets; and a second list representing computers not known to be inaccessible via said network, said second list including said target computer if an empty set of ICMP error packets is received in response to said transmission of said data packets.
-
-
11. A method for determining whether a target computer is accessible via a network, the method comprising the steps of:
-
identifying TCP ports; sending first data packets to said TCP ports of said target computer, each of said first data packets compliant with TCP; receiving first acknowledgment packets in response to said sending of said first data packets; and adding a representation of said target computer to a list representing accessible computers if said first acknowledgment packets are nonzero.
-
Specification