System and method for network vulnerability detection and reporting

US 8,135,830 B2
Filed: 06/01/2009
Issued: 03/13/2012
Est. Priority Date: 01/15/2002
Status: Expired due to Term

First Claim

Patent Images

1. A system for determining whether a target computer is on a network, the system comprising:

a first set of port identifiers stored in a computer-readable medium, each of said first set of port identifiers representing a port used by computers to receive data packets compliant with a first protocol of said network, each of said first set of port identifiers representing a port associated with known network services;

a first set of data packets, each directed to a port represented by at least one of said first set of port identifiers, each of said first set of data packets compliant with said first protocol and transmitted to said target computer via said network;

a first set of acknowledgement packets received via said network in response to said transmission of said first set of data packets; and

a list of host identifiers, each host identifier representing a computer on said network that transmits data in response to a packet sent to said respective computer, a host identifier representing said target computer added to said list of host identifiers if said first set of acknowledgment packets indicates a responsiveness of said target computer;

a second set of port identifiers stored in a computer-readable medium, each of said second set of port identifiers representing a port used by computers to receive data packets compliant with a second protocol of said network, each of said second set of port identifiers representing a port associated with known network services;

a second set of data packets, each directed to a port represented by at least one of said second set of port identifiers, each of said second set of data packets compliant with said second protocol and transmitted to said target computer via said network, at least one of said second set of data packets including data associated with said known network services;

a second set of acknowledgement packets received via said network in response to said transmission of said second set of data packets; and

a host identifier representing said target computer added to a second list of host identifiers if said second set of acknowledgment packets indicates a responsiveness of said target computer, wherein each of said second list host identifier in said second list represents a computer not know to be unresponsive.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

192 Citations

8 Claims

1. A system for determining whether a target computer is on a network, the system comprising:
- a first set of port identifiers stored in a computer-readable medium, each of said first set of port identifiers representing a port used by computers to receive data packets compliant with a first protocol of said network, each of said first set of port identifiers representing a port associated with known network services;
  
  a first set of data packets, each directed to a port represented by at least one of said first set of port identifiers, each of said first set of data packets compliant with said first protocol and transmitted to said target computer via said network;
  
  a first set of acknowledgement packets received via said network in response to said transmission of said first set of data packets; and
  
  a list of host identifiers, each host identifier representing a computer on said network that transmits data in response to a packet sent to said respective computer, a host identifier representing said target computer added to said list of host identifiers if said first set of acknowledgment packets indicates a responsiveness of said target computer;
  
  a second set of port identifiers stored in a computer-readable medium, each of said second set of port identifiers representing a port used by computers to receive data packets compliant with a second protocol of said network, each of said second set of port identifiers representing a port associated with known network services;
  
  a second set of data packets, each directed to a port represented by at least one of said second set of port identifiers, each of said second set of data packets compliant with said second protocol and transmitted to said target computer via said network, at least one of said second set of data packets including data associated with said known network services;
  
  a second set of acknowledgement packets received via said network in response to said transmission of said second set of data packets; and
  
  a host identifier representing said target computer added to a second list of host identifiers if said second set of acknowledgment packets indicates a responsiveness of said target computer, wherein each of said second list host identifier in said second list represents a computer not know to be unresponsive.
- View Dependent Claims (2, 3, 4)
- - 2. The system as described in claim 1, wherein said first protocol is TCP, wherein said second protocol is UDP, wherein said second set of acknowledgment packets is a nonzero set of UDP data response packets.
  - 3. The system as described in claim 1, the system further comprising:
    - a third set of data packets, each directed to a port represented by at least one of said second set of port identifiers, each compliant with said second protocol, said third set of data packets transmitted to said target computer throughout a predetermined maximum latency period;
      
      a first response received first in tune in response to said transmission of said third set of data packets; and
      
      a second response received second in time in response to said transmission of said third set of data packets, a time duration between said receipt of said first response and said receipt of said second response defining a target computer latency period.
  - 4. The system as described in claim 3, wherein each of said second set of data packets is transmitted continuously to said target computer for the duration of said target computer latency period.

5. A method, comprising:
- storing a first set of port identifiers in a computer-readable medium utilizing a computer, each of said first set of port identifiers representing a port used by computers to receive data packets compliant with a first protocol of said network, each of said first set of port identifiers representing a port associated with known network services;
  
  directing each of a first set of data packets to a port represented by at least one of said first set of port identifiers, each of said first set of data packets compliant with said first protocol and transmitted to said target computer via said network;
  
  receiving a first set of acknowledgement packets via said network in response said transmission of said first set of data packets;
  
  maintaining a list of host identifiers, each host identifier representing a computer on said network that transmits data in response to a packet sent to said respective computer, a host identifier representing said target computer added to said list of host identifiers if said first set of acknowledgment packets indicates a responsiveness of said target computer;
  
  storing a second set of port identifiers in a computer—
  
  readable medium, each of said second set of port identifiers representing a port used by computers to receive data packets compliant with a second protocol of said network, each of said second set of port identifiers representing a port associated with known network services;
  
  directing each of a second set of data packets to a port represented by at least one of said second set of port identifiers, each of said second set of data packets compliant with said second protocol and transmitted to said target computer via said network, at least one of said second set of data packets including data associated with said known network services;
  
  receiving a second set of acknowledgement packets via said network in response to said transmission of said second set of data packets; and
  
  adding a host identifier representing said target computer to a second list of host identifiers if said second set of acknowledgment packets indicates a responsiveness of said target computer, wherein each of said second list host identifier in said second list represents a computer not know to be unresponsive.
- View Dependent Claims (6, 7, 8)
- - 6. The system as described in claim 5, wherein said first protocol is TCP, wherein said second protocol is UDP, wherein said second set of acknowledgment packets is a nonzero set of UDP data response packets.
  - 7. The system as described in claim 5, the method further comprising:
    - directing each of a third set of data packets to a port represented by at least one of said second set of port identifiers, each compliant with said second protocol, said third set of data packets transmitted to said target computer throughout a predetermined maximum latency period;
      
      receiving a first response first in time in response to said transmission of said third set of data packets; and
      
      receiving a second response second in time in response to said transmission of said third set of data packets, a time duration between said receipt of said first response and said receipt of said second response defining a target computer latency period.
  - 8. The system as described in claim 7, wherein each of said second set of data packets is transmitted continuously to said target computer for the duration of said target computer latency period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McClure, Stuart C., Kurtz, George, Keir, Robin, Beddoe, Marshall A., Morton, Michael J., Prosise, Christopher M., Cole, David M., Abad, Christopher
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
SALL, EL HADJI MALICK

Application Number

US12/476,082
Publication Number

US 20090259748A1
Time in Patent Office

1,016 Days
Field of Search

709/200, 709/224, 726/23.25
US Class Current

709/224
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

192 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network vulnerability detection and reporting

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

192 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links