白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

System and method for detecting surreptitious packet rerouting

專利號(hào)
US11178107B2
公開日期
2021-11-16
申請(qǐng)人
Michael Schloss
發(fā)明人
Michael Schloss
IPC分類
H04L29/06; H04L29/12; H04L12/823; H04L12/26
技術(shù)領(lǐng)域
ip,packet,network,packets,database,trip,router,may,arp,server
地域: MD MD Silver Spring

摘要

Systems and methods of detecting network traffic tampering by monitoring the network traffic for network packets that arrive outside of an allowable error band and rejecting those packets for which transit times are outside the control limits due to possible tampering are provided.

說明書

COPYRIGHT NOTICE

A portion of the disclosure of this patent document may contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever. The following notice shall apply to this document: Copyright ? 2019, Michael Schloss.

FIELD OF THE TECHNOLOGY

The illustrative, illustrative, technology herein relates to systems, software, and methods for detecting surreptitious network traffic interception and redirection, and for taking action in response to a detected event. The technology has applications in the areas of computer and network operations and computer security.

BRIEF SUMMARY

Systems, methods, and computer-readable media are provided for detecting surreptitious redirection of computer network packets. In an embodiment, a computing device comprising a processor, memory, network interface, and operating system, and operably connectable to a computer network, the end user computing device further comprising a network packet redirection detection module configured to monitor IP packets transmitted over the computer network, may be configured to compare a metric related to a transit time of one or more of the IP packets between two routable IP addresses on the computer network to a historical record of the same metric for the two routable IP addresses on the computer network; and based upon a discrepancy identified between the metric and the historical record of the metric, determining that a redirection of IP network packet traffic has occurred on the computer network.

權(quán)利要求

1
I claim:1. A system:a computing device comprising a processor, memory, network interface, and operating system, and operably connectable to a computer network, the computing device further comprising a network packet redirection detection module configured to monitor IP packets transmitted over the computer network,wherein the computing device is configured to:within a session between a source computer and a destination computer, compare a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network; andbased upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.2. The system of claim 1, wherein the network packet redirection detection module determines an effective sending IP address for a system having an unroutable IP address.3. The system of claim 1, wherein the network packet redirection detection module is configured to monitor TCP/IP streams for packet transmission time anomalies and/or round trip packet response time anomalies.4. The system of claim 3, further comprising a database containing the historical record of the one or more packet transmission times or round trip times between the source IP address and the destination IP address.5. The system of claim 1, where the computing device executes an IP networking stack that causes the network interface to transmit and receive UDP/IP packets.6. The system of claim 5, where the network packet redirection detection module is configured to monitor UDP/IP packet transmission and receipt times to identify packet transmission time anomalies.7. The system of claim 6, further comprising a database containing historical packet transmission and receipt times between mutable IP addresses.8. A method comprising:monitoring, by a computing device, IP packets transmitted or received over a computer network;within a session between a source computer and a destination computer, comparing a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network; andbased upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.9. The method of claim 8, further comprising determining that a sending computer system has an unroutable IP address, and determining a routable sending IP address for the sending computer system having the unroutable IP address.10. The method of claim 8, wherein the discrepancy comprises one or more round trip packet response time anomalies.11. The method of claim 8,wherein the historical record comprises historical packet transmission times between the source IP address and the destination IP address, andwherein the discrepancy comprises a difference between the packet transmission time or the round trip time between the source IP address and the destination IP address and the historical record of the one or more packet transmission times or round trip times between the source IP address and the destination IP address.12. The method of claim 11, further comprising determining that the difference is not within an acceptable range of times.13. The method of claim 8, wherein the monitoring comprises monitoring UDP/IP streams for packet transmission time anomalies, by comparing a timestamp or other timing indicia contained within the packet to a current system time and calculating the packet transmission time.14. The method of claim 13, wherein the packet transmission time or the round trip time is the calculated packet transmission time and the historical record of the one or more packet transmission times or round trip times is a historical packet transmission time.15. The method of claim 14, wherein the discrepancy comprises a difference between the calculated packet transmission time and the historical packet transmission time that is not within an acceptable range of times.16. The method of claim 8, further comprising taking a predefined action in response to the discrepancy.17. The method of claim 16, where the taken predefined action is one or more actions selected from a group consisting of:disconnecting from the network;stopping IP transmissions to the destination IP address;dropping a packet;conducting a further test;generating a notification;generating a message to another computer or process;generating a log message; andredirecting one or more packets to a known-good router.18. The method of claim 8, further comprising monitoring the IP packets received for an anomalous ARP response, and taking an action in response to an anomalously received ARP response.19. The method of claim 18, where the taken action is one or more actions selection from a group consisting of:disconnecting from the computer network;stopping IP transmissions to a destination IP address;dropping a packet;conducting a further test;generating a notification;generating a message to another computer or process;generating a log message; andredirecting one or more packets to a known-good router).20. A non-transitory computer-readable medium storing a plurality of instructions which, when executed by a computer processor, execute a method for detecting surreptitious redirection of computer network packets, the method comprising:monitoring, by a computing device, IP packets transmitted over a computer network;within a session between a source computer and a destination computer, comparing a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network; andbased upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.
微信群二維碼
意見反饋