US2017111379A1PendingUtilityA1
System and Method for Tamper Resistant Reliable Logging of Network Traffic
Est. expiryDec 3, 2033(~7.4 yrs left)· nominal 20-yr term from priority
H04L 49/30H04L 63/1425H04L 63/1416
49
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A network interface device includes a memory and a processor operable to receive a malicious packet marker, store the malicious packet marker to the memory, monitor network data packets flowing in the network interface device, determine that a packet matches the malicious packet marker, and store log information from the packet to the memory.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . An information handling system comprising:
a network interface device; a processor configured to communicate network data packets via the network interface device; a memory including a secure storage space, the secure storage space including code to provide a log module; and a management controller configured to:
receive a malicious data packet marker;
store the malicious data packet marker in the secure storage space; and
direct the processor to launch the code;
wherein, in response to launching the code, the processor runs the log module to:
monitor the network data packets communicated via the network interface device; and
determine that a network data packet matches the malicious data packet marker.
2 . The information handling system of claim 1 , wherein, in further response to launching the code, the processor runs the log module to:
store log information in the secure storage area in response to determining that the network data packet matches the malicious data packet marker.
3 . The information handling system of claim 2 , wherein, in further response to launching the code, the processor runs the log module to:
send the log information to the management controller.
4 . The information handling system of claim 1 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface.
5 . The information handling system of claim 1 , wherein the processor communicates with the management controller via an Ethernet interface.
6 . The information handling system of claim 1 , wherein the processor communicates with the management controller via a Network Communication Service Interface.
7 . The information handling system of claim 1 , wherein the malicious packet marker is received from a management system coupled to the management controller.
8 . A method comprising:
communicating, by a processor, network data packets via a network interface device; storing, in a secure storage space of a memory, code to provide a log module; receiving, by a management controller, a malicious data packet marker; storing, by the management controller, the malicious data packet marker in the secure storage space; directing, by the management controller, the processor to launch the code; monitoring, by the processor, the network data packets communicated via the network interface device in response to launching the code; and determining, by the processor, that one of the network data packets matches the malicious data packet marker.
9 . The method of claim 8 , in further response to launching the code, the method further comprising:
storing, by the processor, log information in the secure storage area in response to determining that the network data packet matches the malicious data packet marker.
10 . The method of claim 9 , in further response to launching the code, the method further comprising:
sending, by the processor, the log information to the management controller.
11 . The method of claim 8 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface.
12 . The method of claim 8 , wherein the processor communicates with the management controller via an Ethernet interface.
13 . The method of claim 8 , wherein the processor communicates with the management controller via a Network Communication Service Interface.
14 . The method of claim 8 , wherein the malicious packet marker is received from a management system coupled to the management controller.
15 . An information handling system comprising:
a network interface device; a processor configured to communicate network data packets via the network interface device; and a management controller configured to:
receive a malicious data packet marker; and
provide the malicious data packet marker to the processor;
wherein, in response to receiving the malicious data packet marker, the processor is further configured to:
monitor the network data packets communicated via the network interface device; and
determine that a network data packet matches the malicious data packet marker.
16 . The information handling system of claim 15 , wherein the processor is further configured to:
store log information in a secure storage area in response to determining that the network data packet matches the malicious data packet marker.
17 . The information handling system of claim 16 , wherein the processor is further configured to:
send the log information to the management controller.
18 . The information handling system of claim 15 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface.
19 . The information handling system of claim 15 , wherein the processor communicates with the management controller via an Ethernet interface.
20 . The information handling system of claim 15 , wherein the processor communicates with the management controller via a Network Communication Service Interface.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.