US2017111379A1PendingUtilityA1

System and Method for Tamper Resistant Reliable Logging of Network Traffic

49
Assignee: SECUREWORKS CORPPriority: Dec 3, 2013Filed: Dec 29, 2016Published: Apr 20, 2017
Est. expiryDec 3, 2033(~7.4 yrs left)· nominal 20-yr term from priority
H04L 49/30H04L 63/1425H04L 63/1416
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A network interface device includes a memory and a processor operable to receive a malicious packet marker, store the malicious packet marker to the memory, monitor network data packets flowing in the network interface device, determine that a packet matches the malicious packet marker, and store log information from the packet to the memory.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . An information handling system comprising:
 a network interface device;   a processor configured to communicate network data packets via the network interface device;   a memory including a secure storage space, the secure storage space including code to provide a log module; and   a management controller configured to:
 receive a malicious data packet marker; 
 store the malicious data packet marker in the secure storage space; and 
 direct the processor to launch the code; 
   wherein, in response to launching the code, the processor runs the log module to:
 monitor the network data packets communicated via the network interface device; and 
 determine that a network data packet matches the malicious data packet marker. 
   
     
     
         2 . The information handling system of  claim 1 , wherein, in further response to launching the code, the processor runs the log module to:
 store log information in the secure storage area in response to determining that the network data packet matches the malicious data packet marker.   
     
     
         3 . The information handling system of  claim 2 , wherein, in further response to launching the code, the processor runs the log module to:
 send the log information to the management controller.   
     
     
         4 . The information handling system of  claim 1 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface. 
     
     
         5 . The information handling system of  claim 1 , wherein the processor communicates with the management controller via an Ethernet interface. 
     
     
         6 . The information handling system of  claim 1 , wherein the processor communicates with the management controller via a Network Communication Service Interface. 
     
     
         7 . The information handling system of  claim 1 , wherein the malicious packet marker is received from a management system coupled to the management controller. 
     
     
         8 . A method comprising:
 communicating, by a processor, network data packets via a network interface device;   storing, in a secure storage space of a memory, code to provide a log module;   receiving, by a management controller, a malicious data packet marker;   storing, by the management controller, the malicious data packet marker in the secure storage space;   directing, by the management controller, the processor to launch the code;   monitoring, by the processor, the network data packets communicated via the network interface device in response to launching the code; and   determining, by the processor, that one of the network data packets matches the malicious data packet marker.   
     
     
         9 . The method of  claim 8 , in further response to launching the code, the method further comprising:
 storing, by the processor, log information in the secure storage area in response to determining that the network data packet matches the malicious data packet marker.   
     
     
         10 . The method of  claim 9 , in further response to launching the code, the method further comprising:
 sending, by the processor, the log information to the management controller.   
     
     
         11 . The method of  claim 8 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface. 
     
     
         12 . The method of  claim 8 , wherein the processor communicates with the management controller via an Ethernet interface. 
     
     
         13 . The method of  claim 8 , wherein the processor communicates with the management controller via a Network Communication Service Interface. 
     
     
         14 . The method of  claim 8 , wherein the malicious packet marker is received from a management system coupled to the management controller. 
     
     
         15 . An information handling system comprising:
 a network interface device;   a processor configured to communicate network data packets via the network interface device; and   a management controller configured to:
 receive a malicious data packet marker; and 
 provide the malicious data packet marker to the processor; 
   wherein, in response to receiving the malicious data packet marker, the processor is further configured to:
 monitor the network data packets communicated via the network interface device; and 
 determine that a network data packet matches the malicious data packet marker. 
   
     
     
         16 . The information handling system of  claim 15 , wherein the processor is further configured to:
 store log information in a secure storage area in response to determining that the network data packet matches the malicious data packet marker.   
     
     
         17 . The information handling system of  claim 16 , wherein the processor is further configured to:
 send the log information to the management controller.   
     
     
         18 . The information handling system of  claim 15 , wherein the processor communicates with the management controller via a Reduced Media Independent Interface. 
     
     
         19 . The information handling system of  claim 15 , wherein the processor communicates with the management controller via an Ethernet interface. 
     
     
         20 . The information handling system of  claim 15 , wherein the processor communicates with the management controller via a Network Communication Service Interface.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.