US2017257339A1PendingUtilityA1

Logical / physical address state lifecycle management

53
Assignee: TRUSTWAVE HOLDINGS INCPriority: Oct 1, 2002Filed: Mar 22, 2017Published: Sep 7, 2017
Est. expiryOct 1, 2022(expired)· nominal 20-yr term from priority
H04L 61/103H04L 29/12028H04L 61/10H04L 63/1433
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods, apparatus, and articles of manufacture for managing logical and physical address state lifecycles are disclosed. An example apparatus includes a network interface to capture a first data packet from a first network, and a data transmitter to transmit the first data packet from the apparatus to a security device, where the security device is to determine whether the first data packet is associated with a threat. The apparatus further includes a table updater to adjust an address resolution protocol (ARP) table of the apparatus to mask a device communicatively coupled to the apparatus from the threat when the apparatus obtains a second data packet, where the second data packet is generated in response to the security device determining that the first data packet is associated with the threat.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . An apparatus comprising:
 a network interface to capture a first data packet from a first network;   a data transmitter to transmit the first data packet from the apparatus to a security device, the security device to determine whether the first data packet is associated with a threat; and   a table updater to adjust an address resolution protocol (ARP) table of the apparatus to mask a device communicatively coupled to the apparatus from the threat when the apparatus obtains a second data packet, the second data packet generated in response to the security device determining that the first data packet is associated with the threat.   
     
     
         2 . The apparatus of  claim 1 , wherein the first data packet is at least one of an address resolution protocol (ARP) packet, an Internet control message protocol (ICMP) packet, or a TCP packet. 
     
     
         3 . The apparatus of  claim 1 , wherein determining whether the first data packet is associated with the threat includes determining whether the first data packet violates a behavioral rule or a reconnaissance rule. 
     
     
         4 . The apparatus of  claim 1 , further including determining whether a source Internet Protocol (IP) address of the first data packet is on a second network, the second network including the security device and the device. 
     
     
         5 . The apparatus of  claim 4 , wherein the second data packet is an ARP packet, wherein a source of the ARP packet includes an IP address of the device and a synthetic media access control (MAC) address, wherein the synthetic MAC address is not in use on the second network. 
     
     
         6 . The apparatus of  claim 5 , wherein a destination of the ARP packet includes an IP address of the router and a MAC address of the router. 
     
     
         7 . A method comprising:
 capturing, at a router, a first data packet from a first network;   transmitting the first data packet from the router to a security device, the security device to determine whether the first data packet is associated with a threat; and   in response to the security device determining that the first data packet is associated with the threat, obtaining, at the router, a second data packet to adjust an address resolution protocol (ARP) table of the router to mask a device communicatively coupled to the router from the threat.   
     
     
         8 . The method of  claim 7 , wherein the first data packet is at least one of an address resolution protocol (ARP) packet, an Internet control message protocol (ICMP) packet, or a TCP packet. 
     
     
         9 . The method of  claim 7 , wherein the security device and the device are communicatively coupled to the first network via the router. 
     
     
         10 . The method of  claim 7 , wherein determining whether the first data packet is associated with the threat includes determining whether the first data packet violates a behavioral rule or a reconnaissance rule. 
     
     
         11 . The method of  claim 7 , further including determining whether a source Internet Protocol (IP) address of the first data packet is on a second network, the second network including the security device and the device. 
     
     
         12 . The method of  claim 11 , wherein the second data packet is an ARP packet, wherein a source of the ARP packet includes an IP address of the device and a synthetic media access control (MAC) address, wherein the synthetic MAC address is not in use on the second network. 
     
     
         13 . The method of  claim 12 , wherein a destination of the ARP packet includes an IP address of the router and a MAC address of the router. 
     
     
         14 . A storage device or storage disc comprising instructions that, when executed, cause a machine to at least:
 capture, at a router, a first data packet from a first network;   transmit the first data packet from the router to a security device, the security device to determine whether the first data packet is associated with a threat; and   obtain, at the router, a second data packet to adjust an address resolution protocol (ARP) table of the router to mask a device communicatively coupled to the router from the threat when the security device determines that the first data packet is associated with the threat.   
     
     
         15 . The storage device or storage disc of  claim 14 , wherein the first data packet is at least one of an address resolution protocol (ARP) packet, an Internet control message protocol (ICMP) packet, or a TCP packet. 
     
     
         16 . The storage device or storage disc of  claim 14 , wherein the security device and the device are communicatively coupled to the first network via the router. 
     
     
         17 . The storage device or storage disc of  claim 14 , wherein determining whether the first data packet is associated with the threat includes determining whether the first data packet violates a behavioral rule or a reconnaissance rule. 
     
     
         18 . The storage device or storage disc of  claim 14 , further including instructions which when executed, cause the machine to at least determine whether a source Internet Protocol (IP) address of the first data packet is on a second network, the second network including the security device and the device. 
     
     
         19 . The storage device or storage disc of  claim 18 , wherein the second data packet is an ARP packet, wherein a source of the ARP packet includes an IP address of the device and a synthetic media access control (MAC) address, wherein the synthetic MAC address is not in use on the second network. 
     
     
         20 . The storage device or storage disc of  claim 19 , wherein a destination of the ARP packet includes an IP address of the router and a MAC address of the router.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.