Who is the assignee on this patent?

Sonicwall Us Holdings Inc, Sonicwall Inc

What technology area does this patent fall under?

Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 21 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Automatic tunnels routing loop attack defense

US10721250B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10721250-B2
Application number	US-201815960071-A
Country	US
Kind code	B2
Filing date	Apr 23, 2018
Priority date	Dec 10, 2015
Publication date	Jul 21, 2020
Grant date	Jul 21, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present disclosure relates to systems, methods, and non-transitory computer readable storage medium for detecting a tunnel routing loop attack on a computer network. A method of the presently claimed invention receives a packet of data over an automatic tunnel. When the received packet includes an Internet protocol version 6 (IPv6) packet headers in the received packet may be extracted from the received packet. When an extracted header is a tunnel routing loop attack (TRLA) header, address information included in the TRLA header may be matched to a destination address that the IPv6 packet is about to be tunneled through. When the address information included in the TRLA header matches the destination address that the IPv6 packet is about to be tunneled through the IPv6 packet is dropped because the match indicates that that a loop is about to be formed.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for limiting packet routing in a computer network comprising a plurality of network devices, the method comprising: receiving a first packet at a first one of the network devices in the computer network; identifying that the first packet is to be forwarded to a second one of the network devices in the computer network; identifying that the first packet includes address information identifying that the second network device previously received a version of the first packet; determining that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet; and dropping the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet. 2. The method of claim 1 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet. 3. The method of claim 1 , further comprising: receiving a second packet; identifying that the second packet is to be forwarded through an automated tunnel; modifying the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet; and sending the modified second packet to at least one other network device of the plurality of network devices. 4. The method of 3 , further comprising: receiving a third packet; modifying the third packet to include header information; identifying a size associated with the modified third packet; and dropping the third packet based on the modified third packet exceeding a maximum packet size. 5. The method of claim 4 , further comprising sending a message to a sender of the third packet identifying that a maximum length of the modified third packet exceeds the maximum packet size. 6. The method of claim 5 , wherein the sender of the third packet sends a shortened version of at least one of the third packet or the modified third packet. 7. The method of claim 1 , further comprising: receiving a second packet at the first network device; identifying that the second packet is to be sent to an address associated with another network device of the plurality of network devices; identifying that address information included in a header of the second packet matches the address associated with the other network device; and dropping the second packet based on the identification of the matching address. 8. A non-transitory computer-readable storage medium, having embodied thereon a program executable to perform a method for limiting packet routing in a computer network comprising a plurality of network devices, the method comprising: receiving a first packet at a first one of the network devices in the computer network; identifying that the first packet is to be forwarded to a second one of the network devices in the computer network; identifying that the first packet includes address information identifying that the second network device previously received a version of the first packet; determining that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet; and dropping the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet. 9. The non-transitory computer-readable storage medium of claim 8 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet. 10. The non-transitory computer-readable storage medium of claim 8 , further comprising instructions executable to: receive a second packet; identify that the second packet is to be forwarded through an automated tunnel; modify the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet; and send the modified second packet to at least one other network device of the plurality of network devices. 11. The non-transitory computer-readable storage medium of 10 , further comprising instructions executable to: receive a third packet; modify the third packet to include header information; identify a size associated with the modified third packet; and drop the third packet based on the modified third packet exceeding a maximum packet size. 12. The non-transitory computer-readable storage medium of claim 11 , further comprising instructions executable to send a message to a sender of the third packet identifying that a maximum length of the modified third packet exceeds the maximum packet size. 13. The non-transitory computer-readable storage medium of claim 12 , wherein the sender of the third packet sends a shortened version of at least one of the third packet or the modified third packet. 14. The non-transitory computer-readable storage medium of claim 8 , further comprising instructions executable to: receive a second packet at the first network device; identify that the second packet is to be sent to an address associated with another network device of the plurality of network devices; identify that address information included in a header of the second packet matches the address associated with the other network device; and drop the second packet based on the identification of the matching address. 15. An apparatus for limiting packet routing in a computer network comprising a plurality of network devices, the apparatus comprising: a network interface that receives a first packet at a first one of the network devices in the computer network; a memory; and a processor that executes instructions stored in memory, wherein execution of the instructions: identifies that the first packet is to be forwarded to a second one of the network devices in the computer network, identifies that the first packet includes address information identifying that the second network device previously received a version of the first packet, determines that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet, and drops the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet. 16. The apparatus of claim 15 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet. 17. The apparatus of claim 15 , wherein the network interface further receives a second packet and the processor executes further instructions to: identify that the second packet is to be forwarded through an automated tunnel; and modify the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet, wherein the network interface sends the modified second packet to at least one other network device of the plurality of network devices. 18. The apparatus of 17 , wherein the network interface further receives a third packet, and wherein and t

Assignees

Inventors

Classifications

H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
H04L45/741
Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6 · CPC title
H04L45/18
Loop-free operations · CPC title
H04L12/4633
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title

Patent family

Related publications grouped by family.

View patent family 59018626

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10721250B2 cover?: The present disclosure relates to systems, methods, and non-transitory computer readable storage medium for detecting a tunnel routing loop attack on a computer network. A method of the presently claimed invention receives a packet of data over an automatic tunnel. When the received packet includes an Internet protocol version 6 (IPv6) packet headers in the received packet may be extracted from…
Who is the assignee on this patent?: Sonicwall Us Holdings Inc, Sonicwall Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 21 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).