Securing port forwarding through a network traffic hub
US-2018278637-A1 · Sep 27, 2018 · US
Device visibility and scanning including network segments
US12401693B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12401693-B2 |
| Application number | US-202418409412-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 10, 2024 |
| Priority date | Mar 26, 2018 |
| Publication date | Aug 26, 2025 |
| Grant date | Aug 26, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Device scanning aspects are described. In certain aspects, the method includes performing a scan of a device based on a port forwarding policy.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating, by a processing device, an identifier associated with a second device based on a combination of a first address and a second address of network session information; scanning the second device based on the identifier of the second device to generate a result, wherein scanning comprises sending a scan request to the first device, wherein the first device forwards the scan request to the second device according to a port forwarding policy; storing the result of the scanning; and performing an action based on the result of the scanning, the action including changing network access of the second device or changing the virtual local area network (VLAN) associated with the second device. 2. The method of claim 1 , further comprising configuring the port forwarding policy on the first device based on the network session information associated with the first device. 3. The method of claim 2 , wherein the port forwarding policy of the first device is configured using at least one of an application programming interface (API), command line interface (CLI), or a simple network management protocol (SNMP) interface. 4. The method of claim 1 , wherein generating the identifier associated with the second device comprises: selecting the first device based on the first device performing network address translation (NAT), wherein the first device is communicatively coupled to the second device, and wherein the second device is configured to communicate with a network through the first device; accessing the network session information associated with the first device, wherein the network session information comprises a private address associated with the second device; and determining the identifier associated with the second device based on the private address of the network session information, wherein the private address corresponds to the second address. 5. The method of claim 1 , wherein the first device is at least one of a router, a firewall, a switch, or a carrier grade (CG) NAT device. 6. The method of claim 1 further comprising: determining an operating system (OS) of the second device based on the network session information. 7. The method of claim 1 , wherein the identifier of the second device comprises a unique identifier comprising an IP address associated with the second device and an IP address associated with the first device. 8. The method of claim 7 , wherein the unique identifier of the second device further comprises a media access control (MAC) address associated with the first device. 9. A system comprising: a memory; and a processing device, operatively coupled to the memory, to: generate an identifier associated with a second device based on a combination of a first address and a second address of network session information; scan the second device based on the identifier of the second device to generate a result, wherein to scan the processing device to send a scan request to the first device, wherein the first device forwards the scan request to the second device according to a port forwarding policy; store the result of the scan; and perform an action based on the result of the scanning, the action including to change network access of the second device or to change the virtual local area network (VLAN) associated with the second device. 10. The system of claim 9 , wherein the processing device further to configure the port forwarding policy on the first device based on the network session information associated with the first device. 11. The system of claim 9 , wherein the first device is at least one of a router, a firewall, a switch, or a carrier grade (CG) NAT device. 12. The system of claim 9 , wherein the port forwarding policy of the first device is configured using an application programming interface (API). 13. The system of claim 9 , wherein the processing device further to determine an operating system (OS) of the second device based on the network session information. 14. The system of claim 9 , wherein the identifier of the second device comprises a unique identifier comprising an IP address associated with the second device and an IP address associated with the first device. 15. The system of claim 14 , wherein the unique identifier of the second device further comprises a media access control (MAC) address associated with the first device. 16. A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device, cause the processing device to: generate, by the processing device, an identifier associated with a second device based on a combination of a first address and a second address of network session information; scan the second device based on the identifier of the second device to generate a result, wherein to scan the processing device to send a scan request to the first device, wherein the first device forwards the scan request to the second device according to a port forwarding policy; store the result of the scan; and perform an action based on the result of the scanning, the action including to change network access of the second device or to change the virtual local area network (VLAN) associated with the second device. 17. The non-transitory computer readable medium of claim 16 , wherein the instructions further cause the processing device to perform an action based on the scan. 18. The non-transitory computer readable medium of claim 16 , wherein to generate the identifier associated with the second device, the processing device to: select the first device based on the first device performing network address translation (NAT), wherein the second device is configured to communicate with a network through the first device; access the network session information associated with the first device, wherein the network session information comprises a private address associated with the second device; and determine the identifier associated with the second device based on the private address of the network session information, wherein the private address corresponds to the second address.
Assignees
Inventors
Classifications
- H04L63/1466Primary
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
between local and global IP addresses · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Multiple local networks, e.g. resolving potential IP address conflicts · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12401693B2 cover?
- Device scanning aspects are described. In certain aspects, the method includes performing a scan of a device based on a port forwarding policy.
- Who is the assignee on this patent?
- Forescout Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1466. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 26 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).