Identification of malware sites using unknown url sites and newly registered dns addresses
US-2015195291-A1 · Jul 9, 2015 · US
Identifying bogon address spaces
US2016359699A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016359699-A1 |
| Application number | US-201615171836-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 2, 2016 |
| Priority date | Jun 5, 2015 |
| Publication date | Dec 8, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and computer-readable media for identifying bogon addresses. A system can obtain an indication of address spaces in a network. The indication can be based on route advertisements transmitted by routers associated with the network. The system can receive a report generated by a capturing agent deployed on a host. The report can identify a flow captured by the capturing agent at the host. The system can identify a network address associated with the flow and, based on the indication of address spaces, the system can determine whether the network address is within the address spaces in the network. When the network address is not within the address spaces in the network, the system can determine that the network address is a bogon address. When the network address is within the address spaces in the network, the system can determine that the network address is not a bogon address.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: obtaining an indication of network address spaces in a network, the indication of network address spaces being based on route advertisements transmitted by a plurality of routers associated with the network, the route advertisements identifying the network address spaces in the network; receiving a data report generated by a capturing agent deployed on a host in the network, the data report identifying a network flow captured by the capturing agent at the host; identifying a network address associated with the network flow; based on the indication of network address spaces, determining whether the network address associated with the network flow is within the network address spaces in the network; when the network address is not within the network address spaces in the network, determining that the network address is a bogon address; and when the network address is within the network address spaces in the network, determining that the network address is not the bogon address. 2 . The method of claim 1 , further comprising: based on a determination that the network address is the bogon address, filtering at least one of the network flow and the data report identifying the network flow. 3 . The method of claim 1 , wherein the network flow is a first network flow and the data report is a first data report, the method further comprising: based on a determination that the network address is the bogon address, filtering at least one of a second network flow associated with the network address and a second data report identifying at least one of the first network flow and the second network flow. 4 . The method of claim 1 , further comprising: in response to determining that the network address is not the bogon address, allowing the network flow and the data report to be processed by one or more systems in the network. 5 . The method of claim 1 , further comprising: based on a determination that the network address is the bogon address, marking the network flow as a bogon network flow. 6 . The method of claim 1 , further comprising: based on a determination that the network address is the bogon address, marking one or more network flows associated with the network address as bogon network flows. 7 . The method of claim 1 , wherein the plurality of routers comprises border gateway protocol (BGP) routers. 8 . The method of claim 1 , wherein the capturing agent comprises at least one of a process, a kernel module, or a software driver. 9 . The method of claim 8 , wherein the capturing agent resides in one of a hypervisor on the host or a virtual machine on the hypervisor, the network flow being sent or received by the one of the hypervisor or the virtual machine. 10 . The method of claim 1 , wherein the indication of network address spaces associated with the network comprises a mapping of network address spaces in the network, and wherein the network address spaces comprise at least one of: one or more internet protocol addresses; one or more internet protocol address ranges; and one or more prefixes. 11 . A system comprising: one or more processors; and one or more computer-readable storage devices having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: obtaining an indication of network address spaces in a network, the indication of network address spaces being based on route advertisements transmitted by a plurality of routers associated with the network, the route advertisements identifying the network address spaces in the network; receiving a data report generated by a capturing agent deployed on a host in the network, the data report identifying a network flow captured at the host by the capturing agent; identifying a network address associated with the network flow; based on the indication of network address spaces, determining whether the network address associated with the network flow is within the network address spaces in the network; when the network address is not within the network address spaces in the network, determining that the network address is a bogon address; and when the network address is within the network address spaces in the network, determining that the network address is not the bogon address. 12 . The system of claim 11 , the one or more computer-readable storage devices storing additional instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: based on a determination that the network address is the bogon address, filtering at least one of the network flow and the data report identifying the network flow. 13 . The system of claim 11 , the one or more computer-readable storage devices storing additional instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: based on the determination that the network address is the bogon address, filtering at least one of a subsequent network flow associated with the network address and a subsequent data report identifying the subsequent network flow. 14 . The system of claim 11 , the one or more computer-readable storage devices storing additional instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: based on a determination that the network address is the bogon address, marking the network flow as a bogon network flow. 15 . The system of claim 11 , wherein the plurality of routers comprises border gateway protocol (BGP) routers, and wherein the capturing agent resides in one of a hypervisor on the host or a virtual machine on the hypervisor, the network flow being part of traffic sent or received by at least one of the hypervisor and the virtual machine. 16 . A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising: detecting route advertisements transmitted by a plurality of routers associated with a network, the route advertisements identifying valid network address spaces in the network; based on the route advertisements, obtaining an indication of network address spaces associated with the network; receiving, by a system, a data report generated by a capturing agent deployed on a host in the network, the data report identifying a network flow captured at the host by the capturing agent; identifying, by the system, a network address associated with the network flow; based on the indication of network address spaces, determining, by the system, whether the network address associated with the network flow is within the network address spaces in the network; when the network address is not within the network address spaces in the network, determining, by the system, that the network address is a bogon address; and when the network address is within the network address spaces in the network, determining, by the system, that the network address is not the bogon address. 17 . The computer-readable storage device of claim 16 , wherein the capturing agent comprises at least one of a process, a kernel module, or a software driver, and wherein the capturing agent resides in one of a hypervisor on the host or a virtual machine on the hypervisor, the network flow being sent or received by the one of the hypervisor or the virtual machine. 18 . The computer-readable storage
Assignees
Inventors
Classifications
Drawing of charts or graphs · CPC title
based on quality criteria · CPC title
Policy-based network configuration management · CPC title
Round trip packet loss · CPC title
Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016359699A1 cover?
- Systems, methods, and computer-readable media for identifying bogon addresses. A system can obtain an indication of address spaces in a network. The indication can be based on route advertisements transmitted by routers associated with the network. The system can receive a report generated by a capturing agent deployed on a host. The report can identify a flow captured by the capturing agent at…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L43/04. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 08 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).