公开(公告)号：US09882921B1

公开(公告)日：2018-01-30

申请号：US15011495

申请日：2016-01-30

Applicant: Juniper Networks, Inc.

Inventor： Anil Kaushik ,  Vineet Verma ,  Stephen Grau ,  Sreenivas Voruganti ,  Abhishek Kumar

IPC: G06F11/07 ,  G06F12/02 ,  G06F12/08 ,  G06F21/00 ,  G06F21/50 ,  G06F21/55 ,  G06F21/56 ,  H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/1466 ,  H04L67/42 ,  H04L2463/145

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US09282115B1

公开(公告)日：2016-03-08

申请号：US14146884

申请日：2014-01-03

Applicant: Juniper Networks, Inc.

Inventor： Anil Kaushik ,  Vineet Verma ,  Stephen Grau ,  Sreenivas Voruganti ,  Abhishek Kumar

IPC: G06F11/07 ,  G06F12/02 ,  G06F21/00 ,  H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/1466 ,  H04L67/42 ,  H04L2463/145

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract translation: 用于使用SDP检测网络中的高速缓存中毒攻击的计算机实现的方法可以包括维护使用SDP来标识由连接到网络的客户端设备提供的服务的服务信息的缓存。 该方法还可以包括通过以下步骤来检测高速缓存中毒攻击：（1）从连接到网络的客户端设备接收与被称为经由网络提供的服务相关的SDP消息，（2）在SDP消息内标识一个 通过网络提供的服务的属性，然后（3）通过确定所识别的服务属性表明服务是非法的，确定客户端设备正在尝试破坏服务信息缓存。 最后，该方法可以包括响应于检测到高速缓存中毒攻击而执行安全动作以减轻高速缓存中毒攻击。 还公开了各种其它方法，系统和计算机可读介质。