Coordinated detection of a grey-hole attack in a communication network

摘要

In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.

主权项

1. A method, comprising:
receiving, at a security device in a communication network, a first set of one or more unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device; receiving, at the security device, a second set of one or more unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device; comparing the first and second sets of unique identifications; and determining whether acknowledgments received by the first device were truly returned from the second device based on whether the unique identifications in the first and second sets exactly match and the sets include an equal number of unique identifications, wherein the unique identifications are hashes of the packets.