DCT

6:22-cv-00168

PacSec3 LLC v. Rapid7 Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:22-cv-00168, W.D. Tex., 02/17/2022
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established place of business in the district and has allegedly committed acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s network security products and services infringe a patent related to methods for defending against data packet flood attacks.
  • Technical Context: The technology at issue involves systems for mitigating network-based Denial-of-Service (DoS) attacks by identifying the paths of malicious traffic and selectively rate-limiting that traffic.
  • Key Procedural History: Subsequent to the complaint's filing, an ex parte reexamination of the asserted patent concluded. The resulting Reexamination Certificate, issued May 22, 2023, canceled several claims, including independent system claim 1, while confirming the patentability of independent method claim 7, which is the focus of the complaint's infringement chart. This development narrows the scope of the dispute to the surviving claims.

Case Timeline

Date Event
2000-11-16 '497 Patent Priority Date
2009-04-21 '497 Patent Issue Date
2017-01-30 Date of Rapid7 blog post cited in complaint
2022-01-10 "Last Updated" date of Rapid7 webpage cited in complaint
2022-02-17 Complaint Filing Date
2023-05-22 '497 Patent Reexamination Certificate Issue Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,523,497 - "PACKET FLOODING DEFENSE SYSTEM"

  • Patent Identification: U.S. Patent No. 7,523,497, “PACKET FLOODING DEFENSE SYSTEM,” issued April 21, 2009.

The Invention Explained

  • Problem Addressed: The patent describes the problem of "packet flooding attacks," where an attacker overwhelms a victim’s network bandwidth with useless data, rendering it inaccessible to legitimate users. The patent notes that attackers can confound traditional defenses by falsifying the source address of the malicious packets (’497 Patent, col. 2:3-6).
  • The Patented Solution: The invention proposes a distributed defense system where the target computer (a "site") and network routers cooperate. The system determines the path that packets travel through the network using "attacker-independent information" rather than relying on the easily spoofed source address (’497 Patent, col. 3:62-65). Based on this path information, the target computer classifies incoming traffic into "wanted" and "unwanted" categories and then instructs cooperating upstream routers to limit the rate at which they forward "unwanted" packets, thereby mitigating the attack (’497 Patent, Fig. 1; col. 6:20-31).
  • Technical Importance: The described approach sought to create a more resilient defense against denial-of-service attacks by shifting the basis of identification from the packet's origin to its traversal path through the network (’497 Patent, col. 2:31-41).

Key Claims at a Glance

  • The complaint’s preliminary infringement chart details allegations for independent method claim 7. An ex parte reexamination certificate has since confirmed the patentability of this claim.
  • The asserted independent claim 7 includes the following essential steps:
    • Determining a path by which data packets arrive at a host computer via "packet marks" provided by routers leading to the host.
    • Classifying data packets received at the host into "wanted" and "unwanted" data packets "by path."
    • Associating a "maximum acceptable processing rate" with each class of data packet.
    • Allocating a processing rate for "unwanted data packets" that is less than or equal to the maximum acceptable rate.
  • The complaint states an intent to pursue infringement of claims 1-18, though some of these claims have since been canceled by reexamination (Compl. ¶8).

III. The Accused Instrumentality

Product Identification

  • The complaint accuses one or more of Rapid7's "firewall systems" and "DDOS protection systems" of infringement (Compl. ¶8, ¶10). The specific functionalities cited are drawn from Rapid7's security products and services, such as the InsightVM platform.

Functionality and Market Context

  • The complaint identifies several features of Rapid7's products. These include a "tcptraceroute" plugin, which is described as being able to "determine the path packets are taking to reach the destination" (Compl. p. 5). The complaint also points to documentation describing the use of "CoS classifiers" to manage traffic on network ports and the ability for users to configure minimum and maximum values for a "Packet-per-second rate" within a "Scan Template Configuration" interface (Compl. pp. 6-7). This screenshot of a "Scan Template Configuration—Discovery Performance" page shows sliders for adjusting values such as "Packet-per-second rate" (Compl. p. 7).

IV. Analysis of Infringement Allegations

’497 Patent Infringement Allegations

Claim Element (from Independent Claim 7) Alleged Infringing Functionality Complaint Citation Patent Citation
determining a path by which data packets arrive at a host computer via packet marks provided by routers leading to said host computer... Rapid7’s "tcptraceroute" plugin allegedly determines the packet path by using ICMP "time exceeded" messages generated by routers, which the complaint posits function as the claimed "packet marks." A screenshot shows Rapid7 describing this tool's ability to "determine the path packets are taking." ¶9; p. 5 col. 9:48-54
classifying data packets received at said host computer into wanted data packets and unwanted data packets by path; Rapid7’s systems allegedly perform this step by allowing users to "apply CoS classifiers on an ingress port" or "on GRE port," which the complaint equates to classifying packets by path. ¶9; p. 6 col. 9:55-58
associating a maximum acceptable processing rate with each class of data packet received at said host computer; The complaint alleges that Rapid7's configuration interface, which allows users to "drag the sliders to the left or right to adjust the Minimum and Maximum values" for "Packet-per-second rate," meets this limitation. ¶9; p. 7 col. 9:58-61
and allocating a processing rate less than or equal to said maximum acceptable processing rate for unwanted data packets. The same configuration screen is alleged to meet this limitation, with the implication that setting a maximum rate inherently allocates a lower or equal rate to packets deemed "unwanted" (e.g., those exceeding the limit). ¶9; p. 8 col. 9:61-64

Identified Points of Contention

  • Scope Questions: A potential issue is whether standard network diagnostic and management tools perform the specific functions claimed by the patent. For instance, does a Quality of Service (QoS) "classifier" applied to an entire port, as shown in the complaint's evidence (Compl. p. 6), constitute "classifying data packets... by path" as taught by the patent, which describes a more granular association between packets and their specific forwarding paths ('497 Patent, col. 2:35-41)?
  • Technical Questions: The complaint presents evidence for several discrete functionalities (path discovery, classification, rate limiting). A key question for the court will be what evidence demonstrates that these functionalities are integrated to operate as the cohesive, multi-step defense method required by claim 7. For example, what evidence shows that the path information allegedly determined by "tcptraceroute" is then used as the basis for the "CoS classifiers" to sort packets?

V. Key Claim Terms for Construction

The Term: "packet marks provided by routers"

  • Context and Importance: The infringement theory hinges on equating standard ICMP "time exceeded" messages with the claimed "packet marks." The construction of this term is therefore critical to determining if Rapid7's use of a standard tool like traceroute falls within the claim scope.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent does not provide a narrow, explicit definition for "packet marks." A party could argue that any information provided by a router that helps determine a packet's path meets the functional requirement of the term.
    • Evidence for a Narrower Interpretation: The patent repeatedly emphasizes a "cooperating neighborhood" of sites and routers working together to execute the defense ('497 Patent, Abstract; col. 2:31-32). Practitioners may focus on this context to argue that "packet marks" requires an intentional, specialized marking scheme implemented by these cooperating routers, rather than an incidental byproduct of a standard protocol like ICMP.

The Term: "classifying... by path"

  • Context and Importance: This term connects the path determination step to the filtering step. The complaint alleges that applying a general rule to a network port is equivalent to classifying "by path."
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: One could argue that if traffic from a particular path consistently arrives at a single port, a rule on that port effectively serves as a classification "by path" for that traffic.
    • Evidence for a Narrower Interpretation: The specification describes associating packets with specific "'places' in the cooperating neighborhood from which those packets are forwarded" ('497 Patent, col. 2:36-39). A party may argue this requires a system that actively maps traffic to specific, identified paths and applies rules based on those path identifiers, rather than applying a blanket rule to an entire ingress port which may receive traffic from many different paths.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement, asserting that Rapid7’s documentation and product interfaces instruct customers on how to use its products to perform the claimed method (Compl. ¶10).
  • Willful Infringement: Willfulness is alleged based on knowledge of the patent "from at least the filing date of the lawsuit," which frames the claim as one of post-filing willfulness (Compl. ¶10, fn. 1).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue will be one of system integration: does the evidence show that Rapid7’s accused features—path discovery, classification, and rate-limiting—are designed to operate together as the single, integrated "method for providing packet flooding defense" required by Claim 7, or are they a collection of discrete, general-purpose networking tools that the complaint has conceptually assembled?
  • A key legal question will be one of definitional scope: can standard networking functionalities, such as ICMP error messages and port-based QoS classifiers, be construed as the specialized "packet marks" and "classifying... by path" elements described in the context of the '497 patent’s cooperative defense architecture?
  • Finally, a key strategic question will be the impact of the reexamination: with the system claims canceled, the case now rests entirely on proving that an accused infringer performs the specific sequence of steps in the surviving method claims. This shifts the focus from the inherent capabilities of the accused product to its specific use in practice, which may present a different evidentiary burden for the plaintiff.