Network security based on redirection of questionable network access

US 10,542,006 B2
Filed: 03/21/2017
Issued: 01/21/2020
Est. Priority Date: 11/22/2016
Status: Active Grant

First Claim

Patent Images

1. A computing system for controlling network communication, comprising:

a processor; and

a memory that stores a module that is configured to evaluate a network communication that comes from a source computing system and that is directed to a destination computing system, by;

receiving a predefined white list of trusted network addresses;

determining a first internet protocol (IP) address corresponding to the network communication;

determining a destination port corresponding to the network communication;

determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list;

in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and

wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for network security are disclosed. In some implementations, an evaluation module determines whether a network communication from a source computing system to a destination computing system is allowable. The allowability of the communication is determined based properties of the network communication, such as a source or destination address, a port number, a time of day, a geographic location, and the like. If the communication is disallowed, the evaluation module or a related component redirects the communication to an alternative computing system that masquerades as the destination communication system.

79 Citations

View as Search Results

18 Claims

1. A computing system for controlling network communication, comprising:
- a processor; and
  
  a memory that stores a module that is configured to evaluate a network communication that comes from a source computing system and that is directed to a destination computing system, by;
  
  receiving a predefined white list of trusted network addresses;
  
  determining a first internet protocol (IP) address corresponding to the network communication;
  
  determining a destination port corresponding to the network communication;
  
  determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list;
  
  in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and
  
  wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computing system of claim 1, wherein the destination computing system and the mock destination computing system each provide the same services, and wherein the destination computing system includes private data that is not present on the mock destination computing system.
  - 3. The computing system of claim 1, wherein redirecting the network communication to the mock destination computing system includes transmitting a network packet associated with the network communication to the mock destination computing system.
  - 4. The computing system of claim 1, wherein redirecting the network communication to the mock destination computing system includes modifying a destination network address of a network packet, wherein the modified destination network address identifies the mock destination computing system.
  - 5. The computing system of claim 1, wherein redirecting the network communication to the mock destination computing system includes transmitting an HTTP redirect to the source computing system, the HTTP redirect identifying the mock destination computing system.
  - 6. The computing system of claim 1, wherein the module is further configured to:
    - receive a network packet transmitted by the source computing system; and
      
      determine the first IP address by reading a source address field of the network packet.
  - 7. The computing system of claim 1, wherein the network communication is an inbound TCP/IP connection request, and wherein first IP address is not a false address and is an actual network address of the source computing system.
  - 8. The computing system of claim 7, wherein the module is further configured to:
    - determine a second IP address corresponding to the communication, wherein the second IP address is not a false address and is an actual network address of the destination computing system; and
      
      determine whether both the first and second IP address are allowable according to the white list.
  - 9. The computing system of claim 1, wherein the network communication is an outbound TCP/IP connection request, and wherein first IP address is not a false address and is an actual network address of the destination computing system.
  - 10. The computing system of claim 1, wherein determining a first IP address includes receiving the IP address from a TCP/IP stack of the computing system.
  - 11. The computing system of claim 1, wherein the white list includes, for each trusted network address, one or more indications of allowable communication properties, and wherein determining whether or not to allow the network communication includes:
    - determining a first communication property that is associated with the network communication;
      
      determining a second communication property that is an allowable communication property specified by an entry in the white list that corresponds to the first IP address; and
      
      determining whether or not the first communication property is encompassed by the second communication property.
  - 12. The computing system of claim 11, wherein the allowable communication properties in the white list include, for each network address in the white list, an indication of an allowable geographic location, and wherein determining whether or not to allow the network communication includes:
    - determining, by querying a geo-location information provider, a geographic location associated with the first IP address; and
      
      determining whether the geographic location associated with the first IP address matches or is encompassed by the geographic location indicated as allowable by the entry in the white list.
  - 13. The computing system of claim 1, wherein the module is further configured to:
    - receive Internet Protocol addresses that are authenticated by an entity that allocates Internet Protocol addresses.
  - 14. The computing system of claim 1, wherein determining whether or not to allow the network communication includes:
    - determining whether or not to allow the network communication based properties associated with a listening port that is open on the computing system, wherein the properties include the first IP address and one or more of;
      
      a property of a program that is using the listening port, including the identity of the program and/or whether the program is an interactive program, a batch program, or a system service;
      
      a geographic location associated with the first IP address;
      
      a connection limit based on the first IP address or the geographic location, the first IP address being a source or destination IP address;
      
      a time of day; and
      
      a network interface that is associated with the network communication.
  - 15. The computing system of claim 1, wherein determining whether or not to allow the network communication includes:
    - receiving data representing a non-modifiable device identifier of the source computing system;
      
      determining whether the device identifier is included in a list of trusted device identifiers; and
      
      when the device identifier is included in the list of trusted device identifiers, allowing the network communication.
  - 16. The computing system of claim 1, wherein the source computing system operates on a first network and the destination computing system operates on a second network, and wherein the first and second networks are operated by different entities.

17. A method for controlling network communication, the method comprising:
- evaluating a network communication that comes from a source computing system and that is directed to a destination computing system, by;
  
  receiving a predefined white list of trusted network addresses;
  
  determining a first internet protocol (IP) address corresponding to the network communication;
  
  determining a destination port corresponding to the network communication;
  
  determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list;
  
  in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and
  
  wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.

18. A non-transitory computer-readable medium storing contents that are configured, when executed by a computing system, to perform a method comprising:
- evaluating a network communication that comes from a source computing system and that is directed to a destination computing system, by;
  
  receiving a predefined white list of trusted network addresses;
  
  determining a first internet protocol (IP) address corresponding to the network communication;
  
  determining a destination port corresponding to the network communication;
  
  determining whether or not to allow the network communication based at least in part on whether the first IP address and the destination port are allowable according to the white list;
  
  in response to determining not to allow the network communication, redirecting the network communication to a mock destination computing system that is not the same as the destination computing system; and
  
  wherein the mock destination computing system is configured to track the network communication and to record that the network communication is associated with an attempt to gain unauthorized access to the destination computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daniel Chien
Original Assignee
Daniel Chien
Inventors
Chien, Daniel
Primary Examiner(s)
Cribbs, Malcolm
Assistant Examiner(s)
Holmes, Angela R

Application Number

US15/465,315
Publication Number

US 20180145986A1
Time in Patent Office

1,036 Days
Field of Search

726 4
US Class Current
CPC Class Codes

H04L 2101/69   using geographic informatio...

H04L 45/72   Routing based on the source...

H04L 45/745   Address table lookup; Addre...

H04L 45/7452   Multiple parallel or consec...

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/107   wherein the security polici...

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

Network security based on redirection of questionable network access

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network security based on redirection of questionable network access

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links