Leveraging active firewalls for network intrusion detection and retardation of attack
First Claim
1. A network filter comprising:
- a network interface supporting a plurality of active and inactive ports;
a controller operable to direct traffic on the active ports to a service configured on its respective active port; and
a processing unit operable to receive traffic on the inactive ports and provide a response to the traffic on each of the inactive ports.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer network firewall or network filter functions normally to pass data on open ports to a respective service or data source associated with an open port. In addition, traffic arriving on closed ports may be directed to a handler for analysis and response. The handler may analyze and catalog the source and type of traffic arriving on the closed ports. The handler may then send a response with either a fixed response or data tailored to the type and nature of the traffic. The handler may respond slowly to cause the source of the traffic to wait for the response, thereby slowing the speed at which a potential attacker can identify valid targets and proceed past non-valid targets.
-
Citations
20 Claims
-
1. A network filter comprising:
-
a network interface supporting a plurality of active and inactive ports;
a controller operable to direct traffic on the active ports to a service configured on its respective active port; and
a processing unit operable to receive traffic on the inactive ports and provide a response to the traffic on each of the inactive ports. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of reducing network-based attack efficiency using a network filter to block closed ports while providing an appearance of activity comprising:
-
passing data traffic on open ports to their respective services;
passing data traffic on closed ports to a handler;
responding to the data traffic on the closed ports with a response corresponding to the nature of the data traffic. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A firewall for use in managing network traffic comprising:
-
a plurality of ports, each of the plurality of ports is one of assigned to a corresponding service and unassigned;
a processor for analyzing traffic addressed to any of the unassigned ports;
a controller for directing traffic arriving at any of the unassigned ports to the processor;
a network interface coupled to the processor for alerting a network management function of a potential attack responsive to analyzing traffic addressed to any of the unassigned ports. - View Dependent Claims (17, 18, 19, 20)
-
Specification