Detecting relayed communications
First Claim
1. ) A method of determining whether a potential relay device is a relay device, the method comprising:
- a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and
b) determining whether a feature of an original source of said first information element and a feature of the potential relay device are features unlikely to relate to a single device,wherein a positive result of said determining is indicative that the potential relay device is a relay device.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus and computer readable code for determining whether a potential relay device is a relay device are provided herein. In some embodiments, first and second information elements are received from a potential relay device, which is an original source of the second information element. In order to determine whether the potential relay device is a relay device, it is determined whether a feature of an original source of the first information element and a feature of the potential relay device are features unlikely to relate to a single device, wherein a positive result of the determining is indicative that the potential relay device is a relay device. In an exemplary embodiment, a disclosed system includes an information element receiver and a feature incompatibility analyzer. Optionally, the disclosed system includes a feature discovery module, a parameter obtainer and a feature database.
-
Citations
50 Claims
-
1. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) determining whether a feature of an original source of said first information element and a feature of the potential relay device are features unlikely to relate to a single device, wherein a positive result of said determining is indicative that the potential relay device is a relay device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) analyzing a configuration status of an original source of at least one of said first and said second information elements, said configuration status selected from the group consisting of an operating system type, an operating system version, a software type, an HTTP client type, an HTTP server type, an SMTP client type, an SMTP server type, a time setting, a clock setting, and a time zone setting.
-
-
35. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) analyzing a feature related to communication performance of an original source of at least one of said first and said second information elements. - View Dependent Claims (36)
-
-
37. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) sending a message to an information source device, triggering said information source device to send a DNS request; b) determining from said DNS request whether said potential relay device is a relay device.
-
-
38. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device; and b) determining whether a feature of an original source of said first information element and a feature of an original source of said second information element are features unlikely to relate to a single device, wherein a positive result of said determining is indicative that the potential relay device is a relay device.
-
-
39. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) checking whether a round-trip time to the potential relay device is significantly different than a round-trip time to an original source of said first information element.
-
-
40. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) checking whether an operating system of the potential relay device is different than an operating system of an original source of said first information element.
-
-
41. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) checking whether a location of the potential relay device is different than a location of an original source of said first information element.
-
-
42. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) receiving first and second information elements from the potential relay device, wherein the potential relay device is an original source of said second information element; and b) checking whether an administrator of the potential relay device is different than an administrator of an original source of said first information element.
-
-
43. ) A method of determining whether a potential relay device is a relay device, the method comprising:
-
a) determining whether a feature of an original source of a first information element and a feature of the potential relay device are features unlikely to relate to a single device, wherein the potential relay device is a transmitter of said first information element and of a second information element, wherein the potential relay device is an original source of said second information element wherein a positive result of said determining is indicative that the potential relay device is a relay device
-
-
44. ) A system for determining whether a potential relay device is a relay device, the system comprising:
-
a) an information element receiver, for receiving information elements from a plurality of devices including an information source device and the potential relay device; and b) a feature incompatibility analyzer, for determining whether a feature of said information source device and a feature of the potential relay device are features unlikely to relate to a single device. - View Dependent Claims (45, 46, 47, 48, 49)
-
-
50. ) Computer software, residing on a computer-readable storage medium, comprising instructions for causing a computer to:
-
a) receive first and second information elements from a potential relay device, wherein the potential relay device is an original source of said second information element; and b) determine whether a feature of an original source of said first information element and a feature of said potential relay device are features unlikely to relate to a single device, wherein a positive result of said determining is indicative that said potential relay device is a relay device.
-
Specification