METHODS AND APPARATUS FOR REDIRECTING ATTACKS ON A NETWORK
First Claim
1. A system comprising:
- an internal network including a plurality of computing devices;
a firewall module connecting the network to an external network, the firewall configured to block a blocked portion of traffic between the internal and external networks;
an inspector module configured to detect the blocked portion and take a predetermined action with respect to the blocked portion.
4 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed for protecting a network against malicious attacks or attempts for unauthorized access. A network is connected to an external network by a number of firewalls. Inspectors detect packets blocked by the firewalls and some or all of the packets are detected to a labyrinth configured to emulated an operational network and response to the packets in order to engage an attacker. Blocked packets may be detected by comparing packets entering and exiting a firewall. Packets for which a corresponding packets are not received within a transit delay may be identified as blocked. Entering and exiting packets may be compared by comparing only header information. A central module may receive information from the inspectors and generate statistical information and generate instructions for the inspectors, such as blacklists of addresses known to be used by attackers.
-
Citations
20 Claims
-
1. A system comprising:
-
an internal network including a plurality of computing devices; a firewall module connecting the network to an external network, the firewall configured to block a blocked portion of traffic between the internal and external networks; an inspector module configured to detect the blocked portion and take a predetermined action with respect to the blocked portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
an internal network including a plurality of computing devices; a plurality of firewall modules each connecting the network to an external network, each firewall configured to block a blocked portion of traffic between the internal and external networks; a central module; and a plurality of inspector modules configured to detect the blocked portion and transmit at least part of the blocked portion to the central module; wherein the central module is configured to— receive the at least the parts of the blocked portions from the plurality of inspector modules; analyze the at least the parts of the blocked portions; and perform a predetermined action based on the analyzing of the at least the parts of the blocked portions. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification