Identifying potential intruders on a server

US 7,032,244 B2
Filed: 10/02/2001
Issued: 04/18/2006
Est. Priority Date: 10/02/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of identifying an intruder on a server, comprising the steps of:

providing one or more lightly protected subdirectories on said server, each of said subdirectories having files with attractive names simulating content of interest to an intruder having a processor;

providing an agent within one or more of said files, adapted to be launched on said processor when said intruder downloads from said server, a file having said agent; and

receiving from said processor via a non-erasable transfer initiated by said agent, data of address book entries, custom word processing templates, e-mail files, letterheads, closure files, or signature files, said data being first encrypted by said agent prior to said non-erasable transfer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intruder on a server is identified by providing files having attractive names in a subdirectory of the server. An agent is provided within one or more of the files. The agent is launched on an intruder'"'"'s processor after the file containing the agent is downloaded. The agent locates various files and data on the intruder'"'"'s processor and sends copies of the files and data to the server thus allowing a network administrator at the server to identify the intruder.

Citations

20 Claims

1. A method of identifying an intruder on a server, comprising the steps of:
- providing one or more lightly protected subdirectories on said server, each of said subdirectories having files with attractive names simulating content of interest to an intruder having a processor;
  
  providing an agent within one or more of said files, adapted to be launched on said processor when said intruder downloads from said server, a file having said agent; and
  
  receiving from said processor via a non-erasable transfer initiated by said agent, data of address book entries, custom word processing templates, e-mail files, letterheads, closure files, or signature files, said data being first encrypted by said agent prior to said non-erasable transfer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said attractive names are lists of user ids.
  - 3. The method of claim 1, wherein said attractive names are weakly encrypted passwords.
  - 4. The method of claim 1, wherein said attractive names comprise names that appear to relate to advanced technology.
  - 5. The method of claim 1, wherein said agent attaches itself to an operating system on said processor.
  - 6. The method of claim 1, wherein said agent launches on start up of said processor.
  - 7. The method of claim 1, wherein said agent launches on said processor at timed intervals.
  - 8. The method of claim 1, further comprising monitoring network connections of said processor by said agent and receiving log entries from said processor when said processor connects to said server.
  - 9. The method of claim 1, further comprising monitoring network connections of said processor by said agent and receiving keystroke histories of said intruder from said processor when said processor connects to said server.

10. A computer system for identifying an intruder on a server, comprising:
- a server;
  
  means for providing one or more lightly protected subdirectories on said server, each of said subdirectories having files with attractive names simulating content of interest to an intruder having a processor;
  
  an agent within one or more of said files, adapted to be launched on said processor when said intruder downloads from said server, a file having said agent; and
  
  means for receiving from said processor via a non-erasable transfer initiated by said agent, data, encrypted by said agent, of address book entries, custom word processing templates, e-mail files, letterheads, closure files, or signature files.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein said attractive names are lists of user ids.
  - 12. The system of claim 10, wherein said attractive names are weakly encrypted passwords.
  - 13. The system of claim 10, wherein said attractive names comprise names that appear to relate to advanced technology.
  - 14. The system of claim 10, wherein said agent is adapted to attach itself to an operating system on said processor.
  - 15. The system of claim 10, wherein said agent is adapted to launch on start up of said processor.
  - 16. The system of claim 10, wherein said agent is adapted to launch on said processor at timed intervals.
  - 17. The system of claim 10, further comprising means for monitoring network connections of said processor by said agent and means for receiving log entries from said processor when said processor connects to said server.
  - 18. The system of claim 10, further comprising means for monitoring network connections of said processor by said agent and means for receiving keystroke histories of said intruder from said processor when said processor connects to said server.

19. A computer program product for instructing a processor to identify an intruder on a server, said computer program product comprising:
- a computer readable medium;
  
  first program instruction means for providing one or more lightly protected subdirectories on said server, each of said subdirectories having files with attractive names simulating content of interest to an intruder having a processor;
  
  second program instruction means for providing an agent within one or more of said files, adapted to be launched on said processor when said intruder downloads from said server, a file having said agent; and
  
  third program instruction means for receiving from said processor via a non-erasable transfer initiated by said agent, data, encrypted by said agent, of address book entries, custom word processing templates, e-mail files, letterheads, closure files, or signature files; and
  
  wherein all said program instruction means are recorded on said medium.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, further comprising fourth program instruction means for monitoring network connections of said processor by said agent and receiving keystroke histories of said intruder from said processor when said processor connects to said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Twitter Inc (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Wilkes, William Francis
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Sherkat, Arezoo

Application Number

US09/969,308
Publication Number

US 20030065948A1
Time in Patent Office

1,659 Days
Field of Search

713200-201, 726/23
US Class Current

726/23
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/04   for providing a confidentia...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1491   using deception as counterm...

Identifying potential intruders on a server

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying potential intruders on a server

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links