Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait
First Claim
1. A method for detecting the presence of a computer virus, the method comprising;
- receiving, at a bait server, a request for access to the bait server, wherein the bait server'"'"'s address is not published to a network and wherein receipt of the request indicates that a virus attack is in progress;
identifying an offending system from which the request originated;
alerting a local server that the virus attack is in progress and of the identity of the offending system; and
disconnecting the offending system from the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, computer program product, and network data processing system for identifying, locating, and deleting viruses is provided. In one embodiment, the network data processing system includes a local server, several client data processing systems, and a bait server. The address of the bait server is not published to the clients. Thus, any attempt to access the bait server would indicate the presence of a virus on the client attempting access. The bait server monitors itself and, responsive to an attempt from a client to access the bait server, broadcasts an indication that a virus attack is underway to all devices within the network. The bait server then ignores all further access requests by the offending client until it receives an indication that the offending client has been disinfected and directs the local server to disconnect the offending client(s) from the network. The bait server also notifies the local server and/or a network administrator of the problem and the identity of the offending client allowing appropriate action to be initiated to disinfect the offending client.
97 Citations
15 Claims
-
1. A method for detecting the presence of a computer virus, the method comprising;
-
receiving, at a bait server, a request for access to the bait server, wherein the bait server'"'"'s address is not published to a network and wherein receipt of the request indicates that a virus attack is in progress; identifying an offending system from which the request originated; alerting a local server that the virus attack is in progress and of the identity of the offending system; and disconnecting the offending system from the network. - View Dependent Claims (2, 3, 4)
-
-
5. A method in a bait server for detecting the presence of a computer virus, the method comprising:
-
not publishing the bait server'"'"'s address to a network; receiving a request for access from the network, wherein receipt of the request indicates that a virus is present; determining the identity of an offending system within the network from which to virus entered the network; notifying a local server of the presence of the virus and the identity of the offending system; instructing all devices within the network to ignore all requests from the offending system until the offending system has been disinfected and is available for network communication; directing the local server to disconnect the offending system from the network; and responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system to the local server, reconnecting the offending system to the network.
-
-
6. A computer program product in a computer readable media for use in a data processing system for detecting the presence of a computer virus, the computer program product comprising;
-
first instructions for receiving, at a bait server, a request for access to the bait server, wherein the bait server'"'"'s address is not published to a network and wherein receipt of the request indicates that a virus attack is in progress; second instructions for identifying an offending system from which the request originated; third instructions for alerting a local server that the virus attack is in progress and the identity of the offending system; and fourth instructions for disconnecting the offending system from the network. - View Dependent Claims (7, 8, 9)
-
-
10. A computer program product in a computer readable media for use in a data processing system in a bait server for detecting the presence of a computer virus, the computer program product comprising:
-
first instructions for not publishing the bait server'"'"'s address published to a network; second instructions for receiving a request for access from the network, wherein receipt of the request indicates that a virus is present; third instructions for determining the identity of an offending system within the network from which the virus entered the network; fourth instructions for notifying a local server of the presence of the virus and the identity of the offending system; fifth instructions for instructing all devices within the network to ignore all requests from the offending system until the offending system is reauthorized for network communication; sixth instructions for directing a local server to disconnect the offending system from the network; and seventh instructions, responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system to the local server, for reconnecting the offending system to the network.
-
-
11. A system for detecting the presence of a computer virus, the system comprising;
-
a receiver, at a bait server, which receives a request for access to the bait server, wherein the bait server'"'"'s address is not published to a network and wherein receipt of the request indicates that a virus attack is in progress; an identifying unit which identifies an offending system from which the request originated; a virus alert unit which alerts a local server that the virus attack is in progress and the identity of the offending system; and a disconnection unit which disconnects the offending system from the network. - View Dependent Claims (12, 13, 14)
-
-
15. A system in a bait server for detecting the presence of a computer virus, the system comprising:
-
a receiving unit which receives a request for access from a network, wherein the bait server'"'"'s address is not published to the network and wherein receipt of the request indicates that a virus is present; an identifier unit which determines the identity of an offending system within the network from which the virus entered the network; a notification unit which notifies a local server of the presence of the virus and the identity of the offending system; a network protection unit which instructs all devices within the network to ignore all requests from the offending system until the offending system is reauthorized for network communication; a disconnection unit which directs a local server to disconnect the offending system from the network; and a reconnection unit which, responsive to an indication that the offending system has been disinfected and responsive to a reconnect request from the offending system to the local server, reconnects the offending system to the network.
-
Specification