Systems and methods for detecting a network sniffer
First Claim
Patent Images
1. A security system for aiding in detection of an intruder device running a network sniffer, the security system comprising:
- a honeypot;
a honeypot traffic agent for transmitting faç
ade advertisement traffic over the network to the honeypot in an attempt to direct said intruder device to said honeypot;
the honeypot comprising;
a memory configured to store instructions; and
a processor configured to execute the instructions to;
receive the faç
ade advertisement trafficfrom the honeypot traffic agent;
receive non-faç
ade traffic from the intruder device;
determine whether received traffic is the faç
adeadvertisement traffic or the non-faç
ade traffic;
ignore the received traffic if determined to be thefaç
ade advertisement traffic; and
record the received traffic if determined to be thenon-faç
ade traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
A device (110) records traffic in a communications network. The device (110) monitors traffic received by the device (110) and determines whether the received traffic is unexpected. The device (110) records the traffic when the traffic is determined to be unexpected.
49 Citations
21 Claims
-
1. A security system for aiding in detection of an intruder device running a network sniffer, the security system comprising:
-
a honeypot; a honeypot traffic agent for transmitting faç
ade advertisement traffic over the network to the honeypot in an attempt to direct said intruder device to said honeypot;the honeypot comprising; a memory configured to store instructions; and a processor configured to execute the instructions to; receive the faç
ade advertisement trafficfrom the honeypot traffic agent; receive non-faç
ade traffic from the intruder device;determine whether received traffic is the faç
adeadvertisement traffic or the non-faç
ade traffic;ignore the received traffic if determined to be the faç
ade advertisement traffic; andrecord the received traffic if determined to be the non-faç
ade traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for detecting when a communications network has been compromised, the method comprising:
-
generating faç
ade traffic from a traffic generator, the faç
ade traffic being transmitted to a honeypot in an attempt to direct intruder devices running sniffers to said honeypot;monitoring traffic received by the honeypot, the received traffic including non-faç
ade traffic;determining whether the received traffic is the faç
ade traffic or the non-faç
ade traffic;ignoring the received traffic if determined to be the faç
ade traffic; andrecording the received traffic when the received traffic is the non-faç
ade traffic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A communications network including network devices that detect operation of a network sniffer, the communications network comprising:
-
at least one honeypot traffic agent device configured to; generate faç
ade packets only, andtransmit the faç
ade packets to a honeypot device in an attempt to direct an intruder device running said network sniffer to said honeypot; andsaid honeypot device configured to; receive packets which may include at least one of the faç
ade packets,determine whether the received packets include the one of the faç
ade packets,ignore a received packet when the received packet is the one of the faç
ade packets, andstore a received packet when the received packet is not the one of the faç
ade packets. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePalo Alto Networks Incorporated
-
Original AssigneeVerizon Laboratories Incorporated (Verizon Communications Inc.)
-
InventorsNorris, Edward James
-
Primary Examiner(s)ZIA, SYED
-
Application NumberUS10/267,629Time in Patent Office3,366 DaysField of Search726 22- 24US Class Current726/24CPC Class CodesG06F 21/554 involving event detection a...H04L 63/1408 by monitoring network traff...H04L 63/1475 Passive attacks, e.g. eaves...H04L 63/1491 using deception as counterm...
