System, method, and computer program product for identifying unwanted activity utilizing a honeypot device accessible via VLAN trunking
First Claim
Patent Images
1. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
- identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device including a time to live (TTL) value indicating that the unwanted activity is only capable of being directly communicated from the source device to a single destination device within the LAN;
identifying the source device associated with the unwanted activity; and
isolating the source device from the LAN in response to the source device being associated with the unwanted activity.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying unwanted activity utilizing a honeypot accessible via virtual local area network (VLAN) trunking. In use, a honeypot device is allowed to be accessed via VLAN trunking. Furthermore, unwanted data is identified, utilizing the honeypot device.
-
Citations
20 Claims
-
1. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
-
identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device including a time to live (TTL) value indicating that the unwanted activity is only capable of being directly communicated from the source device to a single destination device within the LAN; identifying the source device associated with the unwanted activity; and isolating the source device from the LAN in response to the source device being associated with the unwanted activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device including a time to live (TTL) value indicating that the unwanted activity is only capable of being directly communicated from the source device to a single destination device within the LAN; identifying the source device associated with the unwanted activity; and isolating the source device from the LAN in response to the source device being associated with the unwanted activity.
-
-
20. A system, comprising:
-
a processor; and a memory coupled to the processor, wherein the system is configured for; identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device including a time to live (TTL) value indicating that the unwanted activity is only capable of being directly communicated from the source device to a single destination device within the LAN; identifying the source device associated with the unwanted activity; and isolating the source device from the LAN in response to the source device being associated with the unwanted activity.
-
Specification