Methods and systems for network attack detection and prevention through redirection
First Claim
1. A method for detecting an unauthorized access attempt to a network, comprising:
- provisioning a network address block for the network;
determining, based on an identification scheme, a return address from the network address block in response to an address request;
monitoring the network address block by electronically comparing a source address associated with an access attempt to the return address;
blocking the access attempt when the source address does not match the return address;
hashing a time and an initial address associated with the address request to generate a value; and
mapping the value to the network address block to produce the return address,wherein the identification scheme includes assigning to the return address a utilization time period in which the return address can be used to access to the network.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detection and/or prevention of network attacks can include the use of multiple and/or time-dependent addresses coupled with filtering by the directory or naming service. The directory service can respond to requests for the address of a resource by returning an address that can be relocated over time by coordinating the directory service entry with the host and network address configuration data and/or by returning an address specific to the requestor. Thus, the directory service can track and build profiles of matches between requestors and accesses. The methods and systems can use the time dependent addresses and profiles to distinguish legitimate accesses from unauthorized or malicious ones. Requests for non-valid addresses can be misdirected to “empty” addresses or to detection devices.
-
Citations
15 Claims
-
1. A method for detecting an unauthorized access attempt to a network, comprising:
-
provisioning a network address block for the network; determining, based on an identification scheme, a return address from the network address block in response to an address request; monitoring the network address block by electronically comparing a source address associated with an access attempt to the return address; blocking the access attempt when the source address does not match the return address; hashing a time and an initial address associated with the address request to generate a value; and mapping the value to the network address block to produce the return address, wherein the identification scheme includes assigning to the return address a utilization time period in which the return address can be used to access to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising at least one processor coupled to a memory with instructions for detecting an unauthorized access attempt to a network and configured to:
-
provision a network address block for the network; utilize an identification scheme to determine a return address from the network address block in response to an address request; monitor the network address block by electronically comparing a source address associated with an access attempt to the return address; block the access attempt when the source address does not match the return address; hash a time and an initial address associated with the address request to generate a value; and map the value to the network address block to produce the return address, wherein the identification scheme is configured to assign to the return address a utilization time period in which the return address can be used to access to the network. - View Dependent Claims (12, 13, 14)
-
-
15. A non-transitory computer readable medium storing instructions for detecting an unauthorized access attempt to a network that when executed cause a processor to perform operations, comprising:
-
provisioning a network address block for the network; determining, based on an identification scheme, a return address from the network address block in response to an address request; monitoring the network address block by electronically comparing a source address associated with an access attempt to the return address; blocking the access attempt when the source address does not match the return address; hashing a time and an initial address associated with the address request to generate a value; and mapping the value to the network address block to produce the return address, wherein the identification scheme includes assigning to the return address a utilization time period in which the return address can be used to access to the network.
-
Specification