System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware
First Claim
Patent Images
1. A method performed by a computing device coupled to a network, the method comprising:
- receiving network traffic via a network interface;
differentiating, within the received network traffic, internet relay chat (IRC) traffic by utilizing a programmed processor to apply a port-independent algorithm operable on the payload of the received network traffic, wherein the programmed processor identifies one or more commands included in the IRC traffic, comprising;
identifying commands included in a predetermined temporal location within the IRC traffic, comprising identifying a predetermined number of packets at a beginning of a sequence of packets of the IRC traffic;
redirecting the IRC traffic to a system that attracts IRC traffic for the purpose of collecting information relating to such IRC traffic; and
transmitting, based on the collected information, a command to a bot associated with the IRC traffic to prevent future IRC traffic from being communicated over the network with respect to the bot.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for redirecting internet relay chat (IRC) traffic identified utilizing a port-independent algorithm and controlling IRC based malware. In use, IRC traffic communicated via a network is identified utilizing a port-independent algorithm. Furthermore, the IRC traffic is redirected to a honeypot.
125 Citations
21 Claims
-
1. A method performed by a computing device coupled to a network, the method comprising:
-
receiving network traffic via a network interface; differentiating, within the received network traffic, internet relay chat (IRC) traffic by utilizing a programmed processor to apply a port-independent algorithm operable on the payload of the received network traffic, wherein the programmed processor identifies one or more commands included in the IRC traffic, comprising; identifying commands included in a predetermined temporal location within the IRC traffic, comprising identifying a predetermined number of packets at a beginning of a sequence of packets of the IRC traffic; redirecting the IRC traffic to a system that attracts IRC traffic for the purpose of collecting information relating to such IRC traffic; and transmitting, based on the collected information, a command to a bot associated with the IRC traffic to prevent future IRC traffic from being communicated over the network with respect to the bot. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A device, comprising:
-
a network interface; a memory or storage unit; and a processor coupled to the network interface and to the memory or storage unit; wherein the memory or storage unit is configured to store and the processor is configured to execute instructions to cause the device to; monitor network traffic received via the network interface; differentiate, within the received network traffic, internet relay chat (IRC) traffic from other network traffic by utilizing a port-independent algorithm operable on the payload of the received network traffic, by identifying one or more commands included in the IRC traffic, wherein the instructions to cause the device to differentiate by identifying one more commands comprise instructions that when executed cause the device to; identify commands included in a predetermined temporal location within the IRC traffic, wherein the instructions to identify commands included in a predetermined temporal location within the IRC traffic comprise instructions that when executed cause the device to identify a predetermined number of packets at a beginning of a sequence of packets of the IRC traffic; redirect the IRC traffic to a system that attracts IRC traffic for the purpose of collecting information relating to such IRC traffic; and transmit, based on the collected information, a command to a bot associated with the IRC traffic to stop future IRC traffic from being communicated over the network with respect to the bot. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising instructions stored thereon to cause one or more processors to:
-
monitor network traffic received via a network interface; differentiate, within the received network traffic, internet relay chat (IRC) traffic from other network traffic utilizing a port-independent algorithm operable on the payload of the received network traffic, by identifying one or more commands included in the IRC traffic, the instructions to cause the one or more processors to differentiate by identifying one or more commands included in the IRC traffic comprising instructions that when executed cause the one or more processors to identify commands included in a predetermined temporal location within the IRC traffic, wherein the instructions to identify commands included in a predetermined temporal location within the IRC traffic comprise instructions that when executed cause the device to identify a predetermined number of packets at a beginning of a sequence of packets of the IRC traffic; redirect the IRC traffic to a system that attracts IRC traffic for the purpose of collecting information relating to such IRC traffic; and transmit, based on the collected information, a command to a bot associated with the IRC traffic to stop future IRC traffic from being communicated over the network with respect to the bot. - View Dependent Claims (21)
-
Specification