×

Method for tracking machines on a network using multivariable fingerprinting of passively available information

  • US 9,444,835 B2
  • Filed: 08/08/2014
  • Issued: 09/13/2016
  • Est. Priority Date: 10/17/2006
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for remote tracking of machines on a network of computers, the method comprising:

  • determining one or more assertions to be monitored for a first web site server, the first web site server being coupled to the network of computers;

    monitoring traffic flowing to the first web site server through the network of computers;

    identifying the one or more assertions from the traffic to determine a malicious host from the network of computers;

    associating a first IP address and a first hardware fingerprint to the one or more assertions of the malicious host, wherein the first hardware fingerprint includes sampled attributes associated with one or more of stack ticks, time skew, and TCP Window size;

    storing information associated with the first IP address, the first hardware fingerprint, and the one or more assertions of the malicious host in one or more memories of a database;

    identifying an unknown host coupled to a second web site server;

    determining a second IP address and a second hardware fingerprint associated with the unknown host; and

    determining if the unknown host is a malicious host.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×