SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING UNWANTED ACTIVITY UTILIZING A HONEYPOT DEVICE ACCESSIBLE VIA VLAN TRUNKING

US 20120180131A1
Filed: 03/08/2012
Published: 07/12/2012
Est. Priority Date: 10/17/2007
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for identifying unwanted activity utilizing a honeypot accessible via virtual local area network (VLAN) trunking. In use, a honeypot device is allowed to be accessed via VLAN trunking. Furthermore, unwanted data is identified, utilizing the honeypot device.

Citations

40 Claims

1-20. -20. (canceled)

21. A method comprising:
- identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device being incapable of communication outside the LAN;
  
  identifying the source device associated with the unwanted activity; and
  
  isolating the source device from the LAN in response to the source device being associated with the unwanted activity.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 22. The method of claim 21, wherein the one or more packets are associated with a time to live (TTL) of one.
  - 23. The method of claim 21, wherein isolating the source from the LAN includes preventing communication with the source device via the LAN.
  - 24. The method of claim 23, wherein preventing communication with the source device via the LAN includes dropping frames communicated to or from the source device.
  - 25. The method of claim 21, wherein the network device is configured to emulate a network entity vulnerable to the unwanted activity.
  - 26. The method of claim 25, wherein the network entity includes at least one of a resource, a service, a system, and a database.
  - 27. The method of claim 21, further comprising:
    - applying a tag to one or more frames communicated from the source device over the VLAN.
  - 28. The method of claim 27, wherein the tag identifies the source device.
  - 29. The method of claim 21, wherein the network device comprises a honeypot device.
  - 30. The method of claim 21, wherein the network device is a server.
  - 31. The method of claim 21, wherein the network device is unprotected by a security system with respect to activity within the local area network.
  - 32. The method of claim 21, wherein the network device is configured via virtual local area network trunking to be accessible by a plurality of other devices located across multiple virtual local area networks.
  - 33. The method of claim 32, wherein the multiple virtual local area networks are included in the local area network on which the network device is located.
  - 34. The method of claim 32, wherein the virtual local area network trunking is facilitated utilizing at least one virtual local area network capable switch.
  - 35. The method of claim 21, wherein the unwanted activity includes at least one of malware, a virus, a worm, spam, or spyware.
  - 36. The method of claim 21, wherein identifying the unwanted activity by the network device includes identifying a type of access associated by the network device as unwanted activity.
  - 37. The method of claim 21, wherein identifying the unwanted activity by the network device includes comparing activity associated with the network device with known unwanted activity.
  - 38. The method of claim 21, further comprising:
    - removing the source device from isolation from the LAN in response to a determination that a component of the source device responsible for the unwanted activity has been removed.

39. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
- identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device being incapable of communication outside the LAN;
  
  identifying the source device associated with the unwanted activity; and
  
  isolating the source device from the LAN in response to the source device being associated with the unwanted activity.

40. A system, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the system is configured for;
  
  identifying, by a network device, unwanted activity associated with an access request from a source device, the network device in communication with the source device via a virtual local area network (VLAN) of a local area network (LAN), wherein the unwanted activity is associated with one or more packets from the source device being incapable of communication outside the LAN;
  
  identifying the source device associated with the unwanted activity; and
  
  isolating the source device from the LAN in response to the source device being associated with the unwanted activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Thomas, Vinoo, Jyoti, Nitin

Granted Patent

US 8,528,092 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 63/1491 using deception as counterm...

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING UNWANTED ACTIVITY UTILIZING A HONEYPOT DEVICE ACCESSIBLE VIA VLAN TRUNKING

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING UNWANTED ACTIVITY UTILIZING A HONEYPOT DEVICE ACCESSIBLE VIA VLAN TRUNKING

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links