System and method for detecting and defeating IP address spoofing in electronic mail messages
First Claim
Patent Images
1. A method for detecting a spoofed network connection comprising:
- receiving a connection from a client;
delaying sending a greeting message for a delay period, the delay period being less than or equal to a maximum tolerable delay, the maximum tolerable delay being the longest delay that would be tolerated by a valid client;
monitoring the connection during the delay period;
if a command is received from the client before the greeting is sent, then identifying the connection as the spoofed connection;
processing any electronic mail associated with the spoofed connection;
wherein a spoofed connection electronic-mail message is processed using a process selected from the group consisting of;
deleting the spoofed-connection electronic-mail message;
marking the spoofed-connection electronic-mail message; and
storing the spoofed-connection electronic-mail message in an electronic directory.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting spoofed network connections comprising receiving a connection from a client, delaying sending a greeting message for a delay period, monitoring the connection during the delay period, and if a command is received from the client before the greeting is sent, then identifying the connection as a possible spoofed connection.
14 Citations
16 Claims
-
1. A method for detecting a spoofed network connection comprising:
-
receiving a connection from a client; delaying sending a greeting message for a delay period, the delay period being less than or equal to a maximum tolerable delay, the maximum tolerable delay being the longest delay that would be tolerated by a valid client; monitoring the connection during the delay period; if a command is received from the client before the greeting is sent, then identifying the connection as the spoofed connection; processing any electronic mail associated with the spoofed connection; wherein a spoofed connection electronic-mail message is processed using a process selected from the group consisting of; deleting the spoofed-connection electronic-mail message; marking the spoofed-connection electronic-mail message; and storing the spoofed-connection electronic-mail message in an electronic directory. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for detecting a spoofed network connection comprising:
-
receiving a first command at a server from a client; delaying, for a delay period, a transmission of a reply associated with the first command, the delay period being less than or equal to a maximum tolerable delay, the maximum tolerable delay being the longest delay that would be tolerated by a valid client; monitoring a connection between the server and the client during the delay period; if a second command is received at the server before the reply is transmitted, then identifying the connection as the spoofed connection; processing any electronic mail associated with the spoofed connection; wherein a spoofed connection electronic-mail message is processed using a process selected from the group consisting of; deleting the spoofed-connection electronic-mail message; marking the spoofed-connection electronic-mail message; and storing the spoofed-connection electronic-mail message in an electronic directory. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An apparatus for detecting a spoofed connection comprising:
-
means for detecting when a connection is established between the apparatus and a client device; means for transmitting a greeting message or a reply or both to the client device; means for delaying the transmitting means so that the greeting message or the reply or both are not transmitted during a delay period, the delay period being less than or equal to a maximum tolerable delay, the maximum tolerable delay being the longest delay that would be tolerated by a valid client; and means for monitoring the connection to detect commands that are sent by the client device at least during the delay period; if a command is received from the client before the greeting message or a reply or both is sent then identifying the connection as the spoofed connection; means for processing any electronic mail associated with the spoofed connection; wherein a spoofed connection electronic-mail message is processed using a process selected from the group consisting of; deleting the spoofed-connection electronic-mail message; marking the spoofed-connection electronic-mail message; and storing the spoofed-connection electronic-mail message in an electronic directory. - View Dependent Claims (13, 14, 15, 16)
-
Specification