System, method, and computer program product for directing predetermined network traffic to a honeypot

US 8,667,582 B2
Filed: 12/10/2007
Issued: 03/04/2014
Est. Priority Date: 12/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying, by a firewall in communication with a honeypot, predetermined network traffic originating from a node in one of a local area network and a virtual private network utilizing at least one rule for identifying the predetermined network traffic, wherein characteristics of the predefined network traffic match predefined criteria associated with unauthorized network traffic, and wherein the predefined criteria includes the unauthorized network traffic including confidential information not authorized for communication from the node;

directing, by the firewall, the predetermined network traffic to the honeypot;

analyzing the predetermined network traffic directed to the honeypot; and

receiving, by the firewall, an update of the at least one rule based on the analysis of the predetermined network traffic directed to the honeypot.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for directing predetermined network traffic to a honeypot. In use, predetermined network traffic originating from a node in a local area network and/or a virtual private network is identified. Further, the predetermined network traffic is directed to a honeypot.

27 Citations

View as Search Results

14 Claims

1. A method, comprising:
- identifying, by a firewall in communication with a honeypot, predetermined network traffic originating from a node in one of a local area network and a virtual private network utilizing at least one rule for identifying the predetermined network traffic, wherein characteristics of the predefined network traffic match predefined criteria associated with unauthorized network traffic, and wherein the predefined criteria includes the unauthorized network traffic including confidential information not authorized for communication from the node;
  
  directing, by the firewall, the predetermined network traffic to the honeypot;
  
  analyzing the predetermined network traffic directed to the honeypot; and
  
  receiving, by the firewall, an update of the at least one rule based on the analysis of the predetermined network traffic directed to the honeypot.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the predetermined network traffic includes simple mail transfer protocol traffic (SMTP).
  - 3. The method of claim 2, wherein the simple mail transfer protocol traffic includes outbound traffic on port 25 or port 587.
  - 4. The method of claim 1, wherein the predetermined network traffic includes the unauthorized network traffic.
  - 5. The method of claim 1, wherein the node utilizes an internet protocol address internal to the local area network.
  - 6. The method of claim 1, wherein a node specific email address is configured on the node.
  - 7. The method of claim 1, wherein the at least one rule is utilized by the firewall for the directing.
  - 8. The method of claim 1, wherein the directing includes redirecting the predetermined network traffic from a destination to the honeypot.
  - 9. The method of claim 1, wherein the honeypot includes a server.
  - 10. The method of claim 1, wherein the honeypot resides on a network unprotected by a security device.
  - 11. The method of claim 1, wherein the predetermined network traffic includes at least one of an unsolicited electronic mail message, a mass mailing electronic mail message, and a malware infected electronic mail message.
  - 12. The method of claim 1, wherein the update of the least one rule includes adding a rule to block network traffic originating from an internet protocol address associated with the node.

13. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
- identifying, by a firewall in communication with a honeypot, predetermined network traffic originating from a node in one of a local area network and a virtual private network utilizing at least one rule for identifying the predetermined network traffic, wherein characteristics of the predefined network traffic match predefined criteria associated with unauthorized network traffic, and wherein the predefined criteria includes the unauthorized network traffic including confidential information not authorized for communication from the node;
  
  directing, by the firewall, the predetermined network traffic to the honeypot;
  
  analyzing the predetermined network traffic directed to the honeypot; and
  
  receiving, by the firewall, an update of the at least one rule based on the analysis of the predetermined network traffic directed to the honeypot.

14. A system, comprising:
- a honeypot; and
  
  a firewall in communication with the honeypot, the firewall including a processor and a memory and being configured to;
  
  identify predetermined network traffic originating from a node in one of a local area network and a virtual private network utilizing at least one rule for identifying the predetermined network traffic, wherein characteristics of the predefined network traffic match predefined criteria associated with unauthorized network traffic, and wherein the predefined criteria includes the unauthorized network traffic including confidential information not authorized for communication from the node;
  
  direct the predetermined network traffic to the honeypot; and
  
  receive an update of the at least one rule based on an analysis of the predetermined network traffic directed to the honeypot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Thomas, Vinoo, Jyoti, Nitin
Primary Examiner(s)
Cervetti, David Garcia
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US11/953,774
Publication Number

US 20130242743A1
Time in Patent Office

2,276 Days
Field of Search

726/11, 726/12, 726/13, 726/14, 726/22, 726/23, 726/24, 726/25, 713/150, 713/151, 713/154, 709/223, 709/224, 709/238
US Class Current

726/22
CPC Class Codes

H04L 45/306   Route determination based o...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1491   using deception as counterm...

System, method, and computer program product for directing predetermined network traffic to a honeypot

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for directing predetermined network traffic to a honeypot

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links