System for automated process substitution with connection-preserving capabilities
US-2024406173-A1 · Dec 5, 2024 · US
Dynamic service handling using a honeypot
US9485276B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9485276-B2 |
| Application number | US-201414586401-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 30, 2014 |
| Priority date | Sep 28, 2012 |
| Publication date | Nov 1, 2016 |
| Grant date | Nov 1, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a network device from a client device, a service request to receive a service indicated in the service request from a server indicated in the service request, wherein the service request specifies an address for the server indicated in the service request, and wherein the address is not associated with the network device; and by the network device and in response to obtaining a negative indication for the service that indicates the server indicated in the service request does not offer the service, sending a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device, wherein the negative indication for the service comprises an expiry of a timer for the service response without the network device having received a positive indication for the service from the server indicated in the service request. 2. The method of claim 1 , wherein the service request includes address for the server indicated in the service request comprises a layer 3 destination address to indicate the server indicated in the service request, and wherein no server of a network that includes the network device has a layer 3 address that is the layer 3 destination address. 3. The method of claim 1 , further comprising: generating, by the network device in response to obtaining a negative indication for the service that indicates the server indicated in the service request does not offer the service, a positive indication for the service; and sending, by the network device to the client device, the positive indication for the service. 4. The method of claim 1 , further comprising: proxying, by the network device, a service session for the service between the honeypot and the client device to offer the service to the client device. 5. The method of claim 1 , wherein the service request comprises a first service request, and wherein the negative indication for the service comprises a negative indication for the first service request, the method further comprising: receiving, by the network device, a second service request specifying the service; and by the network device and in response to obtaining the negative indication for the first service request, sending a representation of the second service request to the honeypot to cause the honeypot to offer the service to the client device without obtaining a negative indication for the second service request. 6. The method of claim 1 , wherein the network device comprises a security appliance, and wherein the service request includes a layer 3 destination address for the server indicated in the service request, wherein the server is located within a network protected by the security appliance. 7. The method of claim 1 , wherein the network device comprises a security appliance, and wherein the client device is located within a network protected by the security appliance. 8. The method of claim 1 , wherein the representation of the service request causes the honeypot to dynamically offer the service to imitate the service to the client device as if the service were provided by the server indicated in the service request. 9. A method comprising: receiving, by a network device, a probe from a client device; receiving, by the network device from the client device and after receiving the probe, a service request to receive a service indicated in the service request from a server indicated in the service request; sending, by the network device in response to obtaining a negative indication for the service that indicates the server indicated in the service request does not offer the service and determining the network device previously received the probe from the client device, a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device. 10. The method of claim 9 , wherein the probe specifies a destination address that is not associated with the network device, the method further comprising: by the network device and in response to receiving the probe from the client device, generating a probe response indicating that the destination address is associated with the server indicated in the service request; and sending, by the network device, the probe response to the client device. 11. The method of claim 9 , wherein the probe comprises an Internet Control Message Protocol echo request, and wherein the probe response comprises an Internet Control Message Protocol echo response. 12. The method of claim 9 , wherein the probe specifies a destination address that is not associated with the network device, and wherein the destination address is not associated with any server of a network that includes the network device. 13. The method of claim 9 , wherein the service request specifies an address for the server indicated in the service request, wherein the address is not associated with the network device, and wherein obtaining a negative indication for the service comprises receiving, by the network device, a negative service response for the service from the server indicated in the service request. 14. The method of claim 13 , wherein the service request comprises a Transmission Control Protocol SYN packet, and wherein the negative service response comprises a Transmission Control Protocol SYN RST packet. 15. The method of claim 9 , wherein the negative indication for the service comprises an expiry of a timer for the service response without the network device having received a positive indication for the service from the server indicated in the service request. 16. A non-transitory computer-readable storage medium comprising instructions stored thereon that, when executed, configure one or more processors to: receive, by a network device from a client device, a service request to receive a service indicated in the service request from a server indicated in the service request, wherein the service request specifies an address for the server indicated in the service request, and wherein the address is not associated with the network device; and by the network device and in response to obtaining a negative indication for the service that indicates the server indicated in the service request does not offer the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device, wherein the negative indication for the service comprises an expiry of a timer for the service response without the network device having received a positive indication for the service from the server indicated in the service request. 17. A network device comprising: one or more processors coupled to a memory; a dynamic services module configured for execution by the one or more processors to: receive, from a client device, a service request to receive a service indicated in the service request from a server indicated in the service request, wherein the service request specifies an address for the server indicated in the service request, and wherein the address is not associated with the network device; and in response to obtaining a negative indication for the service that indicates the server indicated in the service request does not offer the service, send a representation of the service request to a honeypot to cause the honeypot to offer the service to the client device, wherein the negative indication for the service comprises an expiry of a timer for the service response without the network device having received a pos
Assignees
Inventors
Classifications
- H04L63/1491Primary
using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment · CPC title
Protocols · CPC title
Provisioning of proxy services (store-and-forward switching systems in data switching networks H04L12/54) · CPC title
Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware · CPC title
Protection against power exhaustion attacks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9485276B2 cover?
- A network device comprises one or more processors coupled to a memory, and a dynamic services module configured for execution by the one or more processors to receive, from a client device, a service request specifying a service. The dynamic service module is further configured for execution by the one or more processors to, in response to obtaining a negative indication for the service, send a…
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1491. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 01 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).