Implementing decoys in network endpoints

Assignee

• Attivo Networks Inc. · US

Inventors

• Venu Vissamsetty · San Jose, US
• Muthukumar Lakshmanan · Bengaluru, IN
• Harinath Vishwanath Ramchetty · Kanchinakote, IN
• Vinod Kumar A. Porwal · Bengaluru, IN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/5014
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Endpoints of various domains implement forwarding modules as well as perform various production tasks. The endpoints of a domain participate in an election process by which one or more endpoints are selected to operate as honeypots. The forwarding modules of non-selected endpoints become inactive, but wake up periodically to determine whether an election process is occurring. Selected endpoints obtain configuration data from a management server. The endpoints then acquire IP addresses and implement one or more services according to the configuration data. The management server may configure the services based on a location of the selected endpoint. Traffic received by the selected endpoints is forwarded to the management server, which engages an attacker system using one or more VMs. When an endpoint moves to a different domain, it releases acquired IP addresses and attempts to participate in the election process in the different domain.