Patent · US Active

Deceiving attackers in endpoint systems

US11038658B2 · kind B2 · utility

31Cited by

2References

17Claims

0Family size

Assignee

Attivo Networks Inc. · US

Inventors

Venu Vissamsetty · San Jose, US
Muthukumar Lakshmanan · Bengaluru, IN

Key dates

Filing date	May 22, 2019
Grant date	Jun 15, 2021
Priority date	—
Expiry date	Aug 28, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L61/2521
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

An endpoint executes a deflection service that detects failed connection attempts (TCP RST packets) and evaluates whether they are likely the result of a reconnaissance attack. If an inbound connection fails, a connection request packet (TCP SYN) is sent to a decoy server that includes data from the TCP RST packet. The decoy server then completes a connection handshake with a destination of the TCP RST packet and engages a process at the destination. If an outbound connection fails, the deflection service facilitates a connection between a process executing on the endpoint and the decoy server and associated with a destination port referenced by the TCP RST packet.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.