Port scanning mitigation within a network through establishment of an a prior network connection
US7664855B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 5, 2004 |
| Grant date | Feb 16, 2010 |
| Priority date | — |
| Expiry date | Feb 4, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are described for mitigating adverse effects of port scanning within a network device. For example, an apparatus, such as a router, responds to all network connection request packets received from a client for all ports on an attached server as if all of the server's ports are open. Once a network connection is established between the router and the client, a network connection request is transmitted to the server for a requested port. Using the router to establish a full network connection with the client eliminates a unscrupulous client from sending numerous decoy network connection request messages in an effort to hide the identity of the client. By responding to all network connection requests by establishing a TCP full connection before a network connection request is forwarded to a server, a client receives no useful information regarding the state of a port on the server before providing a valid and detectable IP address. Stealth port scanning is rendered ineffective. Only connect scan-type port scanning, which is both detectible and defendable, may be used to identify open ports on a server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.