Patent · US Active

Method and apparatus for detecting port scans with fake source address

US7962957B2 · kind B2 · utility

229Cited by

2References

35Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Susann Marie Keohane · Austin, US
Gerald Francis McBrearty · Austin, US
Shawn P. Mullen · Kyle, US
Jessica C. Murillo · Round Rock, US
Johnny Meng-Han Shieh · Austin, US

Key dates

Filing date	Apr 23, 2007
Grant date	Jun 14, 2011
Priority date	—
Expiry date	Oct 9, 2029

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer implemented method, apparatus, and computer program product for port scan protection. A reply data packet having a modified transmission control protocol header is generated to form a modified reply data packet, in response to detecting a port scan. The modified reply data packet will elicit a response from a recipient of the modified data packet. The reply data packet is sent to a first Internet protocol address associated with the port scan. A second Internet protocol address is identified from a header of the response to the modified reply data packet. The second Internet protocol address is an actual Internet protocol address of a source of the port scan. All network traffic from the second Internet protocol address may be blocked to prevent an attack on any open ports from the source of the port scan.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.