Systems, methods, and devices for detecting security vulnerabilities in IP networks

Assignee

• SOLARWINDS WORLDWIDE, LLC · US

Inventors

• Charles K. Stefanidakis · Newbury, US
• Richard Person · Newburyport, US
• Anish Dhanda · Cambridge, US
• Gregory Sabatino · Cambridge, US
• John J. Donovan · Dallas, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1458
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

This invention is a system, method, and apparatus for detecting compromise of IP devices that make up an IP-based network. One embodiment is a method for detecting and alerting on the following conditions: (1) Denial of Service Attack; (2) Unauthorized Usage Attack (for an IP camera, unauthorized person seeing a camera image); and (3) Spoofing Attack (for an IP camera, unauthorized person seeing substitute images). A survey of services running on the IP device, historical benchmark data, and traceroute information may be used to detect a possible Denial of Service Attack. A detailed log analysis and a passive DNS compromise system may be used to detect a possible unauthorized usage. Finally, a fingerprint (a hash of device configuration data) may be used as a private key to detect a possible spoofing attack. The present invention may be used to help mitigate intrusions and vulnerabilities in IP networks.