Browse Prior Art Database

Internet Snoop Deceiver

IP.com Disclosure Number: IPCOM000013785D
Original Publication Date: 1999-Dec-01
Included in the Prior Art Database: 2003-Jun-18
Document File: 1 page(s) / 25K

Publishing Venue

IBM

Related People

Denise Genty: AUTHOR [+5]

Abstract

Disclosed is a software module that can be used to enhance the security of a Virtual Private Network (VPN). Internet Snoop Deceiver can be used when trusted hosts change and start using different IP addresses to avoid tunnel detection. The deceiver function would continue to send invalid data on the primary IP address VPN, while sending valid data over an alternate IP address VPN. This would deceive any person snooping on the primary VPN. There is a security risk associated with Virtual Private Networks using any security encryption algorithm. VPN tunnel data goes out on the internet and is encrypted in some manner such that only the tunnel endpoints know the encryption/decryption secret key. Given time, a snoop can collect data, including IP addresses, crack the encryption code and discover the secret keys. The reason for the VPN to switch to an alternate IP address is because a snoop will use the VPN's IP address as a search point and save all traffic to or from the IP address. The snoop can then apply extensive compute power to the traffic in an attempt to crack the encryption. If the snoop determines that the IP address it was snooping on is no longer transmitting data, it may cause the snoop to search for different IP addresses to monitor. This disclosure will remove this alert. The Internet Snoop Deceiver will send bogus data on all of the alternate IP addresses all of the time. When the VPN snoop avoidance software causes the trusted hosts to change and start using a different VPN based on different IP addresses, bogus data will be sent continually on the primary IP address VPN, while the valid data will be sent on the secondary IP address VPN.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 79% of the total text.

Page 1 of 1

Internet Snoop Deceiver

Disclosed is a software module that can be used to enhance the security of a
Virtual Private Network (VPN). Internet Snoop Deceiver can be used when
trusted hosts change and start using different IP addresses to avoid tunnel
detection. The deceiver function would continue to send invalid data on the
primary IP address VPN, while sending valid data over an alternate IP address
VPN. This would deceive any person snooping on the primary VPN.

     There is a security risk associated with Virtual Private Networks using
any security encryption algorithm. VPN tunnel data goes out on the internet
and is encrypted in some manner such that only the tunnel endpoints know the
encryption/decryption secret key. Given time, a snoop can collect data,
including IP addresses, crack the encryption code and discover the secret
keys.

     The reason for the VPN to switch to an alternate IP address is because a
snoop will use the VPN's IP address as a search point and save all traffic to
or from the IP address. The snoop can then apply extensive compute power to
the traffic in an attempt to crack the encryption. If the snoop determines
that the IP address it was snooping on is no longer transmitting data, it may
cause the snoop to search for different IP addresses to monitor. This
disclosure will remove this alert.

     The Internet Snoop Deceiver will send bogus data on all of the alternate
IP addresses all of the time. When the VPN snoop avoidance software causes
the trusted hosts to change...