Browse Prior Art Database

Internet Snoop Deceiver

IP.com Disclosure Number: IPCOM000013785D
Original Publication Date: 1999-Dec-01
Included in the Prior Art Database: 2003-Jun-18

Publishing Venue

IBM

Related People

Authors:
Denise Genty Shawn Mullen Gerald McBrearty Johnny Shieh Mark Grosch

Abstract

Disclosed is a software module that can be used to enhance the security of a Virtual Private Network (VPN). Internet Snoop Deceiver can be used when trusted hosts change and start using different IP addresses to avoid tunnel detection. The deceiver function would continue to send invalid data on the primary IP address VPN, while sending valid data over an alternate IP address VPN. This would deceive any person snooping on the primary VPN. There is a security risk associated with Virtual Private Networks using any security encryption algorithm. VPN tunnel data goes out on the internet and is encrypted in some manner such that only the tunnel endpoints know the encryption/decryption secret key. Given time, a snoop can collect data, including IP addresses, crack the encryption code and discover the secret keys. The reason for the VPN to switch to an alternate IP address is because a snoop will use the VPN's IP address as a search point and save all traffic to or from the IP address. The snoop can then apply extensive compute power to the traffic in an attempt to crack the encryption. If the snoop determines that the IP address it was snooping on is no longer transmitting data, it may cause the snoop to search for different IP addresses to monitor. This disclosure will remove this alert. The Internet Snoop Deceiver will send bogus data on all of the alternate IP addresses all of the time. When the VPN snoop avoidance software causes the trusted hosts to change and start using a different VPN based on different IP addresses, bogus data will be sent continually on the primary IP address VPN, while the valid data will be sent on the secondary IP address VPN.