Browse Prior Art Database

Method for Detecting Network Intruders

IP.com Disclosure Number: IPCOM000064307D
Original Publication Date: 1985-Jun-01
Included in the Prior Art Database: 2005-Feb-18

Publishing Venue

IBM

Related People

Authors:
Rekhter, JY [+details]

Abstract

Periodically sending a packet to a special address (back to sender or to an open network address) can set the "refuse bit" as an intruder trap. This method is designed to work with any Local Area Network (LAN) which has the refuse bit and a control word similar to that shown in the figure below. (Image Omitted) When the node sends a packet, it sets the "refuse bit" to one. When the packet arrives at its destination node, the node returns the packet to the LAN with the "refuse bit" cleared. When this packet arrives at the node which originally sent it, that node intercepts it and can check whether the "refuse bit" has been cleared. If the "refuse bit" has not been cleared, the appropriate bit is set in the Control Status Register which is accessible by software.