摘要 |
<p>A honeypot computer system for detecting viruses in computer networks comprises
- at least two, preferably a plurality of detection computers - "Forwarders" (3.1, 3.2) - distributed over the network (1), each monitoring specified ones of its ports for incoming virus attacks,
- a central server computer - "Mainpot" (6)- in the network (1) communicating with said Forwarders (3.1, 3.2),
- each Forwarder (3.1, 3.2) reporting to said Mainpot (6) a detected virus attack data packet (4), sent on a certain port by a virus attack source (2), under a report protocol (HBP) comprising specified parameters (10, 11, 12) of the virus attack data packet (4) and an identifier (9) for the reporting Forwarder (3.1, 3.2),
- the Mainpot (6) constructing and sending back to the reporting Forwarder (3.1, 3.2) a preliminary answer data packet (8) for said virus attack source under said report protocol (HBP), and
- -the reporting Forwarder (3.1, 3.2) finalising an answer data packet (5) from said preliminary answer data packet (8) and resending said answer data packet (5) to the virus attack source (2).</p> |