DETECTING MALICIOUS CIRCUMVENTION OF VIRTUAL PRIVATE NETWORK

摘要

An embodiment directed to a method is associated with a VPN that may be used to access resource servers. Upon determining that the VPN has been accessed by a specified client, resource servers are identified, which each has an address and may receive traffic routed from the client through the VPN. The method further comprises sending a message corresponding to each identified resource server to the client, wherein the message to corresponding to a given one of the identified resources is intended to cause a response to be sent from the client to the address of the given identified resource server. Responses to respective messages sent to the client are used to determine whether a route for traffic from the client to the VPN has been compromised.

主权项

1. In association with a virtual private network (VPN) that may be used to access one or more resource servers, a computer implemented method comprising the steps of:
determining that a specified client has accessed the VPN; responsive to determining that the VPN has been accessed by the specified client, selecting one or more IP addresses that can each be misused by an anomaly resulting from manipulation of a routing table used by the specified client; monitoring messages and responses comprising selected network traffic flowing to or from the specified client, wherein at least some of the traffic is associated with respective IP addresses, and is routed to or from the specified client through the VPN; acquiring specified information from the monitored traffic; and using the acquired information to determine whether a routing for traffic from the specified client to the VPN has been compromised.