Evaluating a questionable network communication
First Claim
Patent Images
1. A system for controlling communication, comprising:
- a first computing system comprising;
a first processor;
a first white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; and
a first communication evaluator module that executes on the first processor;
a second computing system comprising;
a second processor;
a second white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; and
a second communication evaluator module that executes on the second processor;
wherein the first communication evaluator module is configured to evaluate an outbound network communication that includes a network packet, by;
determining a first communication property that is associated with the outbound network communication, the first property including a destination IP address that is stored in the network packet and that identifies the second computing system;
determining a second communication property that is one of the one or more allowable communication properties in the first white list;
determining whether the outbound network communication is allowable, based on whether the first communication property is encompassed by the second communication property, including whether the destination IP address is identified as allowable by the second communication property; and
in response to determining that the outbound network communication is allowable, transmitting the packet to the second computing system, otherwise setting an indicator that the network communication is not allowed; and
wherein the second communication evaluator module is configured to evaluate an inbound network communication, by;
determining a first communication property that is associated with the inbound network communication, the first property including a source IP address that is stored in the network packet transmitted by the first computing system, the source IP address identifying the first computing system;
determining a second communication property that is one of the one or more allowable communication properties in the second white list;
determining whether the inbound network communication is allowable, based on whether the first communication property is encompassed by the second communication property, including whether the source IP address is identified as allowable by the second communication property; and
in response to determining that the inbound network communication is allowable, forwarding the packet to a recipient program executing on the second computing system, otherwise setting an indicator that the network communication is not allowed.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for evaluating a questionable network communication are disclosed. In some implementations, a network of computing systems or devices is provided. Each system includes an evaluation module that determines whether an outbound or inbound network communication is allowable based on one or more factors or properties of the communication, including one or more of an IP address, a listening port, a geographic location, time of day, or the like. The systems in the network may be configured to only communicate with other devices that are identified in a white list of trusted computing systems.
-
Citations
20 Claims
-
1. A system for controlling communication, comprising:
-
a first computing system comprising; a first processor; a first white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; and a first communication evaluator module that executes on the first processor; a second computing system comprising; a second processor; a second white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; and a second communication evaluator module that executes on the second processor; wherein the first communication evaluator module is configured to evaluate an outbound network communication that includes a network packet, by; determining a first communication property that is associated with the outbound network communication, the first property including a destination IP address that is stored in the network packet and that identifies the second computing system; determining a second communication property that is one of the one or more allowable communication properties in the first white list; determining whether the outbound network communication is allowable, based on whether the first communication property is encompassed by the second communication property, including whether the destination IP address is identified as allowable by the second communication property; and in response to determining that the outbound network communication is allowable, transmitting the packet to the second computing system, otherwise setting an indicator that the network communication is not allowed; and wherein the second communication evaluator module is configured to evaluate an inbound network communication, by; determining a first communication property that is associated with the inbound network communication, the first property including a source IP address that is stored in the network packet transmitted by the first computing system, the source IP address identifying the first computing system; determining a second communication property that is one of the one or more allowable communication properties in the second white list; determining whether the inbound network communication is allowable, based on whether the first communication property is encompassed by the second communication property, including whether the source IP address is identified as allowable by the second communication property; and in response to determining that the inbound network communication is allowable, forwarding the packet to a recipient program executing on the second computing system, otherwise setting an indicator that the network communication is not allowed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for controlling communication, comprising:
by first communication evaluator module executing on a first computing system, evaluating an outbound network communication that includes a network packet, by; receiving a first white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; determining a first communication property that is associated with the outbound network communication, the first property including a destination IP address that is stored in the network packet and that identifies a second computing system; determining a second communication property that is one of the one or more allowable communication properties in the first white list; determining whether the outbound network communication is allowable, based on whether the first communication property is encompassed by the second communication property, including whether the destination IP address is identified as allowable by the second communication property; and in response to determining that the outbound network communication is allowable, transmitting the packet to the second computing system, otherwise setting an indicator that the network communication is not allowed. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
20. A non-transitory computer readable medium, comprising executable instructions for causing a first computing system to perform a method comprising:
by first communication evaluator module executing on the first computing system, evaluating an outbound network communication that includes a first network packet, by; receiving a first white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; determining whether the outbound network communication is allowable, based on whether a destination IP address in the network packet is identified as allowable based on the white list; and in response to determining that the outbound network communication is allowable, transmitting the packet to the second computing system, otherwise setting an indicator that the network communication is not allowed; and evaluating an inbound network communication that includes a second network packet, by; determining whether the inbound network communication is allowable, based on (1) whether a source IP address in the network packet is identified as allowable based on the white list and (2) whether a listening port that is open and has received the second network packet is identified as allowable based on the white list; and in response to determining that the inbound network communication is allowable, forwarding the packet to a recipient program executing on the first computing system.
Specification