Filtering network data transfers
First Claim
1. A packet security gateway comprising:
- at least one processor; and
memory comprising instructions that, when executed by the at least one processor, cause the packet security gateway to;
(a) identify a header of at least one application packet within one or more outbound IP packets filtered by the at least one processor;
(b) identify a field indicating an HTTP method value within the identified header of the at least one application packet, wherein the at least one application packet is associated with an HTTP method;
(c) determine if the identified field indicates a network exfiltration method that when executed would cause data stored within a protected network to be sent outside of the protected network; and
(d) change a forwarding of the one or more outbound IP packets when the identified field indicates the network exfiltration method that when executed would cause data stored within the protected network to be sent outside of the protected network.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.
263 Citations
21 Claims
-
1. A packet security gateway comprising:
-
at least one processor; and memory comprising instructions that, when executed by the at least one processor, cause the packet security gateway to; (a) identify a header of at least one application packet within one or more outbound IP packets filtered by the at least one processor; (b) identify a field indicating an HTTP method value within the identified header of the at least one application packet, wherein the at least one application packet is associated with an HTTP method; (c) determine if the identified field indicates a network exfiltration method that when executed would cause data stored within a protected network to be sent outside of the protected network; and (d) change a forwarding of the one or more outbound IP packets when the identified field indicates the network exfiltration method that when executed would cause data stored within the protected network to be sent outside of the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of detecting a potential network exfiltration comprising:
-
filtering one or more outbound IP packets departing from within a protected network that have a destination outside of the protected network; identifying at least one application packet contained in the one or more outbound IP packets; determining that the identified at least one application packet is associated with an HTTP or HTTPS protocol; identifying an HTTP method field within a header region of the identified at least one application packet; determining whether a value of the identified HTTP method field indicates one or more network exfiltration methods; and performing an operation on the one or more outbound IP packets when the HTTP method field indicates at least one of the network exfiltration methods. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors of a packet security gateway, cause the packet security gateway to:
-
filter one or more outbound IP packets departing from within a protected network that have a destination outside of the protected network; identify at least one application packet contained in the one or more outbound IP packets; determine that the identified at least one application packet is associated with an HTTP or HTTPS protocol; identify an HTTP method field within a header region of the identified at least one application packet; determine whether a value of the identified HTTP method field indicates one or more network exfiltration methods; and perform an operation on the one or more outbound IP packets when the HTTP method field indicates at least one of the network exfiltration methods. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification