Network traffic monitoring
First Claim
1. A method for a first device to process receiving network packets comprising:
- tracking a rate at which network packets are received from a second device violating a validity metric, the validity metric including whether received network packets are addressed to a valid destination address;
determining a problem exists with the second device based at least in part on whether the rate exceeds a threshold; and
performing an action responsive to determining the problem.
1 Assignment
0 Petitions
Accused Products
Abstract
An intermediary network device, such as a router or other device through which network traffic passes or which may monitor passing network traffic, looks for suspicious network activity by a device. If a suspicious device is identified, then the suspicious device, assuming it supports management, may be managed to wholly or partially disable the device until its suspicious activity may be investigated. Assuming the intermediary passes network traffic for the suspicious device, in addition to or in lieu of management, the intermediary may be configured to wholly or to partially block communication to/from the suspicious device. Suspicious network activity may be identified through attempts to access network addresses not present in a routing table associated with the intermediary. Other indicia of suspicious activity are disclosed.
405 Citations
38 Claims
-
1. A method for a first device to process receiving network packets comprising:
-
tracking a rate at which network packets are received from a second device violating a validity metric, the validity metric including whether received network packets are addressed to a valid destination address;
determining a problem exists with the second device based at least in part on whether the rate exceeds a threshold; and
performing an action responsive to determining the problem. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for processing network packets comprising:
-
determining a first rate at which network packets are received from a first originating device that violate a validity metric;
accessing a second rate determined for network packets received by an other device from a second originating device that violate the validity metric;
determining a problem exists with the originating device based at least in part on a combination of the first and second rates; and
performing an action responsive to determining the problem. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An article, comprising a machine-accessible media having associated data for directing a machine to process network packets, wherein the data, when accessed, results in the machine performing:
-
tracking a rate at which network packets are received from a device violating a validity metric;
determining a problem exists with the device based at least in part on whether the rate exceeds a threshold; and
performing an action responsive to determining the problem. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. An article, comprising a machine-accessible media having associated data for processing network packets, wherein the data, when accessed, results in a machine performing:
-
determining a first rate at which network packets are received from a first originating device that violate a validity metric;
accessing a second rate determined for network packets received by an other device from a second originating device that violate the validity metric;
determining a problem exists with the originating device based at least in part on a combination of the first and second rates; and
performing an action responsive to determining the problem. - View Dependent Claims (34, 35)
-
-
36. A system for processing network packets comprising:
-
a network interface configured to receive network packets; and
a machine communicatively coupled to the network interface and configured to perform;
tracking a rate at which network packets are received from a device violating a validity metric, the validity metric including whether received network packets are addressed to a valid destination address;
determining a problem exists with the device based at least in part on whether the rate exceeds a threshold; and
performing an action responsive to determining the problem. - View Dependent Claims (37, 38)
-
Specification