Network host isolation tool

US 20060153192A1
Filed: 01/13/2005
Published: 07/13/2006
Est. Priority Date: 01/13/2005
Status: Active Grant

First Claim

Patent Images

1. An automated method for blocking a plurality of devices in a network, comprising:

providing a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and

for each IP address in the list;

determining a router in the network connected to the IP address;

determining a layer-2 Media Access Control (MAC) address associated with the IP address; and

applying a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch;

wherein the blocking of the plurality of devices occurs automatically in response to the provision of the list of IP addresses.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method, system, and computer program product for quickly and automatically blocking a plurality of computer systems in response to detection of a widespread vulnerability or software infection. The method comprises: providing a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and for each IP address in the list: determining a router in the network connected to the IP address; determining a layer-2 Media Access Control (MAC) address associated with the IP address; and applying a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch; wherein the blocking of the plurality of devices occurs automatically in response to the provision of the list of IP addresses.

Citations

23 Claims

1. An automated method for blocking a plurality of devices in a network, comprising:
- providing a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and
  
  for each IP address in the list;
  
  determining a router in the network connected to the IP address;
  
  determining a layer-2 Media Access Control (MAC) address associated with the IP address; and
  
  applying a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch;
  
  wherein the blocking of the plurality of devices occurs automatically in response to the provision of the list of IP addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The automated method of claim 1, further comprising:
    - for each IP address in the list;
      
      tracing the MAC address associated with the IP address through the network to determine a switch and port to which the device corresponding to the IP address is connected.
  - 3. The automated method of claim 2, further comprising:
    - logging an identity of the switch and port to which the device corresponding to the IP address is connected.
  - 4. The automated method of claim 1, wherein the list of IP addresses is input by a user, further comprising:
    - sending results of the blocking to the user who input the list of IP addresses.
  - 5. The automated method of claim 1, wherein the CAM filter isolates a device on a branch of the network from all devices on other branches of the network.
  - 6. The automated method of claim 5, wherein all devices on the branch of the network containing the isolated device can communicate with each other.
  - 7. The automated method of claim 5, wherein any non-isolated device on the branch of the network containing the isolated device can communicate with any other non-isolated device on the network.

8. An system for automatically blocking a plurality of devices in a network, comprising:
- a system for providing a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and
  
  a system for automatically blocking the plurality of devices in response to the provision of the list of IP addresses, wherein, for each IP address in the list, the system for automatically blocking is configured to;
  
  determine a router in the network connected to the IP address;
  
  determine a layer-2 Media Access Control (MAC) address associated with the IP address; and
  
  apply a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - a system for tracing the MAC address associated with each IP address through the network to determine a switch and port to which the device corresponding to the IP address is connected.
  - 10. The system of claim 9, further comprising:
    - a system for logging an identity of the switch and port to which the device corresponding to the IP address is connected.
  - 11. The system of claim 8, wherein the list of IP addresses is input by a user, further comprising:
    - sending results of the blocking to the user who input the list of IP addresses.
  - 12. The system of claim 8, wherein the CAM filter isolates a device on a branch of the network from all devices on other branches of the network.
  - 13. The system of claim 12, wherein all devices on the branch of the network containing the isolated device can communicate with each other.
  - 14. The system of claim 12, wherein any non-isolated device on the branch of the network containing the isolated device can communicate with any other non-isolated device on the network.

15. A program product stored on a recordable medium for automatically blocking a plurality of devices in a network, which when executed comprises:
- program code for providing a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and
  
  program code for automatically blocking the plurality of devices in response to the provision of the list of IP addresses, wherein, for each IP address in the list, the program code for automatically blocking is configured to;
  
  determine a router in the network connected to the IP address;
  
  determine a layer-2 Media Access Control (MAC) address associated with the IP address; and
  
  apply a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The program product of claim 15, further comprising:
    - for each IP address in the list;
      
      tracing the MAC address associated with the IP address through the network to determine a switch and port to which the device corresponding to the IP address is connected.
  - 17. The program product of claim 16, further comprising:
    - logging an identity of the switch and port to which the device corresponding to the IP address is connected.
  - 18. The program product of claim 15, wherein the list of IP addresses is input by a user, further comprising:
    - sending results of the blocking to the user who input the list of IP addresses.
  - 19. The program product of claim 15, wherein the CAM filter isolates a device on a branch of the network from all devices on other branches of the network.
  - 20. The program product of claim 19, wherein all devices on the branch of the network containing the isolated device can communicate with each other.
  - 21. The program product of claim 19, wherein any non-isolated device on the branch of the network containing the isolated device can communicate with any other non-isolated device on the network.

22. A method for deploying an application for automatically blocking a plurality of devices in a network, comprising:
- providing a computer infrastructure being operable to;
  
  provide a list of Internet Protocol (IP) addresses corresponding to a plurality of devices to be blocked in a network; and
  
  for each IP address in the list;
  
  determine a router in the network connected to the IP address;
  
  determine a layer-2 Media Access Control (MAC) address associated with the IP address; and
  
  '"'"'apply a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch;
  
  wherein the blocking of the plurality of devices occurs automatically in response to the provision of the list of IP addresses.

23. Computer software embodied in a propagated signal for automatically blocking a plurality of devices in a network, the computer software comprising instructions to cause a computer system to perform the following functions:
- provide a list of Internet Protocol (IP) addresses and corresponding to a plurality of devices to be blocked in a network; and
  
  for each IP address in the list;
  
  determine a router in the network connected to the IP address;
  
  determine a layer-2 Media Access Control (MAC) address associated with the IP address; and
  
  apply a CAM filter to a core switch associated with the router to block communication from the device corresponding to the IP address, at the core switch;
  
  wherein the blocking of the plurality of devices occurs automatically in response to the provision of the list of IP addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Polard, James M. III, Pohlabel, Christian A.

Granted Patent

US 7,463,593 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/14   for detecting or protecting...

H04L 63/162   at the data link layer

Network host isolation tool

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Network host isolation tool

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links