Source reputation information system with router-level filtering of electronic messages
First Claim
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the system comprising:
- an engine configured to identify potentially threatening sources based on reputation data associated with the sources;
a profile database associated with the engine for storing the identified sources; and
wherein the engine is further configured to provide connection data to one or more routers associated with a destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from delivering electronic messages to the destination server via the one or more routers.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are filtering systems and methods that employ an electronic message source reputation system. The source reputation system maintains a pool of source Internet Protocol (IP) address information, in the form of a Real-Time Threat Identification Network (“RTIN”) database, which can provide the reputation of source IP addresses, which can be used by customers for filtering network traffic. The source reputation system provides for multiple avenues of access to the source reputation information. Examples of such avenues can include Domain Name Server (DNS) -type queries, servicing routers with router-table data, or other avenues.
128 Citations
60 Claims
-
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the system comprising:
-
an engine configured to identify potentially threatening sources based on reputation data associated with the sources;
a profile database associated with the engine for storing the identified sources; and
wherein the engine is further configured to provide connection data to one or more routers associated with a destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from delivering electronic messages to the destination server via the one or more routers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 38, 39)
-
-
23. A method of filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the method comprising:
-
receiving reputation data associated with a sources;
storing the reputation data;
identifying potentially threatening sources based on the reputation data corresponding to the sources;
providing connection data to one or more routers associated with a destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from delivering electronic messages to the destination server via the one or more routers. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 40, 41, 42, 43, 44)
-
-
45. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the system comprising:
-
an engine configured to identify potentially threatening sources based on evaluating reputation data associated with the sources;
a profile database associated with the engine for storing the identified sources; and
wherein the engine is further configured to;
provide connection data to one or more routers associated with a destination server, the connection data comprising update commands instructing the one or more routers to update their corresponding routing tables to redirect electronic messages sent from the threatening sources and thereby preventing the electronic messages from reaching the destination server, generate updated connection data based on evaluating updated reputation data affecting the identified potentially threatening sources, and provide the updated connection data to the one or more routers for further updating the corresponding routing tables. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
-
-
53. A method of filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the method comprising:
-
receiving reputation data associated with sources;
identifying potentially threatening sources based on an evaluation of the reputation data;
providing connection data to one or more routers associated with a destination server for updating routing tables corresponding to the one or more routers, to redirect electronic messages sent from the threatening sources and thereby preventing the electronic messages from reaching the destination server;
receiving updated reputation data associated with the source;
generating updated connection data based on evaluating updated reputation data associated with the identified potentially threatening sources; and
providing the updated connection data to the one or more routers for further updating the corresponding routing tables. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
-
Specification