Switching network employing server quarantine functionality

US 20070258437A1
Filed: 08/18/2006
Published: 11/08/2007
Est. Priority Date: 05/05/2006
Status: Abandoned Application

First Claim

Patent Images

1. A communication infrastructure that routes a packet from a source device toward a destination device, the source device having a domain name and a current network address, the communication infrastructure comprising:

a domain name server that associatively stores the domain name and the current network address of the source end point device;

an intermediate routing node;

a plurality of templates stored on the intermediate routing node, a first of the plurality of templates being updated from the associative storage of the domain name server using the domain name of the source device, the first of the plurality of templates targeting the current network address of the source device;

a quarantine service function;

the intermediate routing node, after receiving the packet originating from the source device, successfully matches the packet with the first of the plurality of templates; and

the intermediate routing node responds to the successful matching by triggering the quarantine service function.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communication infrastructure, an intermediate node supports delivery of packets from source devices to destination devices if the source device contains no notorious content (e.g., malware or illegal content, services or distribution). The intermediate node, e.g., a switch, router, access point, bridge or gateway, contains a plurality of predefined templates and corresponding quarantine service functions. By comparing packets received with the plurality of predefined templates and associated logic, the intermediate node identifies notorious source devices such as a notorious server and notorious content. Templates target at least a portion of one or more of a domain name, IP address or URL, for example. Once identified, local and/or remote quarantine service functionality attempts to neutralize, warn, remove and/or block the notorious content at both the source and destination devices. Warnings may include human challenges to prevent malware override.

48 Citations

View as Search Results

23 Claims

1. A communication infrastructure that routes a packet from a source device toward a destination device, the source device having a domain name and a current network address, the communication infrastructure comprising:
- a domain name server that associatively stores the domain name and the current network address of the source end point device;
  
  an intermediate routing node;
  
  a plurality of templates stored on the intermediate routing node, a first of the plurality of templates being updated from the associative storage of the domain name server using the domain name of the source device, the first of the plurality of templates targeting the current network address of the source device;
  
  a quarantine service function;
  
  the intermediate routing node, after receiving the packet originating from the source device, successfully matches the packet with the first of the plurality of templates; and
  
  the intermediate routing node responds to the successful matching by triggering the quarantine service function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The communication infrastructure of claim 1, wherein the source device comprising a notorious server, and the first of the plurality of templates targeting the notorious server by targeting the current network address.
  - 3. The communication infrastructure of claim 1, wherein the source device is a server cluster.
  - 4. The communication infrastructure of claim 1, wherein the quarantine service function delivers a human challenge.
  - 5. The communication infrastructure of claim 1, wherein the quarantine service function delivers a warning message.
  - 6. The communication infrastructure of claim 1, wherein the source device offers notorious content and the quarantine service function offers to neutralize the notorious content.
  - 7. The communication infrastructure of claim 1, wherein the source device offers notorious content and the quarantine service function offers to remove the notorious content.
  - 8. The communication infrastructure of claim 1, wherein the quarantine service function is located at least in part within the intermediate routing node.
  - 9. The communication infrastructure of claim 1, wherein the quarantine service function is located at least in part within a support server.
  - 10. The communication infrastructure of claim 1, wherein the destination device supports the quarantine service function.

11. An intermediate routing node in a communication infrastructure that supports packet switched communication from a source device toward a destination device, the source device having a network identifier, the source device having notorious content, the communication infrastructure comprising:
- a communication interface;
  
  storage containing a plurality of templates;
  
  a first of the plurality of templates targeting at least a portion of the network identifier;
  
  processing circuitry, coupled to the storage and to the communication interface, that, during a comparison of a packet received from the source device via the communication interface, matches the packet with the first of the plurality of templates; and
  
  the processing circuitry, at least in part based on the matching, responds by triggering a quarantine function.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The intermediate routing node of claim 11, wherein the intermediate routing node comprising a router.
  - 13. The intermediate routing node of claim 11, wherein the intermediate routing node comprising an access point.
  - 14. The intermediate routing node of claim 11, wherein the processing circuitry responds by triggering the quarantine function based on matching both the first of the plurality of templates and a second of the plurality of templates, the second of the plurality of templates targeting at least a portion of a uniform resource locator.
  - 15. The intermediate routing node of claim 11, wherein the processing circuitry responds by triggering the quarantine function based on matching both the first of the plurality of templates and a second of the plurality of templates, the second of the plurality of templates targeting at least a portion of a name of the notorious content.
  - 16. The intermediate routing node of claim 11, wherein the processing circuitry responds by triggering the quarantine function based on matching both the first of the plurality of templates and a second of the plurality of templates, the second of the plurality of templates targeting at least a portion of a directory path to the notorious content.

17. A method performed by an intermediate network node in a packet switched communication pathway, the intermediate network node being communicatively coupled between a source device and a destination device, the source device having a network identifier and notorious content, the method comprising:
- receiving a packet that contains the network identifier;
  
  comparing the packet with a plurality of templates;
  
  matching at least a portion of the packet with a first of the plurality of templates;
  
  responding, based at least in part on the matching, by triggering a quarantine function.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, further comprising executing at least a portion of the quarantine function locally.
  - 19. The method of claim 17, wherein the triggering of the quarantine function comprising sending a request to a support server to execute at least a portion of the quarantine function.
  - 20. The method of claim 17, further comprising updating the first of the plurality of templates based on interaction with a domain name server.
  - 21. The method of claim 17, further comprising matching at least a portion of the packet with a second of the plurality of templates, and wherein the responding by the triggering of the quarantine function is based on the match with the first of the plurality of templates and the match with the second of the plurality of templates.
  - 22. The method of claim 17, wherein the first of the plurality of templates targets the network identifier.
  - 23. The method of claim 17, wherein the first of the plurality of templates targets at least a portion of a uniform resource locator associated with the notorious content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Bennett, James D.

Application Number

US11/506,661
Publication Number

US 20070258437A1
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 63/1441 Countermeasures against mal...

H04L 63/1491 using deception as counterm...

Switching network employing server quarantine functionality

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Switching network employing server quarantine functionality

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links