HOST TRUST REPORT BASED FILTERING MECHANISM IN A REVERSE FIREWALL
First Claim
1. A computer implemented method to throttle traffic from a source internet protocol address, the method comprising:
- inspecting payloads of a plurality of packets each packet having a source address identical to the source internet protocol address and a target address corresponding to a receiver host;
responsive to detecting purported good content within at least one of the plurality of packets, forwarding packets having the source address;
determining whether a count of packets having the source address exceeds a safe threshold;
responsive to a determination that the count of packets having the source address exceeds the safe threshold, requesting a demanded positive trust report from the receiver host;
determining whether a positive trust report is received from the receiver host that indicates that the source internet protocol address is good; and
responsive to a determination that the positive trust report is received from the receiver host, analyzing a header of packet having the source address without analyzing a payload of the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a computer implemented method and computer program product to throttle traffic from a source internet protocol address. The reverse firewall inspects payloads of a plurality of packets each packet having a source address identical to the source internet protocol address and a target address corresponding to a receiver host. Responsive to detecting purported good content within at least one of the plurality of packets, the reverse firewall forwards packets having the source address. The reverse firewall determines whether a count of packets having the source address exceeds a safe threshold. The reverse firewall requests a demanded positive trust report from the receiver host, responsive to a determination that the count of packets having the source address exceeds the safe threshold. The reverse firewall determines whether a positive trust report is received from the receiver host that indicates that the source internet protocol address is good. The reverse firewall analyzes a header of packet having the source address without analyzing a payload of the packet, responsive to a determination that the positive trust report is received from the receiver host.
24 Citations
20 Claims
-
1. A computer implemented method to throttle traffic from a source internet protocol address, the method comprising:
-
inspecting payloads of a plurality of packets each packet having a source address identical to the source internet protocol address and a target address corresponding to a receiver host; responsive to detecting purported good content within at least one of the plurality of packets, forwarding packets having the source address; determining whether a count of packets having the source address exceeds a safe threshold; responsive to a determination that the count of packets having the source address exceeds the safe threshold, requesting a demanded positive trust report from the receiver host; determining whether a positive trust report is received from the receiver host that indicates that the source internet protocol address is good; and responsive to a determination that the positive trust report is received from the receiver host, analyzing a header of packet having the source address without analyzing a payload of the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer implemented method to report a bad host, the method comprising:
-
receiving a packet from a sender host; detecting that the packet contains suspect hostile content; and transmitting a negative trust report. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product for throttling traffic from a source internet protocol address, the computer program product comprising:
-
a computer usable medium having computer usable program code embodied therewith, the computer program product comprising; computer usable program code configured to inspect payloads of a plurality of packets, each packet having a source address identical to the source internet protocol address and a target address corresponding to a receiver host; computer usable program code configured to forward packets having the source address, responsive to detecting purported good content within at least one of the plurality of packets; computer usable program code configured to determine whether a count of packets having the source address exceeds a safe threshold; computer usable program code configured to request a demanded positive trust report from the receiver host, responsive to a determination that the count of packets having the source address exceeds the safe threshold; computer usable program code configured to determine whether a positive trust report is received from the receiver host that indicates that the source internet protocol address is good; and computer usable program code configured to analyze a header of packet having the source address without analyzing a payload of the packet, responsive to a determination that the positive trust report is received from the receiver host. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification