EMAIL WORM DETECTION METHODS AND DEVICES
First Claim
Patent Images
1. A network device for detecting email worms, comprising:
- a port for receiving packets; and
a processing engine configured to inspect packets received on said port, wherein if a predetermined number of packets sent from a client represent DNS queries, the client is identified as being infected.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a network device for detecting email worms having a port for receiving packets and a processing engine configured to inspect packets received on the port, wherein if a predetermined number of packets sent from a client represent DNS queries, the client is identified as being infected.
-
Citations
20 Claims
-
1. A network device for detecting email worms, comprising:
-
a port for receiving packets; and a processing engine configured to inspect packets received on said port, wherein if a predetermined number of packets sent from a client represent DNS queries, the client is identified as being infected. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of detecting an email worm using a network device, comprising the steps of:
-
a network device monitoring packets sent from a client on a network; the network device counting a number of packets representing DNS queries sent from the client; the network device comparing the number of packets to a predetermined threshold number; and if the number of packets is at least the predetermined threshold number, the network device identifying the client as being infected. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-readable medium associated with a network device, containing instructions for executing the steps of:
-
monitoring packets sent from a client on a network; counting a number of packets representing DNS queries sent from the client; comparing the number of packets to a predetermined threshold number; and if the number of packets is at least the predetermined threshold number, identifying the client as being infected. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification