Transparent Provisioning of Network Access to an Application
First Claim
1. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
- interfacing with the network so as to be able to intercept any packet of the plurality of packets;
intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and
analyzing, with a processor, the intercepted packet and deleting the intercepted packet based on the analysis.
9 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.
82 Citations
51 Claims
-
1. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
-
interfacing with the network so as to be able to intercept any packet of the plurality of packets; intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and analyzing, with a processor, the intercepted packet and deleting the intercepted packet based on the analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
-
a system network interface operative to interface with the network; a packet interceptor coupled with the system network interface and operative to intercept each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and a processor coupled with the packet interceptor and operative to detect a security attack based on the intercepted packet, and absorb the detected security attack, the detection comprising a determination that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and a determination whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
-
interfacing with the network so as to be able to intercept any packet of the plurality of packets; intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; analyzing the intercepted packet and absorbing the intercepted packet based on the analysis, the analyzing comprising determining that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and determining whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system for transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
-
a system network interface operative to interface with the network; a packet interceptor coupled with the system network interface and operative to intercept each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and a processor coupled with the packet interceptor and operative to detect a security attack based on the intercepted packet, and absorb the detected security attack. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification