LOGICAL / PHYSICAL ADDRESS STATE LIFECYCLE MANAGEMENT
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing logical and physical address state lifecycles. A state of unknown can be assigned to an address when the state has not been assigned. The state of the address is changed when communication is targeted to the address. The state can be changed to unfulfilled when the communication includes an address resolution protocol request sent to a device having the address when a time limit for a response to the address resolution protocol request has not expired. The state can be changed to virtual when the communication is received at the address when the state of the address is unfulfilled, and a time limit for responding to the communication expires before a response is sent. The state can be changed to unknown when the state of the address is not unknown, and the address does not participate in the communication within a time limit.
12 Citations
26 Claims
-
1-6. -6. (canceled)
-
7. A method comprising:
-
capturing a data packet from a network; determining whether the data packet is associated with a known threat based on whether an address in the data packet is in a table of addresses associated with known threats; processing the data packet when the data packet is not associated with one of the known threats based on a protocol of the data packet to generate processed information; comparing the processed information to a set of reconnaissance rules; and determining that the data packet is associated with a new threat if the processed information violates one of the set of reconnaissance rules. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a data analyzer to capture a data packet from a network, determine whether the data packet is associated with a known threat based on whether an address in the data packet is in a table of addresses associated with known threats; a data processor to process the data packet when the data packet is not associated with a known threat based on a protocol of the data packet to generate process information; a rules analyzer to compare the processed information to a set of reconnaissance rules and determine that the data packet is associated with a new threat if the processed information violates one of the set of rules. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A storage device or storage disc comprising instructions that, when executed, cause a machine to at least:
-
capture a data packet from a network; determine whether the data packet is associated with a known threat based on whether an address in the data packet is in a table of addresses associated with known threats; process the data packet when the data packet is not associated with a known threat based on a protocol of the data packet to generate processed information; compare the processed information to a set of reconnaissance rules; and determine that the data packet is associated with a new threat if the processed information violates one of the set of reconnaissance rules. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification