EVALUATING A QUESTIONABLE NETWORK COMMUNICATION
First Claim
1. A method in a computing system for controlling communication, comprising:
- in a computing system, evaluating a network communication that is transported at least in part by network packets each having a header section and a payload section, by;
receiving a predefined white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties;
determining a first internet protocol (IP) address corresponding to the network communication, wherein the first IP address is based on contents of the payload section of the first network packet;
determining a first communication property that is associated with the network communication;
determining a second communication property that is an allowable communication property specified by an entry in the white list that corresponds to the first IP address;
evaluating the network communication with respect the white list, by determining whether or not the first communication property is encompassed by the second communication property;
in response to determining that the first communication property is not encompassed by the second communication property, setting an indicator that the network communication is not allowed.
0 Assignments
0 Petitions
Accused Products
Abstract
Identifying a questionable network address from a network communication. In an embodiment, a network device receives an incoming or outgoing connection request, a web page, an email, or other network communication. An evaluation module evaluates the network communication for a corresponding network address, which may be for the source or destination of the network communication. The network address generally includes an IP address, which may be obtained from the payload section of a network packet. The evaluation module determines one or more properties of the network communication, such as time of day, content type, directionality, or the like. The evaluation module then determines whether the properties match or are otherwise allowed based on properties specified in the white list in association with the IP address.
-
Citations
20 Claims
-
1. A method in a computing system for controlling communication, comprising:
in a computing system, evaluating a network communication that is transported at least in part by network packets each having a header section and a payload section, by; receiving a predefined white list of trusted network addresses that includes, for each of the trusted network addresses, one or more indications of allowable communication properties; determining a first internet protocol (IP) address corresponding to the network communication, wherein the first IP address is based on contents of the payload section of the first network packet; determining a first communication property that is associated with the network communication; determining a second communication property that is an allowable communication property specified by an entry in the white list that corresponds to the first IP address; evaluating the network communication with respect the white list, by determining whether or not the first communication property is encompassed by the second communication property; in response to determining that the first communication property is not encompassed by the second communication property, setting an indicator that the network communication is not allowed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
20. The system of claim 21, wherein the processor is further configured to:
based on the evaluation of the network communication, set the indicator to one of the following; the communication operation is not allowed; a warning is to be provided prior to allowing the communication operation; and an instruction is needed from a user to determine whether the communication operation is allowed.
Specification