Automated creation of a list of disallowed network points for use in connection blocking
First Claim
1. In a communications network requiring a unique identifier for each network node, said communications network additionally requiring a first network node to specify said unique identifier of a second network node prior to allowing exchange of information between said first network node and said second network node, a network security system comprising:
- a network activity analyzer for for creating a disallowed network node identifiers list;
said network activity analyzer in communication with a source of network activity connection records;
said network activity connection records comprising at least said unique identifier of said first network node and said unique identifier of said second network node;
said network activity analyzer accessing a list of unauthorized identifiers;
each entry of said list of unauthorized identifiers comprising at least a said unique identifier of a network node known to exclusively perform unauthorized network activities;
said network activity analyzer receiving said network activity connection records from said source of network activity connection records;
for each received said network activity connection record, providing that said unique identifier of said first network node is contained in said list of unauthorized identifiers and also provided that said network activity analyzer determines that no attempt has been made within a predetermined amount of time to establish communication between said unique identifier of said second network node and a network node whose said unique identifier is not contained in said list of unauthorized identifiers, said network activity analyzer storing in said disallowed network node identifiers list an entry containing at least said unique identifier of said second network node.
0 Assignments
0 Petitions
Accused Products
Abstract
An automated network access protection system providing an efficient method for creating a list of disallowed network connection points. This is done by collecting network addresses connected to by users who have accessed the network in an unauthorized manner. This list of addresses is filtered to eliminate addresses which have been connected to by users not known to be unauthorized. Once this filtering has been completed, the list contains network addresses or phone numbers connected to only by unauthorized users. This list may further be filtered by removing any network addresses which appear in a separate list of globally valid addresses. This list may also be filtered to eliminate network addresses which are owned by commercial entities. Finally, custom filters may be applied to this list. After this filtering, this list is transferred to a mechanism for preventing connection to or from any of the network addresses or phone numbers contained in the disallowed list. The disallowed list may also be used to identify unauthorized network access attempts. By recognizing that a user is attempting to connect to or from a network address or phone number contained in the disallowed list, the network operator can reasonably presume that the attempt was unauthorized.
-
Citations
1 Claim
-
1. In a communications network requiring a unique identifier for each network node, said communications network additionally requiring a first network node to specify said unique identifier of a second network node prior to allowing exchange of information between said first network node and said second network node, a network security system comprising:
- a network activity analyzer for for creating a disallowed network node identifiers list;
said network activity analyzer in communication with a source of network activity connection records;
said network activity connection records comprising at least said unique identifier of said first network node and said unique identifier of said second network node;
said network activity analyzer accessing a list of unauthorized identifiers;
each entry of said list of unauthorized identifiers comprising at least a said unique identifier of a network node known to exclusively perform unauthorized network activities;
said network activity analyzer receiving said network activity connection records from said source of network activity connection records;
for each received said network activity connection record, providing that said unique identifier of said first network node is contained in said list of unauthorized identifiers and also provided that said network activity analyzer determines that no attempt has been made within a predetermined amount of time to establish communication between said unique identifier of said second network node and a network node whose said unique identifier is not contained in said list of unauthorized identifiers, said network activity analyzer storing in said disallowed network node identifiers list an entry containing at least said unique identifier of said second network node.
- a network activity analyzer for for creating a disallowed network node identifiers list;
Specification