System and method for providing passive screening of transient messages in a distributed computing environment
First Claim
Patent Images
1. A system for providing passive screening of transient messages in a distributed computing environment, comprising:
- a network interface passively monitoring a transient packet stream at a network boundary comprising receiving incoming datagrams structured in compliance with a network protocol layer;
a packet receiver reassembling one or more of the incoming datagrams into a segment structured in compliance with a transport protocol layer;
an antivirus scanner scanning contents of the reassembled segment for a presence of at least one of a computer virus and malware to identify infected message contents;
a protocol-specific module processing each reassembled datagram based on the transport protocol layer employed by the reassembled datagram; and
a spoof module sending a spoofed network protocol packet responsive to an occurrence of at least one of an infection and a network attack;
wherein the spoofed network protocol packet spoofs an origin server by being utilized to send a legitimate packet to a network domain in place of an infected packet.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method includes passive screening of transient messages in a distributed computing environment. A transient packet stream is passively monitored at a network boundary. Incoming datagrams structured in compliance with a network protocol layer are received. One or more of the incoming datagrams are reassembled into a segment structured in compliance with a transport protocol layer. Contents of the reassembled segment are scanned for a presence of at least one of a computer virus and malware to identify infected message contents.
90 Citations
49 Claims
-
1. A system for providing passive screening of transient messages in a distributed computing environment, comprising:
-
a network interface passively monitoring a transient packet stream at a network boundary comprising receiving incoming datagrams structured in compliance with a network protocol layer; a packet receiver reassembling one or more of the incoming datagrams into a segment structured in compliance with a transport protocol layer; an antivirus scanner scanning contents of the reassembled segment for a presence of at least one of a computer virus and malware to identify infected message contents; a protocol-specific module processing each reassembled datagram based on the transport protocol layer employed by the reassembled datagram; and a spoof module sending a spoofed network protocol packet responsive to an occurrence of at least one of an infection and a network attack; wherein the spoofed network protocol packet spoofs an origin server by being utilized to send a legitimate packet to a network domain in place of an infected packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for providing passive screening of transient messages in a distributed computing environment, comprising:
-
passively monitoring a transient packet stream at a network boundary comprising receiving incoming datagrams structured in compliance with a network protocol layer; reassembling one or more of the incoming datagrams into a segment structured in compliance with a transport protocol layer; scanning contents of the reassembled segment for a presence of at least one of a computer virus and malware to identify infected message contents; processing each reassembled datagram based on the transport protocol layer employed by the reassembled datagram; and sending a spoofed network protocol packet responsive to an occurrence of at least one of an infection and a network attack; wherein the spoofed network protocol packet spoofs an origin server by being utilized to send a legitimate packet to a network domain in place of an infected packet. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for passively detecting computer viruses and malware and denial of service-type network attacks in a distributed computing environment, comprising:
-
a network interface receiving copies of datagrams transiting a boundary of a network domain into an incoming packet queue, each datagram being copied from a packet stream; a packet receiver reassembling one or more such datagrams from the incoming packet queue into network protocol packets, each staged in a reassembled packet queue; an antivirus scanner scanning each network protocol packet from the reassembled packet queue to ascertain an infection of at least one of a computer virus and malware; an event correlator evaluating events identified from the datagrams in the packet stream to detect a denial of service-type network attack on the network domain; and a spoof module sending a spoofed network protocol packet responsive to an occurrence of at least one of the infection and the network attack; wherein a protocol-specific module processes each reassembled datagram based on an upper protocol layer employed by the reassembled datagram; wherein the spoofed network protocol packet spoofs an origin server by being utilized to send a legitimate packet to the network domain in place of an infected packet. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for passively detecting computer viruses and malware and denial of service-type network attacks in a distributed computing environment, comprising:
-
receiving copies of datagrams transiting a boundary of a network domain into an incoming packet queue, each datagram being copied from a packet stream; reassembling one or more such datagrams from the incoming packet queue into network protocol packets, each staged in a reassembled packet queue; scanning each network protocol packet form the reassembled packet queue to ascertain an infection of at least one of a computer virus and malware; evaluating events identified from the datagrams in the packet stream to detect a denial of service-type network attack on the network domain; and sending a spoofed network protocol packet responsive to an occurrence of at least one of the infection and the network attack; wherein a protocol-specific module processes each reassembled datagram based on an upper protocol layer employed by the reassembled datagram; wherein the spoofed network protocol packet spoofs an origin server by being utilized to send a legitimate packet to the network domain in place of an infected packet. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49)
-
Specification