×

Apparatus, method and program to detect and control deleterious code (virus) in computer network

  • US 7,669,240 B2
  • Filed: 07/22/2004
  • Issued: 02/23/2010
  • Est. Priority Date: 07/22/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method to detect harmful packets on a computer network, the method including:

  • providing at least one algorithm that scans received packets;

    identifying packets having a predefined format including a single Source Address (SA), N Destination Addresses (DAs), and M Destination Ports (DPs), wherein N>

    (greater than) M;

    wherein the SA, DP, and many DAs are stored in a leaf of a Patricia Tree arrangement, and wherein the Patricia Tree arrangement includes a Direct Table;

    indexing into a slot of the Direct Table utilizing a hash value of SA and DP of a predefined packet;

    if the slot has no entry, inserting a pointer in said slot;

    if the slot contains information pointing to a single leaf;

    comparing leaf SA, DP with SA, DP in a predefined packet;

    if a match occurs on SA, DP, comparing the DA in the leaf with the DA in the predefined packet; and

    if no match occurs, adding the DA of the predefined packet to the list of DAs in the leaf;

    reporting said packets to a central administrative authority, which authority includes functionality for taking decisive actions to limit harmful effects of said packets, wherein the decisive actions include;

    adding Destination Port, DP, of said packets to a list of Permissive DPs;

    dropping all subsequent packets having the same SA, DA and DP as an identified packet; and

    rate limiting the set of all subsequent packets with the same SA;

    providing a list of Permissible DPs;

    comparing a DP in the identified packet with the list of Permissible DPs; and

    discarding the identified packet having a matching DP.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×