Deep packet scan hacker identification
First Claim
1. A method for securing an accessible computer system, the method comprising:
- receiving more than one data packet at a network device, each data packet including a payload portion and an attribute portion and being communicated between at least one access requestor and at least one access provider through the network device;
monitoring, at the network device, at least the payload portion of the data packets directed from at least one of the access providers to at least one of the access requestors by scanning the payload portion for at least one predetermined pattern and counting a number of data packets having payload portions that include the predetermined pattern; and
using the network device to deny communication of subsequent data packets from the access requestor to the access provider when a number of payload portions of the data packets received from the access provider to the access requestor are deemed to include the predetermined pattern exceed a configurable threshold number.
12 Assignments
0 Petitions
Accused Products
Abstract
Securing an accessible computer system typically includes receiving a data packet that includes a payload portion and an attribute portion, where the data packet is communicated between at least one access requestor and at least one access provider. At least the payload portion of the received data packet typically is monitored, where monitoring includes scanning the payload portion for at least one predetermined pattern. When the payload portion is determined to include at least one predetermined pattern, access by the access requestor to the access provider may be controlled. Monitoring the data packet may include scanning the payload portion while handling the data packet with a switch. Controlling access may include denying access by the access requestor to the access provider.
58 Citations
48 Claims
-
1. A method for securing an accessible computer system, the method comprising:
-
receiving more than one data packet at a network device, each data packet including a payload portion and an attribute portion and being communicated between at least one access requestor and at least one access provider through the network device; monitoring, at the network device, at least the payload portion of the data packets directed from at least one of the access providers to at least one of the access requestors by scanning the payload portion for at least one predetermined pattern and counting a number of data packets having payload portions that include the predetermined pattern; and using the network device to deny communication of subsequent data packets from the access requestor to the access provider when a number of payload portions of the data packets received from the access provider to the access requestor are deemed to include the predetermined pattern exceed a configurable threshold number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system that connects a plurality of access requestors to a plurality of access providers for securing an accessible computer system, comprising:
-
a receiving component that is structured and arranged to receive more than one data packet, each data packet including a payload portion and an attribute portion and being communicated between at least one access requestor and at least one access provider; a monitoring component that is structured and arranged to monitor at least the payload portion of the data packets directed from at least one of the access providers to at least one of the access requestors and includes a scanning component that is structured and arranged to scan the payload portion for at least one predetermined pattern and to count a number of data packets having payload portions that include the predetermined pattern; and an access controlling component that is structured and arranged to deny communication of subsequent data packets from the access requestor to the access provider when a number of payload portions of data packets received from the access provider to the access requestor that include the predetermined pattern exceed a configurable threshold number. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer program stored on a network device computer that connects a plurality of access requestors to a plurality of access providers for securing an accessible computer system, comprising:
-
a receiving code segment that causes the computer to receive more than one data packet, each data packet including a payload portion and an attribute portion and being communicated between at least one access requestor and at least one access provider; a monitoring code segment that causes the computer to monitor at least the payload portion of the data packets directed from at least one of the access providers to at least one of the access requestors and includes a scanning code segment that causes the computer to scan the payload portion for at least one predetermined pattern and to count a number of data packets having payload portions that include the predetermined pattern; and an access controlling code segment that causes the computer to deny subsequent communication of data packets from the access requestor to the access provider when a number of payload portions of the data packets received from the access provider to the access requestor that include the predetermined pattern exceed a configurable threshold number. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification