Propagation of viruses through an information technology network

US 7,796,515 B2
Filed: 04/28/2004
Issued: 09/14/2010
Est. Priority Date: 04/29/2003
Status: Active Grant

First Claim

Patent Images

1. A method of operating a first host within a network of a plurality of hosts, the method comprising:

during a first time interval, monitoring requests to send data to destination hosts, the requests being received at the first host from a second host;

comparing with a processor an identity of a destination host identified in a first one of the requests monitored during the first time interval with destination host identities in a record; and

preventing passage of the first one of the requests from the second host to the destination host when the identity of the destination host is not one of the destination host identities in the record and the second host has sent requests to more than a threshold number of destination hosts not in the record during the first time interval.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of operating a first host within a network of a plurality of hosts. Over the course of a first time interval, requests received at the first host from a second host to send data to destination hosts are monitored. Identities of destination hosts monitored during the first time interval are compared with destination host identities in a record. Then, either data relating to requests which identify a destination host not in the record are stored in a storage buffer. Or the passage of data from the second host to the destination host within the network is limited over the course of the first time interval, so that during the first time interval the second host is unable to send data to more than a predetermined number of hosts not in the record.

Citations

20 Claims

1. A method of operating a first host within a network of a plurality of hosts, the method comprising:
- during a first time interval, monitoring requests to send data to destination hosts, the requests being received at the first host from a second host;
  
  comparing with a processor an identity of a destination host identified in a first one of the requests monitored during the first time interval with destination host identities in a record; and
  
  preventing passage of the first one of the requests from the second host to the destination host when the identity of the destination host is not one of the destination host identities in the record and the second host has sent requests to more than a threshold number of destination hosts not in the record during the first time interval.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as claimed in claim 1, wherein the first host is at least one of:
    - a router, a switch, a SOCKS server, and a proxy.
  - 3. A method according to claim 1, further comprising establishing the record by monitoring the identities of hosts to whom data has been sent by the second during a second time interval which precedes the first time interval.
  - 4. A method according to claim 1, further comprising updating the record to include the identity of at least one destination host to whom data was sent by the second host during the first time interval and which was not in the record during the first time interval.
  - 5. A method according to claim 1, further comprising:
    - diverting a request to contact a destination host that is not in the record to a delay buffer; and
      
      transmitting the requests from the delay buffer at the end of the first time interval.
  - 6. A method according to claim 1, further comprising monitoring the size of the delay buffer, and in the event that the delay buffer exceeds a first size, generating a warning.
  - 7. A method as claimed in claim 6, further comprising preventing the transmission of data from the second host to destination hosts if the warning is generated.
  - 8. A method as claimed in claim 1, further comprising preventing the transmission of data from the second host to destination hosts if a warning is generated.
  - 9. A method as claimed in claim 1, wherein the preventing passage of the one of the requests is performed at the first host.
  - 10. A method as claimed in claim 1, wherein the transmission of data to destination hosts is prevented by the second host after receiving a warning, the second host being responsive to the warning to stop sending requests to send data to the destination hosts.
  - 11. A tangible memory storing a computer program for causing a computer to perform the method as claimed in claim 1.
  - 12. A tangible computer readable medium storing the computer program for causing a computer to perform the method as claimed in claim 1.

13. A method of operating a first host within a network of a plurality of hosts, the method comprising:
- during a first time interval, monitoring requests to send data to destination hosts, the requests being received at the first host from a second host;
  
  determining, with a processor, if an identity of a destination host identified in a first one of the requests monitored during the first time interval is in a set of destination host identities in a record; and
  
  in response to determining that the identity of the destination host identified in the first one of the requests is not in the set of destination host identities in the record, and when the second host has sent requests to more than a first number of destination hosts not in the record during the first time interval, storing data relating to the request in a buffer.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. A method as claimed in claim 13, further comprising transmitting from the first host requests to send data.
  - 15. A method as claimed in claim 13, further comprising monitoring a size of the buffer, and in response to the monitored size of the buffer exceeding a predetermined size, generating a warning.
  - 16. A method as claimed in claim 13, further comprising preventing the transmission of data from the second host to the destination host if a warning is generated.
  - 17. A method as claimed in claim 13, wherein the transmission of data to the destination host is prevented at the first host.
  - 18. A method as claimed in claim 13, wherein when the second host receives a warning, the transmission of data to the destination host is prevented by causing the second host to stop sending requests to send data to the destination hosts.
  - 19. A tangible memory storing a computer program for causing a computer to perform the method as claimed in claim 13.
  - 20. A tangible computer readable medium storing the computer program for causing a computer to perform the method as claimed in claim 13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Edwards, Aled Justin, Griffin, Jonathan, Norman, Andrew Patrick, Williamson, Matthew Murray
Primary Examiner(s)
Jagannathan; Melanie

Application Number

US10/833,057
Publication Number

US 20040218615A1
Time in Patent Office

2,330 Days
Field of Search

None
US Class Current

370/231
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/145 the attack involving the pr...

Propagation of viruses through an information technology network

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Propagation of viruses through an information technology network

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links