Deep packet scan hacker identification
First Claim
1. A computer-implemented method of securing an accessible computer system, the method comprising:
- scanning a plurality of data packets communicated between a plurality of access requestors and an access provider to detect one or more predetermined patterns;
in response to detecting that a number of data packets, transmitted between a first access requestor and the access provider, that include the one or more predetermined patterns exceeds a first configurable threshold, blacklisting the first access requestor; and
in response to detecting the transmission, between a second access requestor and the access provider, of a configurable number of data packets in which an occurrence of the one or more predetermined patterns is below a second configurable threshold, ceasing to scan data packets between the second access requestor and the access provider to detect occurrences of the one or more predetermined patterns.
10 Assignments
0 Petitions
Accused Products
Abstract
Securing an accessible computer system typically includes receiving a data packet that includes a payload portion and an attribute portion, where the data packet is communicated between at least one access requestor and at least one access provider. At least the payload portion of the received data packet typically is monitored, where monitoring includes scanning the payload portion for at least one predetermined pattern. When the payload portion is determined to include at least one predetermined pattern, access by the access requestor to the access provider may be controlled . Monitoring the data packet may include scanning the payload portion while handling the data packet with a switch. Controlling access may include denying access by the access requestor to the access provider.
-
Citations
22 Claims
-
1. A computer-implemented method of securing an accessible computer system, the method comprising:
-
scanning a plurality of data packets communicated between a plurality of access requestors and an access provider to detect one or more predetermined patterns; in response to detecting that a number of data packets, transmitted between a first access requestor and the access provider, that include the one or more predetermined patterns exceeds a first configurable threshold, blacklisting the first access requestor; and in response to detecting the transmission, between a second access requestor and the access provider, of a configurable number of data packets in which an occurrence of the one or more predetermined patterns is below a second configurable threshold, ceasing to scan data packets between the second access requestor and the access provider to detect occurrences of the one or more predetermined patterns. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system, comprising:
-
a processing system, comprising one or more processors; a memory device, comprising one or more computer-readable media, wherein the computer-readable media include stored computer instructions that, when executed by the processing system, cause the processing system to perform the operations of; scanning a plurality of data packets communicated between a plurality of access requestors and an access provider to detect one or more predetermined patterns; in response to detecting that a number of data packets, transmitted between a first access requestor and the access provider, that include the one or more predetermined patterns exceeds a first configurable threshold, blacklisting the first access requestor; and in response to detecting the transmission, between a second access requestor and the access provider, of a configurable number of data packets in which an occurrence of the one or more predetermined patterns is below a second configurable threshold, ceasing to scan data packets between the second access requestor and the access provider to detect occurrences of the one or more predetermined patterns. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification