Source reputation information system with router-level filtering of electronic messages
First Claim
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the system comprising:
- a server installed on one or more computing devices and external to a destination server targeted to receive an electronic message from a message source and any gateway to a network having such a targeted destination server;
an engine, installed on the server, for executing instructions stored in a memory, the execution of the instructions configured to evaluate reputation data for sources of incoming messages to identify potentially threatening message sources based on the reputation data associated with the sources, the reputation data based on monitoring prior messages after being sent from sending servers associated with a source and before being received by a targeted destination server or at a gateway to a local network having a targeted destination server;
a profile database connected to the server and associated with the engine for storing the identified sources, the profile database also external to any gateway to a local network having a targeted destination server; and
wherein the engine is further configured to provide connection data based on the identified potentially threatening sources to one or more routers associated with a targeted destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from successfully sending electronic messages to the targeted destination server via the one or more routers.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are filtering systems and methods that employ an electronic message source reputation system. The source reputation system maintains a pool of source Internet Protocol (IP) address information, in the form of a Real-Time Threat Identification Network (“RTIN”) database, which can provide the reputation of source IP addresses, which can be used by customers for filtering network traffic. The source reputation system provides for multiple avenues of access to the source reputation information. Examples of such avenues can include Domain Name Server (DNS)-type queries, servicing routers with router-table data, or other avenues.
69 Citations
60 Claims
-
1. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the system comprising:
-
a server installed on one or more computing devices and external to a destination server targeted to receive an electronic message from a message source and any gateway to a network having such a targeted destination server; an engine, installed on the server, for executing instructions stored in a memory, the execution of the instructions configured to evaluate reputation data for sources of incoming messages to identify potentially threatening message sources based on the reputation data associated with the sources, the reputation data based on monitoring prior messages after being sent from sending servers associated with a source and before being received by a targeted destination server or at a gateway to a local network having a targeted destination server; a profile database connected to the server and associated with the engine for storing the identified sources, the profile database also external to any gateway to a local network having a targeted destination server; and wherein the engine is further configured to provide connection data based on the identified potentially threatening sources to one or more routers associated with a targeted destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from successfully sending electronic messages to the targeted destination server via the one or more routers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the method comprising:
-
evaluating reputation data associated with sources of the electronic messages by an engine on a server installed on one or more computing devices for executing instructions stored in a memory, the server and engine being external to a destination server targeted to receive an electronic message from a message source and any gateway to a local network having such a targeted destination server, and wherein the reputation data is based on monitoring prior messages after being sent from sending servers associated with a source and before being received by a targeted destination server or at a gateway to a local network having a targeted destination server; storing the reputation data; identifying potentially threatening sources with the engine based on the reputation data corresponding to the sources; providing connection data based on the identified potentially threatening sources from the engine to one or more routers associated with a targeted destination server for updating routing tables corresponding to the one or more routers, the connection data preventing identified threatening sources from successfully sending electronic messages to the targeted destination server via the one or more routers. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A network traffic filtering system for filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to targeted destination servers, the system comprising:
-
an engine on a server installed on one or more computing devices external to a destination server targeted to receive an electronic message from a message source, and any gateway to a local network having such a targeted destination server, the engine for executing instructions stored in a memory, the execution of the instructions configured to identify potentially threatening sources of messages based on evaluating reputation data associated with the sources; a profile database associated with the engine and also external to a targeted destination server and any gateway to a local network having such a targeted destination server, the profile database for storing the identified sources; and wherein the engine is further configured to; provide connection data based on the identified sources to one or more routers associated with a destination server targeted to receive an electronic messages from a message source or associated with a local network having such a targeted destination server, the connection data comprising update commands instructing the one or more routers to update their corresponding routing tables to redirect electronic messages sent from the threatening sources and thereby preventing the electronic messages from reaching the targeted destination server, generate updated connection data with the engine based on evaluating updated reputation data affecting the identified potentially threatening sources, and provide the updated connection data from the engine to the one or more routers for further updating the corresponding routing tables. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
-
-
53. A method of filtering a flow of electronic messages across a computer network interconnected with a plurality of routers configured to route electronic message packets to destination servers, the method comprising:
-
receiving reputation data associated with message sources in an engine on a server installed on one or more computing devices for executing instructions stored in a memory, the server being external to a destination server targeted to receive an electronic message from a message source and any gateway to a local network having such a targeted destination server; identifying potentially threatening sources based on an evaluation of the reputation data by the engine; providing connection data from the engine to one or more routers associated with a targeted destination server or a local network having the targeted destination server for updating routing tables corresponding to the one or more routers, to redirect electronic messages sent from the threatening sources and thereby preventing the electronic messages from reaching the targeted destination server; receiving updated reputation data associated with the sources in the engine; generating updated connection data using the engine based on evaluating updated reputation data associated with the identified potentially threatening sources; and providing the updated connection data from the engine to the one or more routers for further updating the corresponding routing tables. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
-
Specification