System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic

US 8,024,462 B1
Filed: 10/05/2009
Issued: 09/20/2011
Est. Priority Date: 10/05/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving, through an input port, network traffic associated with a file being transferred from a source device to a destination device;

determining, by a processor, identifying information regarding the file;

employing the identifying information to consult a file reputation database over a network;

receiving, through an input port, a message from the file reputation database over the network;

holding in a memory only a last packet of the network traffic associated with the file being transferred to determine whether the file is unwanted; and

conditionally forwarding, through an output port, the last packet of the network traffic associated with the file transfer to the destination device, based on the message received from the file reputation database.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination.

Citations

12 Claims

1. A method, comprising:
- receiving, through an input port, network traffic associated with a file being transferred from a source device to a destination device;
  
  determining, by a processor, identifying information regarding the file;
  
  employing the identifying information to consult a file reputation database over a network;
  
  receiving, through an input port, a message from the file reputation database over the network;
  
  holding in a memory only a last packet of the network traffic associated with the file being transferred to determine whether the file is unwanted; and
  
  conditionally forwarding, through an output port, the last packet of the network traffic associated with the file transfer to the destination device, based on the message received from the file reputation database.

2. A computer program product embodied on a non-transitory computer readable medium, comprising:
- computer code for receiving network traffic associated with a file being transferred from a source device to a destination device;
  
  computer code for determining identifying information regarding the file;
  
  computer code for employing the identifying information to consult a file reputation database over a network;
  
  computer code for receiving a message from the file reputation database over the network;
  
  computer code for holding only a last packet of the network traffic associated with the file transfer to determine whether the file is unwanted; and
  
  computer code for conditionally forwarding, through an output port, the last packet of the network traffic associated with the file transfer to the destination device, based on the message received from the file reputation database.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. The computer program product of claim 2, wherein the computer program product is operable such that the network traffic is utilized for transferring the file.
  - 4. The computer program product of claim 2, further comprising computer code for identifying the last packet of the network traffic.
  - 5. The computer program product of claim 4, wherein the computer program product is operable such that the last packet of the network traffic is identified by comparing a size of the file to a size of all received portions of the network traffic.
  - 6. The computer program product of claim 5, wherein the computer program product is operable such that the size of the file is identified utilizing a header of the network traffic.
  - 7. The computer program product of claim 2, wherein the computer program product is operable such that the last packet of the network traffic is held in cache memory.
  - 8. The computer program product of claim 2, wherein the identifying information includes a hash of the file.
  - 9. The computer program product of claim 2, wherein the computer program product is operable such that the last packet of the network traffic associated with the file being transferred is not forwarded to the destination device in response to a determination that the file is unwanted.
  - 10. The computer program product of claim 2, wherein the computer program product is operable such that the last packet of the network traffic associated with the file being transferred is forwarded to the destination device in response to a determination that the file is not unwanted.
  - 11. The computer program product of claim 2, wherein the computer program product is operable such that the receiving, the holding, and the forwarding are performed by an intrusion prevention system located on a network and located between the destination device and the source device of the network traffic.

12. A system comprising:
- a network input to receive network traffic associated with a file transfer from a source device;
  
  a cache memory to hold only a last packet of network traffic associated with a received file to determine whether the file is unwanted;
  
  a processor configured to;
  
  determine identifying information regarding files received through the network input,employ the identifying information to query a file reputation database,receive a query response, anddetermine disposition of the last packet of network traffic based upon the query response; and
  
  a network output port to send the last packet to a destination device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Bu, Zheng, Zhu, Ge
Primary Examiner(s)
Patel; Haresh N

Application Number

US12/573,768
Time in Patent Office

715 Days
Field of Search

709217-228, 713/188, 726/1, 726/5, 726/22, 726/24
US Class Current

709/224
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links