Evaluating a questionable network communication
First Claim
1. A method in a computing system for controlling communication, comprising:
- in a computing system communicating via a TCP/IP stack, evaluating a new network communication with a network resource by reference to a predefined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by;
receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource;
receiving a uniform resource locator (URL) associated with the network resource;
determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses;
determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names;
determining a security rating level of the network resource based on;
determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and
determining whether the first name matches the second name; and
setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource.
0 Assignments
0 Petitions
Accused Products
Abstract
Identifying a questionable network address from a network communication. In an embodiment, a network device receives an incoming or outgoing connection request, a web page, an email, or other network communication. An evaluation module evaluates the network communication for a corresponding network address, which may be for the source or destination of the network communication. The network address generally includes an IP address and a port number. The evaluation module checks a predefined white list for the network address to determine whether the network address is valid. Depending on the result, the evaluation module sets an indicator for preventing, allowing, or warning about the network communication. A category code, security code, organization code, or function code, may also be checked against the white list to ensure a valid network node is not compromised. A domain name may also be determined from the network address to further validate the network communication.
75 Citations
23 Claims
-
1. A method in a computing system for controlling communication, comprising:
in a computing system communicating via a TCP/IP stack, evaluating a new network communication with a network resource by reference to a predefined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by; receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource; receiving a uniform resource locator (URL) associated with the network resource; determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses; determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names; determining a security rating level of the network resource based on; determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and determining whether the first name matches the second name; and setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A system for controlling communication, comprising:
-
a communication interface for communication with a network resource, the communication interface including a TCP/IP stack; a memory for storing instructions; and a processor in communication with the communication interface and with the memory, wherein the processor is configured to evaluate a new network communication with a network resource by reference to a predetermined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by; receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource; receiving a uniform resource locator (URL) associated with the network resource; determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses; determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names; determining a security rating level of the network resource based on; determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and determining whether the first name matches the second name; and setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification