Mechanism for establishing reputation in a network environment
First Claim
1. A method comprising the steps of:
- obtaining traffic from a plurality of internet protocol version six addresses within a plurality of internet protocol version six blocks;
obtaining a first indication of inappropriate traffic from a first one of said internet protocol version six addresses;
responsive to said first indication of inappropriate traffic;
incrementing a reputation score for a first block of said blocks, containing said first one of said internet protocol version six addresses, by a first predetermined amount; and
incrementing a reputation score for a plurality of pairs of blocks adjacent to said first block in said internet protocol version six addresses using successively smaller predetermined amounts for each of said pair of blocks successively farther from said first block, wherein each of said successively smaller predetermined amounts is less than said first predetermined amount, wherein blocks of a given pair of blocks have respective addresses separated by said first one of said internet protocol version six addresses; and
passing or blocking said traffic from said plurality of internet protocol version six addresses within said plurality of internet protocol version six blocks, in accordance with a policy based on said incremented reputation scores for said first block and said plurality of pairs of blocks adjacent to said first block.
7 Assignments
0 Petitions
Accused Products
Abstract
Traffic is obtained from a plurality of internet protocol version six addresses within a plurality of internet protocol version six blocks; and a first indication of inappropriate traffic is obtained from a first one of the addresses. Responsive thereto, a reputation score for a first given one of the blocks, containing the first one of the internet protocol version six addresses, is incremented by a first predetermined amount; and a reputation score for an adjacent block is incremented by a second predetermined amount which is less than the first predetermined amount. Traffic from the plurality of internet protocol version six addresses within the plurality of internet protocol version six blocks is passed or blocked in accordance with a policy based on the incremented reputation scores for the first block and adjacent block. Techniques for internet protocol version four (individual and network address translation aspects) are also provided.
-
Citations
20 Claims
-
1. A method comprising the steps of:
-
obtaining traffic from a plurality of internet protocol version six addresses within a plurality of internet protocol version six blocks; obtaining a first indication of inappropriate traffic from a first one of said internet protocol version six addresses; responsive to said first indication of inappropriate traffic; incrementing a reputation score for a first block of said blocks, containing said first one of said internet protocol version six addresses, by a first predetermined amount; and incrementing a reputation score for a plurality of pairs of blocks adjacent to said first block in said internet protocol version six addresses using successively smaller predetermined amounts for each of said pair of blocks successively farther from said first block, wherein each of said successively smaller predetermined amounts is less than said first predetermined amount, wherein blocks of a given pair of blocks have respective addresses separated by said first one of said internet protocol version six addresses; and passing or blocking said traffic from said plurality of internet protocol version six addresses within said plurality of internet protocol version six blocks, in accordance with a policy based on said incremented reputation scores for said first block and said plurality of pairs of blocks adjacent to said first block. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
at least one hardware processor; at least one network port coupled to the at least one hardware processor; at least one memory coupled to the at least one processor; and at least two distinct software modules, each of the distinct software modules being embodied on a tangible computer-readable recordable storage medium, and wherein the distinct software modules comprise a score calculation module and a traffic policing module; wherein; said at least one network port is configured to obtain traffic from a plurality of internet protocol version six addresses within a plurality of internet protocol version six blocks; said at least one processor is configured to obtain a first indication of inappropriate traffic from a first one of said internet protocol version six addresses; said score calculation module, when loaded into said memory, causes said at least one hardware processor, in response to said first indication of inappropriate traffic, to; increment a reputation score for a first block of said blocks, containing said first one of said internet protocol version six addresses, by a first predetermined amount; and increment a reputation score for a plurality of pairs of blocks adjacent to said first block in said internet protocol version six addresses using successively smaller predetermined amounts for each of said pair of blocks successively farther from said first block, wherein each of said successively smaller predetermined amounts is less than said first predetermined amount, wherein blocks of a given pair of blocks have respective addresses separated by said first one of said internet protocol version six addresses; and said traffic policing module, when loaded into said memory, causes said at least one hardware processor to pass or block said traffic from said plurality of internet protocol version six addresses within said plurality of internet protocol version six blocks, in accordance with a policy based on said incremented reputation scores for said first block and said plurality of pairs of blocks adjacent to said first block. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification