×

Identifying source of malicious network messages

  • US 9,455,995 B2
  • Filed: 10/26/2015
  • Issued: 09/27/2016
  • Est. Priority Date: 09/08/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying a source of malicious network messages, said method comprising steps implemented by a computer of:

  • responsive to identifying, from a plurality of destination locations having a same internet protocol (IP) address, one destination location subject to malicious messages, identifying a subset of a multiplicity of source networks, said subset including one or more source networks which have sent messages to said one destination location, wherein identifying said subset comprises;

    the computer determining for each of said multiplicity of source networks whether there are fewer intervening hops from said each source network to said one destination location than from said each source network to other of said plurality of destination locations, andresponsive to a determination that there are fewer intervening hops for said each source network of said multiplicity of source networks, the computer identifying said each source network as included in said subset, andresponsive to determining there are not fewer intervening hops for said each source network of said multiplicity of source networks, the computer not identifying said each source network as included in said subset, wherein the determining step comprises steps of;

    collecting from routers information indicating a routing path from each of said multiplicity of source networks to each of said plurality of destination locations, anddetermining from said router paths a number of hops from each of said multiplicity of source networks to each of said plurality of destination locations; and

    notifying an administrator of said each source network included in said subset.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×