Evaluating a questionable network communication
First Claim
Patent Images
1. A method in a computing system for controlling communication, comprising:
- in a computing system, evaluating a network communication that is transported at least in part by network packets each having a header section and a payload section, by;
receiving one or more indications of allowable communication properties;
receiving an indication that a listening port has been opened on the computing system;
receiving an indication that the network communication has been established via the listening port; and
determining a first communication property that is associated with the network communication;
determining a second communication property that is one of the one or more allowable communication properties;
determining whether the network communication is allowable based on whether the first communication property is encompassed by the second communication property, including one or more of;
a property of a program that is using the listening port, including the identity of the program and/or whether the program is an interactive program, a batch program, or a system service;
a first IP address and/or port associated with the network communication;
a geographic location associated with the first IP address;
a connection limit based on the first IP address or the geographic location, the first IP address being a source or destination IP address;
a time of day; and
a network interface that is associated with the network communication; and
in response to determining that the network communication is not allowable, setting an indicator that the network communication is not allowed.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for evaluating a questionable network communication are disclosed. In some implementations, an evaluation module determines whether a network communication is allowable based on one or more factors, including the listening port, a geographic location, time of day, or the like. In some cases, utilization of a listening port may be limited, such as by restricting the number of network connections that can be opened via the listening port.
-
Citations
20 Claims
-
1. A method in a computing system for controlling communication, comprising:
in a computing system, evaluating a network communication that is transported at least in part by network packets each having a header section and a payload section, by; receiving one or more indications of allowable communication properties; receiving an indication that a listening port has been opened on the computing system; receiving an indication that the network communication has been established via the listening port; and determining a first communication property that is associated with the network communication; determining a second communication property that is one of the one or more allowable communication properties; determining whether the network communication is allowable based on whether the first communication property is encompassed by the second communication property, including one or more of; a property of a program that is using the listening port, including the identity of the program and/or whether the program is an interactive program, a batch program, or a system service; a first IP address and/or port associated with the network communication; a geographic location associated with the first IP address; a connection limit based on the first IP address or the geographic location, the first IP address being a source or destination IP address; a time of day; and a network interface that is associated with the network communication; and in response to determining that the network communication is not allowable, setting an indicator that the network communication is not allowed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
20. A system for controlling communication, comprising:
-
a communication interface for communication with a network resource, the communication interface including a TCP/IP stack; a memory that stores instructions; and a processor in communication with the communication interface and with the memory, wherein the processor is configured to evaluate a network communication that is transported at least in part by network packets each having a header section and a payload section, by; receiving one or more indications of allowable communication properties; receiving an indication that a listening port has been opened on the computing system; determining a first communication property that is associated with the network communication; determining a second communication property that is one of the one or more allowable communication properties, the second communication property including; a property of a program that is using the listening port, including the identity of the program and/or whether the program is an interactive program, a batch program, or a system service; and
/ora connection limit based on a first IP address and a geographic location associated with the first IP address, the first IP address being a source or destination IP address determined based on the payload of a network packet; determining whether the network communication is allowable based on whether the first communication property is encompassed by the second communication property; and in response to determining that the network communication is not allowable, setting an indicator to one of the following; the communication operation is not allowed; a warning is to be provided prior to allowing the communication operation; and an instruction is needed from a user to determine whether the communication operation is allowed.
-
Specification