Monitoring traffic in a computer network
First Claim
1. A computer program product comprising a non-transitory computer readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method carried out in a computer network environment comprising a plurality of devices, each of which being configured for applying a transformation function on an identifier of a target port for network communication indicated in a transmission request of an application program executing thereon, whereby a scrambled version of the identifier is obtained, the plurality of devices being further configured for directing the transmission to be received via a different target port identified by the scrambled version of the identifier, the method comprising:
- identifying an invalid port access attempt by a first transmission directed at a first port of a first computerized apparatus comprised in the plurality of devices, is wherein said identifying the invalid port access is based an ability of the transformation function to yield a first port identifier identifying the first port;
wherein the transformation function depends on at least one secret parameter shared among the plurality of devices, wherein a device of the plurality of devices is configured to apply the transformation function only for transmission issued by application programs that are listed in a list of authorized application programs; and
in response to said identifying, providing for an action to be performed whereby a security threat ascribed to the invalid port access attempt is mitigated.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method, computerized apparatus and computer program product for monitoring traffic in a computer network. The computer network comprises a plurality of devices configured to apply a transformation function on a target port identifier of a requested transmission by an application program executing thereon and direct the transmission to a different target port per the scrambled identifier thereby obtained. The transformation function depends on at least one parameter shared among the plurality of devices and applying thereof is conditioned on the application program requesting transmission being listed in a list of authorized application programs. Attempts to access invalid ports as defined by the transformation function are identified and an action for mitigating a security threat ascribed thereto is provided.
-
Citations
20 Claims
-
1. A computer program product comprising a non-transitory computer readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method carried out in a computer network environment comprising a plurality of devices, each of which being configured for applying a transformation function on an identifier of a target port for network communication indicated in a transmission request of an application program executing thereon, whereby a scrambled version of the identifier is obtained, the plurality of devices being further configured for directing the transmission to be received via a different target port identified by the scrambled version of the identifier, the method comprising:
-
identifying an invalid port access attempt by a first transmission directed at a first port of a first computerized apparatus comprised in the plurality of devices, is wherein said identifying the invalid port access is based an ability of the transformation function to yield a first port identifier identifying the first port; wherein the transformation function depends on at least one secret parameter shared among the plurality of devices, wherein a device of the plurality of devices is configured to apply the transformation function only for transmission issued by application programs that are listed in a list of authorized application programs; and in response to said identifying, providing for an action to be performed whereby a security threat ascribed to the invalid port access attempt is mitigated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A server configured to be deployed in a computer network environment comprising a plurality of devices, each of which being configured for applying a transformation function on an identifier of a target port for network communication indicated in a transmission request of an application program executing thereon, whereby a scrambled version of the identifier is obtained, the plurality of devices being further configured for directing the transmission to be received via a different target port identified by the scrambled version of the identifier,
wherein the server comprises a processor that is configured to perform an action to mitigate a security threat from an invalid port access attempt; -
wherein the server is configured to obtain an indication of the invalid port access attempt; wherein the invalid port access attempt by a first transmission directed at a first port of a first device comprised in the plurality of devices is identified based an ability of the transformation function to yield a first port identifier identifying the first port; and wherein the transformation function depends on at least one secret parameter shared among the plurality of devices, wherein a device of the plurality of devices is configured to apply the transformation function only for transmission issued by application programs that are listed in a list of authorized application programs. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification