Suspect traffic redirection
First Claim
Patent Images
1. A method comprising:
- receiving within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network;
detecting a message that originates from a noninteractive process of a source device within the subnetwork and is destined to at least one of the suspect addresses in the external network;
redirecting the message to an interrogation module; and
identifying the source device within the subnetwork based on the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A system receives suspect traffic information pertaining to possible network threats. A router detects and redirects suspect traffic from within a subnetwork to an interrogation module. The interrogation module receives the redirected suspect traffic and identifies the source device from within the subnetwork. The interrogation module can also identify the type of suspect traffic, the original destination of the suspect traffic and the protocol type of the packet. Suspect traffic information can be updated and the router can be reconfigured to accommodate the updated information.
378 Citations
36 Claims
-
1. A method comprising:
-
receiving within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network;
detecting a message that originates from a noninteractive process of a source device within the subnetwork and is destined to at least one of the suspect addresses in the external network;
redirecting the message to an interrogation module; and
identifying the source device within the subnetwork based on the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product encoding a computer program for a computer process that executes on a computer system, the computer process comprising:
-
receiving within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network;
detecting a message that originates from a process of a source device within the subnetwork and is destined to at least one of the suspect addresses in the external network, wherein the process has not been intentionally initiated by an authorized user of the client device;
redirecting the message to an interrogation module; and
identifying the source device within the subnetwork based on the message. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32)
-
-
28. The computer program product of claimed 17 wherein the identifying operation comprises:
examining the message to determine the source device address within the subnetwork.
-
33. A system comprising:
-
an interface within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network;
a router detecting a message that originates from a noninteractive process of a source device within the subnetwork and is destined to at least one of the suspect addresses in the external network and redirecting the message; and
an interrogation module receiving the redirected message and identifying the source device within the subnetwork based on the message.
-
-
34. A method comprising:
-
receiving within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network;
receiving a redirected message, the redirected message originating from a noninteractive process of a source device within the subnetwork and being previously destined to at least one of the suspect addresses in the external network; and
identifying the source device within the subnetwork based on the message. - View Dependent Claims (35)
-
-
36. A system comprising:
-
an interface receiving within a subnetwork a set of suspect addresses, wherein the subnetwork is coupled to an external network and the suspect addresses represent device addresses in the external network; and
an adaptive interrogation module receiving a redirected message, the redirected message originating from a source device within the subnetwork and being previously destined to at least one of the suspect addresses in the external network and identifying the source device within the subnetwork based in the message.
-
Specification