What technology area does this patent fall under?

Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 24 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Distributed system and method for tracking and blocking malicious internet hosts

US10033697B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10033697-B2
Application number	US-201615194372-A
Country	US
Kind code	B2
Filing date	Jun 27, 2016
Priority date	Oct 5, 2011
Publication date	Jul 24, 2018
Grant date	Jul 24, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.

First claim

Opening claim text (preview).

The invention claimed is: 1. A computer system configured to facilitate coordinated source blocking, the computer system comprising: one or more processors communicatively coupled to each other; a memory, coupled to the one or more processors, on which are stored instructions, comprising instructions that when executed cause at least some of the one or more processors to: receive information from a first gateway, the information pertaining to a network data transmission from a source address; determine a score based on the received information; determine a participation status indicating whether the first gateway is participating in coordinated source blocking with other devices; and transmit a first response message to the first gateway, the first response message comprising the score and a first blocking request indicator corresponding to the participation status, wherein the first blocking request indicator corresponding to a determination that the first gateway is participating in coordinated source blocking with other devices requests the first gateway not to block future information from the source address even though the score indicates the network data transmission is to be blocked. 2. The computer system of claim 1 , wherein the first response message further comprises a requested blocking time. 3. The computer system of claim 1 , wherein a zero value for the requested blocking time indicates not to block for any time. 4. The computer system of claim 1 , wherein the instructions further comprise instructions that when executed cause at least some of the one or more processors to: prepare a second message for transmission to a second gateway responsive to the participation status indicating the first gateway is not participating in coordinated source blocking, the second message comprising a second blocking request indicator, wherein the second blocking request indicator comprises information requesting the second gateway not to block future information from the source address even though the score indicates the network data transmission is to be blocked. 5. The computer system of claim 4 , wherein the second message is sent to the second gateway regardless of whether the second gateway has received a transmission from the source address. 6. The computer system of claim 1 , wherein the network data transmission comprises an email message, a download object, a universal resource locator, an instant message, a file transfer protocol transmission, a hypertext transfer protocol transmission, a voice over internet protocol transmission, or a combination thereof. 7. The computer system of claim 1 , wherein protocol of the network data transmission comprises Internet Protocol version 4 or Internet Protocol version 6. 8. The computer system of claim 1 , wherein the source address comprises an internet protocol address, a domain name, a universal resource locator, a hostname, or a combination thereof. 9. The computer system of claim 1 , wherein the information received from the first gateway comprises a finger print of at least a portion of the network data transmission. 10. The computer system of claim 1 , wherein the blocking request indicator in the first response message is based upon the determined score. 11. A non-transitory machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a machine to: receive information from a first gateway, the information pertaining to a network data transmission from a source address; determine a score based on the received information; determine a participation status indicating whether the first gateway is participating in coordinated source blocking with other devices; and transmit a first response message for transmission to the first gateway, the first response message comprising an indication of the score and a first blocking request indicator corresponding to the participation status, wherein the first blocking request indicator corresponding to a determination that the first gateway is participating in coordinated source blocking with other devices requests the first gateway not to block future information from the source address even though the score indicates the network data transmission is to be blocked. 12. The machine-readable medium of claim 11 , wherein the first response message further comprises a requested blocking time. 13. The machine-readable medium of claim 11 , wherein a zero value for the requested blocking time indicates not to block for any time. 14. The machine-readable medium of claim 11 , wherein the instructions further comprise instructions that when executed cause the machine to: prepare a second message for transmission to a second gateway when the participation status indicates the first gateway is not participating in coordinated source blocking, the second message comprising a second blocking request indicator, wherein the second blocking request indicator comprises information requesting the second gateway not to block future information from the source address even when the score indicates the network data transmission is to be blocked. 15. The machine-readable medium of claim 11 , wherein the information received from the first gateway comprises a finger print of at least a portion of the network data transmission. 16. The machine-readable medium of claim 11 , wherein the blocking request indicator in the first response message is based upon blocking status, relative to the source address, of a second gateway. 17. The machine-readable medium of claim 11 , wherein the blocking request indicator in the first response message is based upon network activity associated with the source address of the network data transmission. 18. The machine-readable medium of claim 11 , wherein the blocking request indicator in the first response message is based upon configuration information of the first gateway. 19. A method, comprising: receiving information from a first gateway, the information pertaining to a network data transmission from a source address; determining a score based on the received information; determining whether the first gateway is participating in coordinated source blocking with other devices; and transmitting a first response message to the first gateway, the first response message comprising the score and a first blocking request indicator corresponding to the determination whether the first gateway is participating in coordinated source blocking with other devices, wherein the first blocking request indicator corresponding to a determination that the first gateway is participating in coordinated source blocking with other devices requests the first gateway not to block future information from the source address even though the score indicates the network data transmission is to be blocked. 20. The method of claim 19 , wherein the first response message further comprises a requested blocking time. 21. The method of claim 19 , wherein a zero value for the requested blocking time indicates not to block for any time. 22. The method of claim 21 , further comprising: preparing a second message for transmission to a second gateway responsive to determining the first gateway is not participating in coordinated source blocking, the second message comprising a second blocking request indicator, wherein the second blocking request indicator comprises information requesting the second gateway not to block future information from th

Assignees

Mcafee Llc

Inventors

Classifications

H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L12/66
Arrangements for connecting between networks having differing types of switching systems, e.g. gateways · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/0263Primary
Rule management · CPC title

Patent family

Related publications grouped by family.

View patent family 48043009

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10033697B2 cover?: Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked”…
Who is the assignee on this patent?: Mcafee Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 24 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).