Secure cloud storage distribution and aggregation
US-2015363611-A1 · Dec 17, 2015 · US
Distributed system and method for tracking and blocking malicious internet hosts
US9385991B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9385991-B2 |
| Application number | US-201414276416-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 13, 2014 |
| Priority date | Oct 5, 2011 |
| Publication date | Jul 5, 2016 |
| Grant date | Jul 5, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer system configured to facilitate coordinated source blocking, the computer system comprising: one or more processors communicatively coupled to each other wherein the one or more processors are collectively configured to: receive information from a first gateway, the information pertaining to a network data transmission from a source address; determine a score based on the received information; determine a participation status indicating whether or not the first gateway is participating in coordinated source blocking with other devices; prepare a first response message for transmission to the first gateway, the first response message comprising an indication of the score; augment the first response message to include a first blocking request indicator when the participation status is affirmative, wherein the first blocking request indicator comprises information requesting the first gateway not to block future information from the source address even when the score indicates the network data transmission is to be blocked; and initiate transmission of the first response message to the first gateway. 2. The computer system of claim 1 , wherein the first response message comprises the blocking request indicator only when the participation status indicates participation in the coordinated source blocking. 3. The computer system of claim 1 , wherein the one or more processors are further collectively configured to: prepare a second message for transmission to a second gateway when the participation status indicates the first gateway is not participating in coordinated source blocking, the second message comprising a second blocking request indicator, wherein the second blocking request indicator comprises information requesting the second gateway not to block future information from the source address even when the score indicates the network data transmission is to be blocked. 4. The computer system of claim 3 , wherein the second message is sent to the second gateway regardless of if the second gateway has received a transmission from the source address. 5. The computer system of claim 1 , wherein the network data transmission comprises an email message, a download object, a universal resource locator, an instant message, a file transfer protocol transmission, a hypertext transfer protocol transmission, a voice over internet protocol transmission, or a combination thereof. 6. The computer system of claim 1 , wherein protocol of the network data transmission comprises Internet Protocol version 4 or Internet Protocol version 6. 7. The computer system of claim 1 , wherein the source address comprises an internet protocol address, a domain name, a universal resource locator, a hostname, or a combination thereof. 8. The computer system of claim 1 , wherein the information received from the first gateway comprises a finger print of at least a portion of the network data transmission. 9. The computer system of claim 1 , wherein the blocking request indicator in the first response message is based upon blocking status, relative to the source address, of a second gateway. 10. The computer system of claim 1 , wherein the blocking request indicator in the first response message is based upon network activity associated with the source address of the network data transmission. 11. The computer system of claim 1 , wherein the blocking request indicator in the first response message is based upon configuration information of the first gateway. 12. The computer system of claim 1 , wherein the blocking request indicator in the first response message is based upon the determined score. 13. The computer system of claim 1 , wherein the computer system comprises a cloud resource. 14. A non-transitory machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a machine to: receive information from a first gateway, the information pertaining to a network data transmission from a source address; determine a score based on the received information; determine a participation status indicating whether or not the first gateway is participating in coordinated source blocking with other devices; prepare a first response message for transmission to the first gateway, the first response message comprising an indication of the score; augment the first response message to include a first blocking request indicator when the participation status is affirmative, wherein the first blocking request indicator comprises information requesting the first gateway not to block future information from the source address even when the score indicates the network data transmission is to be blocked; and initiate transmission of the first response message to the first gateway. 15. The machine-readable medium of claim 14 , wherein the first response message comprises the blocking request indicator only when the participation status indicates participation in the coordinated source blocking. 16. The machine-readable medium of claim 14 , wherein the instructions further comprise instructions that when executed cause the machine to: prepare a second message for transmission to a second gateway when the participation status indicates the first gateway is not participating in coordinated source blocking, the second message comprising a second blocking request indicator, wherein the second blocking request indicator comprises information requesting the second gateway not to block future information from the source address even when the score indicates the network data transmission is to be blocked. 17. The machine-readable medium of claim 14 , wherein the information received from the first gateway comprises a finger print of at least a portion of the network data transmission. 18. The machine-readable medium of claim 14 , wherein the blocking request indicator in the first response message is based upon blocking status, relative to the source address, of a second gateway. 19. The machine-readable medium of claim 14 , wherein the blocking request indicator in the first response message is based upon network activity associated with the source address of the network data transmission. 20. The machine-readable medium of claim 14 , wherein the blocking request indicator in the first response message is based upon configuration information of the first gateway.
Assignees
Inventors
Classifications
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Arrangements for connecting between networks having differing types of switching systems, e.g. gateways · CPC title
- H04L63/02Primary
for separating internal from external traffic, e.g. firewalls · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9385991B2 cover?
- Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked”…
- Who is the assignee on this patent?
- Mcafee Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/02. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).