| 摘要 |
An active monitor detects and classifies messages transmitted on a network. In one form, the monitor includes a routine for classifying TCP packet source addresses as being of an acceptable, unacceptable, or suspect type. Suspect source addresses may be further processed in accordance with a state machine having a number of conditionally linked states including a good address state, a new address state, and a bad address state. For this form, the monitor selectively sends signals to targeted destination hosts for addresses in the unacceptable
|
