| 发明名称 | Blocking intrusion attacks at an offending host | ||
| 摘要 | A method, apparatus, and program product are provided for protecting a network from intrusions. An offending packet communicated by an offending host coupled to a protected network is detected. In response to the detection, a blocking instruction is returned to the offending host to initiate an intrusion protection operation on the offending host, where the blocking instruction inhibits further transmission of offending packets by the offending host. At the offending host, a blocking instruction is received with a portion of an offending packet. The offending host verifies that the offending packet originated from the host. In response to the verification of the offending packet originating from the host, an intrusion protection operation is initiated on the host thereby inhibiting transmission of a subsequent outbound offending packet by the host. | ||
| 申请公布号 | US9300680(B2) | 申请公布日期 | 2016.03.29 |
| 申请号 | US201213601317 | 申请日期 | 2012.08.31 |
| 申请人 | International Business Machines Corporation | 发明人 | Clark Adam Thomas;Gloe Christopher Thomas;Kolz Daniel Paul;Tri Kathryn Ann |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Middleton Reutlinger | 代理人 | Middleton Reutlinger |
| 主权项 | 1. A method of protecting a network from intrusions, the method comprising: detecting, using a computer processor, an intrusion of an offending packet communicated by an offending host coupled to a protected network, wherein the offending host comprises a server computer upon which is executed an operating system and at least one application that originates the offending packet; and in response to detecting the intrusion of the offending packet, returning a blocking instruction to the offending host to initiate an intrusion protection operation on the offending host, wherein the blocking instruction inhibits further origination of offending packets by the application executed upon the offending host, wherein sending the blocking instruction further comprises sending at least a portion of the offending packet back to the offending host with the blocking instruction, wherein sending at least a portion of the offending packet back to the offending host further comprises: encapsulating the portion of the offending data packet into a User Datagram Protocol (UDP) packet and returning the encapsulated portion of the offending data packet to the offending host as a notification packet; or at an Internet Protocol (IP) layer, sending the portion of the offending data packet to the offending host in an Internet Control Message Protocol (ICMP) message that further implements the blocking instruction. | ||
| 地址 | Armonk NY US | ||