摘要 |
The invention in the preferred embodiment features a system ( 200 ) and method for automatically segregating harmful traffic from other traffic at a plurality of network nodes including switches and routers. In the preferred embodiment, the system ( 200 ) comprises an intrusion detection system ( 105 ) to determine the identity of an intruder and a server ( 130 ) adapted to automatically install an isolation rule on the one or more network nodes ( 114, 115, 116 ) to quarantine packets from the intruder. The isolation rule in the preferred embodiment is a virtual local area network (VLAN) rule or access control list (ACL) rule that causes the network node to route any packets from the intruder into a quarantine VLAN or otherwise isolate the traffic from other network traffic. In large networks, the isolation rule may be installed on a select plurality of network nodes under the gateway router ( 104 ) associated with the node at which the intruder first entered the network ( 100 ).
|