摘要 |
A reconnaissance detector for protecting a network from attack by detecting attempts by one or more inquirers preparing for a network attack to collect information from network resources designated in queries by the inquirers, the reconnaissance detector including: (a) a computer operationally connected to an entry point of the network operative to monitor the queries and responses to the queries from the designated network resources; (b) a network resource data storage operative to store addresses of the designated network resources and respective resource weights of the designated network resources, the resource weights being calculated based on the responses; and (c) an inquirer data storage operative to store addresses of the inquirers and respective inquirer weights, wherein each of the inquirer weights is calculated by accumulating the resource weights designated by each of the inquirers. Preferably, the reconnaissance detector further includes: (d) a mechanism operative to mark the one or more inquirers as attackers when the inquirer weights, associated with the one or more inquirers, are greater than a predetermined threshold.
|