摘要 |
In a method for automatically isolating worm software and hacker attacks in a network, a computer system detects, as an attack, a probe by a worm software or a hacker from a compromised computer system in the network. The computer system then isolates the compromised computer system from the remainder of the network. Thus, the probing of the computer system itself is considered an attack. In response to an attack, the compromised computer system is isolated from the remainder of the network. In addition, no dedicated hardware or special hardware is required to implement the method. In this manner, damage to the network by worm software or compromised by a hacker is slowed or prevented by automatically isolating the compromised computer system from the network.
|