公开(公告)号：US07548544B2

公开(公告)日：2009-06-16

申请号：US11429474

申请日：2006-05-05

申请人： Daniel Quinlan ,  Jeffrey Wescott

发明人： Daniel Quinlan ,  Jeffrey Wescott

IPC分类号： H04L12/28

CPC分类号： H04L51/12 ,  G06Q10/107 ,  H04L29/12066 ,  H04L51/34 ,  H04L61/1511 ,  H04L63/123 ,  H04L63/126 ,  H04L63/145

摘要： In one embodiment, a method comprises computer-implemented steps of receiving a plurality of electronic mail messages containing sender address information that is non-trusted. For each electronic mail message, information about the message is stored, and one or more receiving node identifiers in association with respective connected node identifiers is created, wherein the receiving node identifier identifies receiving mail server that received the particular message and the connected node identifier identifies a connected mail server that directly connected to the receiving node identifier to send the particular message directly to the receiving mail server. For each electronic mail message a receiving node identifier that has a largest number of connected node identifiers associated therewith is selected, and a connected node identifier that is associated with the one particular receiving node identifier that sent the particular message to the associated receiving node is selected and stored.

摘要翻译： 在一个实施例中，一种方法包括计算机实现的步骤，其接收包含不可信的发送方地址信息的多个电子邮件消息。 对于每个电子邮件消息，存储关于消息的信息，并且创建与相应连接的节点标识符相关联的一个或多个接收节点标识符，其中接收节点标识符标识接收到特定消息的接收邮件服务器，并且所连接的节点标识符标识 连接邮件服务器，其直接连接到接收节点标识符，以将特定消息直接发送到接收邮件服务器。 对于每个电子邮件消息，选择具有与其相关联的最大数目的连接的节点标识符的接收节点标识符，并且选择与将特定消息发送到相关联的接收节点的一个特定接收节点标识符相关联的连接节点标识符 并存储。

公开(公告)号：US08087082B2

公开(公告)日：2011-12-27

申请号：US12959542

申请日：2010-12-03

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

IPC分类号： G06F11/00

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus, comprising at least one processor and a traffic monitor comprising logic which, when executed by the processor, causes the processor to perform: creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a particular request; wherein the particular request specifies a particular IP address that is within the particular domain.

摘要翻译： 一种数据处理装置，包括至少一个处理器和流量监控器，其包括逻辑，所述逻辑在由所述处理器执行时使所述处理器执行：使用转发域名系统（DNS）查找来创建域名到因特网协议 （IP）地址; 确定映射中的特定域是否需要通过执行特定动作来处理到或来自特定域的数据流量; 基于所述映射，确定与所述特定域相关联的一个或多个IP地址; 为防火墙生成策略，指示防火墙在接收到特定请求时执行特定操作; 其中特定请求指定特定域内的特定IP地址。

公开(公告)号：US07849142B2

公开(公告)日：2010-12-07

申请号：US11139114

申请日：2005-05-27

申请人： Paul J. Clegg ,  Eric C. Huss ,  Craig Sprosts ,  Krishna Srinivasan ,  Peter Schlampp ,  Shun Chen ,  Robert Brahms ,  Daniel Quinlan

发明人： Paul J. Clegg ,  Eric C. Huss ,  Craig Sprosts ,  Krishna Srinivasan ,  Peter Schlampp ,  Shun Chen ,  Robert Brahms ,  Daniel Quinlan

IPC分类号： G06F15/16

CPC分类号： H04L51/12

摘要： A method and apparatus for managing connections, email messages, and directory harvest attacks at a server is disclosed. The server maintains a count of a parameter and compares the count to a specified maximum value, such that when the specified maximum value is met or exceeded, an action is taken by the server to limit the connections, email messages, or directory harvest attack. Actions include controlling the number of connections to the server from senders, controlling the flow of email messages injected to the server by senders, and controlling when rejection response messages are sent for invalid recipient email addresses to thwart a directory harvest attack. Senders are identified by one or more sender identifiers, which can be used to group senders together so that the same maximum value is applied collectively to all senders in the group.

摘要翻译： 公开了一种用于在服务器处管理连接，电子邮件消息和目录收集攻击的方法和装置。 服务器维护一个参数的计数，并将计数与指定的最大值进行比较，这样当达到或超过指定的最大值时，服务器将采取一种操作来限制连接，电子邮件消息或目录收集攻击。 操作包括控制从发送者到服务器的连接数量，控制发送者注入到服务器的电子邮件消息流，以及控制拒绝响应消息是否发送给无效收件人电子邮件地址以阻止目录收集攻击。 发件人由一个或多个发件人标识符标识，发送者标识符可用于将发件人分组在一起，以便将同一最大值集体应用于组中的所有发件人。

公开(公告)号：US07809796B1

公开(公告)日：2010-10-05

申请号：US11696851

申请日：2007-04-05

申请人： Eric Bloch ,  Robert Van Zant ,  Scot Kennedy

发明人： Eric Bloch ,  Robert Van Zant ,  Scot Kennedy

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： G06Q10/107 ,  H04L51/12 ,  H04L63/1466 ,  H04L63/168 ,  H04L67/02 ,  H04L67/30

摘要： A method and apparatus for controlling access to network resources referenced in electronic mail messages comprises the computer-implemented steps of receiving an electronic mail message that comprises one or more hyperlinks; determining sender information that identifies a sender of the electronic mail message; creating and storing a record that associates the sender information with each of the one or more hyperlinks; receiving a request to access a specified hyperlink among the one or more hyperlinks; retrieving, based on the specified hyperlink, the record; retrieving, based on the sender information associated with the specified hyperlink, sender reputation information associated with the sender; determining, based on the sender reputation information, a particular action among a plurality of allowed actions; and issuing a network request to access the specified hyperlink only when the particular action is allowing user access to the specified hyperlink.

摘要翻译： 用于控制对电子邮件消息中引用的网络资源的访问的方法和装置包括接收包括一个或多个超链接的电子邮件消息的计算机实现步骤; 确定识别电子邮件消息的发送者的发送者信息; 创建和存储将所述发送者信息与所述一个或多个超链接中的每一个相关联的记录; 接收访问所述一个或多个超链接中的指定超链接的请求; 根据指定的超链接检索记录; 基于与所述指定超链接相关联的所述发送者信息，检索与所述发送者相关联的发送者信誉信息; 基于发送者信誉信息确定多个允许动作中的特定动作; 并且只有当特定动作允许用户访问指定的超链接时才发出访问指定超链接的网络请求。

公开(公告)号：US08069213B2

公开(公告)日：2011-11-29

申请号：US12860076

申请日：2010-08-20

申请人： Eric Bloch ,  Robert Van Zant ,  Scot Kennedy

发明人： Eric Bloch ,  Robert Van Zant ,  Scot Kennedy

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： G06Q10/107 ,  H04L51/12 ,  H04L63/1466 ,  H04L63/168 ,  H04L67/02 ,  H04L67/30

摘要： A method and apparatus for controlling access to network resources referenced in electronic mail messages comprises the computer-implemented steps of receiving an electronic mail message that comprises one or more hyperlinks; determining sender information that identifies a sender of the electronic mail message; creating and storing a record that associates the sender information with each of the one or more hyperlinks; receiving a request to access a specified hyperlink among the one or more hyperlinks; retrieving, based on the specified hyperlink, the record; retrieving, based on the sender information associated with the specified hyperlink, sender reputation information associated with the sender; determining, based on the sender reputation information, a particular action among a plurality of allowed actions; and issuing a network request to access the specified hyperlink only when the particular action is allowing user access to the specified hyperlink.

摘要翻译： 用于控制对电子邮件消息中引用的网络资源的访问的方法和装置包括接收包括一个或多个超链接的电子邮件消息的计算机实现步骤; 确定识别电子邮件消息的发送者的发送者信息; 创建和存储将所述发送者信息与所述一个或多个超链接中的每一个相关联的记录; 接收访问所述一个或多个超链接中的指定超链接的请求; 根据指定的超链接检索记录; 基于与所述指定超链接相关联的所述发送者信息，检索与所述发送者相关联的发送者信誉信息; 基于发送者信誉信息确定多个允许动作中的特定动作; 并且只有当特定动作允许用户访问指定的超链接时才发出访问指定超链接的网络请求。

公开(公告)号：US07877493B2

公开(公告)日：2011-01-25

申请号：US11429393

申请日：2006-05-05

申请人： Daniel Quinlan

发明人： Daniel Quinlan

IPC分类号： G06F15/16

CPC分类号： H04L51/12 ,  G06Q10/107 ,  H04L29/12066 ,  H04L51/34 ,  H04L61/1511 ,  H04L63/123 ,  H04L63/126 ,  H04L63/145

摘要： A method of validating queries for reputation scores of message senders comprises receiving, from a first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes an authentication code; validating the authentication code; and only when validating the authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer.

摘要翻译： 验证消息发送者的信誉分数的查询的方法包括从第一主计算机接收DNS格式查询以获得与第二主计算机相关联的信誉评分，其中所述查询包括认证码; 验证验证码; 并且仅当验证认证码成功时，在信誉数据库中执行DNS查找并返回提供与第二主计算机相关联的信誉评分的DNS响应。

公开(公告)号：US07712136B2

公开(公告)日：2010-05-04

申请号：US11636150

申请日：2006-12-07

申请人： Craig Sprosts ,  Scot Kennedy ,  Daniel Quinlan ,  Larry Rosenstein ,  Charles Slater

发明人： Craig Sprosts ,  Scot Kennedy ,  Daniel Quinlan ,  Larry Rosenstein ,  Charles Slater

IPC分类号： G06F11/00

CPC分类号： H04L51/12 ,  G06Q10/107 ,  H04L29/12066 ,  H04L51/34 ,  H04L61/1511 ,  H04L63/123 ,  H04L63/126 ,  H04L63/145

摘要： Controlling a message quarantine is disclosed. A message scanning method is described in which early exit from parsing and scanning can occur by matching threat rules only to selected message elements and stopping rule matching as soon as a match on one message element exceeds a threat threshold.

摘要翻译： 披露了控制信息隔离。 描述了一种消息扫描方法，其中通过将威胁规则仅匹配于所选择的消息元素并且一旦一个消息元素上的匹配超过威胁阈值就停止规则匹配，就可以早期退出解析和扫描。

公开(公告)号：US07219131B2

公开(公告)日：2007-05-15

申请号：US10347055

申请日：2003-01-16

申请人： Scott Banister ,  Paul Clegg ,  Peter Schlampp ,  Patrick R. Peterson

发明人： Scott Banister ,  Paul Clegg ,  Peter Schlampp ,  Patrick R. Peterson

IPC分类号： G06F15/16

CPC分类号： G06Q10/107 ,  H04L51/12

摘要： Message delivery approaches in which senders define filters with associated actions for evaluation in relation to specified messages. After creating and storing filters with specified actions, senders dispatch messages to a processing system, which evaluates the filters against the messages. If a match occurs, the processing system performs the specified actions on the messages. The processing system may send the same message multiple times to different receiving systems, and may modify the source IP address and outbound interface of the message for each receiving system. The source IP address or interface may be modified by a filter in response to external events, such as a receiving system blocking another copy of the message. A single message processing system can appear as a large number of virtual message sendingunits.

摘要翻译： 邮件传递方式，其中发件人定义具有关于指定消息的评估的关联动作的过滤器。 在创建和存储具有指定操作的过滤器之后，发件人将消息分派到处理系统，处理系统根据消息评估过滤器。 如果发生匹配，则处理系统对消息执行指定的操作。 处理系统可以多次发送相同的消息到不同的接收系统，并且可以修改每个接收系统的消息的源IP地址和出站接口。 来源IP地址或接口可以由响应于外部事件的过滤器来修改，例如接收系统阻止消息的另一副本。 单个消息处理系统可以显示为大量的虚拟消息发送单元。

公开(公告)号：US07870200B2

公开(公告)日：2011-01-11

申请号：US11139090

申请日：2005-05-27

申请人： Charles S. Slater ,  Paul J. Clegg ,  Brennan H. Evans ,  Peter Schlampp

发明人： Charles S. Slater ,  Paul J. Clegg ,  Brennan H. Evans ,  Peter Schlampp

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F17/40

CPC分类号： H04L51/12 ,  G06Q10/107 ,  H04L51/14

摘要： An approach for monitoring electronic messages received at a server is disclosed. Message information for a plurality of electronic messages received at the server is determined and stored in a queue. Based on the queue, aggregate information is generated for a particular network address of a plurality of network addresses. The aggregate information is generated for each time interval of a plurality of time intervals and displayed for the plurality of time intervals. In some implementations, input from a user is received, and based on the input, a modification is made regarding how future electronic messages from the particular network address are handled by the server. In some implementations, combined aggregate information is generated for two or more network addresses and then displayed. In some implementations, aggregate policy information indicating which policies have been applied to the electronic messages is generated and displayed for the time intervals.

摘要翻译： 公开了一种用于监视在服务器处接收的电子消息的方法。 在服务器处接收到的多个电子消息的消息信息被确定并存储在队列中。 基于队列，针对多个网络地址的特定网络地址生成聚合信息。 为多个时间间隔的每个时间间隔生成聚合信息，并且对于多个时间间隔被显示。 在一些实现中，接收来自用户的输入，并且基于输入，对来自特定网络地址的未来电子消息如何由服务器处理进行修改。 在一些实现中，为两个或更多个网络地址生成组合聚合信息，然后显示。 在一些实施方式中，在时间间隔内生成并显示指示哪些策略已应用于电子消息的聚合策略信息。

公开(公告)号：US07849507B1

公开(公告)日：2010-12-07

申请号：US11742080

申请日：2007-04-30

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

IPC分类号： G06F11/00

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus can perform HTTP traffic monitoring and filtering of HTTP requests from clients and responses from servers. Example apparatus comprises a processor; a first network interface to a protected network; a second network interface to an external network; a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in the protected network, send the request to a network resource in the external network on behalf of the client, and receive an HTTP response from the network resource on behalf of the client computer; and a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in an HTTP response.

摘要翻译： 数据处理装置可以执行来自客户端的HTTP请求的HTTP流量监视和过滤以及来自服务器的响应。 示例性设备包括处理器; 到受保护网络的第一网络接口; 到外部网络的第二网络接口; 耦合到处理器并耦合到内容高速缓存的核心超文本传输​​协议（HTTP）代理，其中HTTP代理被配置为从受保护网络中的客户端计算机接收HTTP请求，将请求发送到外部的网络资源 网络代表客户端，并代表客户端计算机从网络资源接收HTTP响应; 以及多个间谍软件扫描引擎（SSE），其中每个SSE耦合到存储的内容签名，并且其中每个SSE被配置为在HTTP响应中检测特定类型的恶意软件。