公开(公告)号：US08087082B2

公开(公告)日：2011-12-27

申请号：US12959542

申请日：2010-12-03

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

IPC分类号： G06F11/00

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus, comprising at least one processor and a traffic monitor comprising logic which, when executed by the processor, causes the processor to perform: creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a particular request; wherein the particular request specifies a particular IP address that is within the particular domain.

摘要翻译： 一种数据处理装置，包括至少一个处理器和流量监控器，其包括逻辑，所述逻辑在由所述处理器执行时使所述处理器执行：使用转发域名系统（DNS）查找来创建域名到因特网协议 （IP）地址; 确定映射中的特定域是否需要通过执行特定动作来处理到或来自特定域的数据流量; 基于所述映射，确定与所述特定域相关联的一个或多个IP地址; 为防火墙生成策略，指示防火墙在接收到特定请求时执行特定操作; 其中特定请求指定特定域内的特定IP地址。

公开(公告)号：US20110078309A1

公开(公告)日：2011-03-31

申请号：US12959542

申请日：2010-12-03

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  J.R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  J.R. Elischer ,  Brandon L. Golm

IPC分类号： G06F15/173

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus, comprising at least one processor and a traffic monitor comprising logic which, when executed by the processor, causes the processor to perform: creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a particular request; wherein the particular request specifies a particular IP address that is within the particular domain.

摘要翻译： 一种数据处理装置，包括至少一个处理器和流量监控器，其包括逻辑，所述逻辑在由所述处理器执行时使所述处理器执行：使用转发域名系统（DNS）查找来创建域名到因特网协议 （IP）地址; 确定映射中的特定域是否需要通过执行特定动作来处理来自特定域的数据流量; 基于所述映射，确定与所述特定域相关联的一个或多个IP地址; 为防火墙生成策略，指示防火墙在接收到特定请求时执行特定操作; 其中特定请求指定特定域内的特定IP地址。

公开(公告)号：US07849502B1

公开(公告)日：2010-12-07

申请号：US11742015

申请日：2007-04-30

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

IPC分类号： G06F15/16 ,  G06F11/00

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus can perform HTTP traffic monitoring and filtering of HTTP requests from clients and responses from servers. Example apparatus comprises a processor, a first network interface to a protected network, a second network interface to an external network, and a traffic monitor having an address-domain name database, a firewall rules manager, and a DNS snooper. The traffic monitor accesses a blacklist and can perform receiving, from a client computer, a request to access a resource in the external network; blocking the request to the resource when a user agent of the client is in the blacklist as malicious software or when a file extension in a response to the request is in the blacklist; requesting, from a web reputation service, and receiving a reputation score indicating a reputation of the resource; blocking sending the request to the resource when the reputation is below a specified threshold.

摘要翻译： 数据处理装置可以执行来自客户端的HTTP请求的HTTP流量监视和过滤以及来自服务器的响应。 示例性设备包括处理器，到受保护网络的第一网络接口，到外部网络的第二网络接口，以及具有地址域名数据库，防火墙规则管理器和DNS侦听器的流量监视器。 流量监控器访问黑名单，可以从客户端计算机执行访问外部网络资源的请求; 当客户端的用户代理处于黑名单中作为恶意软件或响应该请求的文件扩展名在黑名单中时，将该请求阻止给资源; 从网络信誉服务请求，并且接收到表示资源的信誉的信誉分数; 当信誉低于指定的阈值时，阻止向资源发送请求。

公开(公告)号：US20080082662A1

公开(公告)日：2008-04-03

申请号：US11804017

申请日：2007-05-15

申请人： Richard Dandliker ,  Shalabh Mohan ,  Ambika Gadre ,  Jed Lau

发明人： Richard Dandliker ,  Shalabh Mohan ,  Ambika Gadre ,  Jed Lau

IPC分类号： G06F15/16

CPC分类号： H04L63/10 ,  H04L63/1441 ,  H04L63/1483

摘要： Access to network resources is controlled based on reputation of the network resources. In an embodiment, a data processing apparatus is coupled to a first protected network and to a second network, and comprises logic configured to cause receiving a client request that includes a particular network resource identifier; retrieving, from a database that associates a plurality of network resource indicators with attributes of the network resource identifiers, values of particular attributes that are associated with the particular network resource identifier; determining a reputation score value for the particular network resource identifier based on the particular attributes; and performing a responsive action for the client request based on the reputation score value.

摘要翻译： 基于网络资源的声誉来控制对网络资源的访问。 在一个实施例中，数据处理设备耦合到第一受保护网络和第二网络，并且包括配置成使得接收包括特定网络资源标识符的客户端请求的逻辑; 从将所述多个网络资源指示符与所述网络资源标识符的属性相关联的数据库检索与所述特定网络资源标识符相关联的特定属性的值; 基于特定属性确定特定网络资源标识符的信誉分数值; 以及基于所述信誉得分值对所述客户端请求执行响应动作。

公开(公告)号：US07849507B1

公开(公告)日：2010-12-07

申请号：US11742080

申请日：2007-04-30

申请人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

发明人： Eric Bloch ,  Shalabh Mohan ,  Rajendraprasad R. Pagaku ,  Doug Moore ,  Mark Krentel ,  Bruce Thompson ,  Julian R. Elischer ,  Brandon L. Golm

IPC分类号： G06F11/00

CPC分类号： H04L63/168 ,  H04L29/12066 ,  H04L43/00 ,  H04L43/16 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/145

摘要： A data processing apparatus can perform HTTP traffic monitoring and filtering of HTTP requests from clients and responses from servers. Example apparatus comprises a processor; a first network interface to a protected network; a second network interface to an external network; a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in the protected network, send the request to a network resource in the external network on behalf of the client, and receive an HTTP response from the network resource on behalf of the client computer; and a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in an HTTP response.

摘要翻译： 数据处理装置可以执行来自客户端的HTTP请求的HTTP流量监视和过滤以及来自服务器的响应。 示例性设备包括处理器; 到受保护网络的第一网络接口; 到外部网络的第二网络接口; 耦合到处理器并耦合到内容高速缓存的核心超文本传输​​协议（HTTP）代理，其中HTTP代理被配置为从受保护网络中的客户端计算机接收HTTP请求，将请求发送到外部的网络资源 网络代表客户端，并代表客户端计算机从网络资源接收HTTP响应; 以及多个间谍软件扫描引擎（SSE），其中每个SSE耦合到存储的内容签名，并且其中每个SSE被配置为在HTTP响应中检测特定类型的恶意软件。