US2015096030A1PendingUtilityA1
System, method, and computer program product for preventing communication of unwanted network traffic by holding only a last portion of the network traffic
Est. expiryOct 5, 2029(~3.2 yrs left)· nominal 20-yr term from priority
H04L 63/145H04L 63/1416H04L 63/0245
57
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . An intrusion protection system, comprising:
a server, comprising:
a processor;
a network interface, coupled to the processor; and
a memory coupled to the processor, on which are stored instructions, comprising instructions that when executed cause the processor to:
receive via the network interface an initial portion of a file being transferred to a destination;
forward the initial portion of the file to the destination;
receive via the network interface a final portion of the file;
determine identifying information regarding the file;
query a file reputation database for a determination of whether the file is wanted or unwanted using the identifying information; and
refuse to forward the final portion of the file to the destination responsive to a determination that the file is unwanted.
2 . The intrusion protection system of claim 1 , wherein the final portion of the file comprises a predetermined number of final packets.
3 . The intrusion protection system of claim 1 , wherein the instructions further comprise instructions that when executed cause the processor to:
identify the final portion of the file by comparing a size of the file to a size of all received portions of the file.
4 . The intrusion protection system of claim 1 , wherein the identifying information includes a hash of the file.
5 . The intrusion protection system of claim 1 , wherein the instructions further comprise instructions that when executed cause the server to receive a response from the file reputation database indicating the file is unwanted.
6 . The intrusion protection system of claim 1 , wherein the instructions further comprise instructions that when executed cause the server to read a network header associated with the file.
7 . The intrusion protection system of claim 1 , wherein the server further comprises:
a second network interface, wherein the instructions that when executed cause the processor to forward the initial portion of the file to the destination comprise instructions that cause the processor to forward the initial portion of the file via the second network interface.
8 . A machine readable medium, on which are stored instructions that when executed cause a server to:
receive via a network interface an first portion of a file being transferred to a destination through the server; forward the first portion of the file to the destination; receive via the network interface a last portion of the file; determine identifying information regarding the file; determine whether the file is wanted or unwanted using the identifying information; and prevent forwarding of the last portion of the file to the destination responsive to a determination that the file is unwanted.
9 . The machine readable medium of claim 8 , wherein the last portion of the file is a plurality of final packets.
10 . The machine readable medium of claim 8 , wherein the instructions further comprise instructions that when executed cause the server to identify the last portion of the file by comparing a size of the file to a size of all received portions of the file.
11 . The machine readable medium of claim 8 , wherein the information regarding the file comprises a hash of the file.
12 . The machine readable medium of claim 8 , wherein the instructions that when executed cause the server to determine whether the file is wanted or unwanted comprise instructions that when executed cause the server to query a file reputation database.
13 . The machine readable medium of claim 12 , wherein the instructions that cause the server to query the file reputation database comprise instructions that when executed cause the server to send the identifying information to a file reputation database server.
14 . A method of preventing delivery of malware, comprising:
receiving by a server via a network interface an first portion of a file; forwarding by the server the first portion of the file to a destination for the file; receiving by the server via the network interface a second portion of the file; obtaining file identification information; determining whether the file contains malware using the file identification information; and preventing forwarding by the server of the second portion of the file to the destination responsive to a determination that the file contains malware.
15 . The method of claim 14 , wherein the second portion of the file comprises one or more packets.
16 . The method of claim 14 further comprising identifying the second portion of the file by comparing a size of the file to a size of all received portions of the file.
17 . The method of claim 14 , wherein the file identification information comprises a hash of the file.
18 . The method of claim 14 , wherein determining whether the file contains malware comprises querying a file reputation database.
19 . The method of claim 18 , wherein determining whether the file contains malware further comprises obtaining a result from the file reputation database, the result responsive to a comparison of the file identification information with data regarding known malware.
20 . The method of claim 14 , further comprising reading a network header associated with the file.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.