Network connection detection and throttling

Assignee

• Cisco Technology, Inc. · US

Inventor

• Mark Stuart Day · Milton, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1408
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In an edge network, message traffic between the edge network and a core network passes through the edge router. A port scanning attack directed to the network as a whole (core network) potentially emanates from within the LAN. The edge router includes a network throttling device which identifies and mitigates harmful transmissions such that they do not propagate to the core network. The network throttling device has a connection daemon to scan transactions and determine deviant or atypical connection attempts. A session database stores a transaction history representing a window of previous connection attempts. A pattern detector examines the history and looks for malicious behavior. Identified deviant patterns cause a throttler enforcer to limit the triggering user by restricting future connection attempts, thus mitigating harmful effects. Usage, therefore, is not prevented, but resilience to deviant practices is provided. Accordingly, virus propagation via port scanning is mitigated to a safe level and false alarms targeting legitimate activity are minimized.