Scan detection

Number of patents in Portfolio can not be more than 2000

United States of America Patent

APP PUB NO 20050147037A1
SERIAL NO

11025983

Stats

ATTORNEY / AGENT: (SPONSORED)

Importance

Loading Importance Indicators... loading....

Abstract

See full text

A method for detecting a scan in network connections, each connection to a respective destination determined by a destination key and a destination parameter. For each of the connections, an active-connection entry is logged in a first table. The active-connection entry includes the destination key and the destination parameter. For each destination key entered in the first table, each active-connection entry is counted by: (i) entering in a second table a new-connection entry including the destination key, and (ii) assigning to the new-connection entry a use value; the use value equals a number of the active-connection entries with the destination key. A scan event is generated when the use value exceeds a previously determined new-connection-threshold. If the scan is an 'address scan', the destination key is a destination port and the destination parameter is a destination address (IP); and if the scan is a 'port scan' then the destination key is a destination address and the destination parameter is a destination port.

Loading the Abstract Image... loading....

First Claim

See full text

Family

Loading Family data... loading....

Patent Owner(s)

Patent OwnerAddress
CHECK POINT SOFTWARE TECHNOLOGIES LTD5 HASOLELIM STREET TEL AVIV 67897

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Dov, Oded Ben Haifa, IL 1 5
Kantor, Alon Tel Aviv, IL 9 169
Maimon, Uriel Jerusalem, IL 1 5

Cited Art Landscape

Load Citation

Patent Citation Ranking

Forward Cite Landscape

Load Citation