公开(公告)号：US20140351878A1

公开(公告)日：2014-11-27

申请号：US13900576

申请日：2013-05-23

Applicant: Check Point Software Technologies Ltd.

Inventor： Tamir Zegman ,  Ofer Barkai

IPC: H04L29/06

CPC classification number: H04L63/0227 ,  H04L43/106 ,  H04L63/1458

Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.

Abstract translation: 网络组件具有一组一个或多个规则，每个规则具有匹配组件和动作组件。 如果传入的分组映射到规则的匹配组件，则根据规则的动作组件来处理该分组。 如果规则还包含限制组件，则如果分组映射到规则的匹配组件，则更新规则的家族历史，并且仅当规则的家族历史满足规则的限制时才根据规则的动作组件来处理分组 零件。

公开(公告)号：US09647985B2

公开(公告)日：2017-05-09

申请号：US13900576

申请日：2013-05-23

Applicant: Check Point Software Technologies Ltd.

Inventor： Tamir Zegman ,  Ofer Barkai

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/0227 ,  H04L43/106 ,  H04L63/1458

Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.

公开(公告)号：US08844019B2

公开(公告)日：2014-09-23

申请号：US13682754

申请日：2012-11-21

Applicant: Check Point Software Technologies Ltd.

Inventor： Ofer Barkai ,  Dorit Dor ,  Tamir Zegman

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/1458

Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

Abstract translation: 计算机网络的安全网关在一个或多个网络接口处接收传入的分组。 一个或多个安全功能被应用于分组。 记录安全功能违规的报告。 这些报告包括报文的源地址，接收报文的时间以及违规的描述。 描述包括权重，并且如果在第一时间间隔内接收到的公共源地址的分组的权重之和超过阈值，则来自该源地址的后续分组被丢弃。 或者，在“仅监视”模式下，记录公共源地址，但不会丢弃数据包。 可选地，在一些网络接口而不是在其他网络接口处接收到的加密分组和/或分组不被丢弃。

公开(公告)号：US20140143850A1

公开(公告)日：2014-05-22

申请号：US13682754

申请日：2012-11-21

Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.

Inventor： Ofer Barkai ,  Dorit Dor ,  Tamir Zegman

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/1458

Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

Abstract translation: 计算机网络的安全网关在一个或多个网络接口处接收传入的分组。 一个或多个安全功能被应用于分组。 记录安全功能违规的报告。 这些报告包括报文的源地址，接收报文的时间以及违规的描述。 描述包括权重，并且如果在第一时间间隔内接收到的公共源地址的分组的权重之和超过阈值，则来自该源地址的后续分组被丢弃。 或者，在“仅监视”模式下，记录公共源地址，但不会丢弃数据包。 可选地，在一些网络接口而不是在其他网络接口处接收到的加密分组和/或分组不被丢弃。