Network management device at network edge for INS intrusion detection based on adjustable blacklisted sources

摘要

A network agent includes an ingress port in data communication with a network traffic source for receiving network traffic entering a network and an egress port in data communication with the ingress port and a protection device included in the network. The egress port is configured to transmit network traffic received from the ingress port to a network device included in the network. A processing device receives from a protection device included in the network blacklist addresses determined by the protection device to be a threat to the network, and maintains a blacklist that includes the received blacklist addresses. A physical layer device compares the network layer source address of a packet of the network traffic received by the ingress port to the blacklist and forwards the packet to the egress port only if the packet's source address is not included in the blacklist.