Distributed ISP system for the inspection and elimination of eThreats in a multi-path environment

摘要

Method for eliminating the possibility of exploiting by an attacker a multipath type transfer in terms of the number of the ISP operated Inspection and Elimination Units - IEUs, the method comprises: (a) providing a plurality of Enhanced Inspection and Elimination Units-EIEUs; (b) for each destination subscriber user, defining a set of EIEUs which includes all end EIEUs which can directly forward a packet to said user computer; (c) as long as no conclusion has been reached regarding to whether a session is malicious or not, forwarding all received session packets by any EIEU within the set to a manager EIEU for analysis; (d) upon receipt of a packet at said manager EIEU, forwarding the packet to the destination user computer, but also performing analysis at the manager EIEU on a copy of said packet, together with previously analyzed packets of a same session, in a try to reach a conclusion as to whether the session is malicious or not; (e) if a conclusion has not been reached even following said analysis, accumulating the packet together with said previous packets for further future analysis; (f) if, however, a conclusion is reached by said analysis that the packet belongs to a malicious session, creating a "drop" rule by said manager EIEU, and forwarding to all EIEUs within the set; (g) if, on the other hand, a conclusion is reached by said analysis that the packet belongs to a non-malicious session, creating a "pass" rule by said manager EIEU, and forwarding to all EIEUs within the set.