US 12,218,969 B2
Malicious CandC channel to fixed IP detection
Yinnon Meshi, Kibbutz Revivim (IL); Idan Amit, Ramat Gan (IL); Jonathan Allon, Haifa (IL); and Aviad Meyer, Hod-Hasharon (IL)
Assigned to Palo Alto Networks Israel Services Ltd, Tel-Aviv (IL)
Filed by Palo Alto Networks (Israel Analytics) Ltd., Tel Aviv (IL)
Filed on Jul. 17, 2023, as Appl. No. 18/353,115.
Application 18/353,115 is a continuation of application No. 16/798,466, filed on Feb. 24, 2020, granted, now 11,811,820.
Prior Publication US 2024/0022596 A1, Jan. 18, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [H04L 63/0209 (2013.01); H04L 63/0263 (2013.01); H04L 63/1425 (2013.01)] 20 Claims
OG exemplary drawing
 
20. A computer software product for protecting a computing system, the product including a non-transitory computer-readable medium, in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer:
to collect information, via the NIC, from data traffic transmitted between multiple local nodes on a private data network and public IP addresses outside the private data network;
to identify a subset of the public IP addresses as belonging to a demilitarized zone (DMZ) subnet associated with the private data network;
to detect in the collected information a suspicious transmission of outgoing data packets transmitted from at least one of the local nodes and addressed to a given public IP address;
to check whether the given public IP address belongs to the identified subset; and
to initiate a protective action with respect to the suspicious transmission upon ascertaining that the given public IP address does not belong to the identified subset, while refraining from the protective action upon ascertaining that the given public IP address belongs to the identified subset.