	US 11,949,697 B2
	Hierarchical scanning of internet connected assets
Connor Leete Gilbert, Menlo Park, CA (US); and Michael Haggblade, San Bruno, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Mar. 2, 2022, as Appl. No. 17/653,149.
Application 17/653,149 is a continuation of application No. 16/579,302, filed on Sep. 23, 2019, granted, now 11,283,816.
Application 16/579,302 is a continuation of application No. 15/136,620, filed on Apr. 22, 2016, granted, now 10,425,430, issued on Sep. 24, 2019.
Prior Publication US 2022/0321582 A1, Oct. 6, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); H04L 69/16 (2022.01)

CPC H04L 63/1416 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0245 (2013.01); H04L 63/0428 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 63/205 (2013.01); H04L 69/169 (2013.01)]

20 Claims

1. A method comprising:

scanning the Internet for publicly accessible communication ports with probes having an initial payload, wherein scanning the Internet comprises scanning the Internet external to one or more networks corresponding to the publicly accessible communication ports;

for each response to the scanning,

determining whether the response indicates a network address active on a port and a service associated with the port;

based on determining that the response indicates a network address active on a port and a service associated with the port, determining a follow-up probe based on at least one of the network address active on the port, the port, the service associated with the port, and a protocol indicated by the response; and

executing the follow-up probe; and

updating a database based, at least in part, on the responses to the scanning with probes having the initial payload and responses to executing the follow-up probes.