| CPC H04L 63/0236 (2013.01) [H04L 43/08 (2013.01); H04L 61/5007 (2022.05); H04L 63/1425 (2013.01); H04L 69/22 (2013.01)] | 32 Claims |
|
1. A method of monitoring network traffic for a protected network using a block of internet protocol (IP) addresses assigned to one or more protected servers, the method comprising:
selecting one or more green addresses, wherein each green address is a different IP address from the block of IP addresses;
associating the one or more green addresses with a fixed green path that provides a route to the one or more protected servers;
receiving a packet of the network traffic from a client directed to an IP address of the block of IP addresses, the packet including a source address for the client and a destination address from the block of IP addresses, wherein the packet is received prior to any performance of deep packet inspection (DPI) on the packet in association with monitoring the network traffic for the protected network;
determining whether the destination address matches the one or more green addresses or is a yellow address, wherein the yellow address belongs to the block of IP addresses, but is not a green address;
when the determination is that the destination address matches the one or more green addresses, sending the packet to the one or more protected servers via the green path, bypassing any deep packet inspection; and
when the determination is that the destination address does not match the one or more green addresses, sending the packet along a fixed yellow path from a router to a scrubber for the scrubber to analyze the packet using DPI, determining by the DPI whether to authenticate the packet, sending the packet only if authenticated or unknown along a pre-established authenticated path to the protected network, and performing, only if the packet is authenticated, a redirection of the client,
wherein the redirection causes any subsequent requests from the client to be sent to the IP address associated with the green address, bypassing any deep packet inspection, and wherein the yellow path is based on router instructions to reach a particular device,
wherein after an interval or in response to a trigger event, the method further comprises, when a next packet has a destination address that matches the one or more green addresses, sending the next packet to the scrubber instead of sending the next packet via the green path, even when the determination is that the destination address of the next packet matches the one or more green addresses.
|