Most computers, such as desktop computers and mobile devices, need to periodically access a network, such as a wide area network (WAN), e.g., the Internet, a local area network (LAN) or other network. Typically, these computers are constantly connected to the network while they are being used. This is particularly true for desktop systems that are hardwired to the network. Mobile devices need to be in the proximity of a wireless access point in order to gain network access. Such wireless access points are becoming increasingly pervasive due to so-called wireless “hot spots” that are springing up in many places, e.g., airports, train stations, cafés, office buildings, homes, etc. Other devices that may connect to wireless access points include sensors, actuators and vending machines.
Computers that are almost constantly network connected have two drawbacks. First, energy is wasted in the network interface card (NIC) whenever the user is not using it. This is a particular concern in mobile devices, such as cellphones and PDAs, and wirelessly connected devices in general, such as sensors. In these devices, the wireless NIC accounts for a significant fraction of the total power budget and therefore may significantly reduce the battery life. Second, a computer that is connected to a network can potentially be attacked from another computer connected to the network. The most likely attack is from network worms, which spread rapidly from one computer to another computer and which are persistent in their attempt to spread. Typically, these worms send short packets (about 1 kBytes) to random network addresses. If a destination computer is connected to the network and its network address matches the address of the worm packet, then the destination computer is likely to become infected if it allows the worm packet to access its network port. The longer a user computer is on the network, the more susceptible it is to such attacks. Also, users often leave their office and home computers running and permanently network connected while they are at home and at work, respectively. Examples of recent network worms include Welchia, Blaster, Slammer and CodeRedll. The Welchia or Blaster worms get into a computer's system, through an RPC call to port 135, where it exploits a bug in a distributed component object model (DCOM). Slammer uses unreliable delivery protocol (UDP) and exploits a weakness in the simple query language (SQL) server. CodeRedll takes advantage of a buffer overflow bug in an Indexing Server.
To get an idea of how much time a client computer station is effectively using the network interface card (NIC) during an 8 hour work day, assume a user accesses 200 webpages and that a typical webpage contains about 250 kBytes (“k” designating 1000, not 1024) of information. Assume further the user replicates 50 email messages, each having a 500 kBytes attachment. The amount of transmitted data is typically much smaller and will be ignored here. Finally, assume the computer is equipped with a wireless NIC, such as a NIC conforming to the 802.11b IEEE standard, which has a maximum effective throughput of about 500 kBytes/s under low contention conditions. Typical download speeds, however, from the Internet and from email servers are commonly much slower, for example, about 50 kBytes/s. Thus, the total time the NIC is engaged with receiving and waiting for data may be calculated as (200[pages]×250[kBytes/page]+50[emails]×500[kBytes/email])/50[kBytes/s]=1,500 seconds or about 5% of an 8 hour work day. A wireless NIC conforming to 802.11g may have a throughput that is 5 times faster than 802.11b NIC. Correspondingly even less than 5% time is spent accessing the network. It may, therefore, be concluded that the amount of time a computer actually spends effectively using the network is quite small compared to the total time the computer is in use. When this is coupled with the observation that network accesses are highly bursty in nature, it is clear that there exist long periods of time during which a computer's NIC can be turned off, thus offering both protection from network attacks and reduced energy consumption.
Thus, there is a need for throttling a computer's access to the network 1) to reduce the window of opportunity for being attacked by another network connected computer, 2) to reduce the rate with which a virus spreads across networks, and 3) to increase the battery life in mobile devices. A present day solution to this problem is that the user manually disables the network interface when it is not needed. This solution, however, suffers from requiring the user's involvement, and is cumbersome.