An outgoing communication originating from certain cloud, multi-tenant, or other types of multi-user computing environments, may not identify the particular user that sent the communication. This may occur, for example, in a Platform as a Service (“PaaS”) cloud-computing environment that provides each user a complete virtualized computing platform, including network and infrastructure, operating systems, middleware, storage, and applications. This may also occur in other types of multi-user environments, such as a workgroup that is identified to outside parties by only a single IP address of a router or firewall.
In some cases, a user or application comprised by a multi-user environment may occupy an isolated, self-contained container (or other type of compartmentalized or preconfigured operating environment), provided by a means known in the art, such as a Warden server or a Docker container. In such cases, an outgoing TCP/IP or Ethernet message may contain information that identifies the environment from which it originated, but does not identify the sender's particular container. Similarly an outgoing TCP/IP or Ethernet message may contain information that identifies a container from which it originated, but does not identify the particular user or application within that container as being the true sender.
When an application or user of a multi-user operating environment becomes infected with malware, or when a user itself has malicious intent, that application or user may transmit malicious communications to third parties outside the multi-user environment. The attacked recipient may attempt to respond by blacklisting, or taking other action against, the perceived attacker. But if a malicious communication identifies only the multi-user environment, not the particular source application or user, the recipient may not be able to identify the true sender. The recipient's response, therefore, may be directed against the entire multi-user environment, blacklisting or otherwise blocking further communications from all occupants of the multi-user environment. As a result, users that present no threat to the external party may find themselves blocked.