1. Field of the Invention
The present invention relates generally to a computer implemented method and computer program product for detecting and reducing malicious packet traffic. More specifically, the present invention relates to reverse firewalls.
2. Description of the Related Art
Modern computers are multipurpose devices readily modified by adding applications and other computer instructions to cause the computer to perform different tasks. At the inception of the age of personal computers, software was typically made available on magnetic and disk media. However, such media is costly to produce, as well as added shipping costs to sell through normal bricks-and-mortar stores. Recently, users of computers have shifted to obtaining software by download over the internet. Such a practice eliminates many time-consuming steps.
Nevertheless, such a model for software distribution has created security vulnerabilities. Malicious software developers created software programs to commandeer computers and produce results unwanted by the user. Such developers deliver their malicious code by internet connections, which are sometimes detected before damage is done.
Detection of such connections is typically accomplished using firewalls. Firewalls may be available at three junctions in the network. First, a personal computer may provide a firewall as an application that monitors the network port. Like most firewalls, a personal firewall monitors packets for illicit content and flags connections that fit a profile or rule. Such a flagged connection may require the attention of the user to determine if the content is likely to damage the operation of the applicable personal computer. A second firewall is a LAN firewall established as a computer at the outward facing interface of a local area network (LAN). Such a firewall monitors traffic arriving to the LAN from the outside world, including, for example, the internet. This firewall can protect computers within the LAN from intrusion.
A third firewall type is a reverse firewall. A reverse firewall, like a LAN firewall, can be located at the edge of a LAN. However, a reverse firewall also monitors traffic that arrives from within the LAN with destinations to receiver hosts outside the LAN. Accordingly, a function of the reverse firewall is to detect malicious packets outbound from the LAN and block any traffic that appears malicious.
The task of the reverse firewall can be burdensome. The reverse firewall is occupied with the task of examining packets in real-time and promptly forwarding all benign packets. This task consumes computer resources. In particular, examining the content of packet payloads takes a toll on the reverse firewall.