With advances in integrated circuit, microprocessor, networking and communication technologies, increasing numbers of devices, in particular, digital computing devices, are being networked together. Devices are often first coupled to a local area network, such as an Ethernet based office/home network. In turn, local area networks are interconnected together through wide area networks, such as ATM networks, Frame Relays, and the like. Of particular interest is the TCP/IP based global inter-networks—the Internet.
To ensure successful communication over the Internet, it is important to prevent undesirable network traffic. For example, the use of denial of service (DoS) attacks has grown over the years to prevent legitimate traffic from reaching its intended destination. Accordingly, the utilization of effective preventative measures has become increasingly important.
One preventive measure is the use of a monitoring device to inspect network traffic before it reaches an intended destination. If it appears that the content has originated from a malicious source, then the traffic can be prevented from reaching the intended destination. Inspecting network traffic, however, can be a time intensive process. Often this process involves an administrator manually capturing packets and then reviewing the packets to identify content from a malicious source. The administrator then has to engage in a time consuming process of adding a filter to the monitoring device to prevent future packets originating from the malicious source from being transmitted to the destination. According, what are needed are systems and methods to optimize the process of adding filters to monitoring devices.