As Internet usage has become an integral part of our daily lives, the constant threat of attacks by computer viruses has also become an inseparable aspect of our computer experience. Every once in a while, a new computer virus epidemic will break out, with the virus spreading quickly over the Internet, finding its ways into large and small computer networks all over the world and wreaking havoc in those networks, causing significant losses in productivity and resources.
Even after the first wave of attacks by a computer virus has subsided, there is always the concern that the virus is just lying dormant somewhere and will resurrect and launch attacks again at a later time. After the initial attacks of a virus, protection against that virus is typically added to the firewall of a computer network to prevent the virus from reentering the network. A firewall is typically placed at the edge of a network for filtering packets coming from the outside world into the network. The firewall examines each packet it receives and tests it against various rules. If the packet passes, the firewall sends the packet on to its destination. This measure, however, does not prevent future attacks from within the network, since the network communications among computers in the network typically do not go through the firewall, which is placed at the interface of the network with other networks. Once a virus has entered a computer network, it is often difficult to determine which computers in the network have been infected. As a result, it is almost impossible to ensure that the virus has been eradicated from every computer in the network, especially when the network contains many computers. Later, at an unexpected time, an infected computer may start to attack other computers in the network.
One difficulty in stopping such virus attacks from within the network is that it is often hard to identify the physical computer that houses the virus. For instance, the culprit may be an old, long-forgotten, server sitting somewhere in a closet or under a laboratory bench, with a non-descriptive device name that does not tell where the machine is. It may not be too difficult to trace the source of the virus attacks to a building or even a floor in the building, but pinpointing the perpetrator more precisely without causing major disruption to network operations is usually very difficult and sometimes nearly impossible.