A method for providing security to a
computer network by selectively blocking network transmissions from selected IP addresses comprising the steps of: establishing a
risk threshold whereby transmissions from IP addresses exceeding said
risk threshold are selectively blocked; receiving a network transmission having an originating
IP address and
payload; analyzing the
payload of said transmission and assigning a current
risk rating to said
IP address on the basis of said analysis; comparing the originating
IP address of said transmission to a
database of known IP addresses, each of said said previous cumulative assigned
risk rating being based on at least one previous transmission from a known IP address; known IP addresses having a previous cumulative assigned
risk rating, assigning a new cumulative risk rating to said originating IP address, said new cumulative risk rating being the sum of said current risk rating and said previous cumulative assigned risk rating for said originating IP address, with the proviso that where said originating IP address is not contained in said
database of known IP addresses, the new cumulative risk rating will equal the current risk rating;
logging the new cumulative risk rating for said originating IP address in said
database of known IP addresses, with the proviso that where the originating IP address of said transmission is not contained in said database of known IP addresses, a new
record is created for the originating IP address and said new cumulative risk rating in said database of known IP addresses; comparing said new cumulative risk rating to said
risk threshold; and automatically blocking said transmission if said new cumulative risk rating exceeds said risk threshold.