A method, apparatus, system, and signal-bearing medium that, in an embodiment, filter packets received from a network based on rules. The filtering discards a subset of the packets based on the rules and keeps a remaining subset of the packets. The remaining subset is copied to a destination. The rules are created offline in a lower priority process from the filtering and copying by detecting whether symptoms exist in a sample of the remaining subset. In an embodiment, the order that the symptoms are detected is changed based on the frequency of the existence of the symptoms in the sample. In various embodiments, the symptoms may include receiving a threshold number of ping packets within a time period, receiving a threshold number of broadcast packets within a time period, receiving a packet with an invalid source address, receiving a packet with an invalid header flag, and receiving a threshold number of the packets within a time period that contain a sequence flag. In this way, firewall throughput performance is increased.

 
Web www.patentalert.com

< System, method and program for identifying Web information related to subjects in a program broadcast

< Automatic software installation on heterogeneous networked computer systems

> Distributed allocation of system hardware resources for multiprocessor systems

> System and method for reducing virus scan time
~ 00252