This invention discloses a method and system for detecting and reacting to
unexpected communications patterns. The system consists of a plurality of
end stations and a plurality of network interfaces, such that, the
network interface is capable of determining the authenticity of the
program used by the end station to generate and send data packets. The
system further consists of a plurality of secure management servers,
which continuously exchange management messages with the network
interfaces. Consequently, the secure management servers have the
information for detecting unexpected communications patterns. The method
allows the control of end stations, and when an unexpected communication
pattern is detected, selectively only packets from authenticated programs
can be allowed to be transmitted.