Corbridge et al., 1991 - Google Patents
Packet filtering in an ip routerCorbridge et al., 1991
View PDF- Document ID
- 12343356410762543082
- Author
- Corbridge B
- Henig R
- Slater C
- Publication year
- Publication venue
- e Proceedings of the Fifth USENIX Large Installation and System Administration Confernce (LISA V)
External Links
Snippet
By using existing information in packet headers, routers can provide system administrators a facility to manage network connections between computers. Host address, network number, interface, direction, protocol, and port number are parameters that may be used to …
- 238000001914 filtration 0 title abstract description 28
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
- H04L29/1233—Mapping of addresses of the same type; Address translation
- H04L29/12339—Internet Protocol [IP] address translation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/08—Configuration management of network or network elements
- H04L41/0893—Assignment of logical groupings to network elements; Policy based network management or configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/08—Configuration management of network or network elements
- H04L41/0803—Configuration setting of network or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/02—Arrangements for maintenance or administration or management of packet switching networks involving integration or standardization
- H04L41/0213—Arrangements for maintenance or administration or management of packet switching networks involving integration or standardization using standardized network management protocols, e.g. simple network management protocol [SNMP] or common management interface protocol [CMIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1438670B1 (en) | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device | |
| US7131141B1 (en) | Method and apparatus for securely connecting a plurality of trust-group networks, a protected resource network and an untrusted network | |
| AU687575B2 (en) | Security system for interconnected computer networks | |
| US8055800B1 (en) | Enforcing host routing settings on a network device | |
| US8893256B2 (en) | System and method for protecting CPU against remote access attacks | |
| US7379423B1 (en) | Filtering subscriber traffic to prevent denial-of-service attacks | |
| CA2323766C (en) | Providing secure access to network services | |
| RU2214623C2 (en) | Computer network with internet screen and internet screen | |
| US20080267179A1 (en) | Packet processing | |
| Newman | Benchmarking terminology for firewall performance | |
| EP0713311A1 (en) | Secure gateway and method for communication between networks | |
| JP2002215478A (en) | Fire wall service supply method | |
| JPH11168511A (en) | Packet authentication method | |
| AU2002327757A1 (en) | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device | |
| JPH11168510A (en) | Packet verification method | |
| US20040030765A1 (en) | Local network natification | |
| WO2004047402A1 (en) | Management of network security domains | |
| Corbridge et al. | Packet filtering in an ip router | |
| US20010037384A1 (en) | System and method for implementing a virtual backbone on a common network infrastructure | |
| Venugopal et al. | Use of an SDN switch in support of NIST ICS security recommendations and least privilege networking | |
| Chitturi | Implementing mandatory network security in a policy-flexible system | |
| Newman | RFC2647: Benchmarking Terminology for Firewall Performance | |
| Held | Working with cisco access lists | |
| Ramsurrun et al. | Efficient cluster security gateway architecture for per-packet load balanced IP filtering on switched clusters | |
| Woodall | Firewall design principles |