CA2272056A1 - A method and apparatus for updating address lists for a packet filter processor - Google Patents
A method and apparatus for updating address lists for a packet filter processor Download PDFInfo
- Publication number
- CA2272056A1 CA2272056A1 CA002272056A CA2272056A CA2272056A1 CA 2272056 A1 CA2272056 A1 CA 2272056A1 CA 002272056 A CA002272056 A CA 002272056A CA 2272056 A CA2272056 A CA 2272056A CA 2272056 A1 CA2272056 A1 CA 2272056A1
- Authority
- CA
- Canada
- Prior art keywords
- processor
- source
- addresses
- data packet
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
A dedicated data packet filtering processor whose only function is to filter data packets based on a list of source IP addresses stored in high-speed memory of the processor. The processor has a specialized operating system which controls the operation of the processor. The processor examines the source IP address of each received data packet to determine if the source IP
address matches one of the stored source IP addresses, and if there is a match, either discards or forwards the data packet depending on the processor configuration. The list of source IP addresses are updated by a service provider having a central administrative site. The service provider keeps these lists up to data and periodically updates the source IP addresses stored in the random access memory of the dedicated IP filtering processors.
address matches one of the stored source IP addresses, and if there is a match, either discards or forwards the data packet depending on the processor configuration. The list of source IP addresses are updated by a service provider having a central administrative site. The service provider keeps these lists up to data and periodically updates the source IP addresses stored in the random access memory of the dedicated IP filtering processors.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/956,990 US6158008A (en) | 1997-10-23 | 1997-10-23 | Method and apparatus for updating address lists for a packet filter processor |
| US08/956,990 | 1997-10-23 | ||
| PCT/US1998/022072 WO1999021339A1 (en) | 1997-10-23 | 1998-10-20 | A method and apparatus for updating address lists for a packet filter processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2272056A1 true CA2272056A1 (en) | 1999-04-29 |
| CA2272056C CA2272056C (en) | 2003-09-23 |
Family
ID=25498934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002272056A Expired - Fee Related CA2272056C (en) | 1997-10-23 | 1998-10-20 | A method and apparatus for updating address lists for a packet filter processor |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US6158008A (en) |
| CA (1) | CA2272056C (en) |
| WO (1) | WO1999021339A1 (en) |
Families Citing this family (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IL131831A (en) | 1997-03-12 | 2002-12-01 | Nomadix Inc | Nomadic translator or router |
| US6779118B1 (en) * | 1998-05-04 | 2004-08-17 | Auriq Systems, Inc. | User specific automatic data redirection system |
| US7194554B1 (en) | 1998-12-08 | 2007-03-20 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization authentication and accounting |
| US8713641B1 (en) | 1998-12-08 | 2014-04-29 | Nomadix, Inc. | Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device |
| US8266266B2 (en) | 1998-12-08 | 2012-09-11 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization, authentication and accounting |
| US6772346B1 (en) * | 1999-07-16 | 2004-08-03 | International Business Machines Corporation | System and method for managing files in a distributed system using filtering |
| AU7443500A (en) * | 1999-09-24 | 2001-04-24 | Comverse Network Systems, Ltd. | System and method for presorting rules for filtering packets on a network |
| AU1224101A (en) | 1999-10-22 | 2001-05-08 | Nomadix, Inc. | Gateway device having an xml interface and associated method |
| US6477583B1 (en) * | 1999-11-15 | 2002-11-05 | Novell, Inc. | Infrastructure for supporting file replications |
| FI110975B (en) * | 1999-12-22 | 2003-04-30 | Nokia Corp | Prevention of fraud in telecommunication systems |
| US6496935B1 (en) * | 2000-03-02 | 2002-12-17 | Check Point Software Technologies Ltd | System, device and method for rapid packet filtering and processing |
| US7587499B1 (en) * | 2000-09-14 | 2009-09-08 | Joshua Haghpassand | Web-based security and filtering system with proxy chaining |
| US8972590B2 (en) | 2000-09-14 | 2015-03-03 | Kirsten Aldrich | Highly accurate security and filtering software |
| JP3637863B2 (en) * | 2000-11-01 | 2005-04-13 | 日本電気株式会社 | Virtual network and virtual network connection method |
| US6915351B2 (en) * | 2000-12-18 | 2005-07-05 | Sun Microsystems, Inc. | Community separation control in a closed multi-community node |
| WO2002073989A1 (en) * | 2001-03-14 | 2002-09-19 | Nokia Corporation | Method for activating a connection in a communications system, mobile station, network element and packet filter |
| EP1410202B1 (en) * | 2001-03-16 | 2006-07-26 | Novell, Inc. | Client-server model for synchronization of files |
| US6920493B1 (en) * | 2001-03-19 | 2005-07-19 | Networks Associates Technology, Inc. | System and method for communicating coalesced rule parameters in a distributed computing environment |
| JP3590936B2 (en) * | 2001-10-06 | 2004-11-17 | テラス テクノロジーズ,インコーポレイテッド | E-mail service system having dynamic IP filtering module and dynamic IP address filtering method |
| US7360242B2 (en) | 2001-11-19 | 2008-04-15 | Stonesoft Corporation | Personal firewall with location detection |
| US7325248B2 (en) * | 2001-11-19 | 2008-01-29 | Stonesoft Corporation | Personal firewall with location dependent functionality |
| EP1317111B8 (en) * | 2001-11-29 | 2009-11-25 | Stonesoft Corporation | A personalized firewall |
| EP1383327B1 (en) * | 2002-06-11 | 2013-12-25 | Panasonic Corporation | Content distributing system and data-communication controlling device |
| US7302488B2 (en) * | 2002-06-28 | 2007-11-27 | Microsoft Corporation | Parental controls customization and notification |
| US7490348B1 (en) | 2003-03-17 | 2009-02-10 | Harris Technology, Llc | Wireless network having multiple communication allowances |
| ATE399415T1 (en) * | 2003-08-29 | 2008-07-15 | Nokia Corp | PERSONAL REMOTE FIREWALL |
| US7697545B1 (en) * | 2004-07-14 | 2010-04-13 | Computer Associates Think, Inc. | Discovery of component relationships in distributed data processing networks |
| US20060041935A1 (en) * | 2004-08-17 | 2006-02-23 | Conley James W | Methodology for configuring network firewall |
| GB2425912A (en) * | 2005-05-04 | 2006-11-08 | Psytechnics Ltd | Packet filtering |
| WO2007035725A2 (en) * | 2005-09-19 | 2007-03-29 | Schweitzer Engineering Laboratories, Inc. | Method and apparatus for routing data streams among intelligent electronic devices |
| JP4489676B2 (en) * | 2005-09-28 | 2010-06-23 | 富士通株式会社 | Communications system |
| US7802296B2 (en) * | 2006-08-23 | 2010-09-21 | Cisco Technology, Inc. | Method and system for identifying and processing secure data frames |
| US7755872B2 (en) * | 2006-09-14 | 2010-07-13 | Schweitzer Engineering Laboratories, Inc. | System, method and device to preserve protection communication active during a bypass operation |
| US8046492B1 (en) * | 2007-11-06 | 2011-10-25 | Juniper Networks, Inc. | Offset independent filtering |
| US8467395B1 (en) | 2011-07-12 | 2013-06-18 | Qlogic, Corporation | Method and system for link aggregation |
| US8488601B1 (en) * | 2011-07-12 | 2013-07-16 | Qlogic, Corporation | Method and system for link aggregation |
| US9800503B2 (en) * | 2012-12-03 | 2017-10-24 | Aruba Networks, Inc. | Control plane protection for various tables using storm prevention entries |
| FR3003054B1 (en) * | 2013-03-06 | 2016-08-19 | Sagem Defense Securite | METHOD AND DEVICE FOR FILTERING TRANSACTIONS FOR SYSTEM ON CHIP |
| US10924452B1 (en) * | 2013-08-30 | 2021-02-16 | Amazon Technologies, Inc. | Auditing IP address assignments |
| US11258762B2 (en) * | 2019-06-26 | 2022-02-22 | Blackberry Limited | Method and system for updating of an application layer for a third-party telematics provider |
| US11329956B2 (en) | 2020-07-28 | 2022-05-10 | Bank Of America Corporation | Scalable encryption framework using virtualization and adaptive sampling |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4184117A (en) * | 1956-04-16 | 1980-01-15 | The United States Of America As Represented By The Secretary Of The Army | Communication security method and system |
| US4888796A (en) * | 1987-08-31 | 1989-12-19 | Olivo Jr John W | Program material screening device |
| US5172111A (en) * | 1987-08-31 | 1992-12-15 | Olivo Jr John W | Stored media screening device |
| DE69029759T2 (en) * | 1989-05-15 | 1997-07-17 | Ibm | Flexible interface for authentication services in a distributed data processing system |
| KR100302222B1 (en) * | 1992-06-12 | 2001-11-22 | 그레이스 스테펀 에스 | Security Front End Communication Systems for Process Control Computers and Methods |
| US5396493A (en) * | 1992-08-31 | 1995-03-07 | Kabushiki Kaisha Toshiba | Local area network bridge apparatus with dedicated packet filtering mechanism |
| DE69332751T2 (en) * | 1992-12-10 | 2003-07-10 | Matsushita Electric Ind Co Ltd | Server and client |
| US5448698A (en) * | 1993-04-05 | 1995-09-05 | Hewlett-Packard Company | Inter-processor communication system in which messages are stored at locations specified by the sender |
| US5606668A (en) * | 1993-12-15 | 1997-02-25 | Checkpoint Software Technologies Ltd. | System for securing inbound and outbound data packet flow in a computer network |
| US5615340A (en) * | 1994-07-21 | 1997-03-25 | Allied Telesyn Int'l Corp. | Network interfacing apparatus and method using repeater and cascade interface with scrambling |
| US5627886A (en) * | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
| US5553315A (en) * | 1994-11-08 | 1996-09-03 | Motorola, Inc. | Method of maintaining access authorization using a bulletin board communication resource |
| US5632011A (en) * | 1995-05-22 | 1997-05-20 | Sterling Commerce, Inc. | Electronic mail management system for operation on a host computer system |
| US5678041A (en) * | 1995-06-06 | 1997-10-14 | At&T | System and method for restricting user access rights on the internet based on rating information stored in a relational database |
| US5696898A (en) * | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
| US5757924A (en) * | 1995-09-18 | 1998-05-26 | Digital Secured Networks Techolognies, Inc. | Network security device which performs MAC address translation without affecting the IP address |
| WO1997026735A1 (en) * | 1996-01-16 | 1997-07-24 | Raptor Systems, Inc. | Key management for network communication |
| US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
| US5828833A (en) * | 1996-08-15 | 1998-10-27 | Electronic Data Systems Corporation | Method and system for allowing remote procedure calls through a network firewall |
| US5802319A (en) * | 1996-10-23 | 1998-09-01 | Hewlett-Packard Company | Method and apparatus for employing an intelligent agent to cause a packet to be sent to update a bridge's filtering database when a station is moved in a network |
| US5889958A (en) * | 1996-12-20 | 1999-03-30 | Livingston Enterprises, Inc. | Network access control system and process |
| US6035423A (en) * | 1997-12-31 | 2000-03-07 | Network Associates, Inc. | Method and system for providing automated updating and upgrading of antivirus applications using a computer network |
-
1997
- 1997-10-23 US US08/956,990 patent/US6158008A/en not_active Expired - Lifetime
-
1998
- 1998-10-20 WO PCT/US1998/022072 patent/WO1999021339A1/en active Application Filing
- 1998-10-20 CA CA002272056A patent/CA2272056C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| WO1999021339A1 (en) | 1999-04-29 |
| US6158008A (en) | 2000-12-05 |
| CA2272056C (en) | 2003-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2272056A1 (en) | A method and apparatus for updating address lists for a packet filter processor | |
| CA2272054A1 (en) | A method and apparatus for filtering packets using a dedicated processor | |
| AU707905B2 (en) | Internet protocol filter | |
| US5668952A (en) | Method for resolving network address by sending reresolve request to nodes at selected time period after establishing address table, and updating the table with received reply thereto | |
| HK1026316A1 (en) | Method and system for data communication on the internet | |
| CA2226814A1 (en) | System and method for providing peer level access control on a network | |
| WO2004036335A3 (en) | Method and apparatus for providing automatic ingress filtering | |
| CA2260561A1 (en) | An improved method for network address translation | |
| WO2000002114A3 (en) | Firewall apparatus and method of controlling network data packet traffic between internal and external networks | |
| WO1997002734A3 (en) | Internet protocol (ip) work group routing | |
| EP1035702A3 (en) | Secure communication with mobile hosts | |
| WO1998041913A3 (en) | Method and system for content filtering information retrieved from an internet computer network | |
| WO2005036831A1 (en) | Frame relay device | |
| CA2383897A1 (en) | Facilitating data transmission | |
| WO1998020646A3 (en) | A system and a method for accessing services | |
| KR20090006632A (en) | Virtual firewall system and the control method for using based on commonness security policy | |
| CA2213043A1 (en) | Non-broadcast multi-access network system capable of carrying out transmission of a next hop resolution protocol packet without setting internet protocol addresses | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands | |
| Cisco | AppleTalk Commands |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |