Patent
1997-02-04
1999-03-02
Robertson, David L.
39520073, G06F 1338, G06F 1517
Patent
active
058782311
ABSTRACT:
A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.
REFERENCES:
patent: 4577313 (1986-03-01), Sy
patent: 5550984 (1996-08-01), Gelb
patent: 5559883 (1996-09-01), Williams
patent: 5590285 (1996-12-01), Krause et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5623601 (1997-04-01), Vu
"Firewalls and Internet Security," by Cheswick & Bellovin, Addison Wesley, 1994.
"Firewall Routers and Packet Filtering," by Gary Kessler, Feb. 1995.
Ip-masq.c from Linux kernel (v.2.0.27), 1994.
Ip-fw.c from Linux kernel (v 2.0.27), 1994.
Baehr Geoffrey G.
Danielson William
Lyon Thomas L.
Mulligan Geoffrey
Patterson Martin
Robertson David L.
Sun Microsystems Inc.
LandOfFree
System for packet filtering of data packets at a computer networ does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for packet filtering of data packets at a computer networ, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for packet filtering of data packets at a computer networ will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-431330