Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing
Reexamination Certificate
2000-02-11
2004-06-22
Vu, Viet D. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
C709S230000, C709S250000
Reexamination Certificate
active
06754716
ABSTRACT:
BACKGROUND
1. Field of Invention
The present invention relates generally to managing communications on a computer network, and more particularly, to restricting communication between selected network devices.
2. Background of the Invention
Computer networks allow many network devices to communicate with each other and to share resources. In order to transmit a packet of data from one network device to another on a local area network (LAN), the sending device must have the local area address of the destination device, and in particular, must have a Layer
2
(L
2
) or media access control (MAC) address that uniquely specifies the individual hardware device that is to receive the packet. In an Ethernet LAN, each network device has a network interface card,which has a unique Ethernet address. In an FDDI LAN, each device likewise will have a unique MAC address.
Typically, all of the devices on a LAN are allowed to communicate with each other, and thus, there are provided various mechanisms by which devices learn the L
2
addresses of other devices in order to transmit packets to them. In an Ethernet network, the Address Resolution Protocol (ARP) defined in RFC
826
is used to convert protocol addresses, such as IP addresses, to L
2
addresses, such as Ethernet addresses. In this protocol, a first network device broadcasts a request that includes the IP address that it wants to transmit a packet to (the destination IP address), and its own IP and Ethernet addresses. Since the request is broadcast all devices on the network receive it. However, only the second network device that has the requested destination IP address responds by sending back its Ethernet address. The first network device can now transmit packets directly to the second network device.
This type of address discovery is acceptable on networks where it is desirable for all devices to communicate with each other. However, it may be desirable to provide a computer network in which devices are restricted from communicating with each other generally. For example, an Internet Server Provider (ISP) may wish to support computers from many different customers on the same network. In order to ensure the privacy and integrity of each customer's data and applications, it is desirable to prevent the customers' computers from communicating with each other, for example to prevent malicious tampering with data. This has been done conventionally by isolating each customer's computers and devices to its own subnet. However, this approach is expensive and complex to manage because isolating a subnet from others requires special-purpose hardware (such as a bridge), special-purpose software (such as that in a router) or both. In some instances, the necessary isolation may be impossible, for example, where the ISP provides virtual servers (multiple different servers for different customers) on a single host computer.
Thus, in those instances where it is desirable to have multiple customers sharing a subnet, it is further desirable to prevent their respective devices from communicating with each other.
SUMMARY OF THE INVENTION
The present invention makes it possible to restrict communications between network devices on a common subnet. In particular, any network device can be restricted to communicating only with a predefined set of authorized or validated network devices.
In one aspect of the present invention, network devices are restricted from providing their network addresses to other than previously authorized devices. For example, a network device may not respond to ARP requests that seek to know its L
2
address, unless the requesting device itself has a validated network address, which indicates that it is authorized to request L
2
addresses of other devices. Because a network device is prohibited from revealing its L
2
address to unauthorized devices, these unauthorized devices will not be able to send packets to the network device. In another aspect of the present invention, network devices are prevented from discovering the L
2
network addresses of other devices, unless authorized to do so. Because an unauthorized device cannot discover the network addresses of other devices, it cannot communicate with them.
In one embodiment, a subnet of a computer network includes a number of network devices, such as computers, printers, routers, bridges, and so forth. Each device has a unique L
2
address (e.g., an Ethernet address), and an assigned IP address. Only certain devices on the network are authorized to determine, via an address resolution protocol such as ARP, the L
2
addresses of other network devices. These authorized devices are preferably routers that are attached to the subnet; however, other network devices may also be authorized, for example, a computer operated by a system administrator. A list of the IP addresses of these authorized devices is stored in each of the network devices, preferably in a privileged area, such as in the operating system kernel. The authorized IP address list is preferably loaded by each network device upon start up. The authorized IP address list may be updated periodically by a system administrator to reflect newly authorized devices, or to remove previously authorized devices.
According to the first aspect of the invention, when a first network device seeks to communicate with a second network device, the first network device broadcasts an ARP request, including its own IP and L
2
addresses, and the IP address of the second network device. The second network device receives this request packet. However, instead of responding as described in ARP, it compares the IP address of the first network device to the list of authorized IP addresses. If the IP address of the first network device is not on the list, then the second network device does not reply to the request packet, but instead remains “silent.”
This prevents the first network device from discovering the L
2
address of the second network device, and thereby directing any packets to it. If the IP address of the first network device is on the list of authorized IP addresses, then the second network device replies in the normal fashion with its L
2
address.
In accordance with the ARP, the second network device maintains a translation table that maps L
2
addresses to IP addresses and protocol types. Conventionally, whenever a network device receives an ARP request, is updates this translation table to include the L
2
address and IP address of the requesting device. However in a preferred embodiment, the second network device does not automatically update the translation table, but rather only if the first network device is authorized to request L
2
addresses. This feature is further desirable to prevent IP spoofing attacks on the second network device.
As a further enhancement according to the second aspect of the invention, before a first network device sends an ARP request, it compares it own IP address with the list of authorized IP addresses. If its own IP address is not on the list, then it does not send request packet. This feature further prevents the network device from discovering the network addresses of other devices.
These features of the present invention may be embodied in various forms. In one implementation, each network device includes a memory storing a TCP/IP protocol stack. The protocol stack is responsible for moving packets from one layer of the network to another. The protocol stack includes an ARP component that implements the ARP (called the address resolution module in RFC
862
). In one embodiment, this ARP component is modified to compare the IP address of a requesting network device to a list of authorized IP addresses before replying with its own L
2
address. If the IP address is not authorized, then the ARP component does not respond. Preferably, the ARP component also does not update its translation table if the IP address is not authorized. The ARP component may be further modified to test the IP address of the network device itself before transmitting an ARP request on behalf of t
Keshav Srinivasan
Sharma Rosen
Ensim Corporation
Fenwick & West LLP
Vu Viet D.
LandOfFree
Restricting communication between network devices on a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Restricting communication between network devices on a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Restricting communication between network devices on a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3342407