ATE468693T1 - Erweiterungen zur filterung von ipv6-kopfteilen - Google Patents

Erweiterungen zur filterung von ipv6-kopfteilen

Info

Publication number
ATE468693T1
ATE468693T1 AT05746269T AT05746269T ATE468693T1 AT E468693 T1 ATE468693 T1 AT E468693T1 AT 05746269 T AT05746269 T AT 05746269T AT 05746269 T AT05746269 T AT 05746269T AT E468693 T1 ATE468693 T1 AT E468693T1
Authority
AT
Austria
Prior art keywords
firewall
network
additional information
headboard
ipv6
Prior art date
Application number
AT05746269T
Other languages
English (en)
Inventor
Frank Le
Stefano Faccin
Original Assignee
Spyder Navigations Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spyder Navigations Llc filed Critical Spyder Navigations Llc
Priority claimed from PCT/IB2005/001401 external-priority patent/WO2005120010A1/en
Application granted granted Critical
Publication of ATE468693T1 publication Critical patent/ATE468693T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0254Stateful filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Glass Compositions (AREA)
  • Filtration Of Liquid (AREA)
  • Separation By Low-Temperature Treatments (AREA)
AT05746269T 2004-05-25 2005-05-23 Erweiterungen zur filterung von ipv6-kopfteilen ATE468693T1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/852,680 US20050268331A1 (en) 2004-05-25 2004-05-25 Extension to the firewall configuration protocols and features
US10/882,675 US20050268332A1 (en) 2004-05-25 2004-07-02 Extensions to filter on IPv6 header
PCT/IB2005/001401 WO2005120010A1 (en) 2004-05-25 2005-05-23 Extensions to filter on ipv6 header

Publications (1)

Publication Number Publication Date
ATE468693T1 true ATE468693T1 (de) 2010-06-15

Family

ID=35426923

Family Applications (1)

Application Number Title Priority Date Filing Date
AT05746269T ATE468693T1 (de) 2004-05-25 2005-05-23 Erweiterungen zur filterung von ipv6-kopfteilen

Country Status (4)

Country Link
US (2) US20050268331A1 (de)
AT (1) ATE468693T1 (de)
DE (1) DE602005021353D1 (de)
WO (1) WO2005120008A1 (de)

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7949732B1 (en) 2003-05-12 2011-05-24 Sourcefire, Inc. Systems and methods for determining characteristics of a network and enforcing policy
US7539681B2 (en) 2004-07-26 2009-05-26 Sourcefire, Inc. Methods and systems for multi-pattern searching
US7496962B2 (en) * 2004-07-29 2009-02-24 Sourcefire, Inc. Intrusion detection strategies for hypertext transport protocol
CN100542171C (zh) * 2005-03-15 2009-09-16 华为技术有限公司 一种移动IPv6数据穿越状态防火墙的方法
CN100414929C (zh) * 2005-03-15 2008-08-27 华为技术有限公司 一种移动互联网协议网络中的报文传送方法
CN100571196C (zh) * 2005-03-22 2009-12-16 华为技术有限公司 移动IPv6报文穿越防火墙的实现方法
KR100728277B1 (ko) * 2005-05-17 2007-06-13 삼성전자주식회사 동적 네트워크 보안 시스템 및 방법
US7739728B1 (en) * 2005-05-20 2010-06-15 Avaya Inc. End-to-end IP security
US8056124B2 (en) * 2005-07-15 2011-11-08 Microsoft Corporation Automatically generating rules for connection security
US8046833B2 (en) 2005-11-14 2011-10-25 Sourcefire, Inc. Intrusion event correlation with network discovery information
US7733803B2 (en) 2005-11-14 2010-06-08 Sourcefire, Inc. Systems and methods for modifying network map attributes
US7886351B2 (en) * 2006-06-19 2011-02-08 Microsoft Corporation Network aware firewall
US7948988B2 (en) 2006-07-27 2011-05-24 Sourcefire, Inc. Device, system and method for analysis of fragments in a fragment train
US7701945B2 (en) 2006-08-10 2010-04-20 Sourcefire, Inc. Device, system and method for analysis of segments in a transmission control protocol (TCP) session
CA2672908A1 (en) * 2006-10-06 2008-04-17 Sourcefire, Inc. Device, system and method for use of micro-policies in intrusion detection/prevention
KR100818307B1 (ko) * 2006-12-04 2008-04-01 한국전자통신연구원 IPv6 공격 패킷 탐지장치 및 방법
US8069352B2 (en) 2007-02-28 2011-11-29 Sourcefire, Inc. Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session
CA2685292C (en) 2007-04-30 2013-09-24 Sourcefire, Inc. Real-time user awareness for a computer network
US8584227B2 (en) * 2007-05-09 2013-11-12 Microsoft Corporation Firewall with policy hints
US8266685B2 (en) * 2007-05-18 2012-09-11 Microsoft Corporation Firewall installer
US8166534B2 (en) * 2007-05-18 2012-04-24 Microsoft Corporation Incorporating network connection security levels into firewall rules
US8341723B2 (en) 2007-06-28 2012-12-25 Microsoft Corporation Filtering kernel-mode network communications
US8443433B2 (en) * 2007-06-28 2013-05-14 Microsoft Corporation Determining a merged security policy for a computer system
US20090094691A1 (en) * 2007-10-03 2009-04-09 At&T Services Inc. Intranet client protection service
US8474043B2 (en) 2008-04-17 2013-06-25 Sourcefire, Inc. Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing
US8739269B2 (en) 2008-08-07 2014-05-27 At&T Intellectual Property I, L.P. Method and apparatus for providing security in an intranet network
WO2010045089A1 (en) 2008-10-08 2010-04-22 Sourcefire, Inc. Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system
WO2011130510A1 (en) 2010-04-16 2011-10-20 Sourcefire, Inc. System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8433790B2 (en) 2010-06-11 2013-04-30 Sourcefire, Inc. System and method for assigning network blocks to sensors
US8671182B2 (en) 2010-06-22 2014-03-11 Sourcefire, Inc. System and method for resolving operating system or service identity conflicts
US8776207B2 (en) 2011-02-16 2014-07-08 Fortinet, Inc. Load balancing in a network with session information
US8601034B2 (en) 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
CN103095511A (zh) * 2011-10-28 2013-05-08 华为技术有限公司 一种在IPsec机制下的网络测试方法,装置及系统
CN103685009B (zh) * 2012-08-31 2017-04-26 华为技术有限公司 数据包的处理方法、控制器及系统
CN104580078B (zh) * 2013-10-15 2018-04-17 北京神州泰岳软件股份有限公司 一种网络访问控制方法和系统
CN105635067B (zh) * 2014-11-04 2019-11-15 华为技术有限公司 报文发送方法及装置
DE102016205983A1 (de) * 2016-04-11 2017-10-12 Siemens Aktiengesellschaft Anordnung zum Überprüfen von wenigstens einer Firewall-Einrichtung und Verfahren zum Schutz wenigstens eines Datenempfängers
WO2018113902A1 (en) * 2016-12-19 2018-06-28 Huawei Technologies Co., Ltd. Network node and client device for measuring channel state information
CN108418776B (zh) * 2017-02-09 2021-08-20 上海诺基亚贝尔股份有限公司 用于提供安全业务的方法和设备
US10778578B2 (en) * 2017-08-31 2020-09-15 Konica Minolta Laboratory U.S.A., Inc. Method and system having an application for IPv6 extension headers and destination options
US10999253B2 (en) 2018-07-26 2021-05-04 Juniper Networks, Inc. Maintaining internet protocol security tunnels
CN113765791B (zh) * 2020-06-02 2023-01-13 华为技术有限公司 一种确定处理能力的方法、节点和系统

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
FI105753B (fi) * 1997-12-31 2000-09-29 Ssh Comm Security Oy Pakettien autentisointimenetelmä verkko-osoitemuutosten ja protokollamuunnosten läsnäollessa
US6327660B1 (en) * 1998-09-18 2001-12-04 Intel Corporation Method for securing communications in a pre-boot environment
US6496935B1 (en) * 2000-03-02 2002-12-17 Check Point Software Technologies Ltd System, device and method for rapid packet filtering and processing
US20050125532A1 (en) * 2000-05-26 2005-06-09 Gur Kimchi Traversing firewalls and nats
US7181012B2 (en) * 2000-09-11 2007-02-20 Telefonaktiebolaget Lm Ericsson (Publ) Secured map messages for telecommunications networks
US6950824B1 (en) * 2001-05-30 2005-09-27 Cryptek, Inc. Virtual data labeling and policy manager system and method
FI20012338A0 (fi) * 2001-11-29 2001-11-29 Stonesoft Corp Palomuuri tunneloitujen datapakettien suodattamiseksi
US7506058B2 (en) * 2001-12-28 2009-03-17 International Business Machines Corporation Method for transmitting information across firewalls
US6973086B2 (en) * 2002-01-28 2005-12-06 Nokia Corporation Method and system for securing mobile IPv6 home address option using ingress filtering
US7453851B2 (en) * 2002-06-20 2008-11-18 Spyder Navigations L.L.C. QoS signaling for mobile IP
US7146638B2 (en) * 2002-06-27 2006-12-05 International Business Machines Corporation Firewall protocol providing additional information
WO2004028053A1 (en) * 2002-09-18 2004-04-01 Flarion Technologies, Inc. Methods and apparatus for using a care of address option
US7336621B2 (en) * 2002-10-25 2008-02-26 General Instrument Corporation Method and apparatus for testing an IP network
US20040098479A1 (en) * 2002-10-25 2004-05-20 General Instrument Corporation Method for using different packet type and port options values in an IP measurement protocol packet from those used to process the packet
US7336620B2 (en) * 2002-10-25 2008-02-26 General Instrument Corporation Method for enabling initiation of testing of network using IP measurement protocol packets
US7894355B2 (en) * 2002-10-25 2011-02-22 General Instrument Corporation Method for enabling non-predetermined testing of network using IP measurement protocol packets
US7434254B1 (en) * 2002-10-25 2008-10-07 Cisco Technology, Inc. Method and apparatus for automatic filter generation and maintenance
US7266763B2 (en) * 2002-11-26 2007-09-04 Microsoft Corporation User defined spreadsheet functions
US7209978B2 (en) * 2002-12-13 2007-04-24 Cisco Technology, Inc. Arrangement in a router of a mobile network for optimizing use of messages carrying reverse routing headers
KR100886551B1 (ko) * 2003-02-21 2009-03-02 삼성전자주식회사 이동통신시스템에서 인터넷 프로토콜 버전에 따른 트래픽플로우 탬플릿 패킷 필터링 장치 및 방법
US7774593B2 (en) * 2003-04-24 2010-08-10 Panasonic Corporation Encrypted packet, processing device, method, program, and program recording medium
US7308711B2 (en) * 2003-06-06 2007-12-11 Microsoft Corporation Method and framework for integrating a plurality of network policies
US7409707B2 (en) * 2003-06-06 2008-08-05 Microsoft Corporation Method for managing network filter based policies
US7509673B2 (en) * 2003-06-06 2009-03-24 Microsoft Corporation Multi-layered firewall architecture
US7260840B2 (en) * 2003-06-06 2007-08-21 Microsoft Corporation Multi-layer based method for implementing network firewalls
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
US20040268124A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation, Espoo, Finland Systems and methods for creating and maintaining a centralized key store

Also Published As

Publication number Publication date
US20050268331A1 (en) 2005-12-01
DE602005021353D1 (de) 2010-07-01
US20050268332A1 (en) 2005-12-01
WO2005120008A1 (en) 2005-12-15

Similar Documents

Publication Publication Date Title
ATE468693T1 (de) Erweiterungen zur filterung von ipv6-kopfteilen
WO2006115919A3 (en) System and method for developing and using trusted policy based on a social model
US9106684B1 (en) System and method for packet profiling
ATE376731T1 (de) Automatische entdeckung und konfiguration von externen netzwerkeinrichtungen
WO2003014875A3 (en) Method and system for providing management information
EP0743777A3 (de) System für Datenpaketfilterung in einer Computernetzschnittstelle
EP1505528A4 (de) Inhaltsbenutzungsverwaltungssystem
WO2002019067A3 (en) Maintaining virus detection software
EP1491996A4 (de) Verteilungsverfahren, verteilungssystem und endgeräteeinrichtung
ATE273591T1 (de) Prüfung der konfiguration einer firewall
EP1320011A3 (de) Verfahren und Architektur zur durchdringenden Absicherung von digitalen Gütern
DE60225892D1 (de) Firewall zur Filtrierung von getunnelten datenpaketen
BR0103527A (pt) Sistema de gerenciamento de arquivos eletrônicos
ATE301373T1 (de) System und verfahren zur gesicherte funkübertragung von konfigurationsdaten
WO2007106687A3 (en) Role aware network security enforcement
SE0300368D0 (sv) System for internet privacy
DE60310347D1 (de) Verfahren und System zur Regelassoziation in Kommunikationsnetzen
WO2004081730A3 (en) Network architecture
ATE519323T1 (de) Sicherung von ldap (lightweight directory access protocol) verkehr
EP1176786A3 (de) Integrierte Informations- und Kommunikationssystem
ATE413760T1 (de) Sicherheit in netzwerken
AU1046201A (en) Cellular data system security method and apparatus
BR0209478A (pt) Sistemas e métodos de segurança de aplicativos móveis
PH12019000409A1 (en) Security system for controlling internet of things network access
DE60208955D1 (de) System zur Bandbreitegewährleistung, Relaisvorrichtung und Netzwerkmanagement-Server

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties