BRPI0607515A2 - impedir fontes duplicadas de clientes servidos por um tradutor de porta de endereço de rede - Google Patents

impedir fontes duplicadas de clientes servidos por um tradutor de porta de endereço de rede

Info

Publication number
BRPI0607515A2
BRPI0607515A2 BRPI0607515A BRPI0607515A BRPI0607515A2 BR PI0607515 A2 BRPI0607515 A2 BR PI0607515A2 BR PI0607515 A BRPI0607515 A BR PI0607515A BR PI0607515 A BRPI0607515 A BR PI0607515A BR PI0607515 A2 BRPI0607515 A2 BR PI0607515A2
Authority
BR
Brazil
Prior art keywords
packet
napt
served
source
port
Prior art date
Application number
BRPI0607515A
Other languages
English (en)
Inventor
David John Wierbowski
Joyce Anne Porter
Linwood Hugh Overby Jr
Patricia Jakubik
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Publication of BRPI0607515A2 publication Critical patent/BRPI0607515A2/pt
Publication of BRPI0607515B1 publication Critical patent/BRPI0607515B1/pt

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2517Translation of Internet protocol [IP] addresses using port numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

impedir fontes duplicadas de clientes servidos por um tradutor de porta de endereço de rede. impedir fontes duplicadas em uma conexão de protocolo que usa endereços de rede, protocolos e números de portas para identificar as aplicações de fonte que são servidas por um napt. se um pacote que chega encapsula um pacote codificado e passou por um napt em rota para o host de destino, o pacote encapsulado é descriptografado para obter um número de porta fonte original e um protocolo de pacote original do pacote descriptografado. uma tabela de mapeamento de porta fonte (spmt) é buscada por uma associação entre o endereço da fonte do napt, a porta original da fonte e o protocolo do pacote original associado com o endereço da fonte do napt e o número de porta. se uma associação incorreta é encontrada, o pacote é rejeitado como a representação de uma fonte duplicada ilegal; isto é, um segundo pacote de um host diferente servido por um napt que usando a mesma porta fonte e protocolo.
BRPI0607515A 2005-04-11 2006-04-07 método para impedir fontes duplicadas em um protocolo de rede BRPI0607515B1 (pt)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/907,661 US7656795B2 (en) 2005-04-11 2005-04-11 Preventing duplicate sources from clients served by a network address port translator
PCT/EP2006/061433 WO2006108805A1 (en) 2005-04-11 2006-04-07 Preventing duplicate sources from clients served by a network address port translator

Publications (2)

Publication Number Publication Date
BRPI0607515A2 true BRPI0607515A2 (pt) 2016-10-25
BRPI0607515B1 BRPI0607515B1 (pt) 2020-04-22

Family

ID=36636455

Family Applications (1)

Application Number Title Priority Date Filing Date
BRPI0607515A BRPI0607515B1 (pt) 2005-04-11 2006-04-07 método para impedir fontes duplicadas em um protocolo de rede

Country Status (8)

Country Link
US (1) US7656795B2 (pt)
EP (1) EP1872561B1 (pt)
JP (1) JP4766574B2 (pt)
CN (1) CN101156420B (pt)
BR (1) BRPI0607515B1 (pt)
CA (1) CA2602778C (pt)
TW (1) TWI365651B (pt)
WO (1) WO2006108805A1 (pt)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030158959A1 (en) * 2002-02-15 2003-08-21 Jay Jayapalan Establishment of communications using point to point protocols such that duplicate negotiations are avoided
US8787393B2 (en) 2005-04-11 2014-07-22 International Business Machines Corporation Preventing duplicate sources from clients served by a network address port translator
JP4709583B2 (ja) * 2005-05-31 2011-06-22 株式会社東芝 データ送信装置およびデータ送信方法
CN1937531B (zh) * 2006-08-28 2010-05-12 华为技术有限公司 检测维护组完整性的方法及装置和增加端点的方法及装置
JP2009111437A (ja) * 2007-10-26 2009-05-21 Hitachi Ltd ネットワークシステム
CN101631113B (zh) * 2009-08-19 2011-04-06 西安西电捷通无线网络通信股份有限公司 一种有线局域网的安全访问控制方法及其系统
CN101635710B (zh) * 2009-08-25 2011-08-17 西安西电捷通无线网络通信股份有限公司 一种基于预共享密钥的网络安全访问控制方法及其系统
US9313128B2 (en) * 2011-02-17 2016-04-12 Nec Corporation Network system and network flow tracing method
CN102984068B (zh) * 2012-11-23 2016-08-03 汉柏科技有限公司 实现报文穿越网络地址转换设备的方法
US9525627B2 (en) 2014-05-27 2016-12-20 Google Inc. Network packet encapsulation and routing
CN106210095B (zh) * 2016-07-18 2020-01-24 新华三技术有限公司 一种端口处理方法和装置
US11095617B2 (en) 2017-12-04 2021-08-17 Nicira, Inc. Scaling gateway to gateway traffic using flow hash
US11245697B2 (en) * 2019-11-29 2022-02-08 Juniper Networks, Inc. Application-based network security
US11757837B2 (en) * 2020-04-23 2023-09-12 International Business Machines Corporation Sensitive data identification in real time for data streaming
US11902264B2 (en) * 2020-06-22 2024-02-13 Vmware, Inc. Path selection for data packets encrypted based on an IPSEC protocol
CN112242943B (zh) * 2020-11-26 2022-08-16 迈普通信技术股份有限公司 IPSec隧道建立方法及装置、分支设备、中心端设备
CN114760033A (zh) * 2020-12-26 2022-07-15 西安西电捷通无线网络通信股份有限公司 一种身份鉴别方法和装置
US12107834B2 (en) 2021-06-07 2024-10-01 VMware LLC Multi-uplink path quality aware IPsec
US12113773B2 (en) 2021-06-07 2024-10-08 VMware LLC Dynamic path selection of VPN endpoint
TWI793904B (zh) * 2021-12-08 2023-02-21 中華電信股份有限公司 為本地服務進行訊務轉址的行動邊緣運算裝置和方法
CN114465755B (zh) * 2021-12-15 2024-02-23 广西电网有限责任公司电力科学研究院 基于IPSec传输异常的检测方法、装置及存储介质
US11863514B2 (en) 2022-01-14 2024-01-02 Vmware, Inc. Performance improvement of IPsec traffic using SA-groups and mixed-mode SAs
US11956213B2 (en) 2022-05-18 2024-04-09 VMware LLC Using firewall policies to map data messages to secure tunnels
CN118660057B (zh) * 2024-06-07 2025-06-06 通明智云(北京)科技有限公司 一种基于负载均衡设备的源端口快速搜索的方法和系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6615357B1 (en) 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
US7684317B2 (en) * 2001-06-14 2010-03-23 Nortel Networks Limited Protecting a network from unauthorized access
US7747758B2 (en) * 2001-10-29 2010-06-29 International Business Machines Corporation Dynamic port assignment
US20030154306A1 (en) * 2002-02-11 2003-08-14 Perry Stephen Hastings System and method to proxy inbound connections to privately addressed hosts
US7143137B2 (en) * 2002-06-13 2006-11-28 Nvidia Corporation Method and apparatus for security protocol and address translation integration
KR100479261B1 (ko) 2002-10-12 2005-03-31 한국전자통신연구원 네트워크 주소 변환 상에서의 데이터 전송 방법 및 장치
US7346770B2 (en) 2002-10-31 2008-03-18 Microsoft Corporation Method and apparatus for traversing a translation device with a security protocol
US7386881B2 (en) * 2003-01-21 2008-06-10 Swander Brian D Method for mapping security associations to clients operating behind a network address translation device
CN100505634C (zh) * 2003-06-23 2009-06-24 腾讯科技(深圳)有限公司 数字信息穿透nat/fw的方法和系统
US20050166206A1 (en) * 2004-01-26 2005-07-28 Parson Dale E. Resource management in a processor-based system using hardware queues
JP4489008B2 (ja) * 2005-11-16 2010-06-23 株式会社東芝 通信装置、通信方法および通信プログラム

Also Published As

Publication number Publication date
JP4766574B2 (ja) 2011-09-07
EP1872561B1 (en) 2012-11-07
BRPI0607515B1 (pt) 2020-04-22
US7656795B2 (en) 2010-02-02
WO2006108805A1 (en) 2006-10-19
JP2009532919A (ja) 2009-09-10
TWI365651B (en) 2012-06-01
CA2602778C (en) 2014-04-01
CA2602778A1 (en) 2006-10-19
CN101156420B (zh) 2011-07-20
TW200708009A (en) 2007-02-16
CN101156420A (zh) 2008-04-02
EP1872561A1 (en) 2008-01-02
US20060227807A1 (en) 2006-10-12

Similar Documents

Publication Publication Date Title
BRPI0607515A2 (pt) impedir fontes duplicadas de clientes servidos por um tradutor de porta de endereço de rede
ES2926345T3 (es) Método para enviar un paquete de red de área local extensible virtual, dispositivo informático y medio legible por ordenador
US9641434B1 (en) Private network address obfuscation and verification
BR112014029412B8 (pt) Método em um elemento de rede e elemento de rede de uma rede de dados de pacote
EP2697958B1 (en) System and method for translating network addresses
JP2013532438A5 (pt)
EP3240250A3 (en) Virtual router terminating an overlay tunnel in a storage area network
US9560016B2 (en) Supporting IP address overlapping among different virtual networks
US11956100B1 (en) System for scaling network address translation (NAT) and firewall functions
CN103856580B (zh) 一种IPv6客户机访问IPv4服务器的方法
JP2022537645A (ja) ラベルを使用してネットワークトラフィックをルーティングするためのシステムおよび方法
BR112018000116A2 (pt) método de processamento de pacote em sistema de computação em nuvem, hospedeiro e sistema
ATE409385T1 (de) Adressübersetzer und adressübersetzungsverfahren
WO2007058981A3 (en) Method and apparatus for managing hardware address resolution
BR112016015096A2 (pt) Método e sistema de computação para rotear uma mensagem a partir de uma primeira rede virtual para uma segunda rede virtual sem o uso de uma porta de acesso
BRPI0509900A (pt) sistema e método para iniciar automaticamente e estabelecer de forma dinámica conexões seguras pela internet entre um servidor com barreira de proteção e um cliente com barreira de proteção
ATE460039T1 (de) Verhinderung von duplikatquellen aus durch einen netzwerkadressen und port übersetzer versorgten clients
EP3070902A3 (en) Mitigating neighbor discovery-based denial of service attacks
US20120215932A1 (en) System and method for symmetric receive-side scaling (rss)
JP2009532919A5 (pt)
CN101861724A (zh) 用于生成功能地址的系统和方法
JP2008536418A5 (pt)
Karir et al. Understanding IPv6 populations in the wild
EP4246925A3 (en) Translation between a first version of internet protocol and a second version of internet protocol when an application layer gateway (alg) is involved
Shirokov XDP: 1.5 years in production. Evolution and lessons learned

Legal Events

Date Code Title Description
B06G Technical and formal requirements: other requirements [chapter 6.7 patent gazette]

Free format text: APRESENTE O DEPOSITANTE DESENHO DO PEDIDO ADAPTADO AO AN NO127/98, JA QUE CONSTA NA PUBLICACAO WO 2006/108805 A1 DE 19/102006.

B06G Technical and formal requirements: other requirements [chapter 6.7 patent gazette]

Free format text: APRESENTE O DEPOSITANTE DESENHO DO PEDIDO ADAPTADO AO AN NO127/98, JA QUE CONSTA NA PUBLICACAO WO 2006/108805 A1 DE 19/102006.

B06H Technical and formal requirements: requirement cancelled [chapter 6.8 patent gazette]

Free format text: O DESPACHO 6.7 DA RPI 2023 DE 13/10/2009 ESTA SENDO ANULADO TENDO POR BASE A DETERMINACAO DO DIRETOR DE PATENTES, A QUAL E CALCADA NO PARECER NO 0003-2014 AGU/PGF/PFE/INPI/COOPHI-LBC-1.0.

B11A Dismissal acc. art.33 of ipl - examination not requested within 36 months of filing
B04C Request for examination: application reinstated [chapter 4.3 patent gazette]
B06T Formal requirements before examination [chapter 6.20 patent gazette]
B06F Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]
B06J Correction of requirement [chapter 6.10 patent gazette]

Free format text: REPUBLICADO O DESPACHO 6.8 DA RPI 2389 DE 18/10/2016 POR TER TIDO SUA MOTIVACAO EQUIVOCADA. A ANULACAO DO DESPACHO 6.7 SE DEU POR ELE TER SIDO INDEVIDO, TENDO EM VISTA OS PARAMETROS FORMAIS DO EXAME DE ADMISSIBILIDADE DO PEDIDO.

B07A Application suspended after technical examination (opinion) [chapter 7.1 patent gazette]
B09A Decision: intention to grant [chapter 9.1 patent gazette]
B16A Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]

Free format text: PRAZO DE VALIDADE: 10 (DEZ) ANOS CONTADOS A PARTIR DE 22/04/2020, OBSERVADAS AS CONDICOES LEGAIS.