JP3584877B2 - Packet transfer control device, packet transfer control method, and packet transfer control system - Google Patents

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a packet transfer control device, a packet transfer control method, and a packet transfer control system for packet transfer used in a network such as the Internet, and more particularly to a method for restricting the transfer of a packet illegally sent over a network. The present invention relates to a packet transfer control device, a packet transfer control method, and a packet transfer control system that can be used.
[0002]
[Prior art]
In recent years, services for providing various information and applications via networks such as the Internet have been widely used. For example, in such a service using the Internet, a server is placed on the Internet, and a user accesses the server via a network such as a telephone network. Normally, the server is constituted by a computer such as a personal computer and a workstation. Then, when there is an access from the user, a process for the access request is performed, and the result is returned to the user, thereby realizing a desired service. Typical information returned to the user is character information or application data.
[0003]
If the number of accesses to the server is large, the number of processes of the server naturally increases, and the load increases. Therefore, when locating servers on the Internet, assume in advance how many accesses will be made per unit time, and design a network or select the server performance so as to sufficiently withstand the number of user accesses. Is going. For this reason, for example, when the number of accesses gradually increases due to an increase in the number of users, switching the performance of the server to a higher-performance server based on the access status, or increasing the number of servers to reduce the burden. A device such as dispersion can be performed.
[0004]
However, there has recently been an incident in which a malicious user intentionally increases the number of accesses to a specific server. If the number of accesses to the server per unit time exceeds the assumed range, the server may be overloaded, exceeding the processing performance and causing a system down. Even if the system does not go down, users who could normally access the server under the overload condition can not easily access the server, or even if they can access, the subsequent processing does not proceed quickly. Occurs.
[0005]
FIG. 17 shows a packet transfer control device conventionally proposed to cope with an unauthorized user. In this system, an unauthorized user 102 accessing a server 101 to be protected₁And legitimate user 102₂It is assumed that there is. Legitimate user 102₂Is the router 103₂From line 104₂, Router 103₃, Line 104₃And sends the packet to the server 101. In contrast, the unauthorized user 102₁Is another router 103₁From line 104₁Through the router 103₃And from here on line 104₃Is used to access the server 101.
[0006]
Therefore, in this conventionally proposed packet transfer control device, for example, the router 103₃Checks the source of a packet destined for the server 101, and identifies an unauthorized user 102 that has been determined as an unauthorized user in the past.₁When there is an access from the network, when the same source packet arrives, the access is eliminated by using a filter function. Even when a specific user makes an access with an abnormally high frequency, if the worker in charge checks the access frequency and determines that the access is unauthorized, the unauthorized user 102₁The filter is set for the address of the access request source on the assumption that the access is based on the access request.
[0007]
After such settings are made, the unauthorized user 102₁Before the access request reaches the server 101, the request can be discarded at the stage of the router 103 arranged in the middle of the request. In the case of the Internet, the address of the access request source is the source address (source address) of the IP packet, and the corresponding packet can be discarded by setting a filter for the IP packet.
[0008]
[Problems to be solved by the invention]
In the conventional packet transfer control device described above, the access of the user is prohibited by discriminating the source of the packet that has been accessed illegally. Therefore, it is possible to cope with a person who has made unauthorized access in the past, but it is not possible to quickly cope with a person who has started unauthorized access. Further, there is a case where the source address is falsified, that is, the unauthorized user accesses the server with the identity hidden. In this case, it is difficult to determine whether a malicious user is accessing the device, and the filter cannot be set.
[0009]
Therefore, an object of the present invention is to provide a packet transfer control device, a packet transfer control method, and a packet transfer control system capable of preventing an unauthorized packet having a false source from being transferred through a network such as the Internet. It is in.
[0010]
[Means for Solving the Problems]
According to the first aspect of the present invention, (a) a plurality of ports for receiving packets transmitted via a network and (b) packets indicating the same transmission source to some of these ports are temporally parallel. An unauthorized access detecting means for detecting an unauthorized access on condition that the unauthorized access is input, and (c) when the unauthorized access detecting means detects the unauthorized access, requests a reply of the packet to a source of these packets as a destination. (D) when a response packet for the source inspection packet transmitted by the source inspection packet transmitting unit is sent back, A port other than the port from which the response packet was sent back and the same source To and a particular packet transfer inhibiting means for inhibiting the transfer to the packet transfer control unit when packet transmission source is received.
[0011]
That is, according to the first aspect of the present invention, an unauthorized access is detected on the condition that packets indicating the same transmission source are input in parallel to some of the plurality of ports in time, and transmission to the transmission source is performed. When the original inspection packet is sent out and the response packet is sent back, the same source packet was received from the port where the same source packet was input except for the port to which the response packet was sent back. When the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer.
[0012]
According to the second aspect of the present invention, (a) a plurality of ports for receiving packets transmitted via a network and (b) packets indicating the same transmission source to some of these ports are temporally parallel. An unauthorized access detecting means for detecting an unauthorized access on condition that the frequency is equal to or higher than a predetermined frequency, and (c) determining a source of these packets when the unauthorized access detecting means detects the unauthorized access. A source inspection packet transmitting means for transmitting a source inspection packet for requesting a return of a packet as a destination; and (d) a response to the source inspection packet transmitted by the source inspection packet transmitting means. When a packet is sent back, the same source packet as described above except for the port from which the response packet was sent back is entered. It is identical when the source of the packet has been received to the port and the from is and a specific packet transfer inhibiting means for inhibiting the transfer to the packet transfer control unit.
[0013]
In other words, according to the second aspect of the present invention, when packets indicating the same transmission source are input in time parallel to some of the plurality of ports, unauthorized access is performed on the condition that the frequency is equal to or higher than a predetermined frequency. When the packet is detected and a source inspection packet is sent to the source and a response packet is sent back, the same source packet is input from the port other than the one from which the response packet was sent back to the same port. When a source packet is received, its transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer. In addition, since packets sent at a certain frequency or more are targeted, it is possible to remove noise such as duplicated transmission sources for some reason, and reduce the load on the packet transfer control device.
[0014]
According to the third aspect of the present invention, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) a plurality of ports for receiving a packet defining the number of times the packet has been transferred to these ports. (C) transfer number source information storage means for storing transfer number source information comprising pairs of the transfer number and packet source information shown in (c). A transfer number mismatch packet detecting means for detecting a packet in which the time series transfer counts do not match among packets of the same transmission source, and (d) the transfer count mismatch packet detecting means matches the transfer counts. When a packet is detected, the source of the packet isTo check this source(E) when a response packet for the source inspection packet transmitted by the source inspection packet transmitting unit is transmitted back,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer control device is provided with specific packet transfer prohibition means for prohibiting transfer.
[0015]
In other words, according to the third aspect of the present invention, when a packet specifying the number of times of packet transfer is received, the number of times of transfer consisting of a pair of the number of times of transfer and the source information of the packet indicated by the number of times of transfer is transmitted. The packet is stored in the transmission source information storage means, and among the packets of the same transmission source stored in the transmission source information storage means, a packet in which the time-series transfer times are not matched is detected. For example, when a packet indicating that the number of transfers is the last 5 times and then a packet of the same transmission source and the number of times of the transfer is 10 later are transmitted, one of the packets is transmitted from an unauthorized user. It may have been. In such a case, when a source inspection packet is sent to the source indicated in the packet and a response packet is sent back, a packet of the same source other than the port from which the response packet was sent back is sent. When a packet of the same transmission source is received from the port to which is input, the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer.
[0016]
According to the fourth aspect of the present invention, (a) a plurality of ports for receiving packets transmitted via a network, and (b) a plurality of ports for receiving a packet defining the number of times of packet transfer to these ports. Transfer number source information storage means for storing the number of transfer source information comprising a pair of the number of transfer times and the source information of the packet indicated on the condition that the reception of these packets is at least a predetermined frequency. (C) transfer number mismatch packet detecting means for detecting a packet whose transfer number in time series does not match among packets of the same transmission source stored in the transfer number transmission source information storage means; ) When the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, the packet source is set as the destination.Inspect this source(E) when a response packet for the source inspection packet sent by the source inspection packet transmitting unit is sent back,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer control device is provided with specific packet transfer prohibition means for prohibiting transfer.
[0017]
That is, in the invention according to claim 4, when a packet defining the number of times of transfer of a packet is received at a predetermined frequency or higher, the number of times of transfer of the number of times of transfer indicated by the pair of the number of times of transfer indicated and the source information of the packet The information is stored in the number-of-transfers source information storage means, and among the packets of the same source stored in the number-of-transfers source information storage means, a packet whose time-series number of transfers is not consistent is detected. ing. For example, when a packet indicating that the number of transfers is the last 5 times and then a packet of the same transmission source and the number of times of the transfer is 10 later are transmitted, one of the packets is transmitted from an unauthorized user. It may have been. In such a case, when a source inspection packet is sent to the source indicated in the packet and a response packet is sent back, a packet of the same source other than the port from which the response packet was sent back is sent. When a packet of the same transmission source is received from the port to which is input, the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer. In addition, since packets sent at a certain frequency or more are targeted, it is possible to remove noise such as duplicated transmission sources for some reason, and reduce the load on the packet transfer control device.
[0018]
According to the fifth aspect of the present invention, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) a packet for which the number of times the packet has been transferred to these ports is received. Transfer number source information storage means for storing the number of transfer source information comprising a pair of the number of transfer times and the source information of the packet indicated on the condition that the reception of these packets is at least a predetermined frequency. (C) transfer number mismatch packet detecting means for detecting a packet whose transfer number in time series does not match among packets of the same transmission source stored in the transfer number transmission source information storage means; When the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, the port for receiving these packets is stored in relation to the transfer number. Storage means, the (e) when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers, the sender of the packet as the destinationInspect this sourceA source inspection packet transmitting unit for transmitting a source inspection packet for transmitting a response packet for the source inspection packet transmitted by the source inspection packet transmitting unit.Check the route to which this response packet was returned to identify the unauthorized access packet(G) packet transfer control means for prohibiting the transfer of the packet of the corresponding source received from the port corresponding to the illegal packet identified by the illegal packet identification means. The equipment is equipped.
[0019]
In other words, in the invention according to claim 5, when the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, the port storage means stores the ports receiving these packets in relation to the transfer number. I have to. When a response packet for the source inspection packet is sent back,Check the route to which this response packet was returned to identify the unauthorized access packetThen, the transfer of the packet of the corresponding transmission source received from the port corresponding to the specified illegal packet is prohibited.
[0020]
According to the sixth aspect of the present invention, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) at least a part of a packet of the same source illegally indicates the source. Notification receiving means for receiving the notification together with transmission source information indicating the transmission source when there is a possibility that there is a possibility that there is a possibility that the notification reception means receives the notification; And (d) the corresponding packet reception determining means for checking whether or not the source packet represented by the source information is received in parallel at two or more of the ports. When it is determined that the source packet indicated by the source information is received in parallel at the above ports, the packet is returned to the source indicated by the source information as the destination. (E) a response packet for the source inspection packet sent by the source inspection packet sending unit is sent back. When a packet of the same source is received from a port other than the port to which the response packet is sent back and the same packet of the same source is input, the specific packet transfer is prohibited. The prohibition means is provided in the packet transfer control device.
[0021]
That is, in the invention according to claim 6, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that there is something, the notification receiving means receives the notification together with the source information indicating the source. Other devices determine that there is a possibility, for example, when a phenomenon such as an abnormal increase in access per unit time occurs. Using such a notification as a trigger, an unauthorized user's packet is specified by the technique described in the first aspect of the present invention, and transfer of the packet to another device is prohibited.
[0022]
According to the seventh aspect of the present invention, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) at least a part of the packet for which the number of times of transfer is prescribed illegally indicates a source. When there is a possibility that there is a possibility that the packet is received, when the packet is received, the notification is sent together with the transfer number sender information indicating the pair of the transfer number indicated in these and the source information of the packet. And (c) when the notification receiving means receives the notification, the number of times of transfer in the packets of the same transmission source indicated in the transmission source information whose time-series transmission times do not match. And (d) when the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, the packet source is addressed. AsInspect this source(E) when a response packet for the source inspection packet sent by the source inspection packet transmitting unit is sent back,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer control device is provided with specific packet transfer prohibition means for prohibiting transfer.
[0023]
That is, in the invention according to claim 7, there is a possibility that the packet transfer control device itself does not actively detect the unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that there is something, the notification receiving means receives the notification together with the source information indicating the source. It is determined that there is a possibility that another device is present, for example, when a phenomenon such as an abnormal increase in access occurs. By using such a notification as a trigger, a packet of an unauthorized user is specified by the method described in the third aspect of the present invention, and transfer of the packet to another device is prohibited.
[0024]
According to the invention of claim 8, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) at least a part of the packet for which the number of times of transfer is prescribed illegally indicates the transmission source. When there is a possibility that there is a possibility that the packet is received, when the packet is received, the notification is sent together with the transfer number sender information indicating the pair of the transfer number indicated in these and the source information of the packet. And (c) when the notification receiving means receives the notification, transfers the packets whose time-series transfer times are not consistent among the packets of the same transmission source indicated in the transmission source information when the notification is received. (D) when the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, the source of the packet is set as the destination. TeInspect this source(E) when a response packet for the source inspection packet sent by the source inspection packet transmitting unit is sent back,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer control device is provided with specific packet transfer prohibition means for prohibiting transfer.
[0025]
That is, in the invention according to claim 8, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that there is something, the notification receiving means receives the notification together with the source information indicating the source. It is another device that determines that there is a possibility. Upon receiving this notification, the transfer count mismatch packet detecting means detects a packet in which the time-series transfer count is not consistent among the packets of the same source indicated in the transfer count source information, and The transmission source inspection packet for requesting the return of the packet is sent to the transmission source indicated in the transmission source information as the destination. In this case, it is prohibited to identify an unauthorized user's packet and transfer it to another device.
[0026]
According to the ninth aspect of the present invention, (a) a plurality of ports for receiving a packet transmitted via a network, and (b) at least a part of a packet of the same source illegally indicates the source. Notification receiving means for receiving the notification together with transmission source information indicating the transmission source when there is a possibility that there is a possibility that there is a possibility that the notification reception means receives the notification; And (d) the corresponding packet reception determining means for checking whether or not the source packet represented by the source information is received in parallel at two or more of the ports. When it is determined that the source packet indicated by the source information is received in parallel at the above ports, the packet is returned to the source indicated by the source information as the destination. (E) a response packet for the source inspection packet sent by the source inspection packet sending unit is sent back. When a packet of the same source is received from a port other than the port to which the response packet is sent back and the same packet of the same source is input, the specific packet transfer is prohibited. When the prohibition means and the corresponding packet reception determination means determine that the packet of the transmission source indicated in the transmission source information is not received in parallel at two or more ports, the transmission source indicated by the transmission source information is set to 1 A notification means for notifying source information indicating a source that may have incorrectly displayed the source to the nearest transfer destination; It is provided to the feed control unit.
[0027]
In other words, according to the ninth aspect of the present invention, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that there is something, the notification receiving means receives the notification together with the source information indicating the source. It is another device that determines that there is a possibility. Upon receiving this notification, the corresponding packet reception determining means independently checks whether or not two or more ports among the plurality of ports are receiving the source packet represented by the source information in parallel. When the corresponding packet reception determining means determines that the packet of the transmission source represented by the transmission source information is received in parallel at two or more ports, the packet is returned with the transmission source represented by the transmission source information as the destination. The transmission source inspection packet for the request is transmitted. In this case, it is prohibited to identify an unauthorized user's packet and transfer it to another device. On the other hand, a packet of a valid user and a packet of an unauthorized user may be input to the same port or interface circuit depending on a packet route. In this case, forwarding of an unauthorized user packet is prohibited even if a notification is received. Can not. Therefore, in this case, the transmission source information indicating the transmission source that may be incorrectly displaying the transmission source is notified to the transfer destination on the side closer to the transmission source indicated by the transmission source information. . If the device that has received the notification is a packet transfer control device having a similar configuration, there is a possibility that the packet of the unauthorized user can be separated and its transfer can be prohibited.
[0028]
In the invention according to claim 10, claims 1 to 9 are provided.EitherIn the above-described packet transfer control device, the specific packet transfer prohibiting unit includes a timer, and after a lapse of a predetermined time measured by the timer, cancels the transfer prohibition of the specific packet.
[0029]
In other words, according to the tenth aspect of the present invention, there is a possibility that the route to which the packet is transferred may be changed due to a network failure or the like with the passage of time. Then, the inspection can be performed again.
[0030]
According to the eleventh aspect of the present invention, (a) unauthorized access is performed on condition that packets indicating the same transmission source transmitted through the network are input in time parallel to some of the plurality of ports. An unauthorized access detecting step for detecting, and (b) a source for transmitting a source inspection packet for requesting a return of the packet to the source of these packets when the unauthorized access is detected in the unauthorized access detecting step (C) when a response packet for the transmission source inspection packet transmitted in the transmission source inspection packet transmission step is returned, the port is other than the port to which the response packet was transmitted. The same source packet is received from the port to which the same source packet is input. When to and a particular packet transfer prohibiting step of prohibiting the transfer to the packet transfer control method.
[0031]
In other words, according to the eleventh aspect of the present invention, an unauthorized access is detected on the condition that packets indicating the same transmission source are input to some of the plurality of ports in parallel in time and transmitted to the transmission source. When the original inspection packet is sent out and the response packet is sent back, the same source packet was received from the port where the same source packet was input except for the port to which the response packet was sent back. When the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer.
[0032]
According to the twelfth aspect of the present invention, (a) a packet indicating the same transmission source transmitted via a network is input to some of a plurality of ports at a predetermined frequency or more and in parallel with time. An unauthorized access detection step for detecting an unauthorized access on the condition that: (b) when detecting an unauthorized access in the unauthorized access detection step, a source inspection for requesting a return of the packet to a source of these packets; And (c) when a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, the response packet is sent back. From the port to which the packet of the same transmission source is input other than the port from which the When the original packet is received thereby and a specific packet transfer prohibiting step of prohibiting the transfer to the packet transfer control method.
[0033]
That is, according to the twelfth aspect of the present invention, when packets indicating the same transmission source are input to some of the plurality of ports in parallel in time, the unauthorized access is performed on condition that the frequency is equal to or higher than a predetermined frequency. When the packet is detected and a source inspection packet is sent to the source and a response packet is sent back, the same source packet is input from the port to which the same source packet is input except for the port from which the response packet was sent back. When a source packet is received, its transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer. In addition, since packets sent at a certain frequency or more are targeted, it is possible to remove noise such as duplicated transmission sources for some reason, and reduce the load on the packet transfer control device.
[0034]
According to the thirteenth aspect of the present invention, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) a packet defining the number of times of packet transfer to these ports is received. Sometimes, a transfer count transmission source information storage step for storing transfer count transmission source information composed of a pair of the transfer count and the packet transmission source information indicated therein; and (c) the transfer count transmission source information storage step. A transfer number mismatch packet detecting step for detecting a packet in which the time series transfer count is not matched among the stored packets of the same transmission source; and (d) the transfer count is determined by the transfer count mismatch packet detection step. When a mismatched packet is detected, the source of the packet is set as the destination.Inspect this source(E) transmitting a source inspection packet for transmitting a source inspection packet, and (e) returning a response packet for the source inspection packet transmitted in the source inspection packet transmission step.The route to which this response packet was returned is checked to identify unauthorized access packets, and theA specific packet transfer prohibition step of prohibiting transfer is provided in the packet transfer control method.
[0035]
That is, in the invention according to the thirteenth aspect, when a packet specifying the number of times of packet transfer is received, the number of times of transfer consisting of a pair of the number of times of transfer and the source information of the packet indicated by the number of times of transfer is transmitted. The packet is stored in the transmission source information storage step, and among the packets of the same transmission source stored in the transmission source information storage step, a packet in which the time-series transmission count is not consistent is detected. For example, when a packet indicating that the number of transfers is the last 5 times and then a packet of the same transmission source and the number of times of the transfer is 10 later are transmitted, one of the packets is transmitted from an unauthorized user. It may have been. In such a case, when a source inspection packet is sent to the source indicated in the packet and a response packet is sent back, a packet of the same source other than the port from which the response packet was sent back is sent. When a packet of the same transmission source is received from the port to which is input, the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer.
[0036]
According to the fourteenth aspect of the present invention, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) a packet defining the number of times of packet transfer to these ports is received. Sometimes, the number of times of transmission, which is a pair of the number of times of transmission and the information of the source of the packet, is stored on the condition that reception of these packets is equal to or higher than a predetermined frequency. A storage step; and (c) a transfer number mismatch packet detecting step of detecting a packet whose time-series transfer number is not matched among packets of the same source stored in the transfer number source information storing step. (D) when a packet whose transfer count is not matched is detected in the transfer count mismatched packet detection step, the source of the packet is set as the destination.Inspect this source(E) transmitting a source inspection packet for transmitting a source inspection packet, and (e) returning a response packet for the source inspection packet transmitted in the source inspection packet transmission step.The route to which this response packet was returned is checked to identify unauthorized access packets, and theA specific packet transfer prohibition step of prohibiting transfer is provided in the packet transfer control method.
[0037]
In other words, according to the fourteenth aspect of the present invention, when a packet defining the number of times of packet transfer is received at a predetermined frequency or higher, the number of times of transfer of the number of times of transmission is represented by a pair of the number of times of transfer and the source information of the packet. The information is stored in the number-of-transfers source information storage step, and among the packets of the same source stored in the number-of-transfers source information storage step, a packet whose time-series number of transfers is not consistent is detected. ing. For example, when a packet indicating that the number of transfers is the last 5 times and then a packet of the same transmission source and the number of times of the transfer is 10 later are transmitted, one of the packets is transmitted from an unauthorized user. It may have been. In such a case, when a source inspection packet is sent to the source indicated in the packet and a response packet is sent back, a packet of the same source other than the port from which the response packet was sent back is sent. When a packet of the same transmission source is received from the port to which is input, the transfer is prohibited. This makes it possible to easily identify an unauthorized user packet transmitted via a port or an interface circuit and prohibit its transfer. In addition, since packets sent at a certain frequency or more are targeted, it is possible to remove noise such as duplicated transmission sources for some reason, and reduce the load on the packet transfer control device.
[0038]
According to the invention of claim 15, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) a packet specifying the number of times of transfer of the packet to these ports is received. Sometimes, the number of times of transmission, which is a pair of the number of times of transmission and the information of the source of the packet, is stored on the condition that reception of these packets is equal to or higher than a predetermined frequency. A storage step; and (c) a transfer number mismatch packet detecting step of detecting a packet whose time-series transfer number is not matched among packets of the same source stored in the transfer number source information storing step. (D) When a packet whose transfer count is inconsistent is detected in the transfer count mismatch packet detection step, a port that receives these packets is detected. And a port storage step of storing in relation to the number of transfers, when (e) the number of transfers inconsistency packet detecting step detects a packet that does not match the number of transfers, the source of the packet as the destinationInspect this sourceA source inspection packet transmitting step of transmitting a source inspection packet, and (f) a response packet of the source inspection packet transmitted in the source inspection packet transmitting step is returned.Check the route to which this response packet was returned to identify the unauthorized access packetAnd (g) a specific packet transfer prohibition step of prohibiting transfer of a packet of a corresponding source received from a port corresponding to the invalid packet specified by the invalid packet specification step. Prepare for the method.
[0039]
That is, in the invention according to claim 15, when a packet whose transfer count is not matched is detected in the transfer count mismatched packet detecting step, the port receiving these packets is stored in the port storing step in relation to the transfer count. I have to. AndWhen the transfer number mismatch packet detecting step detects a packet whose transfer number does not match, it sends a source inspection packet for checking the source with the source of the packet as a destination. When a response packet for the inspection packet is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and the corresponding packet received from the port corresponding to the identified unauthorized packet is identified. Of the source packetThe transfer is prohibited.
[0040]
According to the invention of claim 16, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) at least a part of a packet of the same source illegally transmitted from the source. And (c) when a notification is received in the notification receiving step when the notification is received together with the source information indicating the source when there is a possibility that something may be displayed. A corresponding packet reception determining step of checking whether or not two or more of the plurality of ports are receiving a source packet represented by the source information in parallel; (d) determining the corresponding packet reception When it is determined in step that the packets of the transmission source represented by the transmission source information are received in parallel at two or more ports, the packet is represented by the transmission source information. A source inspection packet transmitting step of transmitting a source inspection packet for requesting a return of the packet with the source as a destination, and (e) a source inspection packet transmitted by the source inspection packet transmitting step Is returned, the same source packet is received from a port other than the port from which the response packet was returned and the same source packet is input. At this time, a specific packet transfer prohibition step of prohibiting the transfer is provided in the packet transfer control method.
[0041]
That is, in the invention according to claim 16, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of a packet of the same source incorrectly indicates the source. When there is a possibility that something exists, the notification is received together with the source information indicating the source in the notification receiving step. Other devices determine that there is a possibility, for example, when a phenomenon such as an abnormal increase in access per unit time occurs. Using such a notification as a trigger, an unauthorized user's packet is specified by the technique described in the first aspect of the present invention, and transfer of the packet to another device is prohibited.
[0042]
According to the seventeenth aspect of the present invention, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) at least a part of a packet defining the number of times of transfer is illegally transmitted from a source. When there is a possibility that there is a possibility that there is a possibility that the packet is received When the packet is received, the transfer count indicating the pair of the transfer count and the packet source information indicated in these packets together with the source information The notification receiving step of receiving the notification, and (c) when the notification is received in the notification receiving step, the time-series transfer times of the packets of the same transmission source indicated in the transmission number transmission source information match. And (d) detecting a packet with an inconsistent transfer count in the transfer count inconsistent packet detection step. The source of the packet as the destination when theInspect this source(E) transmitting a source inspection packet for transmitting a source inspection packet, and (e) returning a response packet for the source inspection packet transmitted in the source inspection packet transmission step.The route to which this response packet was returned is checked to identify unauthorized access packets, and theA specific packet transfer prohibition step of prohibiting transfer is provided in the packet transfer control method.
[0043]
That is, in the invention according to claim 17, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that something exists, the notification is received together with the source information indicating the source in the notification receiving step. It is determined that there is a possibility that another device is present, for example, when a phenomenon such as an abnormal increase in access occurs. By using such a notification as a trigger, a packet of an unauthorized user is specified by the method described in the third aspect of the present invention, and transfer of the packet to another device is prohibited.
[0044]
According to the invention of claim 18, (a) a receiving step of receiving a packet sent via a network at a plurality of ports, and (b) at least a part of the packet specifying the number of times of transfer is illegally transmitted from the source. When there is a possibility that there is a possibility that there is a possibility that the packet is received When the packet is received, the transfer count indicating the pair of the transfer count and the packet source information indicated in these packets together with the source information (C) when the notification is received in the notification receiving step, the number of times of transfer in the same transmission source in the packets of the same transmission source indicated in the transmission source information is matched. And (d) detecting a packet whose transfer count is inconsistent in the transfer count mismatch packet detection step. The source of the packet as the destination canInspect this source(E) transmitting a source inspection packet for transmitting a source inspection packet, and (e) returning a response packet for the source inspection packet transmitted in the source inspection packet transmission step.The route to which this response packet was returned is checked to identify unauthorized access packets, and theA specific packet transfer prohibition step of prohibiting transfer is provided in the packet transfer control method.
[0045]
In other words, in the invention according to claim 18, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that there is something, the notification is received together with the transfer count transmission source information indicating the pair of the transfer count and the packet transmission source information in the notification receiving step. It is another device that determines that there is a possibility. When this notification is received, a packet in which the time-series transfer count is not consistent among packets of the same source indicated in the transfer count source information is detected, and the source of the packet is set as a destination.A source inspection packet for inspecting the transmission source is transmitted, and when a response packet is returned in response thereto, a route to which the response packet is returned is checked to identify an unauthorized access packet, These unauthorized access packetsThe transfer is prohibited.
[0046]
In the invention according to claim 19, (a) a receiving step of receiving a packet transmitted via a network at a plurality of ports, and (b) at least a part of a packet of the same source illegally transmitted from the source. And (c) when a notification is received in the notification receiving step when the notification is received together with the source information indicating the source when there is a possibility that something may be displayed. A corresponding packet reception determining step of checking whether or not two or more of the plurality of ports are receiving a source packet represented by the source information in parallel; (d) determining the corresponding packet reception When it is determined in step that the packets of the transmission source represented by the transmission source information are received in parallel at two or more ports, the packet is displayed by the transmission source information. A source inspection packet transmitting step of transmitting a source inspection packet for requesting a return of the packet with the source as a destination, and (e) a source inspection packet transmitted by the source inspection packet transmitting step Is returned, the same source packet is received from a port other than the port from which the response packet was returned and the same source packet is input. When a specific packet transfer prohibiting step for prohibiting the transfer and a packet receiving discriminating step (f) are transmitted when it is determined that the source packet represented by the source information is not received in parallel at two or more ports. Sources that may incorrectly display the source at the destination one closer to the source indicated in the source information To and a notification step of notifying the I transmission source information to the packet transfer control method.
[0047]
That is, in the invention according to claim 19, there is a possibility that the packet transfer control device itself does not actively detect an unauthorized user, and at least a part of the packet of the same source incorrectly indicates the source. When there is a possibility that something exists, the notification is received together with the source information indicating the source in the notification receiving step. It is another device that determines that there is a possibility. Upon receiving this notification, in the corresponding packet reception determining step, it is independently checked whether or not two or more of the plurality of ports are receiving the source packet represented by the source information in parallel. Then, when it is determined in the corresponding packet reception determining step that the packet of the transmission source represented by the transmission source information is received in parallel at two or more ports, the return of the packet is performed with the transmission source indicated by the transmission source information being the destination. The transmission source inspection packet for the request is transmitted. In this case, it is prohibited to identify an unauthorized user's packet and transfer it to another device. On the other hand, a packet of a valid user and a packet of an unauthorized user may be input to the same port or interface circuit depending on a packet route. In this case, forwarding of an unauthorized user packet is prohibited even if a notification is received. Can not. Therefore, in this case, the transmission source information indicating the transmission source that may be incorrectly displaying the transmission source is notified to the transfer destination on the side closer to the transmission source indicated by the transmission source information. . If the device that has received the notification is a packet transfer control device having a similar configuration, there is a possibility that the packet of the unauthorized user can be separated and its transfer can be prohibited.
[0048]
According to the twentieth aspect of the present invention, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via a network, and (c) a source device via the network. Access that detects unauthorized access on the condition that a plurality of ports that receive packets sent by the network and packets indicating the same source device are input to some of these ports in parallel in time Detecting means, and sending a source device inspection packet for sending a source device inspection packet for requesting a return of the packet to the source device of the packet when the unauthorized access detecting unit detects the unauthorized access Means and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting unit. Is returned, when a packet of the same source device is received from a port other than the port to which the response packet was returned and the packet of the same source device is input, The packet transfer system includes a packet transfer control device having specific packet transfer prohibition means for prohibiting transfer.
[0049]
That is, in the twentieth aspect of the present invention, the packet transfer system comprises a source device, a destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the first aspect of the present invention.
[0050]
According to the twenty-first aspect of the present invention, (a) a transmission source device for transmitting a packet via a network, (b) a transmission destination device for receiving a packet via the network, and (c) a transmission source device via the network. The condition is that when a plurality of ports for receiving packets transmitted by the receiver and packets indicating the same transmission source device are input to some of these ports in parallel in time, the frequency is equal to or higher than a predetermined frequency. An unauthorized access detecting means for detecting an unauthorized access, and a source device inspection packet for requesting a return of the packet to the source device of the packet when the unauthorized access detecting means detects the unauthorized access. Source device inspection packet transmitting means for performing transmission, and source device inspection transmitted by the transmission source device inspection packet transmitting means. When a response packet for the packet is sent back, the packet of the same source device is sent from a port other than the port from which the response packet was sent back and from which the packet of the same source device is input. A packet transfer control device having a specific packet transfer prohibiting means for prohibiting the transfer when received is provided to the packet transfer system.
[0051]
That is, in the invention according to claim 21, the packet transfer system is constituted by a source device, a destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the second aspect of the present invention.
[0052]
In the invention according to claim 22, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via the network, and (c) a source device via the network. A plurality of ports for receiving packets transmitted by the port, and a pair of the number of times of transfer and the source device information of the packet when a packet specifying the number of times of transfer of the packet is received at these ports. The number of transfer source device information storing means for storing the number of transfer source device information, and the number of chronological transfer times in the packets of the same source device stored in the number of transfer source device information storage means. A transfer number mismatch packet detecting means for detecting a packet which does not match, and a packet whose transfer number does not match by the transfer number mismatch packet detecting means. The source device of the packet as the destination upon detectingInspect this source deviceSource device inspection packet transmitting means for transmitting a source device inspection packet, and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. ,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer system includes a packet transfer control device having specific packet transfer prohibition means for prohibiting transfer.
[0053]
That is, in the invention according to claim 22, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the third aspect of the present invention.
[0054]
In the invention according to claim 23, (a) a transmission source device for transmitting a packet via a network, (b) a transmission destination device for receiving a packet via the network, and (c) a transmission source device via the network. A plurality of ports for receiving packets transmitted by the port, and a pair of the number of times of transfer and the source device information of the packet when a packet specifying the number of times of transfer of the packet is received at these ports. Transfer number source device information storing means for storing the number of transfer source device information comprising the condition that reception of these packets is equal to or more than a predetermined frequency, and the number of transfer source device information storage means Transfer number mismatch packet detecting means for detecting a packet whose time series transfer count is not consistent among packets of the same transmission source device; The source device of the packet as the destination when the number mismatch packet detecting means detects a packet that does not match the number of transfersInspect this source deviceSource device inspection packet transmitting means for transmitting a source device inspection packet, and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. ,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer system includes a packet transfer control device having specific packet transfer prohibition means for prohibiting transfer.
[0055]
That is, in the invention according to claim 23, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the fourth aspect of the present invention.
[0056]
In the invention according to claim 24, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via the network, and (c) a source device via the network. A plurality of ports for receiving packets transmitted by the port, and a pair of the number of times of transfer and the source device information of the packet when a packet specifying the number of times of transfer of the packet is received at these ports. Transfer number source device information storing means for storing the number of transfer source device information comprising the condition that reception of these packets is equal to or more than a predetermined frequency, and the number of transfer source device information storage means Transfer number mismatch packet detecting means for detecting a packet whose time series transfer count is not consistent among packets of the same transmission source device; When the number-mismatched packet detecting means detects packets whose transfer counts do not match, the port storage means for storing the ports receiving these packets in relation to the transfer counts, and When a packet that does not match is detected, the source device of the packet isInspect this source deviceSource device inspection packet transmitting means for transmitting a source device inspection packet, and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. ,Check the route to which this response packet was returned to identify the unauthorized access packetPacket transfer control, comprising: an illegal packet specifying unit that performs transmission of a packet of a corresponding transmission source device that is received from a port corresponding to the invalid packet identified by the invalid packet specifying unit; The device and the packet transfer system are provided.
[0057]
That is, in the invention according to claim 24, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the fifth aspect of the present invention.
[0058]
According to the twenty-fifth aspect of the present invention, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via a network, and (c) a source device via the network. If there is a possibility that there is a possibility that there are multiple ports that receive the transmitted packet and that there is a packet of the same source device, at least a part of which may incorrectly indicate the source device, Notification receiving means for receiving the notification together with the transmission source device information representing the transmission source device; and when the notification reception means receives the notification, the notification reception unit displays the notification in the transmission source device information in at least two of the plurality of ports. Packet reception discriminating means for checking whether or not packets of the transmission source device to be received are received in parallel; A source for requesting a return of a packet addressed to the source device indicated in the source device information when it is determined that the packet of the source device indicated in the source device information is being received in parallel at the port. A source device inspection packet transmitting means for transmitting the device inspection packet; and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. A specific packet transfer prohibiting unit for prohibiting the transfer when the packet of the same source device is received from the port to which the packet of the same source device is input other than the port that has been sent back. And a packet transfer control device having the same.
[0059]
That is, in the invention according to claim 25, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the sixth aspect of the present invention.
[0060]
According to the twenty-sixth aspect of the present invention, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via a network, and (c) a source device via the network. If there is a possibility that there is a possibility that there are multiple ports that receive the transmitted packet and a packet that specifies the number of transfers and at least a part of which may incorrectly indicate the source device Notification receiving means for receiving the notification together with the number of transfer source device information indicating the pair of the number of transfer times and the source device information of the packet when the notification is received, and the notification receiving means When received, this transfer count is a transfer that detects a packet in which the time-series transfer counts do not match among packets of the same source device indicated in the source device information. A number inconsistency packet detecting means, the source device of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfersInspect this source deviceSource device inspection packet transmitting means for transmitting a source device inspection packet, and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. ,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer system includes a packet transfer control device having specific packet transfer prohibition means for prohibiting transfer.
[0061]
That is, in the invention according to claim 26, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the seventh aspect of the present invention.
[0062]
In the invention according to claim 27, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via the network, and (c) a source device via the network. If there is a possibility that there is a possibility that there are multiple ports that receive the transmitted packet and a packet that specifies the number of transfers and at least a part of which may incorrectly indicate the source device Notification receiving means for receiving the notification together with the number of transfer source device information indicating the pair of the number of transfer times and the source device information of the packet when the notification is received, and the notification receiving means Transfer count when received Transfer count for detecting a packet whose time-series transfer count is not consistent among packets of the same source device indicated in the source device information Inconsistent packet detection unit, the source device of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfersInspect this source deviceSource device inspection packet transmitting means for transmitting a source device inspection packet, and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. ,The route to which this response packet was returned is checked to identify unauthorized access packets, and theThe packet transfer system includes a packet transfer control device having specific packet transfer prohibition means for prohibiting transfer.
[0063]
That is, in the invention according to claim 27, the packet transfer system comprises a source device, a destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the eighth aspect of the present invention.
[0064]
In the invention according to claim 28, (a) a source device for transmitting a packet via a network, (b) a destination device for receiving a packet via the network, and (c) a source device via the network. If there is a possibility that there is a possibility that there are multiple ports that receive the transmitted packet and that there is a packet of the same source device, at least a part of which may incorrectly indicate the source device, Notification receiving means for receiving the notification together with the transmission source device information representing the transmission source device; and when the notification reception means receives the notification, the notification reception unit displays the notification in the transmission source device information in at least two of the plurality of ports. Packet reception discriminating means for checking whether or not packets of the transmission source device to be received are received in parallel; A source for requesting a return of a packet addressed to the source device indicated in the source device information when it is determined that the packet of the source device indicated in the source device information is being received in parallel at the port. A source device inspection packet transmitting means for transmitting the device inspection packet; and a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting means. A specific packet transfer prohibiting unit for prohibiting the transfer when the packet of the same source device is received from the port to which the packet of the same source device is input other than the port that has been sent back. The packet of the source device represented by the source device information is transmitted to the two or more ports by the corresponding packet reception determining means in parallel. Source device that indicates a source device that may incorrectly display the source device at a transfer destination closer to the source device indicated by the source device information when it is determined that the source device has not been received. The packet transfer system includes a packet transfer control device including a notification unit that notifies information.
[0065]
That is, in the invention according to claim 28, the packet transfer system comprises a transmission source device, a transmission destination device, and a packet transfer control device. The packet transfer control device has the configuration according to the ninth aspect of the present invention.
[0066]
BEST MODE FOR CARRYING OUT THE INVENTION
[0067]
【Example】
Hereinafter, the present invention will be described in detail with reference to examples.
[0068]
First embodiment
[0069]
FIG. 1 shows a main part of a communication system using a packet transfer control device according to a first embodiment of the present invention. This communication system includes a network-like communication path using the Internet, which connects the server 201 to be protected from unauthorized access this time, the authorized user 202, and the unauthorized user 203. When viewed from the router 204 directly connected to the server 201 on this communication path, the router 205₁₁, 205₂₁, 205₃₁Shall be arranged. Router 205 shown in the figure₂₂And 205₂₃Is the router 205₁₁, The number of hops in the direction of the server 201 is “1”, and the router 205₃₂Is the router 205₂₁, The hop count is “1” in the direction of the server 201. Router 205₂₂In addition, the router 205₃₃And router 205₃₄Is connected. In this example, the valid user 202 is the router 205₃₁The unauthorized user 203 is connected to the server 201 via another router 205.₃₃Is connected to the server 201 via the.
[0070]
The packet transfer control device 207 of this embodiment having the function of preventing unauthorized access is₁₁Is configured as a device including However, other routers 205₂₁, 205₃₁,..., The circuits including them can freely configure the packet transfer control device. An outline of a packet transfer control device using the packet transfer control device 207 of the present embodiment will be briefly described.
[0071]
FIG. 2 shows a configuration of an input / output port of the packet transfer control device according to the present embodiment. The packet transfer control device 207 includes the first to Nth ports P₁~ P_NIt has. For simplicity, at some point the first port P₁Is the router 205₂₁Connected to the authorized user 202 via the second port P₂Is the router 205₂₂Is connected to the unauthorized user 203 through the third port P₃Is the router 205₂₃It is assumed that it is connected to Also, the fourth port P₄Is connected to the server 201 via the router 204. 1st to Nth ports P₁~ P_NHas a line 211₁~ 211_NIs connected.
[0072]
The packet transfer control device 207 has its input port P₁~ P₃Is checked to see if a packet having the same source address indicating the same source arrives. Assuming that the unauthorized user 203 pretends to be a legitimate user 202 and sends out a packet using the same source address as that of the legitimate user 202, the packet transfer control device 207 uses the Determine that there is a possibility. Therefore, when such a case occurs, the packet transfer control device 207 sends a source inspection packet to the source address.
[0073]
Since the source inspection packet is sent to the source address, only the valid user 202 can respond to this. The packet transfer control device 207 sends this response to the port P₁Receive through. Therefore, other ports P₂Or P₃When packets with the same source address are sent from₄By performing filtering so as not to switch to the server 201 side, it is possible to prevent an unauthorized packet from being sent to the server 201 side.
[0074]
FIG. 3 shows the configuration of the packet transfer control device. The packet transfer control device 207 includes a line interface unit 213. The line interface unit 213 is connected to the first port P₁, The second port P₂, ... Nth port P_N, Nth interface (I / F) circuit 214₁, 214₂, ... 214_NIt has. These interface circuits 214₁, 214₂, ... 214_NAre connected to the control packet classification unit 215. The line interface unit 213 is a line 211₁, 211₂, ... 211_NWhen a packet is received from the control packet classifying unit 215, the process is passed to the control packet classifying unit 215. On the other hand, when a transmission packet is passed from the control packet classification unit 215, the first, second,.₁, 214₂, ... 214_NOf the transmission packet is output to the circuit designated for the transmission packet. The line interface unit 213 is connected to the line 211.₁, 211₂, ... 211_NTo convert a physical signal of the packet into a logical signal to generate a packet frame, and vice versa.₁, 211₂, ... 211_NTo convert the package data into a physical signal.
[0075]
The control packet classification unit 215 includes a filter unit 216 that performs the above-described filtering on the packet, a routing unit 217 that performs the routing, and a line comparison unit that performs a comparison process for determining a packet possibly transmitted from an unauthorized user. 218 and an SA inspection unit 219 that inspects an SA (source address). The control packet classification unit 215 examines the contents of the packet passed from the line interface unit 213, and if this is a response packet to the source inspection packet instructed to be transmitted by the SA inspection unit 219, the control unit 215 compares this packet with the line comparison unit 218. To be passed to. When the packet passed from the line interface unit 213 is a packet other than the response packet, the control packet classifying unit 215 performs a process of passing this packet to the filter unit 216. In addition, the control packet classification unit 215 also performs a process of receiving a transmission packet from the routing unit 217 or the SA inspection unit 219 and passing it to the line interface unit 213.
[0076]
When a packet matching a predetermined rule set in the filter table 221 is received, the filter unit 216 determines that the packet is from an unauthorized user, and discards the packet without passing it to the SA classifying unit 222. I have. A timer unit 224 for measuring the passage of time is connected to the filter table 221 and measures whether or not the rule set in the filter unit 216 is within the validity period. If there is a rule whose validity period has elapsed, the setting content is deleted. Since the route of the network may change according to a change in the state of the network or time, the packet of the source address set in the filter table 221 may arrive via a different network. Therefore, a timer unit 224 is provided so that the rule up to now is deleted after a certain period of time, so that it is possible to cope with a change in the route information.
[0077]
The SA classifying unit 222 receives a packet that has not been discarded by the filter unit 216. Such packets are not limited to packets subject to unauthorized access, but naturally include general packets such as newly arrived packets. The SA classifying unit 222 performs a process of recording the source address and the arriving line interface of the received packet in the classifying table 225 and passing the transferred packet to the routing unit 217. The multiplex detection unit 226 uses the classification table 225 to check whether there are packets arriving from a plurality of line interfaces with the same source address.
[0078]
When the multiplex detection unit 226 detects a packet arriving over such a plurality of line interfaces, the SA inspection unit 219 determines which of the plurality of line interfaces corresponding to the detected one transmission source address is which. Receive information to indicate. Then, a process for requesting the control packet classifying unit 215 to transmit a source inspection packet for checking whether or not unauthorized access has been performed is performed, and a plurality of transmission source packets corresponding to the one source address are stored in the inspection table 227. Record the line interface of
[0079]
The line comparison unit 218 compares the received packet with the inspection table 227, and among the plurality of line interfaces to be inspected, the line interface other than the line interface that has responded to the source inspection packet from the source. It is determined that the line interface may be related to a packet transmitted by an unauthorized user. Then, a line interface for preventing a packet transmitted by an unauthorized user is set in the filter table 221.
[0080]
FIG. 4 shows a control flow of the packet transfer control device of the present embodiment. The operation of the packet transfer control device 207 having the configuration shown in FIG. 3 will be described with reference to FIG. When a packet arrives at the packet transfer control device 207 via the predetermined line 211, the line interface unit 213 detects the arrival (Step S301: Y). Here, the line 211 is, for example, an OC-3 (Optical Carrier-3) or an OC-48 (Optical Carrier-48) connected by an optical fiber cable, or an Ethernet connected by a twisted pair cable in which two wires are twisted. And so on.
[0081]
The line interface unit 213 converts the physical signal into the data of the received packet (Step S302). The converted packet is passed to the control packet classification unit 215. The control packet classification unit 215 checks whether or not the received packet is a normal packet (step S303). Here, the normal packet refers to a received packet other than a response packet from the transmission source for the transmission source inspection packet transmitted from the packet transfer control device 207 to inspect the transmission source. If it is a response packet (N), there is no need to transfer this. Then, this is passed to the line comparison unit 218, and a comparison process described in detail later is executed (step S304).
[0082]
On the other hand, if the received packet is determined to be a normal packet (step S303: Y), the packet is passed to the filter unit 216 in order to perform filtering as a stage before the transfer process. In this case, the packet transfer control device 207 reads data for preventing a packet due to an unauthorized access from the filter table 221 (Step S305).
[0083]
FIG. 5 shows an example of the contents of the filter table. The filter table 221 is a table storing data for filtering a packet sent from an unauthorized user. Here, an item “SRCADDR” 322 representing an IP (Internet Protocol) address, an item “SRCIF” 323 representing a port number corresponding to an arrival line interface, and the passage of the date and time when these items were registered in the filter table 221 Is stored in an item “TIMER” 324 indicating “. If a packet that matches any of the contents of the filter table 221 arrives at the filter unit 216, it is determined that the packet matches the rule for discarding (step S306: Y in FIG. 4), and the packet is processed without being transferred. Ends (end). That is, the packet is discarded.
[0084]
For example, port P shown in FIG.₁And P₂It is assumed that the source address of the packet input to both the ports is “10.5.5.8”, and the port P₁Is determined to be a packet sent from the valid user 202, and the other port P₂Is determined to be a packet of the unauthorized user 203. In this case, “10.5.5.8” is written in the item “SRCADDR” of the filter table 221 and the port P is written in the item “SRCIF”.₂Is indicated as a numerical value “2”. In the item “TIMER”, data “11.20.20.10” indicating the time when the response packet to the transmission source inspection packet arrives and the packet of the unauthorized user 203 is determined and registered in the filter table 221, that is, Data of 20:10 on November 20 is described.
[0085]
Therefore, in this example, the packet whose source address is "10.5.5.8"₂If the time is within a predetermined time t from the time described in the item "TIMER", the packet matches the rule as a packet sent from an unauthorized user. Will be discarded. After the lapse of the predetermined time t, the rule does not match (step S306: N in FIG. 4). This increases the possibility that the packet routing will change over time, so check again if packets with the same source address arrive at multiple ports and perform unauthorized access under new rules. This is because the packet processing of FIG.
[0086]
If it is determined in step S306 in FIG. 4 that the packet does not match the rule, the packet is sent to the SA classifying unit 222. The SA classifying unit 222 updates or newly creates a classifying table (step S307).
[0087]
FIG. 6 shows an example of the contents of the classification table. The classification table 225 includes an item “SRCADDR” 332 representing an IP address, an item “SRCIF” 333 representing a port number corresponding to an arrival line interface, and an item “COUNTER” 334 for counting the number of arrivals of the same packet. It is configured. The classification table 225 is newly created every time the item “SRCADDR” 332 is different. The item “COUNTER” 334 is provided because, for example, when the number of arrivals of packets at the same IP address in a certain time zone is extremely small, it is considered that unauthorized access has not been performed, and The purpose of this is to omit the transmission of the source inspection packet and the filtering process for those which do not.
[0088]
FIG. 6 shows the classification table 225 for the IP address “13.9.2.6”, but a packet of the IP address for which the classification table 225 has already been created is input to the SA classification unit 222. In this case, the contents of the item “COUNTER” 334 for the corresponding item “SRCIF” 333 in the classification table 225 are counted up one by one. When there is no IP address corresponding to the item “SRCADDR” 332, a classification table for this is newly created.
[0089]
When the SA classifying unit 222 updates or newly creates the classifying table 225, the packet is transferred to the routing unit 217, and a routing process is performed to set a route of the packet to be sent to the router (FIG. Four steps S308). Then, the packet is transferred to the destination line (step S309), and the packet data is converted into a physical signal again and transmitted to the line (step S310).
[0090]
FIG. 7 shows a flow of the multiplex detection processing performed by the multiplex detection unit. The multiplex detection unit 226 shown in FIG. 3 starts this processing at predetermined time intervals. First, the multiplex detecting unit 226 checks whether or not there is a registered value in the item “COUNTER” 334 in the classification table 225 that is equal to or greater than a predetermined numerical value (step S351). If there is no such thing, the process is terminated (END).
[0091]
If there is a registered value that is equal to or greater than a predetermined numerical value, it is determined whether or not the item “SRCIF” 333 is registered for each item “SRCADDR” 332 across a plurality of ports or interface circuits 214. Check (step S352). If only one port or interface circuit 214 is entered as data in the item "SRCIF" 333, there is no possibility that the access is multiplexed for the item "SRCADDR" 332. Therefore, such an object is not registered in the inspection table 227.
[0092]
On the other hand, when the count value is equal to or more than the predetermined value and the item “SRCIF” 333 is entered in plural, one source address is used by plural sources. Will be. Then, if there is such a thing (step S352: Y), it is checked whether or not this is registered in the inspection table 227 (step S353). If not registered in the inspection table 227 (Y), the item “SRCADDR” 332 and each item “SRCIF” 333 corresponding thereto are registered in the inspection table 227 (step S354). Otherwise (step S353: N), the processing related to the item "SRCADDR" 332 ends to avoid duplicate registration (end).
[0093]
If data has been newly written in the port or interface circuit 214 that has not existed at the time of the processing of step S353, the processing of adding the content to the corresponding inspection table 227 is performed. Is also good. In this case, it is useful for the SA inspection unit 219 described later to transmit the source inspection packet again to deal with a new situation.
[0094]
FIG. 8 shows an example of the inspection table. The inspection table 227 includes an item “SRCADDDR” 362 and the interface circuit 214 shown in FIG.₁, 214₂, ... 214_N"First SRCIF" 363 corresponding to₁~ Item "Nth SRCIF" 363_NIt is composed of Each item “first SRCIF” 363₁From the item "Nth SRCIF" 363_NThe number of times that the packet arrives at the interface circuit 214 is written as data.
[0095]
FIG. 9 shows the flow of the comparison process of the line comparison unit. The line comparing unit 218 compares the interface circuit 214 corresponding to the source address of the response packet sent from the control packet classifying unit 215 and the arriving port with these combinations in the inspection table 227 (step S381). As a result, since the matching one (step S382: Y) is a combination of valid packets, the process is terminated without registering in the filter table 221 (end).
[0096]
On the other hand, when the response packet matches the transmission source address and the interface circuit 214 does not match (N), the port or the interface circuit 214 is registered in the filter table 221 together with data indicating the time (N). Step S383).
[0097]
As described above, in the present embodiment, the first, second,.₁, 214₂, ... 214_NTo detect the presence of unauthorized access based on the fact that multiple of the packets received the same source packet in the same time slot, check the route (port) that sent the source inspection packet to the source address and returned it Specifies the unauthorized access packet.
[0098]
Second embodiment
[0099]
In the second embodiment of the present invention, it is detected that the packet of the same transmission source has passed through a plurality of routes by comparing the value of a TTL (Time To Live) field described in the header of the packet. It is determined that there is an unauthorized access packet. Also in the second embodiment, a packet transfer control device transmits a source inspection packet so that it is possible to determine which packet is transmitted by a valid user and which is transmitted by an unauthorized user.
[0100]
FIG. 10 shows an example of a packet configuration. The packet 401 has an IP header 402 and a data portionICMP403It is composed of In the packet 401 of this example, the IP header 402 is composed of fields such as Ver (Version) and IHL (Internet Header Length), and a TTL field exists in these. The TTL field is provided to prevent unlimited transfer of packets. That is, a predetermined initial value is given to the TTL field when transmitting a packet, and the value is decreased by "1" each time a packet is transferred by a transfer device or a device such as a gateway. Then, when the value indicated in the TTL field decreases to "0", the transfer of the packet of the same transmission source ends, and the subsequent packets of the transmission source are discarded.
[0101]
Therefore, for example, when a packet with a TTL field value of “10” is transmitted, the transfer device can transfer up to ten times. For example, such a TTL field is defined in the protocol of IPV4 (Internet Protocol Version 4). In an IPV6 (Internet Protocol Version 6) in which the address field is longer than the IPV4 and a sufficient margin is provided for the address, a hop limit field (Hop Limit field) is defined as the same as the TTL field.
[0102]
In the case of the packet 401 shown in FIG. 10, in the case of the “IPCM ECHO REPLY” message, since the IPCM is the IPCM, the protocol feed (PROTO) of the IP header 402 is “1”. In addition, since the message is “IPCM ECHO REPLY”, “TYPE = 0, CODE = 0” is obtained.
[0103]
FIG. 11 shows the configuration of the packet transfer control device according to the second embodiment. The same parts as those in FIG. 3 are denoted by the same reference numerals, and description thereof will be omitted as appropriate. In the packet transfer control device 207A of the second embodiment, the packet that has passed through the filter unit 216 is passed to the SA classifying unit 222A. The SA classifying unit 222A records the source address, the arriving line interface, and the value of the TTL field of the received packet in the classifying table 225A, and passes the packet to be transferred to the routing unit 217.
[0104]
FIG. 12 shows an example of the contents of the classification table. The classification table 225A is composed of an item "SRCADDR" 332 representing an IP address, an item "TTL" 411 representing a value of a TTL field, and an item "COUNTER" 334 for counting the number of arrivals of the same packet. . The classification table 225A is newly created every time the item “SRCADDR” 332 is different.
[0105]
FIG. 6 shows the classification table 225A for the IP address “13.9.2.6”, but the packet of the IP address for which the classification table 225A has already been created is input to the SA classification unit 222A. In this case, it is determined whether or not the item "TTL" 411 is the same for the classification table 225A. If the items are the same, the contents of the item "COUNTER" 334 are counted up one by one. . When a different packet of the item “TTL” 411 is input to the SA classification unit 222A, the item is added to the same classification table 225A.
[0106]
The multiplex detection unit 226A shown in FIG. 11 checks whether or not there is a packet in which a plurality of items “TTL” 411 exist despite the same source address in the classification table 225A shown in FIG. become. Then, when such a packet exists, there is a possibility that a packet of an unauthorized user may exist. Therefore, a set of the source address and the values of the plurality of TTL fields is passed to the SA inspection unit 219A.
[0107]
FIG. 13 shows a control flow of such a multiplex detection unit. In this figure, the same parts as those in FIG. 7 are denoted by the same reference numerals. The multiplex detection unit 226A illustrated in FIG. 11 starts this processing at predetermined time intervals. First, the multiplex detection unit 226A checks whether a count value equal to or greater than a predetermined numerical value is registered in the item “COUNTER” 334 in the classification table 225A (step S351). If there is no such thing, the process is terminated (END).
[0108]
If there is a registered value that is equal to or larger than the predetermined numerical value, it is checked whether a plurality of items “TTL” 411 are registered as different values for each item “SRCADDR” 332 (step S431). ).
[0109]
On the other hand, when a count value equal to or greater than a predetermined value is registered and a plurality of items “TTL” 411 are entered, different TTL fields exist for one transmission source address. That is, there is a sender who is sending out a packet falsely as one sender. Therefore, if there is such a thing (step S431: Y), it is checked whether or not this is registered in the inspection table 227A (step S353). If the information is not registered in the inspection table 227 (Y), that is, when a new sender is added, the item “SRCADDDR” 332 and each item “TTL” 411 corresponding thereto are stored in the inspection table 227A. It is registered (step S432). Otherwise (step S353: N), the processing related to the item "SRCADDR" 332 ends to avoid duplicate registration (end).
[0110]
FIG. 14 shows the configuration of the inspection table. In this figure, the same parts as those in FIG. 8 are denoted by the same reference numerals. The inspection table 227A includes an item “SRCADDDR” 362 and an item “first TTL” 451 corresponding to each TTL field in order.₁~ Item "Nth TTL" 451_NIt is composed of
[0111]
As described above, in the packet transfer control device of the second embodiment, when the TTL field of the packet indicated as the same source is different, the source is checked based on the TTL field. By checking the route (port) to which the packet is sent and returned, an unauthorized access packet is specified.
[0112]
Third embodiment
[0113]
FIG. 15 shows the configuration of the packet transfer control device according to the third embodiment of the present invention. In the packet transfer control device 207B, the same portions as those of the packet transfer control device 207 shown in FIG. 3 are denoted by the same reference numerals, and description thereof will be omitted as appropriate. In the third embodiment, the packet transfer control device 207B itself does not have a function of detecting an invalid packet. The inspection request detection unit 501 receives the packet that has passed through the filter unit 216B, and determines whether or not the packet is an inspection request packet that requests detection of an unauthorized user from another device such as a router and requests that the packet be discarded. If the packet is not an inspection request packet, it is a packet to be transferred to another location, and thus is passed to the routing unit 217.
[0114]
On the other hand, if the packet is an inspection request packet, the source address added to this packet is delivered to the SA inspection unit 219B. The SA inspection unit 219B gives the control packet classifying unit 215B an instruction to send a source inspection packet to the transmitted source address in the same manner as in the previous embodiment, and inspects the source address. To the application table 227B and the filter table 221B.
[0115]
When the response packet corresponding to the transmission source inspection packet is returned, the line comparison unit 218B receives information on the interface circuit 214 used at this time from the control packet classification unit 215B, and receives the transmission source address and the interface circuit 214 on the valid user. Is registered in the filter table 221B. When the packet of the source address registered in the filter table 221B is transmitted, the filter unit 216B responds to the packet received via the same interface circuit 214 as the information on the interface circuit 214 registered correspondingly. It is determined whether or not there is, and only that packet is passed. That is, for the packet of the transmission source address registered in the filter table 221B, the packet received through the other interface circuits 214 is discarded. Similarly, the timer unit 224 deletes the contents of the filter table 221B for the data that has passed a certain time so as to eliminate the inconvenience of discarding the packet of the valid user.
[0116]
Other modifications of the invention
[0117]
In the above-described second embodiment, as shown in FIG. 12, the classification table 225A is the same as the item “SRCADDDR” 332 representing the IP address and the item “TTL” 411 representing the value of the TTL field. It consists of an item "COUNTER" 334 for counting the number of packet arrivals. Of these items, the item “COUNTER” 334 can be omitted. Also, other similar items may be added instead or along with this.
[0118]
FIG. 16 shows a modification of the classification table. The classification table 225C of this modification includes an item “SRCADDR” 332 representing an IP address, an item “TTL” 411 representing a TTL field value, and an item “TIMER” 601 indicating the lapse of the registered date and time. Have been.
[0119]
Further, in the second embodiment, when there is a possibility that a packet of an unauthorized user is being transmitted, a transmission source inspection packet simply instructing a reply to the transmission source address is transmitted. A reply indicating a packet indicating the number of times of transfer may be requested, or other information such as a time at which transmission is first started may be added to the reply information. As a result, even if the TTL fields of the packets of a plurality of senders have temporarily approximated values, the presence of an unauthorized user can be confirmed.
[0120]
Further, in the third embodiment, when the inspection request packet is sent from another device, the packet of the unauthorized user is discarded by utilizing the fact that the packet of the same source address is received by the plurality of interface circuits 214. However, as a result of the inspection, there is a case where only one interface circuit 214 is used for the source address. In such a case, the packet transfer control device that has received the request or the packet transfer control device that cannot deny the possibility of the presence of the packet of the unauthorized user cannot perform the same packet transfer control on the upstream side that is considered to be close to the source address. It is also effective to transfer the inspection request packet to the device or newly send it. In an Ethernet network, even if packets from different sources take a common route, it is highly likely that the route will be different if the packet is traced upstream closer to the source, and exists at that location. This is because the packet transfer control device can use the interface circuit 214 to determine and discard an illegal packet.
[0121]
【The invention's effect】
As described above, according to the inventions of claims 1 to 28, when packets of the same destination are input in parallel to a plurality of ports of a packet transfer device such as a router, packets of an unauthorized user are passed. The port to be specified is specified and the transfer of the packet is prohibited. Therefore, the transfer of the illegal packet can be prohibited by the simple control, and the server due to the illegal access or the transfer of the invalid packet through the network can be prevented. , Etc., can be reduced.
[0122]
According to the second, fourth, fifth, twelfth, twelfth, twelfth, twelfth, twelfth, twelfth, and twenty-third aspects of the present invention, packet reception is performed at a predetermined frequency Since the processing for the unauthorized access is performed on the condition that the above conditions are satisfied, there is an effect that the table management of the packet transfer control device is not complicated and the load is reduced.
[0123]
Further, claims 3 to 5, claim 7, claim 8, claim 13 to claim 15, claim 17, claim 18, claim 22 to claim 24, claim 26 and claim 27. According to the invention described above, since the packet of the unauthorized user is determined based on the information on the number of transfers included in the packet, even if the packet has passed through the same port or interface circuit, the packet of the unauthorized user may exist. Can be determined.
[0124]
According to the invention of claims 6 to 9, claim 16 to claim 19, and claim 25 to claim 28, a notification that a packet of an unauthorized user may exist is received. Decided to regulate the transfer of the packet, so that the packet transfer control device can not only omit or simplify the function of detecting the packet of the unauthorized user, but also the notifying side is a circuit device that regulates the transfer of the packet. It is not necessary to provide the device configuration, and the device configuration can be interchanged with each other.
[0125]
Further, according to the tenth aspect of the present invention, even if the route to which the packet is transferred is changed due to a network failure or the like due to the lapse of time, it is possible to inspect and regulate the unauthorized access packet again. Become.
[Brief description of the drawings]
FIG. 1 is a schematic configuration diagram showing a main part of a communication system using a packet transfer control device according to a first embodiment of the present invention.
FIG. 2 is an explanatory diagram showing a configuration of an input / output port of the packet transfer control device according to the first embodiment.
FIG. 3 is a block diagram illustrating a configuration of a packet transfer control device according to the first embodiment.
FIG. 4 is a flowchart showing a control flow of the packet transfer control device in the first embodiment.
FIG. 5 is an explanatory diagram showing an example of the contents of a filter table in the first embodiment.
FIG. 6 is an explanatory diagram showing an example of the contents of a classification table in the first embodiment.
FIG. 7 is a flowchart illustrating a flow of a multiplex detection process performed by a multiplex detection unit according to the first embodiment.
FIG. 8 is an explanatory diagram illustrating an example of an inspection table according to the first embodiment.
FIG. 9 is a flowchart illustrating a flow of a comparison process of a line comparison unit in the first embodiment.
FIG. 10 is an explanatory diagram showing an example of a configuration of a packet used in the second embodiment of the present invention.
FIG. 11 is a block diagram illustrating a configuration of a packet transfer control device according to a second embodiment.
FIG. 12 is an explanatory diagram showing an example of the contents of a classification table in the second embodiment.
FIG. 13 is a flowchart showing a control flow of a multiplex detection unit in the second embodiment.
FIG. 14 is an explanatory diagram showing a configuration of an inspection table in the second embodiment.
FIG. 15 is a block diagram illustrating a configuration of a packet transfer control device according to a third embodiment of the present invention.
FIG. 16 is an explanatory diagram showing a modification of the classification table.
FIG. 17 is a system configuration diagram showing a conventionally proposed packet transfer control device.
[Explanation of symbols]
207 Packet transfer control device
211 lines
213 Line interface
214 Interface Circuit
215 Control packet classification unit
216 Filter section
217 Routing Unit
218 Line Comparison Unit
219 SA Inspection Unit
221 Filter table
222 SA classification unit
225 Classification table
226 Multiplex detection unit
227 Inspection table
411 items "TTL"
P₁~ P_N  1st to Nth ports

Claims (28)

Multiple ports for receiving packets sent over the network,
Unauthorized access detection means for detecting unauthorized access on the condition that packets indicating the same transmission source are input in time parallel in some of these ports;
Source inspection packet transmitting means for transmitting a source inspection packet for requesting a return of a packet with the source of these packets as a destination when the unauthorized access detecting means detects an unauthorized access;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the packet of the same source other than the port to which the response packet was sent back is input. And a specific packet transfer prohibiting unit for prohibiting the transfer of the same source packet when the packet is received from the specified port. Multiple ports for receiving packets sent over the network,
When packets indicating the same source are input in time parallel to some of these ports, unauthorized access detection means for detecting unauthorized access on condition that this is equal to or higher than a predetermined frequency,
Source inspection packet transmitting means for transmitting a source inspection packet for requesting a return of a packet with the source of these packets as a destination when the unauthorized access detecting means detects an unauthorized access;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the packet of the same source other than the port to which the response packet was sent back is input. And a specific packet transfer prohibiting unit for prohibiting the transfer of the same source packet when the packet is received from the specified port. Multiple ports for receiving packets sent over the network,
When a packet specifying the number of times of packet transfer is received at these ports, the number of times of transfer consisting of a pair of the number of times of transfer indicated by these and the source information of the packet. Storage means;
Transfer number mismatch packet detecting means for detecting a packet in which the time-series transfer numbers do not match among packets of the same transmission source stored in the transfer number transmission source information storage means,
Source inspection packet for transmitting a source inspection packet for inspecting the source the source of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers Sending means;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and the unauthorized access packet is identified. A packet transfer control device comprising: specific packet transfer prohibition means for prohibiting transfer of an access packet . Multiple ports for receiving packets sent over the network,
When a packet specifying the number of times of transfer of a packet is received at these ports, the number of times of transmission, which is a pair of the number of times of transfer and the source information of the packet, indicated by the source is determined by the reception of these packets. Transfer number source information storage means for storing on condition that the frequency is equal to or higher than
Transfer number mismatch packet detecting means for detecting a packet in which the time-series transfer numbers do not match among packets of the same transmission source stored in the transfer number transmission source information storage means,
Source inspection packet for transmitting a source inspection packet for inspecting the source the source of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers Sending means;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and the unauthorized access packet is identified. A packet transfer control device comprising: specific packet transfer prohibition means for prohibiting transfer of an access packet . Multiple ports for receiving packets sent over the network,
When a packet specifying the number of times of transfer of a packet is received at these ports, the number of times of transmission, which is a pair of the number of times of transfer and the source information of the packet, indicated by the source is determined by the reception of these packets. Transfer number source information storage means for storing on condition that the frequency is equal to or higher than
Transfer number mismatch packet detecting means for detecting a packet in which the time-series transfer numbers do not match among packets of the same transmission source stored in the transfer number transmission source information storage means,
When the transfer number mismatch packet detecting means detects a packet whose transfer number does not match, a port storing means for storing a port receiving these packets in relation to the transfer number;
When the transfer count mismatch packet detecting means detects a packet whose transfer count is not consistent, a source check packet for sending a source check packet for checking the source with the source of the packet as a destination is used. Packet sending means;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, an illegal packet identification for identifying the packet of the illegal access by checking the route to which the response packet was returned. Means,
A packet transfer control device comprising: a specific packet transfer prohibiting unit that prohibits transfer of a packet of a corresponding transmission source received from a port corresponding to an invalid packet specified by the invalid packet specifying unit. Multiple ports for receiving packets sent over the network,
When there is a possibility that there is a possibility that at least a part of the same source packet may incorrectly indicate the source, there is a notification reception that receives the notification together with source information indicating the source. Means,
When the notification receiving means receives the notification, the corresponding packet reception determining means checks whether or not two or more of the plurality of ports are receiving a source packet represented by the source information in parallel. When,
When the corresponding packet reception determining means determines that the packet of the transmission source indicated by the transmission source information is received in parallel at two or more ports, the packet of the transmission source indicated by the transmission source information is set to the destination. Source inspection packet sending means for sending a source inspection packet for requesting a reply,
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the packet of the same source other than the port to which the response packet was sent back is input. And a specific packet transfer prohibiting unit for prohibiting the transfer of the same source packet when the packet is received from the specified port. Multiple ports for receiving packets sent over the network,
When there is a possibility that at least a part of the packet that specifies the number of transfers may possibly indicate the source incorrectly, the number of transfers indicated when these packets were received and Notification receiving means for receiving the notification together with the transfer number source information indicating a pair with the packet source information,
Transfer number mismatch packet detecting means for detecting, when the notification receiving means receives the notification, packets in which the time-series transfer numbers are not matched among the packets of the same source indicated in the transfer number source information. When,
Source inspection packet for transmitting a source inspection packet for inspecting the source the source of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers Sending means;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and the unauthorized access packet is identified. A packet transfer control device comprising: specific packet transfer prohibition means for prohibiting transfer of an access packet . Multiple ports for receiving packets sent over the network,
When there is a possibility that at least a part of the packet that specifies the number of transfers may possibly indicate the source incorrectly, the number of transfers indicated when these packets were received and Notification receiving means for receiving the notification together with the transfer number source information indicating a pair with the packet source information,
Transfer number mismatch packet detecting means for detecting, when the notification receiving means receives the notification, packets in which the time-series transfer numbers are not matched among the packets of the same source indicated in the transfer number source information. When,
Source inspection packet for transmitting a source inspection packet for inspecting the source the source of the packet as the destination when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers Sending means;
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and the unauthorized access packet is identified. A packet transfer control device comprising: specific packet transfer prohibition means for prohibiting transfer of an access packet . Multiple ports for receiving packets sent over the network,
When there is a possibility that there is a possibility that at least a part of the same source packet may incorrectly indicate the source, there is a notification reception that receives the notification together with source information indicating the source. Means,
When the notification receiving means receives the notification, the corresponding packet reception determining means checks whether or not two or more of the plurality of ports are receiving a source packet represented by the source information in parallel. When,
When the corresponding packet reception determining means determines that the packet of the transmission source indicated by the transmission source information is received in parallel at two or more ports, the packet of the transmission source indicated by the transmission source information is set to the destination. Source inspection packet sending means for sending a source inspection packet for requesting a reply,
When a response packet for the source inspection packet transmitted by the source inspection packet transmitting means is sent back, the same source packet other than the port to which the response packet was sent back is input. Specific packet transfer prohibiting means for prohibiting the transfer when the same source packet is received from the port that has been received,
When the corresponding packet reception determining means determines that the source packet represented by the source information is not received at two or more ports in parallel, the transfer on the side one closer to the source represented by the source information A packet transfer control device for notifying source information indicating a source that may have previously displayed the source incorrectly. The specific packet transfer inhibiting means is provided with a timer, according to any of claims 1 to claim 9, characterized in that to release the transfer inhibition of a particular packet after a predetermined time clocked by the timer Packet transfer control device. An unauthorized access detection step of detecting an unauthorized access on the condition that packets indicating the same transmission source sent via the network are input in time to some of the plurality of ports;
A source inspection packet transmitting step of transmitting a source inspection packet for requesting a return of the packet to the source of the packet when the unauthorized access is detected in the unauthorized access detecting step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is returned, the same source packet other than the port to which the response packet was transmitted is input. A specific packet transfer prohibition step of prohibiting the transfer of the same source packet when the packet is received from the specified port. Unauthorized access detection that detects unauthorized access on the condition that packets indicating the same transmission source sent via a network are input to some of a plurality of ports at a predetermined frequency or more and in parallel in time. Steps and
A source inspection packet transmitting step of transmitting a source inspection packet for requesting a return of the packet to the source of the packet when the unauthorized access is detected in the unauthorized access detecting step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is returned, the same source packet other than the port to which the response packet was transmitted is input. A specific packet transfer prohibition step of prohibiting the transfer of the same source packet when the packet is received from the specified port. A receiving step of receiving packets sent via the network at a plurality of ports;
When a packet specifying the number of times of packet transfer is received at these ports, the number of times of transfer consisting of a pair of the number of times of transfer indicated by these and the source information of the packet. A memory step;
A transfer count mismatching packet detecting step of detecting a packet whose time-series transfer count is not matched among the packets of the same transmission source stored in the transfer count transmission source information storage step;
A source inspection packet for sending a source inspection packet for inspecting this source with the source of the packet as the destination when a packet with an inconsistent number of transmissions is detected in the transfer number mismatch packet detection step. Sending step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and these illegal access packets are identified. A specific packet transfer prohibition step of prohibiting transfer of an access packet . A receiving step of receiving packets sent via the network at a plurality of ports;
When a packet specifying the number of times of transfer of a packet is received at these ports, the number of times of transmission, which is a pair of the number of times of transfer and the source information of the packet, indicated by the source is determined by the reception of these packets. A transfer count source information storing step of storing the condition that the frequency is equal to or more than
A transfer count mismatching packet detecting step of detecting a packet whose time-series transfer count is not matched among the packets of the same transmission source stored in the transfer count transmission source information storage step;
A source inspection packet for sending a source inspection packet for inspecting this source with the source of the packet as the destination when a packet with an inconsistent number of transmissions is detected in the transfer number mismatch packet detection step. Sending step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and these illegal access packets are identified. A specific packet transfer prohibition step of prohibiting transfer of an access packet . A receiving step of receiving packets sent via the network at a plurality of ports;
When a packet specifying the number of times of transfer of a packet is received at these ports, the number of times of transmission, which is a pair of the number of times of transfer and the source information of the packet, indicated by the source is determined by the reception of these packets. A transfer count source information storing step of storing the condition that the frequency is equal to or more than
A transfer count mismatching packet detecting step of detecting a packet whose time-series transfer count is not matched among the packets of the same transmission source stored in the transfer count transmission source information storage step;
A port storing step of storing a port receiving these packets in relation to the number of transfers when detecting a packet having an inconsistent number of transfers in the transfer number mismatched packet detecting step;
When the transfer number mismatch packet detecting step detects a packet whose transfer number does not match, a source check packet for sending a source check packet for checking the source with the source of the packet as a destination is used. A packet sending step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, an illegal packet identification for identifying a packet of an illegal access by checking a route to which the response packet is returned. Steps and
A specific packet transfer prohibiting step of prohibiting the transfer of the packet of the corresponding source received from the port corresponding to the invalid packet specified in the invalid packet specifying step. A receiving step of receiving packets sent via the network at a plurality of ports;
When there is a possibility that there is a possibility that at least a part of the same source packet may incorrectly indicate the source, there is a notification reception that receives the notification together with source information indicating the source. Steps and
A corresponding packet reception determining step of checking whether or not two or more of the plurality of ports are receiving, in parallel, a source packet represented by the source information when receiving the notification in the notification receiving step; When,
When it is determined in the corresponding packet reception determining step that the packet of the transmission source represented by the transmission source information is received in parallel at two or more ports, the packet of the transmission source represented by the transmission source information is set to the destination. Sending a source inspection packet for sending a source inspection packet for requesting a reply;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is returned, the same source packet other than the port to which the response packet was transmitted is input. A specific packet transfer prohibition step of prohibiting the transfer of the same source packet when the packet is received from the specified port. A receiving step of receiving packets sent via the network at a plurality of ports;
When there is a possibility that at least a part of the packet that specifies the number of transfers may possibly indicate the source incorrectly, the number of transfers indicated when these packets were received and A notification receiving step of receiving the notification together with the number of times of transmission source information indicating a pair with the source information of the packet,
A transfer count mismatching packet detecting step for detecting, when a notification is received in the notification receiving step, a packet in which the time-series transfer counts are not matched among the packets of the same source indicated in the transfer count source information. When,
A source inspection packet for sending a source inspection packet for inspecting this source with the source of the packet as the destination when a packet with an inconsistent number of transmissions is detected in the transfer number mismatch packet detection step. Sending step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and these illegal access packets are identified. A specific packet transfer prohibition step of prohibiting transfer of an access packet . A receiving step of receiving packets sent via the network at a plurality of ports;
When there is a possibility that at least a part of the packet that specifies the number of transfers may possibly indicate the source incorrectly, the number of transfers indicated when these packets were received and A notification receiving step of receiving the notification together with the number of times of transmission source information indicating a pair with the source information of the packet,
A transfer count mismatching packet detecting step for detecting, when a notification is received in the notification receiving step, a packet in which the time-series transfer counts are not matched among the packets of the same source indicated in the transfer count source information, When,
A source inspection packet for sending a source inspection packet for inspecting this source with the source of the packet as the destination when a packet with an inconsistent number of transmissions is detected in the transfer number mismatch packet detection step. Sending step;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is sent back, the route to which the response packet was returned is checked to identify an unauthorized access packet, and these illegal access packets are identified. A specific packet transfer prohibition step of prohibiting transfer of an access packet . A receiving step of receiving packets sent via the network at a plurality of ports;
When there is a possibility that there is a possibility that at least a part of the same source packet may incorrectly indicate the source, there is a notification reception that receives the notification together with source information indicating the source. Steps and
A corresponding packet reception determining step of checking whether or not two or more of the plurality of ports are receiving, in parallel, a source packet represented by the source information when receiving the notification in the notification receiving step; When,
When it is determined in the corresponding packet reception determining step that the packet of the transmission source represented by the transmission source information is received in parallel at two or more ports, the packet of the transmission source represented by the transmission source information is set to the destination. Sending a source inspection packet for sending a source inspection packet for requesting a reply;
When a response packet for the source inspection packet transmitted in the source inspection packet transmission step is returned, the same source packet other than the port to which the response packet was transmitted is input. A specific packet transfer prohibition step of prohibiting the transfer when the packet of the same source is received from the port that has been received,
When it is determined in the corresponding packet reception determining step that the packet of the transmission source represented by the transmission source information is not received in parallel at two or more ports, the transfer on the side closer to the transmission source indicated by the transmission source information A notification step of notifying the sender information indicating the sender that may have displayed the sender illegally beforehand. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets sent from the source device via a network, and a condition that packets indicating the same source device are input to some of these ports in parallel in time. An unauthorized access detection means for detecting an unauthorized access, and a transmission source device inspection packet for requesting a return of the packet to the transmission source device of the packet when the unauthorized access detection means detects the unauthorized access. A source device inspection packet transmitting unit, and a port to which the response packet is sent back when a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting unit is returned. And the same transmission from the port to which the packet of the same transmission source device is input. Packet forwarding system characterized by comprising a packet transfer control device that includes a specific packet transfer inhibiting means for inhibiting the transfer when the packet device has been received. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
When a plurality of ports for receiving packets sent from the source device via the network and packets indicating the same source device are input in some of these ports in parallel in time, this An unauthorized access detection means for detecting an unauthorized access on condition that the frequency is equal to or higher than a frequency of the packet. When a response packet for the source device inspection packet sent by the source device inspection packet sending means for sending the source device inspection packet is sent back, A packet other than the port from which the response packet was sent back and the packet of the same transmission source device is input Packet forwarding system characterized by comprising a packet transfer control device that includes a specific packet transfer inhibiting means for inhibiting the transfer when the port is received packets of the same source device. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets transmitted from the source device via the network, and the number of transfer times and the number of packets indicated when these packets specify the number of transfer times of the packets to these ports; The number of times of transmission, which is a pair with the number of times of transmission of the transmission source device. The transmission source device information storage means for storing transmission source device information, and the number of transmissions of the same transmission source device stored in the transmission number of transmission source device information storage means. Transfer number mismatching packet detecting means for detecting a packet whose time-series transfer counts do not match, and transmission of the packet when the transfer number mismatching packet detecting means detects a packet whose transfer count does not match. the source device test packet sending hand delivering source device inspection packets for testing the transmission source device based on device as the destination If, when the response packet of the transmission source device inspection packet transmitted by the source device test packet sending means sent back, the particular packets of unauthorized access by checking the route the response packet is returned A packet transfer control device including a specific packet transfer prohibiting unit for prohibiting the transfer of these unauthorized access packets . A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets transmitted from the source device via the network, and the number of transfer times and the number of packets indicated when these packets specify the number of transfer times of the packets to these ports; Transfer number source device information storage means for storing source device information, which is a pair with the source device information, on the condition that reception of these packets is equal to or more than a predetermined frequency; A transfer count mismatch packet detecting means for detecting a packet in which the time-series transfer counts do not match among the packets of the same transmission source device stored in the device information storage means, and a transfer count mismatch packet detecting means. transmission for checking the transmission source device the source device of the packet as the destination when it detects a packet that does not match the number of transfers A transmission source apparatus test packet transmitting means for transmitting a device test packet, when the response packet of the transmission source device inspection packet transmitted by the source device test packet sending means sent back, this response packet A packet transfer control device including a specific packet transfer prohibiting unit for checking a route to which the packet has been returned and identifying an unauthorized access packet and prohibiting the transfer of the unauthorized access packet. Transfer system. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets transmitted from the source device via the network, and the number of transfer times and the number of packets indicated when these packets specify the number of transfer times of the packets to these ports; Transfer number source device information storage means for storing source device information, which is a pair with the source device information, on the condition that reception of these packets is equal to or more than a predetermined frequency; A transfer count mismatch packet detecting means for detecting a packet in which the time-series transfer counts do not match among the packets of the same transmission source device stored in the device information storage means, and a transfer count mismatch packet detecting means. Port storage for storing the port receiving these packets in relation to the number of transfers when detecting packets with inconsistent transfers. And stage, when the transfer count mismatch packet detecting means detects a packet that does not match the number of transfers, the source device inspection packets for inspecting the source device the source device of the packet as the destination A source device inspection packet transmitting unit to be transmitted, and a route to which the response packet is returned when a response packet for the source device inspection packet transmitted by the source device inspection packet transmitting unit is returned. Packet identifying means for checking a packet for unauthorized access by checking the packet, and a specific packet for inhibiting transfer of a packet of the corresponding transmission source device received from a port corresponding to the illegal packet identified by the illegal packet identifying means. A packet transfer control device having a transfer inhibiting means. Tsu-forwarding system. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets sent from the source device via the network, and packets of the same source device that may at least partially indicate the source device incorrectly Notification receiving means for receiving the notification together with source device information indicating the source device when the notification may be present, and at least two of the plurality of ports when the notification receiving means receives the notification Corresponding packet reception determining means for checking whether or not packets of the transmission source device represented by the transmission source device information are received in parallel; When it is determined that the packets of the transmission source device represented by the above are received in parallel, the transmission source device represented by the transmission source device information is addressed. Source device inspection packet transmitting means for transmitting a source device inspection packet for requesting a packet return, and a response to the source device inspection packet transmitted by the source device inspection packet transmitting means. When the packet is sent back, when the packet of the same source device is received from a port other than the port from which the response packet was sent back and the packet of the same source device is input, the transfer is performed. A packet transfer control device including a specific packet transfer prohibition unit for prohibiting the packet transfer. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
There are a plurality of ports for receiving packets sent via the network by the source device, and there are packets for which the number of transfers is specified, at least some of which may incorrectly indicate the source device. Notification receiving means for receiving the notification together with the transfer number transmission source device information indicating the pair of the number of transfer times indicated by the packet and the transmission source device information when the packet is received when the packet is received; When the notification receiving means receives the notification, the number of times of transfer detects a packet whose time-series number of times of transfer is inconsistent among packets of the same source device indicated in the source device information. When the packet detecting means detects a packet in which the number of times of transfer is inconsistent, and the packet detecting means detects the packet in which the number of times of transfer is inconsistent, the packet source is sent to the source device of the packet. To the source device test packet transmitting means for transmitting the source device inspection packets for testing the transmission source device, the source device inspection packet sent by the source device test packet sending means When the response packet is sent back, a packet provided with specific packet transfer prohibiting means for checking a route to which the response packet was returned, identifying an unauthorized access packet, and prohibiting the transfer of the unauthorized access packet. A packet transfer system comprising a transfer control device. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
There are a plurality of ports for receiving packets sent via the network by the source device, and there are packets for which the number of transfers is specified, at least some of which may incorrectly indicate the source device. Notification receiving means for receiving the notification together with the transfer number transmission source device information indicating the pair of the number of transfer times indicated by the packet and the transmission source device information when the packet is received when the packet is received; When the notification receiving means receives the notification, the transfer count mismatch detecting a packet in which the time-series transfer count is not matched among the packets of the same transmission source device indicated in the transmission count transmission source device information. When the packet detecting means detects a packet in which the number of times of transfer is inconsistent, and the packet detecting means detects the packet in which the number of times of transfer is inconsistent, the packet source is sent to the source device of the packet. To the source device test packet transmitting means for transmitting the source device inspection packets for testing the transmission source device, the source device inspection packet sent by the source device test packet sending means When the response packet is sent back, a packet provided with specific packet transfer prohibiting means for checking a route to which the response packet was returned, identifying an unauthorized access packet, and prohibiting the transfer of the unauthorized access packet. A packet transfer system comprising a transfer control device. A source device for transmitting packets over the network,
A destination device that receives a packet via a network,
A plurality of ports for receiving packets sent from the source device via the network, and packets of the same source device that may at least partially indicate the source device incorrectly Notification receiving means for receiving the notification together with source device information indicating the source device when the notification may be present, and at least two of the plurality of ports when the notification receiving means receives the notification Corresponding packet reception determining means for checking whether or not packets of the transmission source device represented by the transmission source device information are received in parallel; When it is determined that the packets of the transmission source device represented by the above are received in parallel, the transmission source device represented by the transmission source device information is addressed. Source device inspection packet transmitting means for transmitting a source device inspection packet for requesting a packet reply, and a response to the source device inspection packet transmitted by the source device inspection packet transmitting means. When the packet is sent back, when the packet of the same source device is received from a port other than the port to which the response packet was sent back and the packet of the same source device is input, the transfer is performed. A specific packet transfer prohibiting unit for prohibiting the packet transmission, and the corresponding packet reception determining unit determines that the packets of the source device indicated in the source device information are not received in parallel at two or more ports. There is a possibility that the source device is incorrectly displayed on the transfer destination on the side closer to the source device indicated by the information. Packet forwarding system characterized by comprising a packet transfer controlling apparatus and a notifying means for notifying the source device information representing the transmission source device.

Images