JP2018125669A5 - - Google Patents
Download PDFInfo
- Publication number
- JP2018125669A5 JP2018125669A5 JP2017015790A JP2017015790A JP2018125669A5 JP 2018125669 A5 JP2018125669 A5 JP 2018125669A5 JP 2017015790 A JP2017015790 A JP 2017015790A JP 2017015790 A JP2017015790 A JP 2017015790A JP 2018125669 A5 JP2018125669 A5 JP 2018125669A5
- Authority
- JP
- Japan
- Prior art keywords
- packet
- network address
- monitoring unit
- computer
- security boundary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 claims 1
Claims (2)
前記パケット受信計算機は、前記監視部を含み、
前記監視部は、前記パケット受信計算機から送信されるパケットを監視し、
前記パケット送信元計算機は、第2監視部を含み、
前記第2監視部は、
前記管理情報に基づいて、前記パケット送信元計算機から送信されるパケットの宛先ネットワークアドレスと前記セキュリティ境界との関係を特定し、
前記宛先ネットワークアドレスが前記セキュリティ境界外のアドレスであるパケットを破棄し、
前記宛先ネットワークアドレスが前記セキュリティ境界上のネットワークアドレスであるパケットに対して監視処理を実行し、
前記宛先ネットワークアドレスが前記セキュリティ境界内のネットワークアドレスであるパケットを、前記監視処理を実行することなく転送する、システム。 The system according to claim 10, wherein
The packet reception computer includes the monitoring unit,
The monitoring unit monitors a packet transmitted from the packet reception computer,
The packet transmission source computer includes a second monitoring unit,
The second monitoring unit includes:
Based on the management information, specify the relationship between the destination network address of the packet transmitted from the packet source computer and the security boundary,
Discarding packets whose destination network address is outside the security boundary,
Performing a monitoring process on a packet whose destination network address is a network address on the security boundary,
A system for forwarding a packet whose destination network address is a network address within the security boundary without performing the monitoring process.
前記セキュリティ境界内の第1ゲートウェイ計算機と第2ゲートウェイ計算機とをさらに含み、
前記第1ゲートウェイ計算機は転送部と前記監視部とを含み、
前記第2ゲートウェイ計算機は第2転送部と第2監視部とを含み、
前記転送部は、前記パケット受信計算機から送信されたパケットのうち、ネットワークアドレスが前記第2ゲートウェイ計算機と異なるパケットを選択して、前記監視部に送信し、
前記第2転送部は、前記パケット送信元計算機から送信されたパケットのうち、ネットワークアドレスが前記第1ゲートウェイ計算機と異なるパケットを選択して、前記第2監視部に送信し、
前記第2監視部は、
前記管理情報に基づいて、前記パケット送信元計算機から送信されるパケットの宛先ネットワークアドレスと前記セキュリティ境界との関係を特定し、
前記宛先ネットワークアドレスが前記セキュリティ境界外のアドレスであるパケットを破棄し、
前記宛先ネットワークアドレスが前記セキュリティ境界上のネットワークアドレスであるパケットに対して監視処理を実行する、システム。 The system according to claim 9, wherein
Further comprising a first gateway computer and a second gateway computer within the security boundary,
The first gateway computer includes a transfer unit and the monitoring unit,
The second gateway computer includes a second transfer unit and a second monitoring unit,
The transfer unit, among the packets transmitted from the previous SL packet receiving computer, select the packet network address is different from the second gateway computer, and transmitted to the monitoring unit,
The second transfer portion, among the packets transmitted from the previous SL packet source computer, select the packet network address is different from the first gateway computer, and transmitted to the second monitoring unit,
The second monitoring unit includes:
Based on the management information, specify the relationship between the destination network address of the packet transmitted from the packet source computer and the security boundary,
Discarding packets whose destination network address is outside the security boundary,
A system for performing a monitoring process on a packet whose destination network address is a network address on the security boundary.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2017015790A JP6829615B2 (en) | 2017-01-31 | 2017-01-31 | A device that monitors transmitted packets |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2017015790A JP6829615B2 (en) | 2017-01-31 | 2017-01-31 | A device that monitors transmitted packets |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2018125669A JP2018125669A (en) | 2018-08-09 |
JP2018125669A5 true JP2018125669A5 (en) | 2020-02-20 |
JP6829615B2 JP6829615B2 (en) | 2021-02-10 |
Family
ID=63111647
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2017015790A Active JP6829615B2 (en) | 2017-01-31 | 2017-01-31 | A device that monitors transmitted packets |
Country Status (1)
Country | Link |
---|---|
JP (1) | JP6829615B2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020088716A (en) | 2018-11-29 | 2020-06-04 | 株式会社デンソー | Relay device |
JP7209791B1 (en) | 2021-09-27 | 2023-01-20 | 三菱電機株式会社 | Master device, communication control method, communication control program and communication control system |
-
2017
- 2017-01-31 JP JP2017015790A patent/JP6829615B2/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9979615B2 (en) | Techniques for determining network topologies | |
JP2016515339A5 (en) | ||
JP2018139448A5 (en) | ||
US10587734B2 (en) | Method for operating a software defined network and a software defined network | |
JP2014508458A5 (en) | ||
JP2017511027A5 (en) | ||
WO2019134383A1 (en) | Method for controlling network congestion, access device, and computer readable storage medium | |
GB2567026A (en) | Methods and systems for transmitting information packets through tunnel groups at a network node | |
JP2016511978A (en) | Method, device and routing system for network virtualization data transmission | |
WO2018177409A1 (en) | Packet transmission method and apparatus | |
JP2015508607A5 (en) | ||
GB2532587A (en) | Methods and systems for transmitting data through an aggregated connection | |
JP2016517240A5 (en) | Server-managed routing system and method | |
JP2016519495A5 (en) | ||
HRP20231610T1 (en) | Methods for transmitting or receiving media data | |
JP2017505005A5 (en) | ||
WO2014036382A3 (en) | Byte caching in wireless communication networks | |
WO2015184771A1 (en) | Method and node device for operation, administration, and maintenance of service function chaining | |
EP4236251A3 (en) | Label management method and device for processing data stream | |
WO2016095322A1 (en) | Vrrp-based data transmission method and apparatus | |
WO2017045501A1 (en) | Packet scheduling method and apparatus, and storage medium | |
MX2020012948A (en) | Method and apparatus for managing virtual private network. | |
GB2515674A (en) | Methods and systems for receiving and transmitting internet protocol (IP) data packets | |
GB2525054A (en) | Methods and systems for processing internet protocol packets | |
ATE522047T1 (en) | TOKEN BUS COMMUNICATION SYSTEM |