JP2018125669A5 - - Google Patents

Download PDF

Info

Publication number
JP2018125669A5
JP2018125669A5 JP2017015790A JP2017015790A JP2018125669A5 JP 2018125669 A5 JP2018125669 A5 JP 2018125669A5 JP 2017015790 A JP2017015790 A JP 2017015790A JP 2017015790 A JP2017015790 A JP 2017015790A JP 2018125669 A5 JP2018125669 A5 JP 2018125669A5
Authority
JP
Japan
Prior art keywords
packet
network address
monitoring unit
computer
security boundary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2017015790A
Other languages
Japanese (ja)
Other versions
JP2018125669A (en
JP6829615B2 (en
Filing date
Publication date
Application filed filed Critical
Priority to JP2017015790A priority Critical patent/JP6829615B2/en
Priority claimed from JP2017015790A external-priority patent/JP6829615B2/en
Publication of JP2018125669A publication Critical patent/JP2018125669A/en
Publication of JP2018125669A5 publication Critical patent/JP2018125669A5/ja
Application granted granted Critical
Publication of JP6829615B2 publication Critical patent/JP6829615B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Claims (2)

請求項10に記載のシステムであって、
前記パケット受信計算機は、前記監視部を含み、
前記監視部は、前記パケット受信計算機から送信されるパケットを監視し、
前記パケット送信元計算機は、第2監視部を含み、
前記第2監視部は、
前記管理情報に基づいて、前記パケット送信元計算機から送信されるパケットの宛先ネットワークアドレスと前記セキュリティ境界との関係を特定し、
前記宛先ネットワークアドレスが前記セキュリティ境界外のアドレスであるパケットを破棄し、
前記宛先ネットワークアドレスが前記セキュリティ境界上のネットワークアドレスであるパケットに対して監視処理を実行し、
前記宛先ネットワークアドレスが前記セキュリティ境界内のネットワークアドレスであるパケットを、前記監視処理を実行することなく転送する、システム。 The system according to claim 10, wherein
The packet reception computer includes the monitoring unit,
The monitoring unit monitors a packet transmitted from the packet reception computer,
The packet transmission source computer includes a second monitoring unit,
The second monitoring unit includes:
Based on the management information, specify the relationship between the destination network address of the packet transmitted from the packet source computer and the security boundary,
Discarding packets whose destination network address is outside the security boundary,
Performing a monitoring process on a packet whose destination network address is a network address on the security boundary,
A system for forwarding a packet whose destination network address is a network address within the security boundary without performing the monitoring process. 請求項9に記載のシステムであって、
前記セキュリティ境界内の第1ゲートウェイ計算機と第2ゲートウェイ計算機とをさらに含み、
前記第1ゲートウェイ計算機は転送部と前記監視部とを含み、
前記第2ゲートウェイ計算機は第2転送部と第2監視部とを含み、
前記転送部は、前記パケット受信計算機から送信されたパケットのうち、ネットワークアドレスが前記第2ゲートウェイ計算機と異なるパケットを選択して、前記監視部に送信し、
前記第2転送部は、前記パケット送信元計算機から送信されたパケットのうち、ネットワークアドレスが前記第1ゲートウェイ計算機と異なるパケットを選択して、前記第2監視部に送信し、
前記第2監視部は、
前記管理情報に基づいて、前記パケット送信元計算機から送信されるパケットの宛先ネットワークアドレスと前記セキュリティ境界との関係を特定し、
前記宛先ネットワークアドレスが前記セキュリティ境界外のアドレスであるパケットを破棄し、
前記宛先ネットワークアドレスが前記セキュリティ境界上のネットワークアドレスであるパケットに対して監視処理を実行する、システム。 The system according to claim 9, wherein
Further comprising a first gateway computer and a second gateway computer within the security boundary,
The first gateway computer includes a transfer unit and the monitoring unit,
The second gateway computer includes a second transfer unit and a second monitoring unit,
The transfer unit, among the packets transmitted from the previous SL packet receiving computer, select the packet network address is different from the second gateway computer, and transmitted to the monitoring unit,
The second transfer portion, among the packets transmitted from the previous SL packet source computer, select the packet network address is different from the first gateway computer, and transmitted to the second monitoring unit,
The second monitoring unit includes:
Based on the management information, specify the relationship between the destination network address of the packet transmitted from the packet source computer and the security boundary,
Discarding packets whose destination network address is outside the security boundary,
A system for performing a monitoring process on a packet whose destination network address is a network address on the security boundary.
JP2017015790A 2017-01-31 2017-01-31 A device that monitors transmitted packets Active JP6829615B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2017015790A JP6829615B2 (en) 2017-01-31 2017-01-31 A device that monitors transmitted packets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2017015790A JP6829615B2 (en) 2017-01-31 2017-01-31 A device that monitors transmitted packets

Publications (3)

Publication Number Publication Date
JP2018125669A JP2018125669A (en) 2018-08-09
JP2018125669A5 true JP2018125669A5 (en) 2020-02-20
JP6829615B2 JP6829615B2 (en) 2021-02-10

Family

ID=63111647

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2017015790A Active JP6829615B2 (en) 2017-01-31 2017-01-31 A device that monitors transmitted packets

Country Status (1)

Country Link
JP (1) JP6829615B2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020088716A (en) 2018-11-29 2020-06-04 株式会社デンソー Relay device
JP7209791B1 (en) 2021-09-27 2023-01-20 三菱電機株式会社 Master device, communication control method, communication control program and communication control system

Similar Documents

Publication Publication Date Title
US9979615B2 (en) Techniques for determining network topologies
JP2016515339A5 (en)
JP2018139448A5 (en)
US10587734B2 (en) Method for operating a software defined network and a software defined network
JP2014508458A5 (en)
JP2017511027A5 (en)
WO2019134383A1 (en) Method for controlling network congestion, access device, and computer readable storage medium
GB2567026A (en) Methods and systems for transmitting information packets through tunnel groups at a network node
JP2016511978A (en) Method, device and routing system for network virtualization data transmission
WO2018177409A1 (en) Packet transmission method and apparatus
JP2015508607A5 (en)
GB2532587A (en) Methods and systems for transmitting data through an aggregated connection
JP2016517240A5 (en) Server-managed routing system and method
JP2016519495A5 (en)
HRP20231610T1 (en) Methods for transmitting or receiving media data
JP2017505005A5 (en)
WO2014036382A3 (en) Byte caching in wireless communication networks
WO2015184771A1 (en) Method and node device for operation, administration, and maintenance of service function chaining
EP4236251A3 (en) Label management method and device for processing data stream
WO2016095322A1 (en) Vrrp-based data transmission method and apparatus
WO2017045501A1 (en) Packet scheduling method and apparatus, and storage medium
MX2020012948A (en) Method and apparatus for managing virtual private network.
GB2515674A (en) Methods and systems for receiving and transmitting internet protocol (IP) data packets
GB2525054A (en) Methods and systems for processing internet protocol packets
ATE522047T1 (en) TOKEN BUS COMMUNICATION SYSTEM