JP6599819B2 - パケット中継装置 - Google Patents

パケット中継装置 Download PDF

Info

Publication number
JP6599819B2
JP6599819B2 JP2016111112A JP2016111112A JP6599819B2 JP 6599819 B2 JP6599819 B2 JP 6599819B2 JP 2016111112 A JP2016111112 A JP 2016111112A JP 2016111112 A JP2016111112 A JP 2016111112A JP 6599819 B2 JP6599819 B2 JP 6599819B2
Authority
JP
Japan
Prior art keywords
packet
attack
mirror
information
relay device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2016111112A
Other languages
English (en)
Japanese (ja)
Other versions
JP2017216664A (ja
JP2017216664A5 (https=
Inventor
有一 石川
信仁 松山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alaxala Networks Corp
Original Assignee
Alaxala Networks Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alaxala Networks Corp filed Critical Alaxala Networks Corp
Priority to JP2016111112A priority Critical patent/JP6599819B2/ja
Priority to US15/591,189 priority patent/US10693890B2/en
Publication of JP2017216664A publication Critical patent/JP2017216664A/ja
Publication of JP2017216664A5 publication Critical patent/JP2017216664A5/ja
Application granted granted Critical
Publication of JP6599819B2 publication Critical patent/JP6599819B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging
    • H04L12/4666Operational details on the addition or the stripping of a tag in a frame, e.g. at a provider edge node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
JP2016111112A 2016-06-02 2016-06-02 パケット中継装置 Active JP6599819B2 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2016111112A JP6599819B2 (ja) 2016-06-02 2016-06-02 パケット中継装置
US15/591,189 US10693890B2 (en) 2016-06-02 2017-05-10 Packet relay apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2016111112A JP6599819B2 (ja) 2016-06-02 2016-06-02 パケット中継装置

Publications (3)

Publication Number Publication Date
JP2017216664A JP2017216664A (ja) 2017-12-07
JP2017216664A5 JP2017216664A5 (https=) 2018-08-30
JP6599819B2 true JP6599819B2 (ja) 2019-10-30

Family

ID=60483592

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2016111112A Active JP6599819B2 (ja) 2016-06-02 2016-06-02 パケット中継装置

Country Status (2)

Country Link
US (1) US10693890B2 (https=)
JP (1) JP6599819B2 (https=)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10785189B2 (en) * 2018-03-01 2020-09-22 Schweitzer Engineering Laboratories, Inc. Selective port mirroring and in-band transport of network communications for inspection
JP6992611B2 (ja) * 2018-03-09 2022-01-13 株式会社デンソー 中継装置
JP7003864B2 (ja) * 2018-07-24 2022-02-10 日本電信電話株式会社 振分装置、通信システムおよび振分方法
JP7155754B2 (ja) * 2018-08-24 2022-10-19 日本電信電話株式会社 推定方法、推定装置および推定プログラム
JP7338160B2 (ja) * 2019-01-25 2023-09-05 日本電気株式会社 電子メール送信判定装置、電子メール送信判定方法および電子メール送信判定プログラム
US11444877B2 (en) * 2019-03-18 2022-09-13 At&T Intellectual Property I, L.P. Packet flow identification with reduced decode operations
WO2021064773A1 (ja) * 2019-09-30 2021-04-08 日本電気株式会社 管理装置、ネットワーク監視システム、判定方法、通信方法、及び非一時的なコンピュータ可読媒体
JP7412164B2 (ja) * 2019-12-24 2024-01-12 三菱電機株式会社 情報処理装置、情報処理方法及び情報処理プログラム
CN113162862A (zh) * 2020-01-23 2021-07-23 华为技术有限公司 拥塞控制方法及装置
US11765188B2 (en) * 2020-12-28 2023-09-19 Mellanox Technologies, Ltd. Real-time detection of network attacks
NL2037252B1 (en) * 2024-03-13 2025-09-26 Csir A method and system for performing port scan detection in a network

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001245335A1 (en) * 2000-02-22 2001-09-03 Top Layer Networks, Inc. System and method for flow mirroring in a network switch
JP3893975B2 (ja) * 2002-01-07 2007-03-14 三菱電機株式会社 不正侵入検知装置及び不正侵入検知方法及び不正侵入検知プログラム
JP4223365B2 (ja) * 2003-09-29 2009-02-12 富士通株式会社 データ中継装置およびデータ中継方法
US7805762B2 (en) * 2003-10-15 2010-09-28 Cisco Technology, Inc. Method and system for reducing the false alarm rate of network intrusion detection systems
JP4149366B2 (ja) * 2003-11-21 2008-09-10 日本電信電話株式会社 ネットワーク攻撃対策方法およびそのネットワーク装置、ならびにそのプログラム
US7424018B2 (en) * 2004-05-05 2008-09-09 Gigamon Systems Llc Asymmetric packet switch and a method of use
US7849506B1 (en) * 2004-10-12 2010-12-07 Avaya Inc. Switching device, method, and computer program for efficient intrusion detection
JP2006279930A (ja) * 2005-03-01 2006-10-12 Nec Corp 不正アクセス検出方法及び装置、並びに不正アクセス遮断方法及び装置
US7860006B1 (en) * 2005-04-27 2010-12-28 Extreme Networks, Inc. Integrated methods of performing network switch functions
JP4759389B2 (ja) * 2006-01-10 2011-08-31 アラクサラネットワークス株式会社 パケット通信装置
JP4988632B2 (ja) * 2008-03-19 2012-08-01 アラクサラネットワークス株式会社 パケット中継装置およびトラフィックモニタシステム
KR101747079B1 (ko) * 2011-02-17 2017-06-14 세이블 네트웍스 인코포레이티드 하이 레이트 분산 서비스 거부(DDoS) 공격을 검출하고 완화하는 방법 및 시스템
US9398039B2 (en) * 2013-03-15 2016-07-19 Aruba Networks, Inc. Apparatus, system and method for suppressing erroneous reporting of attacks on a wireless network
JP2015026182A (ja) * 2013-07-25 2015-02-05 エヌ・ティ・ティ・コミュニケーションズ株式会社 セキュリティサービス効果表示システム、セキュリティサービス効果表示方法、及びセキュリティサービス効果表示プログラム
JP6421436B2 (ja) 2014-04-11 2018-11-14 富士ゼロックス株式会社 不正通信検知装置及びプログラム
JP6312578B2 (ja) * 2014-11-07 2018-04-18 株式会社日立製作所 リスク評価システムおよびリスク評価方法
US9961105B2 (en) * 2014-12-31 2018-05-01 Symantec Corporation Systems and methods for monitoring virtual networks
US9967165B2 (en) * 2015-12-07 2018-05-08 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods, systems, and computer readable media for packet monitoring in a virtual environment

Also Published As

Publication number Publication date
US20170353478A1 (en) 2017-12-07
US10693890B2 (en) 2020-06-23
JP2017216664A (ja) 2017-12-07

Similar Documents

Publication Publication Date Title
JP6599819B2 (ja) パケット中継装置
Shang et al. FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks
US10116692B2 (en) Scalable DDoS protection of SSL-encrypted services
JP6453976B2 (ja) ネットワークシステム、制御装置、通信制御方法および通信制御プログラム
CN102210133B (zh) 网络入侵保护
US9935974B2 (en) Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation
CN108040057B (zh) 适于保障网络安全、网络通信质量的sdn系统的工作方法
US8392991B2 (en) Proactive test-based differentiation method and system to mitigate low rate DoS attacks
US9392002B2 (en) System and method of providing virus protection at a gateway
US8341739B2 (en) Managing network security
US8006303B1 (en) System, method and program product for intrusion protection of a network
US20110138463A1 (en) Method and system for ddos traffic detection and traffic mitigation using flow statistics
JP5870009B2 (ja) ネットワークシステム、ネットワーク中継方法及び装置
US7617533B1 (en) Self-quarantining network
KR101352553B1 (ko) 플로우별 통계정보를 이용한 분산 서비스 거부 공격(ddos) 탐지 및 트래픽 경감 방법 및 그 시스템
TWI492090B (zh) 分散式阻斷攻擊防護系統及其方法
US11997133B2 (en) Algorithmically detecting malicious packets in DDoS attacks
JP7060800B2 (ja) 感染拡大攻撃検知システム及び方法、並びに、プログラム
CA2738690A1 (en) Distributed packet flow inspection and processing
Wang et al. An approach for protecting the openflow switch from the saturation attack
Mohammadi et al. Practical extensions to countermeasure dos attacks in software defined networking
WO2003094418A1 (en) A packet filtering system
JP2006148778A (ja) パケット転送制御装置
JP2007259223A (ja) ネットワークにおける不正アクセスに対する防御システム、方法およびそのためのプログラム
KR20060130892A (ko) 광대역 네트워크에서의 분산 서비스 거부 공격 탐지 및대응 방법

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20180720

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20180720

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20190530

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20190604

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20190729

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20190910

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20191003

R150 Certificate of patent or registration of utility model

Ref document number: 6599819

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250