Network unauthorized access preventing system and network unauthorized access preventing apparatus
First Claim
1. A network unauthorized access preventing system for preventing En unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address.
1 Assignment
0 Petitions
Accused Products
Abstract
There is disclosed a network unauthorized access preventing system in which in a network to which one or more information processing apparatuses and a network unauthorized access preventing apparatus are connected, an unauthorized apparatus which is not authorized to access the network is prevented from accessing the network. The system includes an information processing apparatus which sends a correct ARP response packet to the unauthorized apparatus in response to an ARP request broadcast from the unauthorized apparatus, and a network unauthorized access preventing apparatus which sends an ARP response packet containing a false MAC address as the MAC address of the information processing apparatus to the unauthorized apparatus immediately after the correct ARP response packet is sent to the unauthorized apparatus.
-
Citations
26 Claims
-
1. A network unauthorized access preventing system for preventing En unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address.
-
13. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network,
said system comprising a network unauthorized access preventing apparatus which: collects all packets transmitted via said network in an indiscriminate reception mode to determine whether each packet is a packet for knowing a physical address, determines whether or not a physical address of a packet sender which is contained in a collected packet for knowing a physical address is registered in an authorization list storage unit for storing a physical address of an information processing apparatus authorized to access said network, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address of the packet sender is not registered;
registers an IP address and physical address of said unauthorized apparatus in an un-authorization list storage unit for storing an IP address and physical address of an information processing apparatus unauthorized to access said network; and
broadcasts a response packet containing a false physical address as a physical address of each of all unauthorized apparatuses that are registered in said un-authorization list storage unit.
-
14. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode;
an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and
a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
an un-authorization list storage unit which stores an IP address and physical address of an information processing apparatus which is not authorized to access said network;
a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode;
an access authorization determination unit which determines whether a collected packet is a packet for knowing a physical address, in a case where it is a packet for knowing a physical address, determines whether a physical address of a packet sender contained in this packet is registered in said authorization list storage unit, in a case where the physical address is not registered, detects the packet sender of this packet as said unauthorized apparatus, and registers an IP address and physical address of said unauthorized apparatus in said un-authorization list storage unit; and
a false packet sending unit which broadcasts a response packet containing a false physical address as a physical address of each of all unauthorized apparatuses that are registered in said un-authorization list storage unit.
-
Specification