Network unauthorized access preventing system and network unauthorized access preventing apparatus

US 20050050365A1
Filed: 08/27/2004
Published: 03/03/2005
Est. Priority Date: 08/28/2003
Status: Active Grant

First Claim

Patent Images

1. A network unauthorized access preventing system for preventing En unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed a network unauthorized access preventing system in which in a network to which one or more information processing apparatuses and a network unauthorized access preventing apparatus are connected, an unauthorized apparatus which is not authorized to access the network is prevented from accessing the network. The system includes an information processing apparatus which sends a correct ARP response packet to the unauthorized apparatus in response to an ARP request broadcast from the unauthorized apparatus, and a network unauthorized access preventing apparatus which sends an ARP response packet containing a false MAC address as the MAC address of the information processing apparatus to the unauthorized apparatus immediately after the correct ARP response packet is sent to the unauthorized apparatus.

Citations

26 Claims

1. A network unauthorized access preventing system for preventing En unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network unauthorized access preventing system according to claim 1, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether or not a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; and
      
      in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses.
  - 3. The network unauthorized access preventing system according to claim 1, wherein said network unauthorized access preventing apparatus:
    - sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 4. The network unauthorized access preventing system according to claim 1, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet;
      
      in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 5. The network unauthorized access preventing system according to claim 1, wherein said network unauthorized access preventing apparatus:
    - sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses existing in a same subnet as said information processing apparatus.
  - 6. The network unauthorized access preventing system according to claim 1, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list which stores a physical address of an information processing apparatus which is authorized to access said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as the unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet;
      
      in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
  - 7. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus:
    - comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
  - 8. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
      
      comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as the unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet ad sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
  - 9. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay network, wherein said network unauthorized access preventing apparatus:
    - comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network, based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit;
      
      sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 10. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus:
    - comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network, based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit;
      
      sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
  - 11. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network, and a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet;
      
      in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
  - 12. The network unauthorized access preventing system according to claim 1, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus:
    - comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network, and a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network;
      
      collects all packets transmitted via said network in an indiscriminate reception mode;
      
      determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered;
      
      sets a predetermined designation time when receiving the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet;
      
      in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus;
      
      determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.

13. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising a network unauthorized access preventing apparatus which:
- collects all packets transmitted via said network in an indiscriminate reception mode to determine whether each packet is a packet for knowing a physical address, determines whether or not a physical address of a packet sender which is contained in a collected packet for knowing a physical address is registered in an authorization list storage unit for storing a physical address of an information processing apparatus authorized to access said network, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address of the packet sender is not registered;
  
  registers an IP address and physical address of said unauthorized apparatus in an un-authorization list storage unit for storing an IP address and physical address of an information processing apparatus unauthorized to access said network; and
  
  broadcasts a response packet containing a false physical address as a physical address of each of all unauthorized apparatuses that are registered in said un-authorization list storage unit.

14. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
- an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
  
  a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode;
  
  an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and
  
  a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The network unauthorized access preventing apparatus according to claim 14, wherein said false packet sending unit:
    - sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; and
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses.
  - 16. The network unauthorized access preventing apparatus according to claim 14, wherein said false packet sending unit:
    - sends a packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 17. The network unauthorized access preventing apparatus according to claim 14, wherein said false packet sending unit:
    - sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 18. The network unauthorized access preventing apparatus according to claim 14, wherein said false packet sending unit:
    - sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
  - 19. The network unauthorized access preventing apparatus according to claim 14, wherein said false packet sending unit:
    - sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
  - 20. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing unit existing in an external network, said false packet sending unit;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
  - 21. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein said false packet sending unit;
      
      sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses;
      
      in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      at the same time sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
  - 22. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 23. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus;
      
      sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses existing in a same subnet as said information processing apparatuses.
  - 24. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein said false packet sending unit;
      
      sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses;
      
      in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus;
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit;
      
      sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time, sends a responses packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
  - 25. The network unauthorized access preventing apparatus according to claim 14, comprising:
    - a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and
      
      a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit;
      
      sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit, and said false packet sending unit;
      
      sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request;
      
      in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet;
      
      in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and
      
      at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.

26. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said apparatus comprising:
- an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
  
  an un-authorization list storage unit which stores an IP address and physical address of an information processing apparatus which is not authorized to access said network;
  
  a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode;
  
  an access authorization determination unit which determines whether a collected packet is a packet for knowing a physical address, in a case where it is a packet for knowing a physical address, determines whether a physical address of a packet sender contained in this packet is registered in said authorization list storage unit, in a case where the physical address is not registered, detects the packet sender of this packet as said unauthorized apparatus, and registers an IP address and physical address of said unauthorized apparatus in said un-authorization list storage unit; and
  
  a false packet sending unit which broadcasts a response packet containing a false physical address as a physical address of each of all unauthorized apparatuses that are registered in said un-authorization list storage unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Makino, Tatsuya, Hasei, Shinji, Uotani, Miho, Seki, Yoshinaga

Granted Patent

US 7,552,478 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

Network unauthorized access preventing system and network unauthorized access preventing apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Network unauthorized access preventing system and network unauthorized access preventing apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links