Method of controlling communication between devices in a network and apparatus for the same
First Claim
1. A communication control method for controlling communication between devices on a predetermined network by using a communication control apparatus located on the same level as other devices of the network, the method comprising:
- determining at least a cut-off object device of which communication is needed to be cut-off, according to a set communication control rule; and
providing an address resolution protocol (ARP) packet in which a data link layer address is manipulated, to the cut-off object device, wherein the cut-off object device is controlled to transmit its data packets to manipulated abnormal addresses, and by doing so, communication by the cut-off object device is cut off.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a technology by which rules on communication permission or control are enforced to network internal devices such that an environment which looks as if to have a virtual firewall existing between network internal devices can be established. A communication control apparatus for this is located on the same level in the network as other devices are located. By using this communication control apparatus, an address resolution protocol (ARP) packet in which a data link layer address is manipulated is provided to devices that are the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are transmitted to manipulated abnormal addresses. By doing so, communication with the communication cut-off object devices is cut off. For a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, the communication control apparatus transmits an ARP packet including normal address information to the device such that the communication cut-off state is canceled.
337 Citations
18 Claims
-
1. A communication control method for controlling communication between devices on a predetermined network by using a communication control apparatus located on the same level as other devices of the network, the method comprising:
-
determining at least a cut-off object device of which communication is needed to be cut-off, according to a set communication control rule; and
providing an address resolution protocol (ARP) packet in which a data link layer address is manipulated, to the cut-off object device, wherein the cut-off object device is controlled to transmit its data packets to manipulated abnormal addresses, and by doing so, communication by the cut-off object device is cut off. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A communication control method for controlling communication between devices on a predetermined network, the method comprising:
-
collecting network layer addresses and data link layer addresses existing in the network, by a communication control apparatus;
storing communication control rules, which are set to perform desired communication control for collected addresses by a network administrator, in a communication control rule database (DB);
detecting an address resolution protocol (ARP) packet transmitted by a device in the network in order to communicate with another device in the network;
determining whether or not the detected ARP packet corresponds to a communication cut-off object, by referring to the communication control rule DB; and
if the packet corresponds to the communication cutoff object, transmitting an ARP for communication cut-off, wherein communication between network internal devices can be selectively controlled when necessary. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A communication control apparatus which is located on the same level as that of devices on a predetermined network;
- provides an environment where an administrator of the network can set a communication control rule capable of cutting off communication between the devices when necessary;
while administering the set communication control rules in a database, provides an ARP packet in which the data link layer address is manipulated, to the devices that are set as the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are made to be transmitted to an manipulated abnormal address; and
by doing so, cuts off communication between the communication cut-off object devices.
- provides an environment where an administrator of the network can set a communication control rule capable of cutting off communication between the devices when necessary;
Specification