SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
-
Citations
47 Claims
-
1-26. -26. (canceled)
-
27. A method comprising:
-
learning, by a network device, a source IP address included in a data packet received on a port of the network device, wherein the source IP address is not stored in a table of the network device, and wherein the learning is performed using a first technique; if the learning is successful, validating the source IP address by the network device, wherein the validating is performed using a second technique distinct from the first technique; and if the validating is successful, storing, by the network device, the source IP address in the table. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A method comprising:
-
determining, by a network device, whether a MAC address included in a data packet received on a port of the network device is stored in a table of the network device, the table including a plurality of MAC address and source IP address pairs; and if the MAC address is not stored in the table; learning, by the network device, a source IP address included in the data packet, wherein the learning is performed using a first technique; if the learning is successful, validating the source IP address by the network device, wherein the validating is performed using a second technique distinct from the first technique; and if the validating is successful, storing, by the network device, the MAC address and the source IP address as a pair in the table.
-
-
39. A network device comprising:
-
a plurality of ports; a storage component configured to store a table of source IP addresses; and a control component configured to; learn a source IP address included in a data packet received on a port in the plurality of ports, wherein the source IP address is not stored in the table, and wherein the learning is performed using a first technique; if the learning is successful, validate the source IP address using a second technique distinct from the first technique; and if the validating is successful, store the source IP address in the table. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
-
-
47. A network device comprising:
-
a plurality of ports; a storage component configured to store a table of MAC address and source IP address pairs; and a control component configured to; determine whether a MAC address included in a data packet received on a port of the network device is stored in the table; and if the MAC address is not stored in the table; learn a source IP address included in the data packet using a first technique; if the learning is successful, validate the source IP address using a second technique distinct from the first technique; and if the validating is successful, store the MAC address and the source IP address as a pair in the table.
-
Specification