SYSTEMS AND METHODS FOR NETWORK ACCESS CONTROL
First Claim
Patent Images
1. A system for network access control, system comprising:
- a network device comprising one or more processors; and
a memory communicatively coupled to the network device, the memory storing instructions executable by the one or more processors of the network device, the network device being configured to;
determine whether a client device is a trusted source, an untrusted source, or neither the trusted source nor the untrusted source for a network using a SYN packet received from the client device, the SYN packet comprising identifying information for the client device;
based on the determination that the client device is neither the trusted source nor the untrusted source, transmit a SYN/ACK packet to the client device, the SYN/ACK packet comprising a SYN cookie and identifying information for the network device;
receive an ACK packet from the client device that includes the identifying information for the client device, identifying information for the network device, and the SYN cookie; and
establish a connection with the network for the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.
9 Citations
20 Claims
-
1. A system for network access control, system comprising:
-
a network device comprising one or more processors; and a memory communicatively coupled to the network device, the memory storing instructions executable by the one or more processors of the network device, the network device being configured to; determine whether a client device is a trusted source, an untrusted source, or neither the trusted source nor the untrusted source for a network using a SYN packet received from the client device, the SYN packet comprising identifying information for the client device; based on the determination that the client device is neither the trusted source nor the untrusted source, transmit a SYN/ACK packet to the client device, the SYN/ACK packet comprising a SYN cookie and identifying information for the network device; receive an ACK packet from the client device that includes the identifying information for the client device, identifying information for the network device, and the SYN cookie; and establish a connection with the network for the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for network access control, the method comprising:
-
determining, at a network device, whether a client device is a trusted source, an untrusted source, or neither the trusted source nor the untrusted source for a network using a SYN packet received from the client device, the SYN packet comprising identifying information for the client device; based on determining that the client device is neither the trusted source nor the untrusted source, transmitting a SYN/ACK packet to the client device, the SYN/ACK packet comprising a SYN cookie and identifying information for the network device; receiving an ACK packet from the client device that includes the identifying information for the client device, identifying information for the network device, and the SYN cookie; and establishing a connection with the network for the client device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium having embodied thereon a program executable by at least one processor to perform a method for network access control, the method comprising:
-
determining, at a network device, whether a client device is a trusted source, an untrusted source, or neither the trusted source nor the untrusted source for a network using a SYN packet received from the client device, the SYN packet comprising identifying information for the client device; based on determining that the client device is neither the trusted source nor the untrusted source, transmitting a SYN/ACK packet to the client device, the SYN/ACK packet comprising a SYN cookie and identifying information for the network device; receiving an ACK packet from the client device that includes the identifying information for the client device, identifying information for the network device, and the SYN cookie; and establishing a connection with the network for the client device.
-
Specification