System for monitoring network for cracker attack
First Claim
Patent Images
1. A system for monitoring a network which performs communications based on IP (Internet Protocol), for a cracker attack, comprising:
- attack detecting means disposed at a gateway of the network, for successively acquiring IP packets passing through the gateway, storing the acquired IP packets accumulatively, and monitoring the stored IP packets while said gateway remains open to detect a cracker attack against the network; and
processing means for effecting a predetermined process depending on the detected type of cracker attack when the attack detecting means detects the cracker attack,wherein said processing means comprises means for preventing an IP packet having a source IP address and/or a destination IP address associated with the attack detected by the attack detecting means from entering the network in the predetermined process, for a predetermined time after the attack detecting means detects the attack, and when said predetermined time has elapsed after said detecting means detects said attack, reopening said gateway for allowing an IP packet having a source IP address and/or a destination IP address associated with said attack to enter said network.
3 Assignments
0 Petitions
Accused Products
Abstract
A sensor is provided at the gateway of a local area network for successively acquiring IP packets passing through the gateway. The sensor detects various cracker attacks against the network based on the acquired IP packets. Information as to attacks detected by the sensor is given to a director which controls a firewall at the gateway of the network. Based on the given information, the director controls settings for the firewall to prevent IP packets associated with the detected attacks from entering the local area network.
58 Citations
21 Claims
-
1. A system for monitoring a network which performs communications based on IP (Internet Protocol), for a cracker attack, comprising:
-
attack detecting means disposed at a gateway of the network, for successively acquiring IP packets passing through the gateway, storing the acquired IP packets accumulatively, and monitoring the stored IP packets while said gateway remains open to detect a cracker attack against the network; and processing means for effecting a predetermined process depending on the detected type of cracker attack when the attack detecting means detects the cracker attack, wherein said processing means comprises means for preventing an IP packet having a source IP address and/or a destination IP address associated with the attack detected by the attack detecting means from entering the network in the predetermined process, for a predetermined time after the attack detecting means detects the attack, and when said predetermined time has elapsed after said detecting means detects said attack, reopening said gateway for allowing an IP packet having a source IP address and/or a destination IP address associated with said attack to enter said network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21)
-
-
20. A system for monitoring a network which performs communications based on IP (Internet Protocol), for a cracker attack, comprising:
-
attack detecting means disposed at a gateway of the network, for successively acquiring IP packets passing through the gateway, storing the acquired IP packets accumulatively, holding an algorithm for detecting a plurality of different types of cracker attacks, and monitoring the acquired and stored IP packets while said gateway remains open to detect the types of cracker attacks from the acquired and stored IP packets based on the algorithm; and processing means for preventing an IP packet having a source IP address and/or a destination IP address associated with the attack detected by the attack detecting means from entering the network according to a predetermined process, for a predetermined time which is predetermined corresponding to the detected type of attack, after the attack detecting means detects one of the attacks, and when said predetermined time has elapsed after said detecting means detects said attack, reopening said gateway for allowing an IP packet having a source IP address and/or a destination IP address associated with said attack to enter said network.
-
Specification