State machine for accessing a stealth firewall
First Claim
Patent Images
1. A stealth firewall comprising:
- a first network interface to an external network;
a second network interface to an internal network;
a packet filter for restricting access to said internal network; and
,a state machine pre-configured to transition across a plurality of internal states, from a restricting state to an access state, conditioned upon receiving a plurality of requests to access said internal network, said plurality of requests collectively comprising a code for causing said state machine to transition from said restricting state to said access state which causes said packet filter to permit access to said internal network, whereinsaid packet filter not responding to said external network upon receiving any request from said external network to access said internal network when said state machine in said restricting state.
1 Assignment
0 Petitions
Accused Products
Abstract
A stealth firewall. The stealth firewall can include a first network interface to an external network; a second network interface to an internal network; a packet filter for restricting access to the internal network, the packet filter ignoring requests from the external network to access the internal network; and, a state machine. Importantly, the state machine can be pre-configured to transition across one or more internal states conditioned upon receiving particular requests to access the internal network. The state machine further can include at least one state transition reachable through a pre-specified sequence of states which causes the packet filter to permit access to the internal network.
-
Citations
10 Claims
-
1. A stealth firewall comprising:
-
a first network interface to an external network; a second network interface to an internal network; a packet filter for restricting access to said internal network; and
,a state machine pre-configured to transition across a plurality of internal states, from a restricting state to an access state, conditioned upon receiving a plurality of requests to access said internal network, said plurality of requests collectively comprising a code for causing said state machine to transition from said restricting state to said access state which causes said packet filter to permit access to said internal network, wherein said packet filter not responding to said external network upon receiving any request from said external network to access said internal network when said state machine in said restricting state. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for permitting access to a network protected behind a stealth firewall comprising the steps of:
-
initializing a state machine configured to grant access to the stealth firewall contingent upon said state machine transitioning across a plurality of internal states responsive to receiving a plurality of requests to access the network from a single network device, said plurality of requests collectively comprising a code for causing said state machine to permit access to the network; receiving an access request from a network device in a network which is external to the network protected behind the stealth firewall, identifying an access parameter in said access request and transitioning from an initial state in said state machine to an intermediate state if said identified access request satisfies transitioning criteria associated with said state machine for transitioning from said initial state to said intermediate state; receiving a further access request from said network device in said network which is external to the network protected behind the stealth firewall, identifying a further access parameter in said further access request and transitioning from an intermediate state in said state machine to a final state if said identified further access request satisfies transitioning criteria associated with said state machine for transitioning from an intermediate state to said final state; not providing a response to said network device upon receiving each said access request from said network device in said network which is external to the network protected behind the stealth firewall unless said network device provides a sequence of access requests to the stealth firewall causing said state machine to transition to said final state; and
,upon transitioning to said final state, permitting said network device to access the network protected behind the stealth firewall.
-
-
8. A method for permitting access to a network protected behind a stealth firewall comprising the steps of:
-
receiving a plurality of access requests from a plurality of network devices which are external to the network protected behind the stealth firewall; not providing a response to said plurality of network device upon receiving each of said access requests; identifying access request parameters in said received access requests; performing state transitions in a state machine in the stealth firewall based upon identifying particular ones of said identified access request parameters; and
,upon identifying a pre-determined sequence of access request parameters, said identification of said sequence of access request parameters causing a corresponding sequence of state transitions in the said machine, permitting access to a selected network device responsible for transmitting said sequence of access requests parameters.
-
-
9. A machine readable storage having stored thereon a computer program for permitting access to a network protected behind a stealth firewall, said computer program comprising a routine set of instructions for performing the steps of:
-
initializing a state machine configured to grant access to the stealth firewall contingent upon said state machine transitioning across a plurality of internal states responsive to receiving a plurality of requests to access the network from a single network device, said plurality of requests collectively comprising a code for causing said state machine to permit access to the network; receiving an access request from a network device in a network which is external to the network protected behind the stealth firewall, identifying an access parameter in said access request and transitioning from an initial state in said state machine to an intermediate state if said identified access request satisfies transitioning criteria associated with said state machine for transitioning from said initial state to said intermediate state; receiving a further access request from said network device in said network which is external to the network protected behind the stealth firewall, identifying a further access parameter in said further access request and transitioning from an intermediate state in said state machine to a final state if said identified further access request satisfies transitioning criteria associated with said state machine for transitioning from an intermediate state to said final state; not providing a response to said network device upon receiving each said access request from said network device in said network which is external to the network protected behind the stealth firewall unless said network device provides a sequence of access requests to the stealth firewall causing said state machine to transition to said final state; and
,upon transitioning to said final state, permitting said network device to access the network protected behind the stealth firewall.
-
-
10. A machine readable storage having stored thereon a computer program for permitting access to a network protected behind a stealth firewall, said computer program comprising a routine set of instructions for performing the steps of:
-
receiving a plurality of access requests from a plurality of network devices which are external to the network protected behind the stealth firewall; not providing a response to said plurality of network device upon receiving each of said access requests; identifying access request parameters in said received access requests; performing state transitions in a state machine in the stealth firewall based upon identifying particular ones of said identified access request parameters; and
,upon identifying a pre-determined sequence of access request parameters, said identification of said sequence of access request parameters causing a corresponding sequence of state transitions in the said machine, permitting access to a selected network device responsible for transmitting said sequence of access requests parameters.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMartin, Brian K.
-
Primary Examiner(s)Vu; Kim
-
Assistant Examiner(s)TRUVAN, LEYNNA THANH
-
Application NumberUS09/944,996Publication NumberTime in Patent Office2,055 DaysField of Search713200-202, 713/151, 713153- 4, 709/105, 709/228, 709223-225, 709249-250, 726 1- 5, 726 11- 13, 726/27, 726 26- 30, 380/228, 380/268, 380277-278, 380281-285, 380 28- 30US Class Current726/11CPC Class CodesH04L 63/0254 Stateful filteringH04L 63/029 Firewall traversal, e.g. tu...
