×

System and method for source IP anti-spoofing security

  • US 7,516,487 B1
  • Filed: 05/20/2004
  • Issued: 04/07/2009
  • Est. Priority Date: 05/21/2003
  • Status: Active Grant
First Claim
Patent Images

1. A network device providing switching functionality for use in a computer network having a plurality of hosts, each host having a MAC address, the network device comprising:

  • a plurality of ports;

    a table for storing source IP address and MAC address pairs for data packets received on the plurality of ports; and

    a processor operable to;

    determine a number of unsuccessful validation attempts for one or more new source IP addresses received over a given time period, wherein the one or more new source IP addresses correspond to source IP addresses that are not stored in the table;

    compare the number of unsuccessful validation attempts with a threshold number of unsuccessful validation attempts;

    if the number of unsuccessful validation attempts is less than the threshold number, cause the network device to operate in a first mode, wherein in the first mode validation is performed on data packets received from new source IP addresses after the given time period;

    if the number of unsuccessful validation attempts is greater than the threshold number, cause the network device to operate in a second mode, wherein in the second mode data packets received from new source IP addresses after the given time period are dropped without validation;

    identify a MAC address of a host coupled to a port in the plurality of ports;

    learn and verify a source IP address associated with the MAC address;

    store the source IP address and the MAC address in the table; and

    after storing the source IP address and the MAC address, apply a group of rules for forwarding a data packet received on the port if the data packet has the MAC address and the source IP address.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×