System and method for source IP anti-spoofing security
First Claim
Patent Images
1. A method for providing port security in a network device, the method comprising:
- receiving a first data packet on a port of the network device, the first data packet including a first MAC address and a first source IP address;
determining if the first MAC address is a new MAC address that is not included in a table of the network device, the table configured to store a plurality of source IP address and MAC address pairs;
if the first MAC address is a new MAC address, learning the first source IP address, wherein the first MAC address and the first source IP address form a first source IP address and MAC address pair, and wherein said learning is delayed from a time of receipt of the first data packet until a predetermined amount of traffic has passed through the port;
upon learning, storing the first source IP address and MAC address pair in the table; and
using the table to control transmission of data packets through the port.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.
-
Citations
19 Claims
-
1. A method for providing port security in a network device, the method comprising:
-
receiving a first data packet on a port of the network device, the first data packet including a first MAC address and a first source IP address; determining if the first MAC address is a new MAC address that is not included in a table of the network device, the table configured to store a plurality of source IP address and MAC address pairs; if the first MAC address is a new MAC address, learning the first source IP address, wherein the first MAC address and the first source IP address form a first source IP address and MAC address pair, and wherein said learning is delayed from a time of receipt of the first data packet until a predetermined amount of traffic has passed through the port; upon learning, storing the first source IP address and MAC address pair in the table; and using the table to control transmission of data packets through the port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 17, 18)
-
-
13. A network device for use in a computer network having a plurality of hosts each host having a MAC address, the network device comprising:
-
a plurality of ports; a MAC detector which operates to identify source MAC addresses for data packets received at a first port of the plurality of ports; a source IP address detector which operates to identify source IP addresses for data packets received at the first port, a source IP address and source MAC address for a given data packet forming a source IP address and MAC address pair; and a processor which operates to; compare a first MAC address for a first data packet received on the first port with information in a table configured to store a plurality of source IP address and MAC address pairs; if the first MAC address is not found in the table, learn a first source IP address of the first data packet, wherein the first MAC address and first source IP address form a first source IP address and MAC address pair, and wherein said learning is delayed from a time of receipt of the first data packet until a predetermined amount of traffic has passed through the first port; upon learning, store the first source IP address and MAC address pair in the table; compare a second source IP address and MAC address pair for a second data packet received at the first port with the information in the table; and pass the second data packet through the first port when the second source IP address and MAC address pair is found in the table. - View Dependent Claims (14, 15, 16)
-
-
19. A network device for use in a computer network having a plurality of hosts, each host having a MAC address, the network device comprising:
-
a plurality of ports; a table configured to store a plurality of source IP address and MAC address pairs; and a processor configured to; receive a data packet on the port, the data packet including a MAC address and a source IP address; determine if the MAC address is a new MAC address that is not included in the table; if the MAC address is a new MAC address, learn the source IP address, wherein the MAC address and the source IP address form a source IP address and MAC address pair, and wherein said learning is delayed from a time of receipt of the data packet until a predetermined amount of traffic has passed through the port; upon learning, store the source IP address and MAC address pair in the table; and use the table to control transmission of data packets through the port.
-
Specification