Network unauthorized access preventing system and network unauthorized access preventing apparatus
First Claim
1. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
- a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said network unauthorized access preventing apparatus comprises;
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network;
collects all packets transmitted via said network in an indiscriminate reception mode;
determines whether or not a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit;
sets a predetermined designation time when receiving the request;
in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; and
in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses.
1 Assignment
0 Petitions
Accused Products
Abstract
There is disclosed a network unauthorized access preventing system in which in a network to which one or more information processing apparatuses and a network unauthorized access preventing apparatus are connected, an unauthorized apparatus which is not authorized to access the network is prevented from accessing the network. The system includes an information processing apparatus which sends a correct ARP response packet to the unauthorized apparatus in response to an ARP request broadcast from the unauthorized apparatus, and a network unauthorized access preventing apparatus which sends an ARP response packet containing a false MAC address as the MAC address of the information processing apparatus to the unauthorized apparatus immediately after the correct ARP response packet is sent to the unauthorized apparatus.
-
Citations
22 Claims
-
1. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said network unauthorized access preventing apparatus comprises; an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether or not a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; and in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses.
-
2. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus, wherein said network unauthorized access preventing apparatus; sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
3. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said network unauthorized access preventing apparatus; comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
4. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said network unauthorized access preventing apparatus; sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses existing in a same subnet as said information processing apparatus.
-
-
5. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said network unauthorized access preventing apparatus; comprises an authorization list which stores a physical address of an information processing apparatus which is authorized to access said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as the unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
-
-
6. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus; comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
7. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus; comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether or not a physical address of a packet sender contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as the unauthorized apparatus in a case where the physical address is not registered in said authorization list storage unit; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet ad sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
8. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay network, wherein said network unauthorized access preventing apparatus; comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network, based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
9. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus; comprises a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network, based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
-
-
10. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus; comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network, and a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
11. A network unauthorized access preventing system for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses connected to said network, said system comprising:
-
a network unauthorized access preventing apparatus which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after said information processing apparatus sends a correct response packet to said unauthorized apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, comprising an external information processing apparatus which is connected to said network via a relay apparatus, wherein said network unauthorized access preventing apparatus; comprises an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network, and a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network; collects all packets transmitted via said network in an indiscriminate reception mode; determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; sets a predetermined designation time when receiving the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, receives the correct response packet and sends the response packet containing the false physical address to said unauthorized apparatus immediately after receiving the correct response packet; in a case where not receiving the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus; determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, and in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
12. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; and in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses.
-
-
13. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said false packet sending unit; sends a packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
14. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
15. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said false packet sending unit; sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
-
-
16. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, wherein said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
-
-
17. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing unit existing in an external network, said false packet sending unit; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
18. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and at the same time sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit.
-
-
19. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus which is connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
20. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information Processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses existing in a same subnet as said information processing apparatuses.
-
-
21. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information Processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time, sends a responses packet containing a false physical address as a physical address of said unauthorized apparatus to said information processing apparatus.
-
-
22. A network unauthorized access preventing apparatus for preventing an unauthorized apparatus, which is not authorized to access a network, from accessing one or more information processing apparatuses in said network, said apparatus comprising:
-
an authorization list storage unit which stores a physical address of an information processing apparatus which is authorized to access said network; a packet collection unit which collects all packets transmitted via said network in an indiscriminate reception mode; an access authorization determination unit which determines whether a physical address of a packet sender which is contained in a collected packet is registered in said authorization list storage unit, and detects the packet sender of this packet as said unauthorized apparatus in a case where the physical address is not registered; and a false packet sending unit which sends a response packet containing a false physical address as a physical address of said information processing apparatus to said unauthorized apparatus, after a correct response packet is sent to said unauthorized apparatus from said information processing apparatus in response to a request which is broadcast from said unauthorized apparatus for knowing a physical address, a relay apparatus list storage unit which stores a physical address of a relay apparatus connected to said network; and a network determination unit which determines whether said unauthorized apparatus attempts to access an information processing apparatus existing in said network or attempts to access an external information processing apparatus existing in an external network based on an IP address of an information processing apparatus which said unauthorized apparatus attempts to access which IP address is contained in the request, wherein in a case where said unauthorized apparatus attempts to access an external information processing apparatus existing in an external network, said false packet sending unit; sends a response packet containing a false physical address as a physical address of said relay apparatus to said unauthorized apparatus; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all relay apparatuses whose physical address is stored in said relay apparatus list storage unit, and said false packet sending unit; sets a predetermined designation time when said network unauthorized access preventing apparatus receives the request; in a case where the correct response packet is sent to said unauthorized apparatus from said information processing apparatus regardless of whether it is before or after the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus immediately after said network unauthorized access preventing apparatus receives the correct response packet; in a case where said network unauthorized access preventing apparatus does not receive the correct response packet before the designation time elapses, sends the response packet containing the false physical address to said unauthorized apparatus when the designation time elapses; and at the same time, sends a response packet containing a false physical address as a physical address of said unauthorized apparatus to all information processing apparatuses that exist in a same subnet as said information processing apparatus.
-
Specification