Method and apparatus for automatic filter generation and maintenance
First Claim
Patent Images
1. A method, the method comprising the computer-implemented steps of:
- detecting from one or more first network packets, an Internet Protocol (IP) address and a first Media Access Control (MAC) address;
wherein the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in one or more second network packets is an illegal binding and wherein said another MAC address is different from the first MAC address;
causing a network element to create, in an address resolution protocol filter, based on the IP address and the first MAC address, one or more rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; and
in response to detecting the IP address and said another MAC address in the one or more second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and said another MAC address.
0 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for automatic filter generation and maintenance. From information transmitted on a network, a first device identifier and a second device identifier are detected. Based on the first and second device identifiers, a filter is automatically configured to deny network-transmitted information that attempts to establish an association between the first device identifier and a device identifier other than the second device identifier.
28 Citations
20 Claims
-
1. A method, the method comprising the computer-implemented steps of:
-
detecting from one or more first network packets, an Internet Protocol (IP) address and a first Media Access Control (MAC) address; wherein the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in one or more second network packets is an illegal binding and wherein said another MAC address is different from the first MAC address; causing a network element to create, in an address resolution protocol filter, based on the IP address and the first MAC address, one or more rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; and in response to detecting the IP address and said another MAC address in the one or more second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and said another MAC address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium storing one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
detecting from one or more first network packets, an Internet Protocol (IP) address and a first Media Access Control (MAC) address; wherein the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in one or more second network packets is an illegal binding and wherein said another MAC address is different from the first MAC address; causing a network element to create, in an address resolution protocol filter, based on the IP address and the first MAC address, one or more rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; and in response to detecting the IP address and said another MAC address in the one or more second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and said another MAC address.
-
-
11. An apparatus, comprising:
-
means for detecting from one or more first network packets, an Internet Protocol (IP) address and a first Media Access Control (MAC) address; wherein the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in one or more second network packets is an illegal binding and wherein said another MAC address is different from the first MAC address; means for causing a network element to create, in an address resolution protocol filter, based on the IP address and the first MAC address, one or more rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; and means for preventing the address resolution protocol table from including the illegal binding that includes the IP address and said another MAC address, in response to detecting the IP address and said another MAC address in the one or more second network packets.
-
-
12. An apparatus for automatic filter generation and maintenance, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; and one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; detecting from one or more first network packets, an Internet Protocol (IP) address and a first Media Access Control (MAC) address; wherein the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in one or more second network packets is an illegal binding and wherein said another MAC address is different from the first MAC address; causing a network element to create, in an address resolution protocol filter, based on the IP address and the first MAC address, one or more rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; and in response to detecting the IP address and said another MAC address in the one or more second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and said another MAC address. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification