System and method for source IP anti-spoofing security
First Claim
Patent Images
1. A method comprising:
- determining, by a network device, whether a source IP address included in a data packet received on a port of the network device is stored in a table of the network device; and
if the source IP address is not stored in the table;
determining, by the network device, whether a number of source IP addresses stored in the table for the port equals or exceeds a maximum number of source IP addresses predetermined for the port; and
if the number of source IP addresses stored in the table for the port does not equal or exceed the maximum number;
determining, by the network device, whether a MAC address included in the data packet is stored in the table; and
if the MAC address is not stored in the table;
learning, by the network device, the source IP address; and
storing, by the network device, the MAC address and the source IP address in the table.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets.
122 Citations
20 Claims
-
1. A method comprising:
-
determining, by a network device, whether a source IP address included in a data packet received on a port of the network device is stored in a table of the network device; and if the source IP address is not stored in the table; determining, by the network device, whether a number of source IP addresses stored in the table for the port equals or exceeds a maximum number of source IP addresses predetermined for the port; and if the number of source IP addresses stored in the table for the port does not equal or exceed the maximum number; determining, by the network device, whether a MAC address included in the data packet is stored in the table; and if the MAC address is not stored in the table; learning, by the network device, the source IP address; and storing, by the network device, the MAC address and the source IP address in the table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network device comprising:
-
a plurality of ports; a memory configured to store a table of MAC address and source IP address pairs; and a processor configured to; determine whether a source IP address included in a data packet received on a port in the plurality of ports is stored in the table; and if the source IP address is not stored in the table; determine whether a number of source IP addresses stored in the table for the port equals or exceeds a maximum number of source IP addresses predetermined for the port; and if the number of source IP addresses stored in the table for the port does not equal or exceed the maximum number; determine whether a MAC address included in the data packet is stored in the table; and if the MAC address is not stored in the table;
learn the source IP address; and
store the MAC address and the source IP address in the table. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
determining, by a network device, whether a number of source IP addresses stored in a table of the network device for a port on which a data packet is received equals or exceeds a maximum number of source IP addresses predetermined for the port; and if the number of source IP addresses stored in the table for the port does not equal or exceed the maximum number; determining, by the network device, whether a MAC address included in the data packet is stored in the table; and if the MAC address is not stored in the table; storing, by the network device, the MAC address and a source IP address included in the data packet in the table.
-
-
20. A network device comprising:
-
a plurality of ports; a memory configured to store a table of MAC address and source IP address pairs; and a processor configured to; determine whether a number of source IP addresses stored in the table for a port in the plurality of ports on which a data packet is received equals or exceeds a maximum number of source IP addresses predetermined for the port; and if the number of source IP addresses stored in the table for the port does not equal or exceed the maximum number; determine whether a MAC address included in the data packet is stored in the table; and if the MAC address is not stored in the table; store the MAC address and a source IP address included in the data packet in the table.
-
Specification