System for packet filtering of data packets at a computer network interface
February 4, 2017. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.Patent ReferencesRouting mechanism with encapsulated FCS for a multi-ring local area network Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information Method and apparatus for secure data packet bus communication Network station with multiple network addresses System for securing inbound and outbound data packet flow in a computer network Apparatus and method for providing a secure gateway for communication and data exchanges between networks Patent #: 5623601 Inventors
ApplicationNo. 795374 filed on 02/04/1997US Classes:709/245, COMPUTER-TO-COMPUTER DATA ADDRESSING709/243Decentralized controllingExaminersPrimary: Robertson, David L.Attorney, Agent or FirmInternational ClassesG06F 013/38G06F 015/17 AbstractA system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.Other References
| |
