Inline intrusion detection using a single physical port
    1.
    发明授权
    Inline intrusion detection using a single physical port 有权
    使用单个物理端口进行在线入侵检测

    公开(公告)号:US07555774B2

    公开(公告)日:2009-06-30

    申请号:US10910194

    申请日:2004-08-02

    IPC分类号: H04L29/00

    CPC分类号: H04L63/1408 H04L63/1416

    摘要: In accordance with one embodiment of the present invention, a method for inline intrusion detection includes receiving a packet at a physical interface of an intrusion detection system. The packet is tagged with a first VLAN identifier associated with an external network. The network further includes buffering the packet at the physical interface, communicating a copy of the packet to a processor, and analyzing the copy of the packet at the processor to determine whether the packet includes an attack signature. The method also includes communicating a reply message from the processor to the interface indicating whether the packet includes an attack signature. If the packet does not contain an attack signature the buffered copy of the packet is re-tagged with a second VLAN identifier associated with a protected network and re-tagged packet is communicated to the protected network.

    摘要翻译: 根据本发明的一个实施例,用于在线入侵检测的方法包括在入侵检测系统的物理接口处接收分组。 该分组被标记有与外部网络相关联的第一VLAN标识符。 网络还包括在物理接口处缓冲分组,将分组的副本传送到处理器,以及在处理器处分析分组的副本以确定分组是否包括攻击签名。 该方法还包括将来自处理器的应答消息传送到指示分组是否包括攻击签名的接口。 如果分组不包含攻击签名,则将分组的缓冲副本用与受保护网络相关联的第二VLAN标识符重新标记,并将重新标记的分组传送到受保护的网络。