-
1.发明授权Providing support for responding to location protocol queries within a network node 有权提供支持响应网络节点内的位置协议查询公开(公告)号:US08073936B2
公开(公告)日:2011-12-06
申请号:US11449406
申请日:2006-06-08
IPC分类号: G06F15/16
CPC分类号: H04L61/2015 , H04L41/12
摘要: Various systems and methods are disclosed for providing support for responding to location protocol queries within a network node. One such method involves associating a location with a network identity by associating a network port with a network identity and also associating the network port with the location. The association between the network port and the network identity is created in response to a network identity, which can include an IP address, being assigned to a device coupled to the network port by an identity protocol such as DHCP. The packet is sent in response to detecting a request for the device's location. The method can be performed by various devices, including a first hop node coupled to the device, a location server, and an identity server.
摘要翻译: 公开了各种系统和方法,用于提供对网络节点内的位置协议查询的响应的支持。 一种这样的方法涉及通过将网络端口与网络身份相关联并将网络端口与位置相关联来将位置与网络身份相关联。 网络端口和网络身份之间的关联是响应于可以包括IP地址的网络身份而创建的,该IP地址被分配给通过诸如DHCP的身份协议耦合到网络端口的设备。 响应于检测到设备的位置的请求而发送分组。 该方法可以由各种设备执行,包括耦合到设备的第一跳节点,位置服务器和身份服务器。
-
2.发明申请Providing support for responding to location protocol queries within a network node 有权提供支持响应网络节点内的位置协议查询公开(公告)号:US20070288613A1
公开(公告)日:2007-12-13
申请号:US11449406
申请日:2006-06-08
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L61/2015 , H04L41/12
摘要: Various systems and methods are disclosed for providing support for responding to location protocol queries within a network node. One such method involves associating a location with a network identity by associating a network port with a network identity and also associating the network port with the location. The association between the network port and the network identity is created in response to a network identity, which can include an IP address, being assigned to a device coupled to the network port by an identity protocol such as DHCP. The packet is sent in response to detecting a request for the device's location. The method can be performed by various devices, including a first hop node coupled to the device, a location server, and an identity server.
摘要翻译: 公开了各种系统和方法,用于提供对网络节点内的位置协议查询的响应的支持。 一种这样的方法涉及通过将网络端口与网络身份相关联并将网络端口与位置相关联来将位置与网络身份相关联。 网络端口和网络身份之间的关联是响应于可以包括IP地址的网络身份而创建的,该IP地址被分配给通过诸如DHCP的身份协议耦合到网络端口的设备。 响应于检测到设备的位置的请求而发送分组。 该方法可以由各种设备执行,包括耦合到设备的第一跳节点,位置服务器和身份服务器。
-
公开(公告)号:US08788823B1
公开(公告)日:2014-07-22
申请号:US10971523
申请日:2004-10-22
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , H04L63/0263
摘要: Protocol status information is used to perform traffic filtering by dropping messages that are not consistent with the protocol status information. In one embodiment, a method involves comparing message information and protocol status information. The message information is associated with a first message. The protocol status information is obtained in response to one or more second messages, which are conveyed according to a protocol used to assign network addresses to clients. The method also involves determining whether to discard the first message, based on an outcome of the comparison of the message information and the protocol status information. For example, it can be determined that the first message should be discarded, if the message information does not match the protocol status information.
摘要翻译: 协议状态信息用于通过丢弃与协议状态信息不一致的消息来进行流量过滤。 在一个实施例中,一种方法包括比较消息信息和协议状态信息。 消息信息与第一消息相关联。 响应于根据用于向客户端分配网络地址的协议传送的一个或多个第二消息来获得协议状态信息。 该方法还包括基于消息信息和协议状态信息的比较的结果来确定是否丢弃第一消息。 例如,如果消息信息与协议状态信息不匹配,则可以确定第一消息应被丢弃。
-
4.发明授权System and method for performing security actions for inter-layer binding protocol traffic 有权为层间绑定协议流量执行安全动作的系统和方法公开(公告)号:US07551559B1
公开(公告)日:2009-06-23
申请号:US10971521
申请日:2004-10-22
申请人: Premkumar Jonnala , Adam J. Sweeney , Dehua Huang , Silviu Dobrota , Pradeep S. Sudame , Marco E. Foschiano
发明人: Premkumar Jonnala , Adam J. Sweeney , Dehua Huang , Silviu Dobrota , Pradeep S. Sudame , Marco E. Foschiano
IPC分类号: H04L5/12
CPC分类号: H04L63/1466 , H04L63/1416
摘要: Users are allowed to specify per-interface rate limits for inter-layer binding protocol traffic. If the user-specified rate limit is exceeded on a given interface, inter-layer binding protocol messages received via that interface are caused to be dropped (e.g., by selectively dropping ILBP messages, or by simply shutting down the interface). If the rate is not exceeded, inter-layer binding protocol messages received via that interface can be validated (e.g., by comparing an inter-layer binding included in the body of an inter-layer binding protocol message to protocol status information obtained by snooping protocol messages). If the inter-layer binding does not match the protocol status information, the inter-layer binding protocol message is dropped. If a match is found, the inter-layer binding protocol message is allowed to be forwarded normally. Such systems and methods may be used to inhibit various undesirable network behavior, such as man-in-the-middle attacks.
摘要翻译: 允许用户为层间绑定协议流量指定每接口速率限制。 如果在给定接口上超过用户指定的速率限制,则会导致通过该接口接收到的层间绑定协议消息(例如,通过选择性地删除ILBP消息,或简单地关闭接口)。 如果不超过该速率,则可以验证通过该接口接收的层间绑定协议消息(例如,通过将层间绑定协议消息正文中包含的层间绑定与通过侦听协议获得的协议状态信息进行比较 消息)。 如果层间绑定与协议状态信息不符,则删除层间绑定协议消息。 如果发现匹配,则允许层间绑定协议消息正常转发。 这样的系统和方法可以用于抑制各种不期望的网络行为,例如中间人攻击。
-
-
-
搜索结果
4 条记录 (耗时 0.017 秒)
