公开(公告)号：US20040123139A1

公开(公告)日：2004-06-24

申请号：US10322189

申请日：2002-12-18

Applicant: AT&T Corp.

Inventor： William A. Aiello ,  Steven Michael Bellovin ,  Evan Stephen Crandall ,  Alan Edward Kaplan ,  David P. Kormann ,  Aviel D. Rubin ,  Norman Loren Schryer

IPC: H04L009/00

CPC classification number: H04L63/0227 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/164

Abstract: Traffic over a secure link or tunnel is filtered to block packets that do not conform to specified requirements for the tunnel. In one embodiment, a private network, such as an ISP network, includes a filter for blocking packets not associated with an IPSec VPN tunnel. The ISP network and/or one or both of the tunnel endpoints can include monitoring modules for detecting the presence of packets that should have been blocked by the filter.

Abstract translation: 过滤通过安全链路或隧道的流量，以阻止不符合隧道规定要求的报文。 在一个实施例中，诸如ISP网络的专用网络包括用于阻止不与IPSec VPN隧道相关联的分组的过滤器。 ISP网络和/或一个或两个隧道端点可以包括用于检测应该被过滤器阻塞的分组的存在的监视模块。