公开(公告)号：US6044402A

公开(公告)日：2000-03-28

申请号：US887044

申请日：1997-07-02

申请人： Douglas W. Jacobson ,  James A. Davis

发明人： Douglas W. Jacobson ,  James A. Davis

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L12/56 ,  H04L29/06 ,  G06F13/00

CPC分类号： H04L41/08 ,  H04L12/2602 ,  H04L41/12 ,  H04L43/00 ,  H04L49/90 ,  H04L63/1408

摘要： A network connection blocker for monitoring connections between host computers in a network and blocking the unwanted connections. The host computers transmit connection packets between each other in accordance with a network protocol suite when seeking to establish, providing network services with, and close the connections. The network protocol suite includes a connection oriented transport layer protocol. The network connection blocker comprises a network interface that receives the connection packets transmitted between the host computers. It also comprises a blocking module that processes the received connection packets to detect the unwanted connections. The blocking module then generates connection packets in accordance with the network protocol suite to cause the detected unwanted connections to be closed by the corresponding host computers between which are the unwanted connections. The network interface then transmits the generated connection packets to these host computers.

摘要翻译： 网络连接阻止程序，用于监视网络中主机之间的连接并阻止不需要的连接。 主机在寻求建立，提供网络服务和关闭连接时，根据网络协议套件在彼此之间传输连接数据包。 网络协议套件包括面向连接的传输层协议。 网络连接阻塞器包括接收在主计算机之间传送的连接包的网络接口。 它还包括一个阻塞模块，处理接收到的连接数据包以检测不需要的连接。 阻塞模块然后根据网络协议套件生成连接分组，以使所检测到的不需要的连接被相应的主计算机关闭，在这些主机之间是不需要的连接。 网络接口然后将生成的连接数据包发送到这些主机。

公开(公告)号：US5548649A

公开(公告)日：1996-08-20

申请号：US412164

申请日：1995-03-28

申请人： Douglas W. Jacobson

发明人： Douglas W. Jacobson

IPC分类号： H04L9/08 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0464 ,  H04L63/08

摘要： A network local security bridge and corresponding method for bridging a first side of a network and a second side of the network. The first side includes local secure zone host devices within a local secure zone established by the network local security bridge. The second side includes remote secure zone host devices within remote secure zones established by network remote security bridges. The network local security bridge processes a first side data packet received from the first side of the network and a second side data packet received from the second side of the network. In doing so, the network local security bridge encrypts the data frame of the first side data packet when its source and destination addresses respectively specify one of the local secure zone host devices and one of the remote secure zone host devices and leaves the data frame of the first side data packet unchanged when its source and destination addresses respectively specify one of the local secure zone host devices and one of the unsecure host devices. In addition, the network local security bridge decrypts the data frame of the second side data packet when its source and destination addresses respectively specify one of the remote secure zone host devices and one of the local secure zone host devices and leaves the data frame of the second side data packet unchanged when its source and destination addresses respectively specify one of the unsecure host devices and one of the local secure zone host devices. It then transmits the processed first side data packet to the second side and the processed second side data packet to the first side.

摘要翻译： 网络本地安全网桥和用于桥接网络的第一侧和网络的第二侧的相应方法。 第一方面包括由本地安全网桥建立的本地安全区域内的本地安全区域主机设备。 第二方面包括由网络远程安全桥建立的远程安全区域内的远程安全区域主机设备。 网络本地安全网桥处理从网络的第一侧接收的第一侧数据分组和从网络的第二侧接收的第二侧数据分组。 在这样做时，网络本地安全网桥在其源和目的地址分别指定本地安全区域主机设备和远程安全区域主机设备之一时，加密第一侧数据分组的数据帧，并且保留数据帧的数据帧 当其源地址和目的地址分别指定本地安全区域主机设备之一和不安全主机设备之一时，第一侧数据分组不变。 另外，网络本地安全网桥在其源地址和目的地址分别指定远程安全区域主机设备和本地安全区域主机设备之一时，解密第二侧数据包的数据帧，并离开 当其源地址和目的地址分别指定不安全主机设备和本地安全区域主机设备之一时，第二侧数据分组不变。 然后，将经处理的第一侧数据分组发送到第二侧，将经处理的第二侧数据分组发送到第一侧。