公开(公告)号：US20070195774A1

公开(公告)日：2007-08-23

申请号：US11361012

申请日：2006-02-23

申请人： Troy Sherman ,  Bradley Dunsmore ,  Kevin McMenamy ,  Salah Nassar ,  Monica Joshi

发明人： Troy Sherman ,  Bradley Dunsmore ,  Kevin McMenamy ,  Salah Nassar ,  Monica Joshi

IPC分类号： H04L12/56

CPC分类号： H04L49/3009 ,  H04L63/1466 ,  H04L69/16

摘要： Systems and methods perform analysis of ICMP packets received at a network device port to determine if the ICMP packet is valid and thus should be forwarded. One aspect of the systems and methods includes configuring a port to be a trusted port in which any type of ICMP message may be considered valid. For untrusted ports, the system analyzes the ICMP packet to determine if the packet is one that should be received on an untrusted port. A further aspect of the systems and methods includes analyzing the ICMP packet data to determine if packet addresses have been spoofed or altered.

摘要翻译： 系统和方法对网络设备端口接收到的ICMP报文进行分析，确定ICMP报文是否有效，从而进行转发。 系统和方法的一个方面包括将端口配置为可信端，其中任何类型的ICMP消息可被认为是有效的。 对于不可信端口，系统将对ICMP报文进行分析，以确定该报文是否在不可信端口上应该接收的报文。 系统和方法的另一方面包括分析ICMP分组数据以确定分组地址是否被欺骗或改变。

公开(公告)号：US07940757B2

公开(公告)日：2011-05-10

申请号：US11361012

申请日：2006-02-23

申请人： Troy H. Sherman ,  Bradley Neil Dunsmore ,  Kevin Roy McMenamy ,  Salah Nassar ,  Monica Dattatraya Joshi

发明人： Troy H. Sherman ,  Bradley Neil Dunsmore ,  Kevin Roy McMenamy ,  Salah Nassar ,  Monica Dattatraya Joshi

IPC分类号： H04L12/28

CPC分类号： H04L49/3009 ,  H04L63/1466 ,  H04L69/16

摘要： Systems and methods perform analysis of ICMP packets received at a network device port to determine if the ICMP packet is valid and thus should be forwarded. One aspect of the systems and methods includes configuring a port to be a trusted port in which any type of ICMP message may be considered valid. For untrusted ports, the system analyzes the ICMP packet to determine if the packet is one that should be received on an untrusted port. A further aspect of the systems and methods includes analyzing the ICMP packet data to determine if packet addresses have been spoofed or altered.

摘要翻译： 系统和方法对网络设备端口接收到的ICMP报文进行分析，确定ICMP报文是否有效，从而进行转发。 系统和方法的一个方面包括将端口配置为可信端，其中任何类型的ICMP消息可被认为是有效的。 对于不可信端口，系统将对ICMP报文进行分析，以确定该报文是否在不可信端口上应该接收的报文。 系统和方法的另一方面包括分析ICMP分组数据以确定分组地址是否被欺骗或改变。