公开(公告)号：WO2005029215A3

公开(公告)日：2005-12-01

申请号：PCT/KR2004002367

申请日：2004-09-16

Applicant: INIMAX CO LTD ,  SHIN YONGMAN ,  SONG SEOKCHUL ,  SHIN YONGTAE ,  JU YONGJUN

Inventor： SHIN YONGMAN ,  SONG SEOKCHUL ,  SHIN YONGTAE ,  JU YONGJUN

IPC: H04L12/28 ,  G06F20060101 ,  G06F13/00 ,  H04L12/16 ,  H04L12/46 ,  H04L12/66 ,  H04L12/70 ,  H04L29/08 ,  G06F0/00

CPC classification number: H04L29/12028 ,  H04L61/103

Abstract: Disclosed is a technology by which rules on communication permission or control are enforced to network internal devices such that an environment which looks as if to have a virtual firewall existing between network internal devices can be established. A communication control apparatus for this is located on the same level in the network as other devices are located. By using this communication control apparatus, an address resolution protocol (ARP) packet in which a data link layer address is manipulated is provided to devices that are the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are transmitted to manipulated abnormal addresses. By doing so, communication with the communication cut-off object devices is cut off. For a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, the communication control apparatus transmits an ARP packet including normal address information to the device such that the communication cut-off state is canceled.

Abstract translation: 公开了一种将通信许可或控制规则强制执行到网络内部设备的技术，从而可以建立在网络内部设备之间存在虚拟防火墙的环境。 用于其的通信控制装置位于与其他设备所在的网络相同的级上。 通过使用该通信控制装置，将其中操作了数据链路层地址的地址解析协议（ARP）分组提供给作为通信切断对象的设备，使得由通信切断对象发送的数据分组 设备被传送到操纵的异常地址。 通过这样做，与通信中断对象设备的通信被切断。 对于处于通信切断状态的设备，尽管设备不再是通信中断的对象，但是通信控制设备向设备发送包括普通地址信息的ARP分组，使得通信中断状态 被取消。

公开(公告)号：WO2005029215A2

公开(公告)日：2005-03-31

申请号：PCT/KR2004/002367

申请日：2004-09-16

Applicant: INIMAX CO., LTD. ,  SHIN, YongMan ,  SONG, SeokChul ,  SHIN, YongTae ,  JU, YongJun

Inventor： SHIN, YongMan ,  SONG, SeokChul ,  SHIN, YongTae ,  JU, YongJun

IPC: G06F

CPC classification number: H04L29/12028 ,  H04L61/103

Abstract: Disclosed is a technology by which rules on communication permission or control are enforced to network internal devices such that an environment which looks as if to have a virtual firewall existing between network internal devices can be established. A communication control apparatus for this is located on the same level in the network as other devices are located. By using this communication control apparatus, an address resolution protocol (ARP) packet in which a data link layer address is manipulated is provided to devices that are the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are transmitted to manipulated abnormal addresses. By doing so, communication with the communication cut-off object devices is cut off. For a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, the communication control apparatus transmits an ARP packet including normal address information to the device such that the communication cut-off state is canceled.

Abstract translation: 公开了一种技术，通过该技术，对网络内部设备执行通信许可或控制的规则，从而可以建立在网络内部设备之间看起来好像具有虚拟防火墙的环境。 用于此的通信控制装置与其他设备所处的网络位于同一级别。 通过使用该通信控制设备，其中操作数据链路层地址的地址解析协议（ARP）分组被提供给作为通信切断目标的设备，使得通过通信切断目标发送的数据分组 设备被发送到被操纵的异常地址。 通过这样做，切断与通信切断目标设备的通信。 对于处于通信切断状态的设备，尽管该设备不再是通信切断的对象，通信控制设备将包括普通地址信息的ARP分组发送到设备，使得通信切断状态 被取消。