WO1997040610A2 - Internet protocol filter - Google Patents
Internet protocol filter Download PDFInfo
- Publication number
- WO1997040610A2 WO1997040610A2 PCT/CA1997/000269 CA9700269W WO9740610A2 WO 1997040610 A2 WO1997040610 A2 WO 1997040610A2 CA 9700269 W CA9700269 W CA 9700269W WO 9740610 A2 WO9740610 A2 WO 9740610A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- network
- address
- node
- destination
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Definitions
- the present invention generally relates to inter ⁇ network firewalls and, in particular, to an internet protocol (IP) filter whereby a private IP network domain is mapped to a single IP address on the public Internet.
- IP internet protocol
- Firewalls are generally known and characterized by computer servers which function to couple nodes within the domain of the private network to nodes in a public network domain, such as the Internet.
- a deficiency of the known firewall products is the need for a unique public IP address for each concurrent session or interaction between public and private nodes.
- the invention therefore, according to a first exemplary aspect provides a method of interfacing private and public data communications networks, through a filter node in communication with both networks, the filter node having an address known in the public network, comprising the steps of: routing from nodes in the private network, to the filter node, data packets having destination information, which includes a destination address and a destination port, corresponding to nodes in the public network and having source information, which includes a source address and a source port, of the respective private network nodes; for each data packet received from the private network, at the filter node, maintaining the source information taken from the data packet in correlation with a unique value representing a port of the filter node, and replacing in the data packet the source address with the filter node address and the source port with the filter node port value; and routing from the filter node, in the public network, the data packets having the replaced source information, according to the destination information in
- the invention provides a method of interfacing private and public data communications networks, through a filter node in communication with both networks, comprising the steps of: (a) receiving at the filter node, from the private network, a data packet having an a destination address corresponding to a node in the public network and a source address corresponding to a node in the private network; (b) maintaining, by the filter node, the source address taken from the data packet; (c) replacing, in the data packet, the source address with an address of the filter node; (d) routing from the filter node, in the public network, the data packet having the replaced source address, according to the destination address, to the corresponding public network node; (e) waiting for a return packet from the public network, responsive to the data packet having the replaced source information; (f) replacing, in the return packet, the destination address with the maintained source address; and (g) routing from the filter node, in the private network, the return packet having the replaced destination address to the corresponding private network node.
- the invention provides a method of operating a filter node for interfacing first and second data communications networks, comprising the steps of: receiving from the first network, a data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the second network and having source information, which includes a source address and a source port, corresponding to a node in the first network; maintaining the source information taken from the data packet in correlation with a unique value representing a port of the filter node; replacing in the data packet the source address with an address of the filter node and the source port with the filter node port value; and sending to the second network the data packet having the replaced source information, whereby that packet is routed according to its destination information to the corresponding second network node.
- the invention provides a filter node for interfacing first and second data communications networks, comprising: means for receiving from the first network, a data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the public network and having source information, which includes a source address and a source port, corresponding to a node in the first network; means for maintaining the source information taken from the data packet in correlation with a unique value representing a port of the filter node; means for replacing in the data packet the source address with an address of the filter node and the source port with the filter node port value; and means for sending to the second network, the data packet having the replaced source information, whereby that packet is routed according to its destination information to the corresponding second network node.
- An IP filter embodying the present invention, is a communications device designed to provide public network or Internet access to nodes of private networks, advantageously without requiring the private nodes on such networks to register public Internet addresses.
- the IP filter effects a translation between a source port number for the private network and a destination port number for the public network for communication therebetween. Benefits of the IP filter include private node security and conservation of Internet-registered addresses.
- the IP filter may support three data transport protocols over the internet protocol: transmission control protocol (TCP), user datagram protocol (UDP) and Internet control message protocol (ICMP) . Packets of other protocols may be ignored.
- TCP transmission control protocol
- the TCP protocol prepends a TCP header to a data packet.
- the source port and destination port numbers are contained in this header.
- the Internet addresses of the source and destination nodes are contained in the IP header.
- the IP address and port information extracted from each packet will be used to determine where the IP filter should route this packet.
- the IP filter maintains a lookup table of information on each TCP connection. This information includes the port from the private node, the private IP address, the assigned port number of the destination node, and the port number of the IP filter in the form of an index.
- the private address and port number are added to the table as a new entry, if an entry corresponding to this packet is not found in the table and if the TCP header indicates that this is a new connection request. Then the source address and port number in the packet header are replaced with the IP filter's IP address and port number, and the packet is transmitted to the Internet.
- the destination port number is used to index the lookup table.
- the destination address and port number are replaced with the private network's IP address and port number, and the packet is transmitted to the private network. If the received packet's source port is different from the port recorded in the table, and if the packet header information indicates that this packet is the first response on the connection, then the lookup table is updated with the port number assigned by the Internet node, if needed.
- the lookup table entry is zeroed. If the IP filter receives packets from the Internet that do not have entries in the lookup table corresponding to the IP filter port, it ignores the packets.
- the UDP protocol is connectionless, as opposed to
- TCP a connection-oriented protocol.
- the UDP header contains no codes governing initial connection or end of transmission.
- the data of interest in the UDP header are the source port and destination port. This information, along with the Internet addresses contained in the IP header, are used to determine where the IP filter should route this packet.
- the IP filter maintains a lookup table of information on each UDP session.
- the IP filter receives a UDP packet from the private network, it records the source address, the source port number, the destination port number, and the assigned IP filter port number as the index to the table. Then the private node address and port number in the packet header are replaced with the address and assigned port number of the IP filter. Then the packet is transmitted to the Internet.
- the IP filter When the IP filter receives a UDP packet from the Internet, it indexes the UDP lookup table and replaces the packet's destination information, namely the IP filter address and assigned port number, with the private address and port number from the lookup table.
- the lookup table also maintains an interval indication for an expiration timer on datagram packets received as per standard UDP implementations. If the IP filter receives packets from the Internet that do not have entries in the lookup table corresponding to the IP filter port, it ignores the packets. As ICMP packets do not contain port numbers of either source or destination, any ICMP packets received from the private network are processed one at a time, with buffering of additional ICMP packets.
- the IP filter reads the private address from the packet header and replaces it with the address of the IP filter.
- the packet is transmitted to the Internet, and the IP filter waits for the response.
- the destination address in the packet header is changed from that of the IP filter to that of the node on the private network. Then the IP filter transmits the packet to the private network.
- each node To successfully deliver packets over an IP protocol network, each node must maintain a table of other hosts' IP addresses and their corresponding Ethernet addresses in an Ethernet based data communications network. The nodes actually use the IP addresses and the Ethernet addresses to address packets. The relationship between the two addresses is dynamic; that is, a node with an IP address may change its Ethernet address.
- the information in the address table is obtained from the replies to the node's broadcast of ARP packets.
- the source node broadcasts ARP packets to request the Ethernet address of the destination node, given the destination node's IP address. If the destination node receives the packet, it sends a reply packet with the requested information.
- the IP filter passes ARP packets in a manner similar to TCP and UDP packet passing.
- the IP filter receives an ARP packet from a node on the private network destined for the public network, it replaces the source address information with the filter's address information.
- the private node's IP address and the target IP address are placed in a lookup table.
- the target node replies with its own Ethernet address, the destination address information is changed from that of the IP filter to that of the private node before transmitting the packet to the private node.
- the private node address information is obtained from the table.
- the ARP packet does not pass through the IP filter but is restricted to communications between the filter and the one side of the network.
- IP filter may log, for example, by writing them into a text file.
- the IP filter ideally will process packets as fast as the networks present them but when network traffic is too heavy, the IP filter will then buffer the packets in two queues, one for the private network and one for the Internet.
- Two source and destination lookup tables may be utilized, one for TCP packets and the other for UDP packets.
- Each table is directly indexed by the IP filter port number assigned to the communication session.
- the table entries contain the IP address of the private node, the source port of the private node, and the destination port of the Internet node. If there is no connection on a certain IP filter port, then the corresponding entry in the table may be zeroed. Packets arriving from both the private network and the Internet are processed using the same lookup table. This arrangement assumes that of the available IP filter communications ports some are designated for UDP communication and some for TCP communication.
- Figure 1 is a schematic representing an internet protocol filter coupling a private network and a public network
- Figure 2 is a block diagram representing internal components of the filter.
- a private network 10 communicatively coupled through an internet protocol (IP) filter 12 to a public network 14 which may form part of a global data network, otherwise referred to as the Internet 16.
- IP internet protocol
- the private network 10 represents a conventional data communications network, such as a local area network (LAN) , having a plurality of nodes 18 each being identified by a unique IP address within the domain of the private network 10.
- the public network 14 and Internet 16 are representative of public domain data communications networks also having a plurality of nodes 20 with corresponding IP addresses.
- the IP filter 12 acts as a gateway through which data packets are exchanged between the private network 10 and the public network 14, thereby providing Internet access to the nodes 18 of the private network 10.
- the IP filter 12 constitutes one of the private network nodes 18 and is the only such node to have a public IP address that is Internet-registered, whereby the IP filter 12 essentially also constitutes one of the public nodes 20 and its IP address is known in the public domain.
- the IP addresses of the other private network nodes 18 are reserved for the private network 10, and not known or registered in the public Internet address domain.
- associated with the IP address of the IP filter 12 are a plurality of IP ports, specifically 65,536 in total of which 64,512 are not reserved for predefined protocols and can be used for address translations.
- IP filter 12 manages the communications between private nodes 18 and the Internet nodes 20 by modifying header information of data packets received from the private network 10 before transmitting each to the public network 14. The modifications cause the communications between the private nodes 18 and the public Internet nodes 20 to actually be between the IP filter 12 and the Internet nodes 20, which route all return communications to the IP filter 12 which subsequently routes the return data packets to the private nodes 18.
- the IP filter 12 accepts no connection requests from the public network 14. All communications between private nodes 18 and public nodes 20 are initiated by the private nodes 18.
- the IP filter 12 is designed to support three data transport protocols over the internet protocol: TCP, UDP and ICMP messages; packets of other protocols are rejected or ignored.
- a translation table is maintained by the IP filter 12 to map address and ports for packets received from the private network 10 destined to the public network 14 and vise versa.
- the translation table contains the following for each entry: private IP address (pIP) private port (pPort) internet (public) IP address (ilP) internet (public) Port (iPort) timer session type/state Ethernet address
- the basic translation substitutes IP addresses and ports from the private network side to the IP filter's IP address and ports, thereby hiding all nodes 18 on the private network 10 from the public network 14.
- a packet originating on the private network side specifies a source - destination of
- the IP filter 12 will translate the above to (frIP, frPort - ilP, iPort) where frIP is the IP address of the IP filter 12 on the public network 14, and frPort is the index into the translation table plus an offset value, for example, of 1024 to skip using well known ports.
- frPort represents an arbitrary port.
- the internet node 20 will reply with a packet (ilP, iPort - frIP, frPort) which will be received by the IP filter 12 and translated thereby to
- Translating from the public side can be a direct table lookup since frPort minus 1024 is the index into the table. If (ilP, iPort) in the packet does not match the corresponding entries in the table, then an unauthorized access is logged and the packet dropped.
- the checksum in both the TCP/UCP and IP header must be recalculated.
- the IP header checksum must be recalculated.
- the IP filter 12 locates an unused entry in the table and fills it in, setting the type to TCP and state to SYN. Then the packet is forwarded by the general scheme above. If no free entries exist in the table, then the packet is dropped and the event is logged. If a SYN packet is received from the public network 14 interface, it is treated as unauthorized and logged (except for FTP special case described below) . However, a SYN+ACK packet is forwarded if the state of the translation table entry is SYN. After forwarding such a packet the state set to OPEN.
- FIN If a FIN packet is received by the IP filter 12 and if the state in the translation table is not FIN, the state is set to FIN and the packet forwarded. If the state is FIN, then the packet is forwarded and the translation table entry is deleted by setting it to 0. A FIN must be sent by each side to close a TCP connection.
- the IP filter 12 when any UDP packet is received from the private network 10 side, the IP filter 12 first tries its standard lookup. If a translation table entry is not found, an unused entry is set up and the state set to OPEN. If a free entry is not found in the table, then rather than dropping the packet, a random UDP in the table is overwritten. Since UDP is connectionless and consequently an unreliable transport, if a packet is received from the public network 14 that would have needed the entry that was overwritten, that packet will be dropped and the node 18 on the private side will need to retry.
- an FTP client establishes a TCP "control" connection with an FTP server on a particular port, for example, port 21.
- the FTP server will open a TCP connection from its "data" port, for example, which is default 20, to a destination port specified by the client.
- packets sent by the private network 10 to port 21 need to be analyzed for an FTP "port" command at the IP filter 12. If detected, then a new entry in the table must be set up with pPort set to the value in the FTP port command. The IP address and port number in the FTP command must be changed to the IP filter's address and port before forwarding the packet. The state is set to FTPDATA.
- the IP filter 12 locates a new entry in the translation table.
- the sequence field of the packet is stored in pPort in the table and the table index is put in the sequence field of the packet.
- the ICMP checksum is recalculated and the standard IP header substitution is done.
- the type is set to ICMP and state to PING and the timer set to 1 minute.
- an echo reply (ping) is received from the public network 14 interface, then the sequence field is used as the index into the table. If the state is PING, then pPort in the table is substituted into the sequence field of the packet, the ICMP checksum recalculated and the standard IP header substitution is done. The table entry is then deleted. If an echo request (ping) is received from the public network 14, then the IP filter 12 will reply. This allows internet access to confirm that the IP filter 12 is reachable and running.
- the header information contained is extracted. If the protocol was TCP or UDP, the (frIP, frPort - ilP, iPort) of the originating packet can be determined and the translation table entry located. If the IP address extracted from the ICMP matches the address in the table, the IP filter 12 forwards the packet to the private network 10 using the standard scheme.
- the private network 10 and the public network 14 are Ethernet based LANs.
- the IP filter 12 may be implemented by a data processing platform which is equipped with two conventional Ethernet hardware interfaces connected to networks 10 and 14, respectively, and which is provisioned with appropriate software to implement the functionality of the IP filter 12.
- Internal components of the IP filter 12 in terms of software executable by the data processing platform are shown in Figure 2.
- the internal components include two packet drivers 30 and 32, an address resolution protocol (ARP) table 34, an Ethernet address table 36, an IP handler 38, an address translation 40 and a user interface 42.
- the packet drivers 30 and 32 control the Ethernet hardware interfaces in order to communicate with, respectively, the private network 10 and the public network 14.
- the IP handler 38 provides a router functionality for receiving and forwarding messages, and maintains the ARP table 34 and the Ethernet table 36.
- the address translation 40 effects translation between source port numbers from the private network 10 and the destination port numbers on the public network side 14.
- the user interface 42 enables an operator, via a keyboard and display terminal attached to the processing platform, to interface with the IP filter 12. Functions keys are provided to configure the IP filter, view or copy log files, display status, etc.
- the log file will contain the connect time of TCP or UDP sessions, inbound and outbound traffic statistics, and invalid access to the IP filter 12. To prevent the log file from growing too large, this information will be logged to a new file when the date changes.
- Routing of packets to and from the IP filter 12 is described in the following in terms of a public interface, from the view of the public network 14, and of a private interface, from the view of the private network 10.
- the public interface behaves as a host on the LAN segment. To forward a packet, it checks to see if the destination IP is on the local LAN segment. If it is, it looks up the IP address in its ARP table to find the Ethernet address. If there is no entry in the ARP table, it must put the packet on a queue and send out an ARP request to get the Ethernet address. Standard aging out of ARP table entries needs to be done. If the IP destination is not on the LAN segment, it will forward the packet to the configured default router. ICMP Redirect messages sent by the default router will be ignored.
- the private interface effects the functionality of a router, as it needs to be able to forward packets to one or more routers to communicate with the remote client stations.
- a large remote client network may access multiple router machines.
- Conventional routing can result in large routing tables because the routing entries become host addresses instead of subnet addresses. That is, if the network is set up so that a client may come in through either Routerl or Router2, then no single router can be the router for the subnet that that client station is on.
- a conventional router that would get routing tables via RIP from all routers on the private network would end up with a large table of host addresses for each remote client connected. This can affect performance in the search time necessary to find the route, the memory required for large tables and the amount of RIP traffic on the LAN segment between all these routers.
- the IP filter will maintain an Ethernet table. For every packet that is forwarded from the private to public side, if a translation entry exists, use its Ethernet index to compare with the Ethernet source address of the incoming packet. If they match, nothing more needs to be done. Otherwise, the Ethernet table is searched for the source Ethernet address, adding a new Ethernet table entry if not found. The index to the Ethernet table is then saved in the translation table entry. Then when a packet is being translated from the public to private side, the Ethernet address can be retrieved directly from the index in the translation table. Thus packets will be routed to the router which forwarded the packet to the IP filter.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE69708281T DE69708281T2 (en) | 1996-04-24 | 1997-04-23 | INTERNET PROTOCOL-FILTER |
AU25632/97A AU707905B2 (en) | 1996-04-24 | 1997-04-23 | Internet protocol filter |
CA002248577A CA2248577C (en) | 1996-04-24 | 1997-04-23 | Internet protocol filter |
JP9537534A JPH11508753A (en) | 1996-04-24 | 1997-04-23 | Internet Protocol Filter |
KR1019980708503A KR100317443B1 (en) | 1996-04-24 | 1997-04-23 | Internet protocol filter |
EP97917189A EP0895684B1 (en) | 1996-04-24 | 1997-04-23 | Internet protocol filter |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US1594596P | 1996-04-24 | 1996-04-24 | |
US60/015,945 | 1996-04-24 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1997040610A2 true WO1997040610A2 (en) | 1997-10-30 |
WO1997040610A3 WO1997040610A3 (en) | 1997-11-27 |
Family
ID=21774476
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA1997/000269 WO1997040610A2 (en) | 1996-04-24 | 1997-04-23 | Internet protocol filter |
Country Status (9)
Country | Link |
---|---|
US (1) | US6128298A (en) |
EP (1) | EP0895684B1 (en) |
JP (1) | JPH11508753A (en) |
KR (1) | KR100317443B1 (en) |
CN (1) | CN1216657A (en) |
AU (1) | AU707905B2 (en) |
CA (1) | CA2248577C (en) |
DE (1) | DE69708281T2 (en) |
WO (1) | WO1997040610A2 (en) |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000209263A (en) * | 1999-01-11 | 2000-07-28 | Sanyo Electric Co Ltd | Ts data filtering circuit for digital broadcasting receiver |
GB2350259A (en) * | 1999-05-21 | 2000-11-22 | Tien Chung Nan | Interconnecting computers |
NL1013273C2 (en) * | 1999-10-12 | 2001-04-17 | Koninkl Kpn Nv | Method and system for sending IP messages. |
EP1130846A2 (en) * | 2000-03-03 | 2001-09-05 | Nexland, Inc. | Network address translation gateway |
EP1137238A2 (en) * | 2000-03-20 | 2001-09-26 | SAMSUNG ELECTRONICS Co. Ltd. | System and method for integrated communications over a local IP network |
WO2001080514A2 (en) * | 2000-04-14 | 2001-10-25 | Stratus Technologies Bermuda Ltd. | Robust, secure service network |
WO2001086866A2 (en) * | 2000-05-05 | 2001-11-15 | Fujitsu Network Communications, Inc. | Unique address space and method for a transport network |
EP1161059A2 (en) * | 2000-05-31 | 2001-12-05 | Alcatel | Method and device for translating telecommunication network IP addresses by a leaky-controlled memory |
WO2002039657A1 (en) * | 2000-11-08 | 2002-05-16 | Icomera Ab | A method for secure packet-based communication between two units via an intermedia unit |
WO2002051093A2 (en) | 2000-12-21 | 2002-06-27 | Nokia Corporation | Address sharing |
KR20020093398A (en) * | 2001-06-08 | 2002-12-16 | (주)바네트 | Method for sharing an authorized internet protocol address of ultra highspeed internet restrictively |
WO2002103981A2 (en) * | 2001-06-14 | 2002-12-27 | Nortel Networks Limited | Providing telephony services to terminals behind a firewall and/or network address translator |
US6515966B1 (en) | 2000-05-05 | 2003-02-04 | Fujitsu Network Communications, Inc. | System and method for application object transport |
EP1310060A1 (en) * | 2000-08-15 | 2003-05-14 | Polycom Israel Ltd. | A multimedia communication control unit as a secure device for multimedia communication between lan users and other network users |
US6587457B1 (en) | 1998-03-31 | 2003-07-01 | Nokia Mobile Phones Ltd. | Method for connecting data flows |
KR20030069729A (en) * | 2002-02-22 | 2003-08-27 | 삼성전자주식회사 | Method for routing packet date in mobile communication system |
KR20030075810A (en) * | 2002-03-20 | 2003-09-26 | 유디에스 주식회사 | Communication system and its method between Internet protocol network and Private Network |
US6693909B1 (en) | 2000-05-05 | 2004-02-17 | Fujitsu Network Communications, Inc. | Method and system for transporting traffic in a packet-switched network |
KR100422375B1 (en) * | 2000-08-23 | 2004-03-16 | 큰사람컴퓨터 주식회사 | Method and system for establishing connections between terminals connected to network environments having different IP-addressing schemes |
WO2004023728A2 (en) * | 2002-09-06 | 2004-03-18 | Matsushita Electric Industrial Co., Ltd. | Home terminal apparatus and communication system |
US6775229B1 (en) | 2000-05-05 | 2004-08-10 | Fujitsu Network Communications, Inc. | Method and system for providing a protection path for connection-oriented signals in a telecommunications network |
WO2004100500A2 (en) * | 2003-05-05 | 2004-11-18 | Thomson Licensing S.A. | System and method for communicating with a display device via a network |
US7031286B1 (en) | 1998-06-30 | 2006-04-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and an arrangement in a mobile radio system |
US7047176B2 (en) | 2000-05-05 | 2006-05-16 | Fujitsu Limited | Method and system for hardware simulation |
US7068655B2 (en) | 2001-06-14 | 2006-06-27 | Nortel Networks Limited | Network address and/or port translation |
US7075927B2 (en) | 2000-05-05 | 2006-07-11 | Fujitsu Limited | Method and system for quality of service (QoS) support in a packet-switched network |
US7113763B2 (en) | 2002-06-03 | 2006-09-26 | Nokia Corporation | Bluetooth access point and remote bluetooth modules for powerline based networking |
US7133403B1 (en) | 2000-05-05 | 2006-11-07 | Fujitsu Limited | Transport network and method |
US7151773B1 (en) | 2000-05-05 | 2006-12-19 | Fujitsu Limited | System and method for connectionless/connection oriented signal transport |
US7173912B2 (en) | 2000-05-05 | 2007-02-06 | Fujitsu Limited | Method and system for modeling and advertising asymmetric topology of a node in a transport network |
US7240368B1 (en) * | 1999-04-14 | 2007-07-03 | Verizon Corporate Services Group Inc. | Intrusion and misuse deterrence system employing a virtual network |
US7385917B1 (en) | 2000-05-05 | 2008-06-10 | Fujitsu Limited | Method and system for providing a protection path for connectionless signals in a telecommunications network |
US7668306B2 (en) | 2002-03-08 | 2010-02-23 | Intel Corporation | Method and apparatus for connecting packet telephony calls between secure and non-secure networks |
US7684317B2 (en) | 2001-06-14 | 2010-03-23 | Nortel Networks Limited | Protecting a network from unauthorized access |
US9667594B2 (en) | 1999-06-15 | 2017-05-30 | Ssh Communications Security Oyj | Maintaining network address translations |
Families Citing this family (150)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001345854A (en) * | 2000-03-27 | 2001-12-14 | Matsushita Electric Ind Co Ltd | Method, system and device for communicating packet between networks |
KR100528156B1 (en) | 1997-03-12 | 2005-11-15 | 노마딕스, 인코포레이티드 | Nomadic Translator or Router |
JP3038650B2 (en) * | 1997-04-28 | 2000-05-08 | 日本電気株式会社 | Internet communication method and apparatus for mobile packet communication system |
US6006258A (en) * | 1997-09-12 | 1999-12-21 | Sun Microsystems, Inc. | Source address directed message delivery |
US6092110A (en) * | 1997-10-23 | 2000-07-18 | At&T Wireless Svcs. Inc. | Apparatus for filtering packets using a dedicated processor |
US6353614B1 (en) * | 1998-03-05 | 2002-03-05 | 3Com Corporation | Method and protocol for distributed network address translation |
US6876654B1 (en) * | 1998-04-10 | 2005-04-05 | Intel Corporation | Method and apparatus for multiprotocol switching and routing |
US6370147B1 (en) | 1998-04-23 | 2002-04-09 | 3Com Corporation | Method for addressing of passive network hosts in a data-over-cable system |
US6636485B1 (en) | 1998-05-14 | 2003-10-21 | 3Com Corporation | Method and system for providing quality-of-service in a data-over-cable system |
US6560203B1 (en) | 1998-05-27 | 2003-05-06 | 3Com Corporation | Method for changing type-of-service in a data-over-cable system |
US6442158B1 (en) | 1998-05-27 | 2002-08-27 | 3Com Corporation | Method and system for quality-of-service based data forwarding in a data-over-cable system |
US6510162B1 (en) | 1998-05-27 | 2003-01-21 | 3Com Corporation | System and method for managing channel usage in a data over cable system |
US6775276B1 (en) | 1998-05-27 | 2004-08-10 | 3Com Corporation | Method and system for seamless address allocation in a data-over-cable system |
US6717949B1 (en) * | 1998-08-31 | 2004-04-06 | International Business Machines Corporation | System and method for IP network address translation using selective masquerade |
US6892229B1 (en) | 1998-09-30 | 2005-05-10 | 3Com Corporation | System and method for assigning dynamic host configuration protocol parameters in devices using resident network interfaces |
US6728885B1 (en) | 1998-10-09 | 2004-04-27 | Networks Associates Technology, Inc. | System and method for network access control using adaptive proxies |
US6570875B1 (en) | 1998-10-13 | 2003-05-27 | Intel Corporation | Automatic filtering and creation of virtual LANs among a plurality of switch ports |
US6667968B1 (en) * | 1998-12-03 | 2003-12-23 | Telefonaktiebolaget L M Ericsson (Publ) | System and method for providing multiple endpoints in a device disposed in a packet-switched network |
US8266266B2 (en) | 1998-12-08 | 2012-09-11 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization, authentication and accounting |
US7194554B1 (en) | 1998-12-08 | 2007-03-20 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization authentication and accounting |
US8713641B1 (en) | 1998-12-08 | 2014-04-29 | Nomadix, Inc. | Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device |
US6662135B1 (en) | 1998-12-09 | 2003-12-09 | 3Com Corporation | Method and apparatus for reflective mixer testing of a cable modem |
US6657991B1 (en) * | 1998-12-21 | 2003-12-02 | 3Com Corporation | Method and system for provisioning network addresses in a data-over-cable system |
US6584096B1 (en) * | 1998-12-30 | 2003-06-24 | Nortel Networks Limited | Method and apparatus for connecting a home network to the internet |
US6577642B1 (en) | 1999-01-15 | 2003-06-10 | 3Com Corporation | Method and system for virtual network administration with a data-over cable system |
US6738382B1 (en) * | 1999-02-24 | 2004-05-18 | Stsn General Holdings, Inc. | Methods and apparatus for providing high speed connectivity to a hotel environment |
US6563824B1 (en) | 1999-04-20 | 2003-05-13 | 3Com Corporation | Apparatus and methods for determining the correct workstation within a LAN for a LAN modem to route a packet |
US6697862B1 (en) * | 1999-05-21 | 2004-02-24 | 3Com Corporation | System and method for network address maintenance using dynamic host configuration protocol messages in a data-over-cable system |
US6654387B1 (en) | 1999-05-21 | 2003-11-25 | 3Com Corporation | Method for network address table maintenance in a data-over-cable system using a network device registration procedure |
US6754622B1 (en) | 1999-05-24 | 2004-06-22 | 3Com Corporation | Method for network address table maintenance in a data-over-cable system using destination reachibility |
US6785292B1 (en) | 1999-05-28 | 2004-08-31 | 3Com Corporation | Method for detecting radio frequency impairments in a data-over-cable system |
JP2001053794A (en) * | 1999-08-09 | 2001-02-23 | Nec Corp | Real time backup communication method for ip communication |
EP1208677B1 (en) * | 1999-09-03 | 2012-05-02 | Broadcom Corporation | Apparatus and method for enabling voice over ip support for a network switch |
US6553568B1 (en) | 1999-09-29 | 2003-04-22 | 3Com Corporation | Methods and systems for service level agreement enforcement on a data-over cable system |
US6698021B1 (en) * | 1999-10-12 | 2004-02-24 | Vigilos, Inc. | System and method for remote control of surveillance devices |
AU1224101A (en) | 1999-10-22 | 2001-05-08 | Nomadix, Inc. | Gateway device having an xml interface and associated method |
US6581108B1 (en) * | 1999-11-30 | 2003-06-17 | Lucent Technologies Inc. | Managing multiple private data networks using network and payload address translation |
US6798782B1 (en) | 1999-12-10 | 2004-09-28 | Sun Microsystems, Inc. | Truly anonymous communications using supernets, with the provision of topology hiding |
US7765581B1 (en) | 1999-12-10 | 2010-07-27 | Oracle America, Inc. | System and method for enabling scalable security in a virtual private network |
US6970941B1 (en) | 1999-12-10 | 2005-11-29 | Sun Microsystems, Inc. | System and method for separating addresses from the delivery scheme in a virtual private network |
US6977929B1 (en) | 1999-12-10 | 2005-12-20 | Sun Microsystems, Inc. | Method and system for facilitating relocation of devices on a network |
US6870842B1 (en) | 1999-12-10 | 2005-03-22 | Sun Microsystems, Inc. | Using multicasting to provide ethernet-like communication behavior to selected peers on a network |
US7336790B1 (en) | 1999-12-10 | 2008-02-26 | Sun Microsystems Inc. | Decoupling access control from key management in a network |
JP3436906B2 (en) * | 1999-12-10 | 2003-08-18 | パナソニック コミュニケーションズ株式会社 | Error notification device and error notification method |
US6879593B1 (en) * | 1999-12-20 | 2005-04-12 | Intel Corporation | Connections of nodes on different networks |
US7072933B1 (en) | 2000-01-24 | 2006-07-04 | Microsoft Corporation | Network access control using network address translation |
US7925693B2 (en) * | 2000-01-24 | 2011-04-12 | Microsoft Corporation | NAT access control with IPSec |
US20020112076A1 (en) * | 2000-01-31 | 2002-08-15 | Rueda Jose Alejandro | Internet protocol-based computer network service |
US6804262B1 (en) | 2000-04-28 | 2004-10-12 | 3Com Corporation | Method and apparatus for channel determination through power measurements |
US6862267B1 (en) * | 2000-05-08 | 2005-03-01 | Nortel Networks Limited | Determining network addresses and ports using table from a description file |
GB2362482A (en) * | 2000-05-15 | 2001-11-21 | Ridgeway Systems & Software Lt | Direct slave addressing to indirect slave addressing |
US6718385B1 (en) * | 2000-05-19 | 2004-04-06 | Galaxy Computer Services, Inc. | System for controlling movement of information using an information diode between a source network and a destination network |
US6816500B1 (en) | 2000-07-10 | 2004-11-09 | 3Com Corporation | Apparatus, method and system for multimedia access network channel management |
US20030093430A1 (en) * | 2000-07-26 | 2003-05-15 | Mottur Peter A. | Methods and systems to control access to network devices |
EP1307867B1 (en) | 2000-07-26 | 2010-06-23 | Smiths Detection Inc. | Methods and systems for networked camera control |
US7382397B2 (en) * | 2000-07-26 | 2008-06-03 | Smiths Detection, Inc. | Systems and methods for controlling devices over a network |
GB2365256A (en) | 2000-07-28 | 2002-02-13 | Ridgeway Systems & Software Lt | Audio-video telephony with port address translation |
FR2812991B1 (en) * | 2000-08-08 | 2003-01-24 | France Telecom | TRANSLATION OF USER INSTALLATION TERMINAL IDENTIFIERS IN A PACKET NETWORK |
KR100689034B1 (en) * | 2000-08-26 | 2007-03-08 | 삼성전자주식회사 | Network address translation system and method being capable of accessing to node having private IP address from external network and computer-readable medium recording the method |
KR100645960B1 (en) * | 2000-08-29 | 2006-11-14 | 삼성전자주식회사 | System and method for accessing to node of private network |
US6981278B1 (en) * | 2000-09-05 | 2005-12-27 | Sterling Commerce, Inc. | System and method for secure dual channel communication through a firewall |
US7836498B2 (en) * | 2000-09-07 | 2010-11-16 | Riverbed Technology, Inc. | Device to protect victim sites during denial of service attacks |
US20020101859A1 (en) * | 2000-09-12 | 2002-08-01 | Maclean Ian B. | Communicating between nodes in different wireless networks |
US6661799B1 (en) | 2000-09-13 | 2003-12-09 | Alcatel Usa Sourcing, L.P. | Method and apparatus for facilitating peer-to-peer application communication |
FI112308B (en) * | 2000-09-14 | 2003-11-14 | Nokia Corp | Sharing protocol processing |
US7054930B1 (en) * | 2000-10-26 | 2006-05-30 | Cisco Technology, Inc. | System and method for propagating filters |
DE10053951B4 (en) * | 2000-10-31 | 2005-04-21 | Siemens Ag | Method and router for establishing a connection via an IP-oriented network |
GB2369746A (en) | 2000-11-30 | 2002-06-05 | Ridgeway Systems & Software Lt | Communications system with network address translation |
KR100464487B1 (en) * | 2000-12-27 | 2004-12-31 | 엘지전자 주식회사 | Apparatus and method for security through packet check in ADSL modem |
US6775235B2 (en) * | 2000-12-29 | 2004-08-10 | Ragula Systems | Tools and techniques for directing packets over disparate networks |
GB2371186A (en) * | 2001-01-11 | 2002-07-17 | Marconi Comm Ltd | Checking packets |
KR100393273B1 (en) * | 2001-02-12 | 2003-07-31 | (주)폴리픽스 | An Online Data Communicating System and a Method in a Private Network |
KR100418445B1 (en) * | 2001-04-11 | 2004-02-14 | (주) 세이프아이 | Method and system for restricting access from external |
US7366194B2 (en) | 2001-04-18 | 2008-04-29 | Brocade Communications Systems, Inc. | Fibre channel zoning by logical unit number in hardware |
US7167472B2 (en) * | 2001-04-18 | 2007-01-23 | Brocade Communications Systems, Inc. | Fibre channel zoning by device name in hardware |
US7151778B2 (en) | 2001-04-18 | 2006-12-19 | Brocade Communications Systems, Inc. | Frame filtering of fibre channel packets |
US20020154635A1 (en) * | 2001-04-23 | 2002-10-24 | Sun Microsystems, Inc. | System and method for extending private networks onto public infrastructure using supernets |
US6987765B2 (en) * | 2001-06-14 | 2006-01-17 | Nortel Networks Limited | Changing media sessions |
US6513122B1 (en) | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
WO2003028340A1 (en) * | 2001-08-30 | 2003-04-03 | Siemens Aktiengesellschaft | Pre- processing of nat addresses |
GB0123371D0 (en) * | 2001-09-28 | 2001-11-21 | Nokia Corp | Improved interconnection of IP networks |
US20040048610A1 (en) * | 2001-09-28 | 2004-03-11 | Kim Soo Hwan | Method and system for matching subscriber states in network in which public land mobile network and wired/wireless private network are interworked |
US20030069981A1 (en) * | 2001-10-09 | 2003-04-10 | Koninklijke Philips Electronics N.V. | IP hopping for secure data transfer |
US7006436B1 (en) * | 2001-11-13 | 2006-02-28 | At&T Corp. | Method for providing voice-over-IP service |
US20040133669A1 (en) * | 2001-11-28 | 2004-07-08 | Esa Jalonen | Event or polling driven DVB-T filter detection |
US7512084B2 (en) * | 2001-11-28 | 2009-03-31 | Nokia Corporation | Event driven filter monitoring for IP multicast services |
US7227864B2 (en) * | 2001-12-17 | 2007-06-05 | Microsoft Corporation | Methods and systems for establishing communications through firewalls and network address translators |
US7114005B2 (en) * | 2002-02-05 | 2006-09-26 | Cisco Technology, Inc. | Address hopping of packet-based communications |
US7475145B2 (en) * | 2002-04-26 | 2009-01-06 | International Business Machines Corporation | Dynamic invocation of web services |
WO2003094366A2 (en) | 2002-05-06 | 2003-11-13 | Qualcomm Incorporated | System and method for registering ip address of wireless communication device |
IL165340A0 (en) * | 2002-05-23 | 2006-01-15 | Matsushita Electric Ind Co Ltd | Information processing system |
US7657616B1 (en) | 2002-06-10 | 2010-02-02 | Quest Software, Inc. | Automatic discovery of users associated with screen names |
US7428590B2 (en) * | 2002-06-10 | 2008-09-23 | Akonix Systems, Inc. | Systems and methods for reflecting messages associated with a target protocol within a network |
US7774832B2 (en) * | 2002-06-10 | 2010-08-10 | Quest Software, Inc. | Systems and methods for implementing protocol enforcement rules |
CA2488731A1 (en) | 2002-06-10 | 2003-12-18 | Akonix Systems, Inc. | Systems and methods for a protocol gateway |
US7707401B2 (en) * | 2002-06-10 | 2010-04-27 | Quest Software, Inc. | Systems and methods for a protocol gateway |
JP4346869B2 (en) * | 2002-06-26 | 2009-10-21 | パナソニック株式会社 | Electronic device and information processing method |
CN1798156A (en) * | 2002-09-30 | 2006-07-05 | 松下电器产业株式会社 | Information processing apparatus and receiving apparatus |
US20040083388A1 (en) * | 2002-10-25 | 2004-04-29 | Nguyen The Vinh | Method and apparatus for monitoring data packets in a packet-switched network |
US7454499B2 (en) * | 2002-11-07 | 2008-11-18 | Tippingpoint Technologies, Inc. | Active network defense system and method |
US20040139226A1 (en) * | 2002-12-13 | 2004-07-15 | Dany Margalit | Method for assigning an IP address to a network connectable device |
US7216359B2 (en) * | 2002-12-19 | 2007-05-08 | International Business Machines Corporation | Secure communication overlay using IP address hopping |
US20050013274A1 (en) * | 2003-03-05 | 2005-01-20 | Harri Pekonen | System and method for data transmission and reception |
US7627640B2 (en) * | 2003-03-17 | 2009-12-01 | Epostal Services, Inc. | Messaging and document management system and method |
MXPA05008750A (en) * | 2003-03-17 | 2005-09-20 | Epostal Services Inc | Messaging and document management system and method. |
US7535878B2 (en) * | 2003-03-28 | 2009-05-19 | Intel Corporation | Method, apparatus and system for ensuring reliable access to a roaming mobile node |
US7694021B1 (en) * | 2003-05-28 | 2010-04-06 | Cisco Technology, Inc. | Firewall for gateway network elements between IP based networks |
US7573867B1 (en) * | 2003-07-17 | 2009-08-11 | Sprint Spectrum L.P. | Method and system for maintaining a radio link connection during absence of real-time packet data communication |
US20050041631A1 (en) * | 2003-08-20 | 2005-02-24 | Naveen Aerrabotu | Apparatus and method for primary link packet control |
US7715326B2 (en) * | 2003-08-22 | 2010-05-11 | Eutech Cybernetics Pte. Ltd. | Webserver alternative for increased security |
CN100440886C (en) | 2003-09-02 | 2008-12-03 | 华为技术有限公司 | Method for realizing multimedia protocol passing through network address translation device |
US20050053063A1 (en) * | 2003-09-04 | 2005-03-10 | Sajeev Madhavan | Automatic provisioning of network address translation data |
US20050102704A1 (en) * | 2003-11-07 | 2005-05-12 | Rudy Prokupets | Multiregional security system integrated with digital video recording and archiving |
TWI257217B (en) * | 2003-11-10 | 2006-06-21 | Inst Information Industry | Method to detect the form of network address translation |
CN1270481C (en) * | 2003-12-08 | 2006-08-16 | 华为技术有限公司 | Access gate wireless local area network and implementation for guaranteeing network safety |
US7305706B2 (en) * | 2004-01-15 | 2007-12-04 | Cisco Technology, Inc. | Establishing a virtual private network for a road warrior |
US7430203B2 (en) * | 2004-01-29 | 2008-09-30 | Brocade Communications Systems, Inc. | Fibre channel zoning hardware for directing a data packet to an external processing device |
US20070174436A1 (en) * | 2004-01-30 | 2007-07-26 | Hajime Maekawa | Communication system, information processing system, information processing apparatus, tunnel management apparatus, information processing method, tunnel management method, and program |
US20050177859A1 (en) * | 2004-02-09 | 2005-08-11 | Valentino Henry Iii | Video surveillance system and methods of use and doing business |
CN100525202C (en) * | 2004-05-28 | 2009-08-05 | 中兴通讯股份有限公司 | A method of registration for the private network terminal to the gatekeeper based on the H.323 protocol |
CN1299476C (en) * | 2004-05-28 | 2007-02-07 | 中兴通讯股份有限公司 | Method for H.323 agent server to register on gatekeeper from terminals after being agent of NAT |
CN1756259B (en) * | 2004-09-27 | 2011-04-20 | 国际商业机器公司 | Method and system for using a network address translation (nat) in an IP network |
US8059562B2 (en) * | 2004-10-18 | 2011-11-15 | Nokia Corporation | Listener mechanism in a distributed network system |
US8464299B1 (en) | 2004-11-17 | 2013-06-11 | Rockstar Consortium Us Lp | Resource conservation for packet television services |
KR20060059292A (en) * | 2004-11-26 | 2006-06-01 | 한국전자통신연구원 | Network management method in interactive satellite communication system |
US20060215649A1 (en) * | 2005-03-08 | 2006-09-28 | Chris Morrall | Network address converting apparatus using SSW tree |
US20060221955A1 (en) * | 2005-04-05 | 2006-10-05 | Mark Enright | IP addressing in joined private networks |
US8064439B2 (en) | 2005-06-30 | 2011-11-22 | Cisco Technology, Inc. | Method and system for call processing |
EP1946217A2 (en) * | 2005-11-03 | 2008-07-23 | Akonix Systems, Inc. | Systems and methods for remote rogue protocol enforcement |
US7451145B1 (en) * | 2005-12-13 | 2008-11-11 | At&T Corp. | Method and apparatus for recursively analyzing log file data in a network |
JP4759389B2 (en) * | 2006-01-10 | 2011-08-31 | アラクサラネットワークス株式会社 | Packet communication device |
JP4634320B2 (en) * | 2006-02-28 | 2011-02-16 | 株式会社日立製作所 | Device and network system for anti-abnormal communication protection |
JP4594258B2 (en) * | 2006-03-10 | 2010-12-08 | 富士通株式会社 | System analysis apparatus and system analysis method |
US7704617B2 (en) * | 2006-04-03 | 2010-04-27 | Bloom Energy Corporation | Hybrid reformer for fuel flexibility |
JP4780413B2 (en) * | 2007-01-12 | 2011-09-28 | 横河電機株式会社 | Unauthorized access information collection system |
US8046492B1 (en) * | 2007-11-06 | 2011-10-25 | Juniper Networks, Inc. | Offset independent filtering |
DE102008012559A1 (en) * | 2008-03-04 | 2009-09-17 | Jochen Schumacher | Method for establishing a communication link between subscriber devices in a data network |
CN101286895B (en) * | 2008-05-22 | 2010-08-18 | 上海交通大学 | Dynamic configurable data monitoring system and method for distributed network |
GB2478470B8 (en) | 2008-11-17 | 2014-05-21 | Sierra Wireless Inc | Method and apparatus for network port and netword address translation |
US8924486B2 (en) | 2009-02-12 | 2014-12-30 | Sierra Wireless, Inc. | Method and system for aggregating communications |
US8326919B1 (en) * | 2009-12-22 | 2012-12-04 | Emc Corporation | Network address translation auto-discovery in data storage networks |
US9160707B2 (en) | 2010-10-22 | 2015-10-13 | Telefonaktiebolaget L M Ericsson (Publ) | Differentiated handling of network traffic using network address translation |
US8904036B1 (en) * | 2010-12-07 | 2014-12-02 | Chickasaw Management Company, Llc | System and method for electronic secure geo-location obscurity network |
WO2012106820A1 (en) * | 2011-02-08 | 2012-08-16 | Sierra Wireless, Inc. | Method and system for forwarding data between network devices |
CN102209124B (en) * | 2011-06-08 | 2014-03-12 | 杭州华三通信技术有限公司 | Method for communication between private network and public network and network address translation equipment |
US9931251B2 (en) * | 2011-07-20 | 2018-04-03 | etectRx Inc. | Wetness sensors, wetness monitoring system, and related methods |
US9634911B2 (en) * | 2013-07-30 | 2017-04-25 | Avaya Inc. | Communication device event captures |
US9832196B2 (en) | 2014-09-15 | 2017-11-28 | Bank Of America Corporation | Network monitoring device |
EP3231142B1 (en) * | 2014-12-09 | 2021-07-21 | Telefonaktiebolaget LM Ericsson (publ) | Network address translation |
CN104579939B (en) * | 2014-12-29 | 2021-02-12 | 网神信息技术(北京)股份有限公司 | Gateway protection method and device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0465201A2 (en) * | 1990-06-29 | 1992-01-08 | Digital Equipment Corporation | Bridge-like internet protocol router |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5383179A (en) * | 1988-12-15 | 1995-01-17 | Laboratoire Europeen De Recherches Electroniques Avancees | Message routing method in a system having several different transmission channels |
US5400334A (en) * | 1993-08-10 | 1995-03-21 | Ungermann-Bass, Inc. | Message security on token ring networks |
US5606668A (en) * | 1993-12-15 | 1997-02-25 | Checkpoint Software Technologies Ltd. | System for securing inbound and outbound data packet flow in a computer network |
US5835726A (en) * | 1993-12-15 | 1998-11-10 | Check Point Software Technologies Ltd. | System for securing the flow of and selectively modifying packets in a computer network |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5623601A (en) * | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
US5793763A (en) * | 1995-11-03 | 1998-08-11 | Cisco Technology, Inc. | Security system for network address translation systems |
US5781550A (en) * | 1996-02-02 | 1998-07-14 | Digital Equipment Corporation | Transparent and secure network gateway |
US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US5778174A (en) * | 1996-12-10 | 1998-07-07 | U S West, Inc. | Method and system for providing secured access to a server connected to a private computer network |
-
1997
- 1997-04-23 DE DE69708281T patent/DE69708281T2/en not_active Expired - Lifetime
- 1997-04-23 JP JP9537534A patent/JPH11508753A/en active Pending
- 1997-04-23 EP EP97917189A patent/EP0895684B1/en not_active Expired - Lifetime
- 1997-04-23 KR KR1019980708503A patent/KR100317443B1/en not_active IP Right Cessation
- 1997-04-23 CA CA002248577A patent/CA2248577C/en not_active Expired - Lifetime
- 1997-04-23 CN CN97194075A patent/CN1216657A/en active Pending
- 1997-04-23 WO PCT/CA1997/000269 patent/WO1997040610A2/en active IP Right Grant
- 1997-04-23 AU AU25632/97A patent/AU707905B2/en not_active Expired
- 1997-04-24 US US08/842,328 patent/US6128298A/en not_active Expired - Lifetime
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0465201A2 (en) * | 1990-06-29 | 1992-01-08 | Digital Equipment Corporation | Bridge-like internet protocol router |
Non-Patent Citations (2)
Title |
---|
INTERNET SECURITY HANDBOOK, 1995, MAIDENHEAD,ENGLAND, pages 27-37, XP002040993 STALLINGS W: * |
RFC1631, May 1994, INTERNET ENGINEERING TASK FORCE, USA, pages 1-10, XP002040992 EGEVANG K AND FRANCIS P: "The IP Network Address Translator (NAT)" * |
Cited By (65)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6587457B1 (en) | 1998-03-31 | 2003-07-01 | Nokia Mobile Phones Ltd. | Method for connecting data flows |
US7031286B1 (en) | 1998-06-30 | 2006-04-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and an arrangement in a mobile radio system |
JP2000209263A (en) * | 1999-01-11 | 2000-07-28 | Sanyo Electric Co Ltd | Ts data filtering circuit for digital broadcasting receiver |
US7240368B1 (en) * | 1999-04-14 | 2007-07-03 | Verizon Corporate Services Group Inc. | Intrusion and misuse deterrence system employing a virtual network |
US7958556B2 (en) | 1999-04-14 | 2011-06-07 | Verizon Corporate Services Group Inc. | Intrusion and misuse deterrence system employing a virtual network |
US8955095B2 (en) * | 1999-04-14 | 2015-02-10 | Verizon Corporate Services Group, Inc. | Intrusion and misuse deterrence system employing a virtual network |
GB2350259A (en) * | 1999-05-21 | 2000-11-22 | Tien Chung Nan | Interconnecting computers |
GB2350259B (en) * | 1999-05-21 | 2003-10-08 | Chung-Nan Tien | Method for enabling a remote user at a remote computer to access a computer selectively connected to a local computer network |
US9667594B2 (en) | 1999-06-15 | 2017-05-30 | Ssh Communications Security Oyj | Maintaining network address translations |
NL1013273C2 (en) * | 1999-10-12 | 2001-04-17 | Koninkl Kpn Nv | Method and system for sending IP messages. |
EP1093258A1 (en) * | 1999-10-12 | 2001-04-18 | Koninklijke KPN N.V. | Method and system for transmitting IP messages |
EP1130846A3 (en) * | 2000-03-03 | 2003-09-24 | Nexland, Inc. | Network address translation gateway |
US8165140B2 (en) | 2000-03-03 | 2012-04-24 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
EP1259886A1 (en) * | 2000-03-03 | 2002-11-27 | Nexland, Inc. | Network address translation gateway for local area networks using local ip addresses and non-translatable port addresses |
EP1259886A4 (en) * | 2000-03-03 | 2004-04-28 | Nexland Inc | Network address translation gateway for local area networks using local ip addresses and non-translatable port addresses |
EP1130846A2 (en) * | 2000-03-03 | 2001-09-05 | Nexland, Inc. | Network address translation gateway |
US7447804B2 (en) | 2000-03-20 | 2008-11-04 | Samsung Electronics Co., Ltd. | System and method for multi-telecommunication over local IP network |
EP1137238A3 (en) * | 2000-03-20 | 2004-01-21 | SAMSUNG ELECTRONICS Co. Ltd. | System and method for integrated communications over a local IP network |
EP1137238A2 (en) * | 2000-03-20 | 2001-09-26 | SAMSUNG ELECTRONICS Co. Ltd. | System and method for integrated communications over a local IP network |
WO2001080514A3 (en) * | 2000-04-14 | 2002-06-20 | Stratus Technologies Internati | Robust, secure service network |
WO2001080514A2 (en) * | 2000-04-14 | 2001-10-25 | Stratus Technologies Bermuda Ltd. | Robust, secure service network |
US7151773B1 (en) | 2000-05-05 | 2006-12-19 | Fujitsu Limited | System and method for connectionless/connection oriented signal transport |
WO2001086866A3 (en) * | 2000-05-05 | 2002-04-04 | Fujitsu Network Communications | Unique address space and method for a transport network |
US7133403B1 (en) | 2000-05-05 | 2006-11-07 | Fujitsu Limited | Transport network and method |
US7173912B2 (en) | 2000-05-05 | 2007-02-06 | Fujitsu Limited | Method and system for modeling and advertising asymmetric topology of a node in a transport network |
US6515966B1 (en) | 2000-05-05 | 2003-02-04 | Fujitsu Network Communications, Inc. | System and method for application object transport |
US6693909B1 (en) | 2000-05-05 | 2004-02-17 | Fujitsu Network Communications, Inc. | Method and system for transporting traffic in a packet-switched network |
US7075927B2 (en) | 2000-05-05 | 2006-07-11 | Fujitsu Limited | Method and system for quality of service (QoS) support in a packet-switched network |
US7058730B2 (en) | 2000-05-05 | 2006-06-06 | Fujitsu Limited | Unique address space and method for a transport network |
US7385917B1 (en) | 2000-05-05 | 2008-06-10 | Fujitsu Limited | Method and system for providing a protection path for connectionless signals in a telecommunications network |
US7047176B2 (en) | 2000-05-05 | 2006-05-16 | Fujitsu Limited | Method and system for hardware simulation |
WO2001086866A2 (en) * | 2000-05-05 | 2001-11-15 | Fujitsu Network Communications, Inc. | Unique address space and method for a transport network |
US6775229B1 (en) | 2000-05-05 | 2004-08-10 | Fujitsu Network Communications, Inc. | Method and system for providing a protection path for connection-oriented signals in a telecommunications network |
US6795816B2 (en) | 2000-05-31 | 2004-09-21 | Alcatel | Method and device for translating telecommunication network IP addresses by a leaky-controlled memory |
EP1161059A3 (en) * | 2000-05-31 | 2003-06-18 | Alcatel | Method and device for translating telecommunication network IP addresses by a leaky-controlled memory |
EP1161059A2 (en) * | 2000-05-31 | 2001-12-05 | Alcatel | Method and device for translating telecommunication network IP addresses by a leaky-controlled memory |
EP1310060A4 (en) * | 2000-08-15 | 2005-09-21 | Polycom Israel Ltd | A multimedia communication control unit as a secure device for multimedia communication between lan users and other network users |
US9531776B2 (en) | 2000-08-15 | 2016-12-27 | Polycom, Inc. | Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users |
US8706893B2 (en) | 2000-08-15 | 2014-04-22 | Polycom Israel, Ltd. | Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users |
EP1310060A1 (en) * | 2000-08-15 | 2003-05-14 | Polycom Israel Ltd. | A multimedia communication control unit as a secure device for multimedia communication between lan users and other network users |
KR100422375B1 (en) * | 2000-08-23 | 2004-03-16 | 큰사람컴퓨터 주식회사 | Method and system for establishing connections between terminals connected to network environments having different IP-addressing schemes |
WO2002039657A1 (en) * | 2000-11-08 | 2002-05-16 | Icomera Ab | A method for secure packet-based communication between two units via an intermedia unit |
US7009956B2 (en) | 2000-12-21 | 2006-03-07 | Nokia Corporation | Address sharing |
WO2002051093A2 (en) | 2000-12-21 | 2002-06-27 | Nokia Corporation | Address sharing |
WO2002051093A3 (en) * | 2000-12-21 | 2002-11-14 | Nokia Corp | Address sharing |
KR20020093398A (en) * | 2001-06-08 | 2002-12-16 | (주)바네트 | Method for sharing an authorized internet protocol address of ultra highspeed internet restrictively |
WO2002103981A2 (en) * | 2001-06-14 | 2002-12-27 | Nortel Networks Limited | Providing telephony services to terminals behind a firewall and/or network address translator |
US8108553B2 (en) | 2001-06-14 | 2012-01-31 | Rockstar Bidco, LP | Providing network address translation information |
WO2002103981A3 (en) * | 2001-06-14 | 2004-06-10 | Nortel Networks Ltd | Providing telephony services to terminals behind a firewall and/or network address translator |
US8484359B2 (en) | 2001-06-14 | 2013-07-09 | Rockstar Consortium Us Lp | Providing telephony services to terminals behind a firewall and/or a network address translator |
US8397276B2 (en) | 2001-06-14 | 2013-03-12 | Genband Us Llc | Protecting a network from unauthorized access |
US7684317B2 (en) | 2001-06-14 | 2010-03-23 | Nortel Networks Limited | Protecting a network from unauthorized access |
US8244876B2 (en) | 2001-06-14 | 2012-08-14 | Rockstar Bidco, LP | Providing telephony services to terminals behind a firewall and/or a network address translator |
US7940654B2 (en) | 2001-06-14 | 2011-05-10 | Genband Us Llc | Protecting a network from unauthorized access |
US7068655B2 (en) | 2001-06-14 | 2006-06-27 | Nortel Networks Limited | Network address and/or port translation |
KR20030069729A (en) * | 2002-02-22 | 2003-08-27 | 삼성전자주식회사 | Method for routing packet date in mobile communication system |
US7668306B2 (en) | 2002-03-08 | 2010-02-23 | Intel Corporation | Method and apparatus for connecting packet telephony calls between secure and non-secure networks |
US8582749B2 (en) | 2002-03-08 | 2013-11-12 | Intel Corporation | Method and apparatus for connecting packet telephony calls between secure and non-secure networks |
KR20030075810A (en) * | 2002-03-20 | 2003-09-26 | 유디에스 주식회사 | Communication system and its method between Internet protocol network and Private Network |
US7113763B2 (en) | 2002-06-03 | 2006-09-26 | Nokia Corporation | Bluetooth access point and remote bluetooth modules for powerline based networking |
US7729331B2 (en) | 2002-09-06 | 2010-06-01 | Panasonic Corporation | Home terminal apparatus and communication system |
WO2004023728A2 (en) * | 2002-09-06 | 2004-03-18 | Matsushita Electric Industrial Co., Ltd. | Home terminal apparatus and communication system |
WO2004023728A3 (en) * | 2002-09-06 | 2004-07-08 | Matsushita Electric Ind Co Ltd | Home terminal apparatus and communication system |
WO2004100500A2 (en) * | 2003-05-05 | 2004-11-18 | Thomson Licensing S.A. | System and method for communicating with a display device via a network |
WO2004100500A3 (en) * | 2003-05-05 | 2005-04-28 | Thomson Licensing Sa | System and method for communicating with a display device via a network |
Also Published As
Publication number | Publication date |
---|---|
JPH11508753A (en) | 1999-07-27 |
DE69708281D1 (en) | 2001-12-20 |
CN1216657A (en) | 1999-05-12 |
EP0895684A2 (en) | 1999-02-10 |
EP0895684B1 (en) | 2001-11-14 |
DE69708281T2 (en) | 2002-05-16 |
KR20000010612A (en) | 2000-02-25 |
US6128298A (en) | 2000-10-03 |
CA2248577C (en) | 2002-11-05 |
AU707905B2 (en) | 1999-07-22 |
AU2563297A (en) | 1997-11-12 |
KR100317443B1 (en) | 2002-01-16 |
WO1997040610A3 (en) | 1997-11-27 |
CA2248577A1 (en) | 1997-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6128298A (en) | Internet protocol filter | |
US7139828B2 (en) | Accessing an entity inside a private network | |
US6381638B1 (en) | System and method for options based address reuse | |
US7853714B1 (en) | Providing services for multiple virtual private networks | |
EP1234246B1 (en) | System and method for network access without reconfiguration | |
US7701952B2 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
US6857009B1 (en) | System and method for network access without reconfiguration | |
US6430623B1 (en) | Domain name routing | |
US6157950A (en) | Methods and apparatus for interfacing a computer or small network to a wide area network such as the internet | |
USRE41024E1 (en) | Communication using two addresses for an entity | |
US20070094411A1 (en) | Network communications system and method | |
US20030193965A1 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
US20080133774A1 (en) | Method for implementing transparent gateway or proxy in a network | |
WO2011035528A1 (en) | Method, system and relay server for network address translation (nat) traversal by way of relay | |
US20060268863A1 (en) | Transparent address translation methods | |
Cisco | AppleTalk Commands | |
Cisco | AppleTalk Commands | |
Cisco | IP Commands | |
Cisco | IP Commands | |
Cisco | IP Commands | |
Cisco | IP Commands | |
Cisco | AppleTalk Commands | |
Cisco | AppleTalk Commands | |
Cisco | AppleTalk Commands | |
Cisco | AppleTalk Commands |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 97194075.4 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AU CA CN JP KR |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AU CA CN JP KR |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref document number: 2248577 Country of ref document: CA Ref document number: 2248577 Country of ref document: CA Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1997917189 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 1997 537534 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1019980708503 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1997917189 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1019980708503 Country of ref document: KR |
|
WWG | Wipo information: grant in national office |
Ref document number: 1019980708503 Country of ref document: KR |
|
WWG | Wipo information: grant in national office |
Ref document number: 1997917189 Country of ref document: EP |