公开(公告)号：KR1020040051435A

公开(公告)日：2004-06-18

申请号：KR1020020079364

申请日：2002-12-12

Applicant: 한국전자통신연구원

Inventor： 김숙연 ,  지정훈 ,  남택용

IPC: G06F15/00

Abstract: PURPOSE: A system for a network security service including a classifier based on a blacklist is provided to promptly confront an intrusion of an attacking packet by detecting the attacking packet from a specified site before intruding into a service provider network. CONSTITUTION: A blacklist table(300) records the danger information for the near sites. The classifier(302) classifies the packets intruding from the near sites based on the danger information of the site registered to the blacklist table by installing to an entering point of the service provider network. The classifier switches the data processing paths in order to transmit the classified packet through the preset data processing path depending on the danger of the site from a parallel/serial connection path between the classifier and a confronting device(306), and the connection path to the confronting device not passing the classifier. An analyzer(304) discriminates the attacking packet by analyzing the packet entered from the classifier. The confronting device blocks the packet judged as the attacking packet or warns the detection of the attacking packet.

Abstract translation: 目的：提供一种包括基于黑名单的分类器的网络安全服务系统，以便在侵入服务提供商网络之前，通过检测来自指定站点的攻击数据包，及时对抗入侵数据包的入侵。 规定：黑名单表（300）记录近地点的危险信息。 分类器（302）通过安装到服务提供商网络的入口点，基于登记到黑名单表的站点的危险信息，将从近站点入侵的分组进行分类。 分类器切换数据处理路径，以便根据来自分类器和相对设备之间的并行/串行连接路径的站点的危险，通过预设数据处理路径传输分类分组（306），并且连接路径 相对的设备不通过分类器。 分析器（304）通过分析从分类器输入的分组来区分攻击分组。 相应的装置阻止被判定为攻击包的包，或者警告攻击包的检测。

公开(公告)号：KR100382143B1

公开(公告)日：2003-05-09

申请号：KR1020000080914

申请日：2000-12-22

Applicant: 한국전자통신연구원 ,  주식회사 케이티

Inventor： 양선희 ,  윤호선 ,  정민영 ,  김숙연

IPC: H04L12/16

Abstract: PURPOSE: A method for providing extranet VPN(Virtual Private Network) service in an MPLS(Multi Protocol Label Switching) network is provided to offer intranet VPN service and extranet VPN service at the same time, without having an effect on an old service providing mechanism, by utilizing a route target and a VPN label variable used in existing MPLS VPN intranet service. CONSTITUTION: A VPN packet processing procedure at an MPLS terminal side is divided into egress forwarding, extra-gate forwarding, and relay forwarding. In order to effectively classify it, a VPN label is composed of a 2-bit label type classifier(401) and 18-bit label index information(402). The 2-bit label type classifier(401) indicates a forwarding method, and the 18-bit label index information(402) indicates an output IF or an index for a table for access filtering. If a VPN packet is received, an extranet gateway and egress LER checks the VPN label value carried with the received packet and recognizes which procedure to be executed.

Abstract translation: 目的：提供一种在MPLS（多协议标签交换）网络中提供外部网络VPN（虚拟专用网络）服务的方法，以同时提供内部网络VPN服务和外部网络VPN服务，而不会影响旧的服务提供机制 通过利用现有MPLS VPN内部网服务中使用的路由目标和VPN标签变量， 组成：MPLS终端侧的VPN报文处理流程分为出口转发，额外转发和中继转发。 为了有效分类它，VPN标签由2位标签类型分类器（401）和18位标签索引信息（402）组成。 2位标签类型分类器（401）指示转发方法，并且18位标签索引信息（402）指示输出IF或用于访问过滤的表的索引。 如果接收到VPN数据包，则Extranet网关和出口LER检查接收到的数据包携带的VPN标签值，并识别要执行的过程。