IPSec 설정정보와 세션정보를 이용한 비정상IPSec 트래픽 제어 시스템 및 그 제어 방법
    1.
    发明授权
    IPSec 설정정보와 세션정보를 이용한 비정상IPSec 트래픽 제어 시스템 및 그 제어 방법 失效
    使用IPSEC配置和会话数据的异常IPSEC分组控制系统及其方法

    公开(公告)号:KR100839941B1

    公开(公告)日:2008-06-20

    申请号:KR1020070002005

    申请日:2007-01-08

    CPC classification number: H04L63/164

    Abstract: A system and a method for controlling an abnormal IPSec traffic by using IPSec setup information and session information are provided to block the transmitted abnormal IPSec setup and communication step packets after storing information about normal IPSec setup and communication step packets by using an IPSec setup information table and an IPSec session information table. An extension header processing unit(10) receives an IPSec(Internet Protocol Security) packet, divides the packet into an IPSec setup step packet and an IPSec communication step packet, and extracts each information used for traffic control. An IPSec setup step packet confirmation unit(20) has an IPSec setup database unit(21) for managing IPSec setup information, and receives the information extracted from the IPSec setup step packet. The IPSec setup step packet confirmation unit compares the extracted information with information stored in the IPSec session database unit, and determines whether to pass the IPSec packet. An IPSec communication step packet confirmation unit(30) has an IPSec session database unit(31) for managing IPSec session information, and receives information extracted from the IPSec communication step packet. The IPSec communication step packet confirmation unit compares the extracted information with information stored in the IPSec session database unit, and determines whether to pass the IPSec packet. A control unit(40) passes or blocks the IPSec packet according to the determination result of the IPSec setup step packet confirmation unit or the IPSec communication step packet confirmation unit.

    Abstract translation: 提供一种通过使用IPSec设置信息和会话信息来控制异常IPSec流量的系统和方法,通过使用IPSec设置信息表来存储关于正常的IPSec建立和通信步骤分组的信息之后的所传输的异常IPSec建立和通信步骤分组 和IPSec会话信息表。 扩展头处理单元(10)接收IPSec(因特网协议安全)分组,将分组划分为IPSec建立步骤分组和IPSec通信步骤分组,并提取用于业务控制的每个信息。 IPSec建立步骤包确认单元(20)具有用于管理IPSec建立信息的IPSec建立数据库单元(21),并接收从IPSec建立步骤包中提取的信息。 IPSec建立步骤分组确认单元将提取的信息与存储在IPSec会话数据库单元中的信息进行比较,并确定是否通过IPSec分组。 IPSec通信步骤包确认单元(30)具有用于管理IPSec会话信息的IPSec会话数据库单元(31),并且接收从IPSec通信步骤包中提取的信息。 IPSec通信步骤包确认单元将所提取的信息与存储在IPSec会话数据库单元中的信息进行比较,并判断是否通过IPSec数据包。 控制单元(40)根据IPSec建立步骤分组确认单元或IPSec通信步骤分组确认单元的确定结果来传递或阻止IPSec分组。

Patent Agency Ranking