-
1.发明专利
公开(公告)号:BRPI0607515A2
公开(公告)日:2016-10-25
申请号:BRPI0607515
申请日:2006-04-07
Applicant: IBM
Inventor: WIERBOWSKI DAVID JOHN , PORTER JOYCE ANNE , OVERBY LINWOOD HUGH JR , JAKUBIK PATRICIA
Abstract: impedir fontes duplicadas de clientes servidos por um tradutor de porta de endereço de rede. impedir fontes duplicadas em uma conexão de protocolo que usa endereços de rede, protocolos e números de portas para identificar as aplicações de fonte que são servidas por um napt. se um pacote que chega encapsula um pacote codificado e passou por um napt em rota para o host de destino, o pacote encapsulado é descriptografado para obter um número de porta fonte original e um protocolo de pacote original do pacote descriptografado. uma tabela de mapeamento de porta fonte (spmt) é buscada por uma associação entre o endereço da fonte do napt, a porta original da fonte e o protocolo do pacote original associado com o endereço da fonte do napt e o número de porta. se uma associação incorreta é encontrada, o pacote é rejeitado como a representação de uma fonte duplicada ilegal; isto é, um segundo pacote de um host diferente servido por um napt que usando a mesma porta fonte e protocolo.
-
公开(公告)号:BRPI0607516A2
公开(公告)日:2012-01-17
申请号:BRPI0607516
申请日:2006-04-07
Applicant: IBM
Inventor: JAKUBIK PATRICIA , PORTER JOYCE ANNE , WIERBOWSKI DAVID JOHN , OVERBY LINWOOD HUGH JR
Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
-
公开(公告)号:DE602006012644D1
公开(公告)日:2010-04-15
申请号:DE602006012644
申请日:2006-04-07
Applicant: IBM
Inventor: JAKUBIK PATRICIA , OVERBY LINWOOD HUGH JR , PORTER JOYCE ANNE , WIERBOWSKI DAVID JOHN
Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
-
公开(公告)号:AT460039T
公开(公告)日:2010-03-15
申请号:AT06743265
申请日:2006-04-07
Applicant: IBM
Inventor: JAKUBIK PATRICIA , OVERBY LINWOOD HUGH JR , PORTER JOYCE ANNE , WIERBOWSKI DAVID JOHN
Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
-
-
-
Search Results
4
records
(took 0.018 seconds)
