-
公开(公告)号:CA2602778A1
公开(公告)日:2006-10-19
申请号:CA2602778
申请日:2006-04-07
Applicant: IBM
Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify source applications that are served by a NAPT. If an arriving packet encapsulates an encrypted packet and has passed through an NAPT en route to the destination host, the encapsulated packet is decrypted to obtain an original source port number and original packet protocol from the decrypted packet. A source port mapping table (SPMT) is searched for an association between the NAPT source address, the original source port, and the original packet protocol associated with the NAPT source address and port number. If an incorrect association is found, the packet is rejected as representing an illegal duplicate source; that is, a second packet from a different host served by a NAPT that is USING the same SOURCE port and protocol.
-
公开(公告)号:CA2602789C
公开(公告)日:2015-10-06
申请号:CA2602789
申请日:2006-04-07
Applicant: IBM
Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
-
公开(公告)号:CA2602778C
公开(公告)日:2014-04-01
申请号:CA2602778
申请日:2006-04-07
Applicant: IBM
Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify source applications that are served by a NAPT. If an arriving packet encapsulates an encrypted packet and has passed through an NAPT en route to the destination host, the encapsulated packet is decrypted to obtain an original source port number and original packet protocol from the decrypted packet. A source port mapping table (SPMT) is searched for an association between the NAPT source address, the original source port, and the original packet protocol associated with the NAPT source address and port number. If an incorrect association is found, the packet is rejected as representing an illegal duplicate source; that is, a second packet from a different host served by a NAPT that is USING the same SOURCE port and protocol.
-
公开(公告)号:CA2602789A1
公开(公告)日:2006-10-19
申请号:CA2602789
申请日:2006-04-07
Applicant: IBM
Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
-
-
-
Search Results
4
records
(took 0.016 seconds)
