公开(公告)号：DE602006012095D1

公开(公告)日：2010-03-18

申请号：DE602006012095

申请日：2006-12-12

Applicant: IBM

Inventor： DUPONCHEL YANN ,  RIORDAN JAMES F ,  RISSMANN RUEDIGER ,  ZAMBONI DIEGO M

IPC: H04L12/46

Abstract: The invention relates to a method for operating virtual networks. The method comprises providing a first virtual network comprising a first set of network ports assigned to a first virtualization tag (T1) and a second virtual network comprising a second set of network ports assigned to a second virtualization tag (T2), the first and the second virtual network having compatible address ranges and being adapted to only pass data packets within them, providing a first network node having a source address (SA) in the first virtual network and being operationally connected to a first port (P1) assigned to the first virtual network by means of the first virtualization tag (T1), monitoring the first network node in order to detect a predetermined condition, and, on detection of the predetermined condition, reassigning the first port (P1) to the second virtual network by means of assigning the second virtualization tag (T2) to the first port (P1), such that no data packet can be passed from the first network node (N1) to a second network node (N2) connected to a second port (P2) assigned to the first virtual network by means of the first virtualization tag (T1) directly and keeping of the source address (SA) for the first network node (N1) in the second virtual network (104). The invention further relates to a further method for operation virtual networks, a data network system and a computer program product adapted to perform the inventive methods.

公开(公告)号：CA2600517A1

公开(公告)日：2006-09-28

申请号：CA2600517

申请日：2006-02-21

Applicant: IBM

Inventor： RIORDAN JAMES F ,  RISSMANN RUDIGER ,  DUPONCHEL YANN ,  ZAMBONI DIEGO M

IPC: G06F21/00 ,  H04L29/06

Abstract: A method and apparatus are provided for detecting attacks on a data communication network. The apparatus includes a router with a mechanism for monitoring return messages addressed to an originating user system local to the router. The mechanism includes a message checker for identifying a return message of a specified nature and a rerouter for temporarily routing subsequent messages from the originating user system to the intrusion detection sensor.

公开(公告)号：DE602006017668D1

公开(公告)日：2010-12-02

申请号：DE602006017668

申请日：2006-02-21

Applicant: IBM

Inventor： RISSMANN RUEDIGER ,  DUPONCHEL YANN ,  ZAMBONI DIEGO M ,  RIORDAN JAMES F

IPC: G06F1/00

公开(公告)号：AT456890T

公开(公告)日：2010-02-15

申请号：AT06832212

申请日：2006-12-12

Applicant: IBM

Inventor： DUPONCHEL YANN ,  RIORDAN JAMES F ,  RISSMANN RUEDIGER ,  ZAMBONI DIEGO M

IPC: H04L12/46

Abstract: The invention relates to a method for operating virtual networks. The method comprises providing a first virtual network comprising a first set of network ports assigned to a first virtualization tag (T1) and a second virtual network comprising a second set of network ports assigned to a second virtualization tag (T2), the first and the second virtual network having compatible address ranges and being adapted to only pass data packets within them, providing a first network node having a source address (SA) in the first virtual network and being operationally connected to a first port (P1) assigned to the first virtual network by means of the first virtualization tag (T1), monitoring the first network node in order to detect a predetermined condition, and, on detection of the predetermined condition, reassigning the first port (P1) to the second virtual network by means of assigning the second virtualization tag (T2) to the first port (P1), such that no data packet can be passed from the first network node (N1) to a second network node (N2) connected to a second port (P2) assigned to the first virtual network by means of the first virtualization tag (T1) directly and keeping of the source address (SA) for the first network node (N1) in the second virtual network (104). The invention further relates to a further method for operation virtual networks, a data network system and a computer program product adapted to perform the inventive methods.