System for blocking internal network intrusion and method the same

摘要

PURPOSE: An internal network intrusion blocking system and a method thereof are provided to block the intrusion of an attacking terminal into an internal network on a wired or a wireless route by updating the media access control (MAC) address of the attacking terminal, which already intruded or intends to intrude, into an access control list (ACL) stored in an access point (AP), a wireless controller, or a switch. CONSTITUTION: A sensor (100) is connected to a switch through a wired network. The sensor collects radio packets transmitted/received between an authorized AP and a user terminal. A central server (200) is connected to the switch through a wired network. The central server extracts the MAC address of the user terminal by analyzing the radio packets collected by the sensor. The central server determines whether the user terminal is an attacking terminal based on the extracted MAC address. [Reference numerals] (100) Sensor; (200) Central server; (400a) Normal terminal; (400b) Attack terminal; (600) Switch; (AA) Wire network; (BB) Wireless network; (CC) MAC address(X); (DD) MAC address(Y); (EE) Wire connection; (FF) Wireless connection