首页>
外国专利>
Securely managing network element state information in transport-layer associations
Securely managing network element state information in transport-layer associations
展开▼
机译:在传输层关联中安全管理网元状态信息
展开▼
页面导航
摘要
著录项
相似文献
摘要
Rules in NAT and firewall devices are updated only when a packet flow is verified as genuine through transport-layer message acknowledgment sequences. When a device receives a packet indicating initiation of a new association, the device stores an internal source tag, an internal destination tag, an external source tag, and an external destination tag. Only after receiving a completion acknowledgment message from the destination node, the device sets the internal source tag equal to the external source tag, and sets the internal destination tag equal to the external destination tag. The rules are then updated based on the internal tags. As a result, the approach thwarts denial of service (DOS) attacks that seek to modify rules of NAT and firewall devices to permit harmful traffic.
展开▼