Search International and National Patent Collections
Some content of this application is unavailable at the moment.
If this situation persists, please contact us atFeedback&Contact
1. (WO2006019701) INLINE INTRUSION DETECTION USING A SINGLE PHYSICAL PORT
Latest bibliographic data on file with the International Bureau

Pub. No.: WO/2006/019701 International Application No.: PCT/US2005/024592
Publication Date: 23.02.2006 International Filing Date: 12.07.2005
IPC:
H04L 12/28 (2006.01) ,H04L 12/56 (2006.01)
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
28
characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12
Data switching networks
54
Store-and-forward switching systems
56
Packet switching systems
Applicants:
CISCO TECHNOLOGY, INC. [US/US]; 170 West Tasman Drive San Jose, CA 95134, US (AllExceptUS)
HALL, Michael, Lee, Jr. [US/US]; US (UsOnly)
WILEY, Kevin, L. [US/US]; US (UsOnly)
HOSSAIN, Munawar [US/US]; US (UsOnly)
SIRRIANNI, Joseph, M. [US/US]; US (UsOnly)
Inventors:
HALL, Michael, Lee, Jr.; US
WILEY, Kevin, L.; US
HOSSAIN, Munawar; US
SIRRIANNI, Joseph, M.; US
Agent:
SHOWALTER, Barton, E.; Baker Botts, L.L.P. 2001 Ross Avenue, Suite 600 Dallas, TX 75201, US
Priority Data:
10/910,19402.08.2004US
Title (EN) INLINE INTRUSION DETECTION USING A SINGLE PHYSICAL PORT
(FR) DETECTION D'INTRUSION EN LIGNE A L'AIDE D'UN SEUL PORT PHYSIQUE
Abstract:
(EN) In accordance with one embodiment of the present invention, a method for inline intrusion detection includes receiving a packet at a physical interface of an intrusion detection system (120). The packet is tagged with a first VLAN identifier (108) associated with an external network. The network further includes buffering the packet at the physical interface, communicating a copy of the packet to a processor, and analyzing the copy of the packet at the processor to determine whether the packet includes an attack signature. The method also includes communicating a reply message from the processor to the interface indicating whether the packet includes an attack signature. If the packet does not contain an attack signature the buffered copy of the packet is re-tagged with a second VLAN identifier (108) associated with a protected network and re-tagged packet is communicated to the protected network.
(FR) L'invention concerne un procédé de détection d'intrusion en ligne. Ce procédé comporte la réception d'un paquet par une interface physique d'un système de détection d'intrusion, ce paquet étant étiqueté d'un premier identificateur VLAN associé au réseau externe. Ce procédé comporte également la mise en mémoire tampon du paquet dans l'interface physique, la communication d'une copie du paquet au processeur et l'analyse de la copie du paquet dans le processeur pour déterminer si le paquet contient une signature d'attaque. Ce procédé comporte en outre la communication d'un message réponse du processeur à l'interface, ce message réponse indiquant si le paquet contient ou non une signature d'attaque. Si le paquet ne contient pas de signature d'attache, la copie du paquet mise en mémoire tampon est ré-étiquetée d'un deuxième identificateur VLAN associé au réseau protégé et le paquet ré-étiqueté est communiqué au réseau protégé.
front page image
Designated States: AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BW, BY, BZ, CA, CH, CN, CO, CR, CU, CZ, DE, DK, DM, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KM, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NA, NG, NI, NO, NZ, OM, PG, PH, PL, PT, RO, RU, SC, SD, SE, SG, SK, SL, SM, SY, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, YU, ZA, ZM, ZW
African Regional Intellectual Property Organization (ARIPO) (BW, GH, GM, KE, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Organization (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM)
European Patent Office (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HU, IE, IS, IT, LT, LU, LV, MC, NL, PL, PT, RO, SE, SI, SK, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, ML, MR, NE, SN, TD, TG)
Publication Language: English (EN)
Filing Language: English (EN)
Also published as:
EP1774716CN1985473IN1610/DELNP/2007