WO2008100729A3 - Automatic discovery of blocking access-list id and match statements in a network - Google Patents
Automatic discovery of blocking access-list id and match statements in a network Download PDFInfo
- Publication number
- WO2008100729A3 WO2008100729A3 PCT/US2008/052971 US2008052971W WO2008100729A3 WO 2008100729 A3 WO2008100729 A3 WO 2008100729A3 US 2008052971 W US2008052971 W US 2008052971W WO 2008100729 A3 WO2008100729 A3 WO 2008100729A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- list
- network
- blocking access
- automatic discovery
- packet
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
Abstract
In one embodiment, a method can include: (i) receiving an incoming probe packet in a network device; (ii) de-encapsulating the incoming probe packet to provide a packet content portion and a drop result portion; (iii) testing the packet content portion against a local access control list (ACL) to determine a local drop result; and (iv) inserting the local drop result and encapsulating an outgoing probe packet.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08728973A EP2127220B1 (en) | 2007-02-14 | 2008-02-05 | Automatic discovery of blocking access-list id and match statements in a network |
CN2008800046718A CN101606357B (en) | 2007-02-14 | 2008-02-05 | Automatic discovery of blocking access-list ID and match statements in a network |
AT08728973T ATE504999T1 (en) | 2007-02-14 | 2008-02-05 | AUTOMATIC DISCOVERY OF BLOCKED ACCESS LIST ID AND MATCH NOTIFICATIONS ON A NETWORK |
DE602008006048T DE602008006048D1 (en) | 2007-02-14 | 2008-02-05 | AUTOMATIC DISCOVERY OF BLOCKED ACCESS LIST ID AND CONFORMITY NOTIFICATIONS IN A NETWORK |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/706,087 | 2007-02-14 | ||
US11/706,087 US7817571B2 (en) | 2007-02-14 | 2007-02-14 | Automatic discovery of blocking access-list ID and match statements in a network |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008100729A2 WO2008100729A2 (en) | 2008-08-21 |
WO2008100729A3 true WO2008100729A3 (en) | 2008-11-13 |
Family
ID=39685714
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2008/052971 WO2008100729A2 (en) | 2007-02-14 | 2008-02-05 | Automatic discovery of blocking access-list id and match statements in a network |
Country Status (6)
Country | Link |
---|---|
US (1) | US7817571B2 (en) |
EP (1) | EP2127220B1 (en) |
CN (1) | CN101606357B (en) |
AT (1) | ATE504999T1 (en) |
DE (1) | DE602008006048D1 (en) |
WO (1) | WO2008100729A2 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8385207B2 (en) * | 2008-05-27 | 2013-02-26 | International Business Machines Corporation | Method and apparatus for end-to-end network congestion management |
US8149721B2 (en) * | 2008-12-08 | 2012-04-03 | Advantest Corporation | Test apparatus and test method |
EP2410698B1 (en) * | 2010-07-19 | 2014-05-07 | Alcatel Lucent | A method for routing and associated routing device and destination device |
US9264320B1 (en) | 2014-06-17 | 2016-02-16 | Ca, Inc. | Efficient network monitoring |
US9985861B2 (en) * | 2014-10-13 | 2018-05-29 | Cisco Technology, Inc. | SGT feature trace using netflow |
US11283696B2 (en) | 2014-11-19 | 2022-03-22 | British Telecommunications Public Limited Company | Diagnostic testing in networks |
US10505899B1 (en) * | 2017-08-14 | 2019-12-10 | Juniper Networks, Inc | Apparatus, system, and method for applying firewall rules on packets in kernel space on network devices |
US10868748B1 (en) * | 2018-09-27 | 2020-12-15 | Amazon Technologies, Inc. | Testing forwarding states on multiple pipelines of a network device |
US11539668B2 (en) * | 2020-06-03 | 2022-12-27 | Juniper Networks, Inc. | Selective transport layer security encryption |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5935268A (en) * | 1997-06-03 | 1999-08-10 | Bay Networks, Inc. | Method and apparatus for generating an error detection code for a modified data packet derived from an original data packet |
US6651096B1 (en) * | 1999-04-20 | 2003-11-18 | Cisco Technology, Inc. | Method and apparatus for organizing, storing and evaluating access control lists |
US6662223B1 (en) * | 1999-07-01 | 2003-12-09 | Cisco Technology, Inc. | Protocol to coordinate network end points to measure network latency |
US7336660B2 (en) | 2002-05-31 | 2008-02-26 | Cisco Technology, Inc. | Method and apparatus for processing packets based on information extracted from the packets and context indications such as but not limited to input interface characteristics |
US7349382B2 (en) * | 2002-08-10 | 2008-03-25 | Cisco Technology, Inc. | Reverse path forwarding protection of packets using automated population of access control lists based on a forwarding information base |
US7346706B2 (en) * | 2003-05-02 | 2008-03-18 | Alcatel | Equivalent multiple path traffic distribution in communications networks |
US7304996B1 (en) * | 2004-03-30 | 2007-12-04 | Extreme Networks, Inc. | System and method for assembling a data packet |
GB2422507A (en) | 2005-01-21 | 2006-07-26 | 3Com Corp | An intrusion detection system using a plurality of finite state machines |
US7389377B2 (en) | 2005-06-22 | 2008-06-17 | Netlogic Microsystems, Inc. | Access control list processor |
US20070055789A1 (en) * | 2005-09-08 | 2007-03-08 | Benoit Claise | Method and apparatus for managing routing of data elements |
-
2007
- 2007-02-14 US US11/706,087 patent/US7817571B2/en not_active Expired - Fee Related
-
2008
- 2008-02-05 EP EP08728973A patent/EP2127220B1/en active Active
- 2008-02-05 DE DE602008006048T patent/DE602008006048D1/en active Active
- 2008-02-05 AT AT08728973T patent/ATE504999T1/en not_active IP Right Cessation
- 2008-02-05 CN CN2008800046718A patent/CN101606357B/en active Active
- 2008-02-05 WO PCT/US2008/052971 patent/WO2008100729A2/en active Application Filing
Non-Patent Citations (4)
Title |
---|
ADEL EL-ATAWY ET AL: "An Automated Framework for Validating Firewall Policy Enforcement", POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, 2007. POLICY '07. EIGHTH IEEE INTERNATIONAL WORKSHOP ON, IEEE, PI, 1 June 2007 (2007-06-01), pages 151 - 160, XP031184677, ISBN: 978-0-7695-2767-3 * |
DUNN C MARTIN SI INTERNATIONAL J: "Methodology for Forwarding Information Base (FIB) based Router Performance; draft-ietf-bmwg-fib-meth-03.txt", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, vol. bmwg, no. 3, 14 February 2005 (2005-02-14), XP015016089, ISSN: 0000-0004 * |
GROUT ET AL: "An argument for simple embedded ACL optimisation", COMPUTER COMMUNICATIONS, ELSEVIER SCIENCE PUBLISHERS BV, AMSTERDAM, NL, vol. 30, no. 2, 19 December 2006 (2006-12-19), pages 280 - 287, XP005808354, ISSN: 0140-3664 * |
SEDAYAO, JEFF: "Cisco IOS Access Lists, Chapter 5, Debugging Access Lists", June 2001 (2001-06-01), pages 1 - 22, XP002494461, ISBN: 1-56592-385-5, Retrieved from the Internet <URL:http://oreilly.com/catalog/cisrtlist/chapter/ch05.html> [retrieved on 20080903] * |
Also Published As
Publication number | Publication date |
---|---|
US20080192641A1 (en) | 2008-08-14 |
DE602008006048D1 (en) | 2011-05-19 |
EP2127220A2 (en) | 2009-12-02 |
CN101606357B (en) | 2013-03-27 |
US7817571B2 (en) | 2010-10-19 |
CN101606357A (en) | 2009-12-16 |
ATE504999T1 (en) | 2011-04-15 |
WO2008100729A2 (en) | 2008-08-21 |
EP2127220B1 (en) | 2011-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008100729A3 (en) | Automatic discovery of blocking access-list id and match statements in a network | |
WO2009005650A3 (en) | Method and system for redirecting of packets to an intrusion prevention service in a network switch | |
WO2008076163A3 (en) | Techniques for managing security in next generation communication networks | |
WO2007103504A3 (en) | Access terminal for communicating packets using a home anchored bearer path or a visited anchored bearer path | |
WO2007144867A3 (en) | Voice over ip capturing | |
GB2411320B (en) | Access control management method, access control management system, and terminal device with access control management function | |
WO2008024818A3 (en) | Apparatus and method of controlled delay packet forwarding | |
WO2009001067A3 (en) | Network in-line tester | |
WO2006049672A3 (en) | Empirical scheduling of networks packets using coarse and fine testing periods | |
PL2073444T3 (en) | Terminal detection authentication method, device and operational management system in passive optical network | |
WO2009015218A3 (en) | Method and system for managing content in a content processing system having multiple content delivery networks | |
WO2011021885A3 (en) | Method and apparatus for sharing function of external device through complex network | |
EP2028870A4 (en) | Radio access network configuration managing method, configuration managing system, and radio access network managing device | |
WO2007080558A3 (en) | Communications network system and methods for using same | |
WO2007136937A3 (en) | Implementation of reflexive access control lists on distributed platforms | |
EP2296425A4 (en) | Information processing method for closed subscriber group, access control method, network system and device | |
FR2973901B1 (en) | TESTING THE RESISTANCE OF A SECURITY MODULE OF A TELECOMMUNICATION DEVICE COUPLED TO AN NFC CIRCUIT AGAINST COMMUNICATION CHANNEL MISMATCH ATTACKS | |
WO2009008482A1 (en) | Communication management system, communication management terminal device, communication management method and communication management program | |
EP2257881A4 (en) | Memory device with network on chip methods, apparatus, and systems | |
EP2110752A4 (en) | Content distribution management device, communication terminal, program, and content distribution system | |
TW200742461A (en) | Method for switching communication networks | |
WO2008064885A3 (en) | Method for the operation of an ethernet-compatible field bus device | |
BRPI0821764A8 (en) | UPLOAD SYNCHRONISM ALIGNMENT METHOD IN USER EQUIPMENT | |
WO2008012792A3 (en) | A method and system for detection of nat devices in a network | |
WO2008154885A8 (en) | Method for repeating process of data packets, node and packet core device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200880004671.8 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008728973 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08728973 Country of ref document: EP Kind code of ref document: A2 |