Security system for network address translation systems - Patent US5793763(A)
Filed:
Nov 03, 1995
Published:
Aug 11, 1998
Abstract
A system and method are provided for translating local IP addresses to globally unique IP addresses. This allows local hosts in an enterprise network to share global IP addresses from a limited pool of such addresses available to the enterprise. The translation is accomplished by replacing the source address in headers on packets destined for the Internet and by replacing destination address in headers on packets entering the local enterprise network from the Internet. Packets arriving from the Internet are screened by an adaptive security algorithm. According to this algorithm, packets are dropped and logged unless they are deemed nonthreatening. DNS packets and certain types of ICMP packets are allowed to enter local network. In addition, FTP data packets are allowed to enter the local network, but only after it has been established that their destination on the local network initiated an FTP session.Applicants
-
CISCO TECH IND
Inventors
-
MAYES JOHN C
-
COILE BRANTLEY W
Application Number
552807Priority Claims
US55280795Family Members
US5793763(A) -
Security system for network address translation systems
US6061349(A) -
System and method for implementing multiple IP addresses on multiple ports
US6104717(A) -
System and method for providing backup machines for implementing multiple IP addresses on multiple ports
US6317775(B1) -
System for distributing load over multiple servers at an internet site
US6510154(B1) -
Security system for network address translation systems
