1. Field of the Invention
The present invention relates to a method and a node apparatus for filtering an ICMP (Internet Control Message Protocol) data frame. More particularly, the present invention relates to a method and a node apparatus for filtering an ICMP data frame in a network system having functions to transmit and receive the ICMP data frame.
2. Description of the Related Art
An ICMP is known as a protocol utilized for notifying of an error and other relevant information during data transmission on Internet layers through networks using a TCP/IP (Transmission Control protocol/Internet Protocol).
FIG. 1 is a diagram showing a process to generate an ICMP data frame. In a case of transmitting an IP data frame from a node apparatus Y through a node apparatus A to a node apparatus Z, the node apparatus A receives the IP data frame from the node apparatus Y, recognizes a destination address stored in the IP data frame, and attempts to transmits the IP data frame to the node apparatus Z. However, the IP data frame cannot be transmitted to the node apparatus Z, since the node apparatuses A and Z are not connected to each other, as shown in FIG. 1. Subsequently, the node apparatus A detects such a transmission failure, generates an ICMP data frame to notify the node apparatus Y that the IP data frame received from the node apparatus Y cannot be transmitted to the node apparatus Z, and returns the ICMP data frame to the node apparatus Y.
For each data frame transmitted from a node apparatus, an ICMP data frame is returned to the node apparatus if the data frame cannot reach its destination. Accordingly, in a case in which a large number of data frames are unable to reach their destinations, the same number of ICMP data frames are returned to their source node apparatuses, and thus congestion of processes at a communication node or congestion of communication lines may occur, thereby causing a failure of transmission to other proper data frames. Especially, transmission of ICMP data frames can be used by hackers and crackers who maliciously cause network failures as a means to generate the congestion of processes at the communication node and the congestion of communication lines.
Japanese Laid-Open Patent Application No. 7-210473 discloses a method of using transmission paths as resources efficiently, and of expanding a function to control congestion, by evaluating an attribute of data to be transmitted in addition to a type of a transmission path which the data is transmitted through, a destination address of the data, and a network protocol type of the data, by classifying the data based on the evaluation of the data, and then, by determining whether transmission of the data is necessary, and executing a data filtering control to determine a transmission rate of the data, based on the classification. The disclosed method is applied to a node receiving data from other nodes as an object of the data filtering control. Thus, a cause of congestion of such as networks is not considered in the disclosed method, the cause including generation of an ICMP data frame having a new protocol attribute at a node apparatus, and transmission of the ICMP data frame to a source node apparatus of a data frame, in a case in which the data frame cannot be transmitted to its destination for some reason, or in a case in which a problem is found in a datagram. Consequently, receiving a large number of IP data frames at a node apparatus, and transmitting the large number of ICMP data frames from the node apparatus back to source node apparatuses of the data frames cause an increase in network traffic and congestion of networks.