Recently, with increasing scale and complexity of networks, network security has become an indispensable task and a lot of research and development on technologies to prevent unauthorized network access is being carried out.
For instance, “Patent document 1” discloses an access control apparatus, which comprises a network access unit transmitting data to the network and receiving data from the network, an access judgment unit judging whether a node is allowed to communicate with other nodes in the network or not, a network monitor unit monitoring the communication between nodes in the network, an access policy indicating the nodes that are permitted to access other nodes, a communication-blocking unit transmitting data to block the communication between nodes, and a protocol processing unit that analyzes and builds packets of data transferred via the network access unit. The access control apparatus blocks communication via the communication-blocking unit if the network monitor unit detects communication between nodes that are not permitted according to the access policy. Therefore, the access control apparatus controls “permitted” or “not permitted” communication between nodes independent of the hardware or software of nodes even when the unauthorized node sets the ARP-table statically.
“Patent document 2” discloses a system for preventing illegal connections, which comprises an illegitimate connection prevention unit registering the MAC-addresses of nodes permitted to access the network to an approval list, in order to prevent a node not permitted to connect to the network from accessing another node in the network. The illegitimate connection prevention unit transmits ARP-packets with a false MAC-address as MAC-address of a node to the unauthorized node, after a correct ARP-response packet has been sent to the unauthorized node in response to an ARP-request broadcast from the unauthorized node not registered in the approval list, or after a prescribed time interval has elapsed since the last ARP-response packet transmission. Thus, the system is able to prevent connections to private servers and other nodes in the same subnet from an unauthorized node not permitted to connect to the network and prevent connections to the external network via routers etc from an unauthorized node.
“Patent document 3” discloses an apparatus for preventing illegal connections, which comprises the following steps. In the first step it transmits ARP-requests successively to all registered nodes, in the second step it judges whether the profile of the node has been already registered based on the ARP-replies received from the node in response to the ARP-request, and in the third step it judges whether the node is unauthorized and transmits disturb-messages which shows that the node includes multiple profiles if it is judged that the node has not been registered. Thus, the apparatus is able to prevent unauthorized network access.    [Patent document 1] Japanese Patent Laid-Open No. 2004-185498    [Patent document 2] Japanese Patent Laid-Open No. 2005-079706    [Patent document 3] Japanese Patent Laid-Open No. 2005-198090