Recently, with increasing scale and complexity of networks, network security has become an indispensable task and a lot of research and development on technologies to prevent unauthorized access is being carried out.
For instance, “Patent document 1” discloses an access control apparatus, which blocks the communication by transmitting false ARP (Address Resolution Protocol) response packet if the communication between nodes that are not permitted according to the access policy is detected. Especially the access control apparatus controls “permitted” or “not permitted” communication between nodes independent of hardware or software even when the ARP-table of the unauthorized node has been configured statically.
“Patent document 2” discloses a system for preventing illegal connections, which prevents connections to private servers and other nodes in the same subnet from an unauthorized node not permitted based on an approval list and prevent connections to the external network via routers etc from the unauthorized node based on the approval list, by registering the MAC addresses of nodes permitted to access the network to the approval list and transmitting ARP packets with a false MAC-address to the unauthorized node.
“Patent document 3” discloses an apparatus for preventing illegal connections, which prevents unauthorized network access by transmitting ARP-request packets successively to all registered nodes, judging whether the profile of the node has been already registered based on the ARP-reply packet received from the node in response to the ARP-request packet, and transmitting disturb-messages which shows that the node includes multiple profiles in a case where it is judged that the node has not been registered.
“Patent document 4” discloses network map creating method, which detects the inter connections of the OSI Reference Model Layer-2 switches (inter-switch connections) and the connections of computers to the OSI Reference Model Layer-2 switches (switch-terminal connections) in the network in which there are one or more OSI Reference Model layer-2 switches using a new algorithm. Especially the new algorithm shows the method of generating MvP table as mapping table with MAC address and port information of Layer-2 switches based on port information of Layer-2 switches collected by network monitoring manager and detecting connections of Layer-2 switches and connections of computers to the Layer-2 switches in the network. The inventor of this invention is “Keeni, Glenn Mansfield” that is the same as the inventor in the present application. Likewise, the assignee of this invention is “CYBER SOLUTIONS INC.” that is the same as the assignee in the present application.
[Patent document 1] Japanese Patent Laid-Open No. 2004-185498
[Patent document 2] Japanese Patent Laid-Open No. 2005-079706
[Patent document 3] Japanese Patent Laid-Open No. 2005-198090
[Patent document 4] Japanese Patent Laid-Open No. 2007-514811