1. Field of the Invention
The present invention relates to an information processing apparatus which filters a packet received from a network.
2. Description of the Related Art
In recent years, since the Internet such as WWW (World Wide Web) or the like has become popular, vulnerability in network security such as remote accessing, attacking, packet wiretapping and the like from a suspicious external device has been worried. As a countermeasure for such a problem, a network device having a function to filter an IP (Internet Protocol) address (i.e., a filtering function) has become general. Here, in the filtering function, the address of an external device has been previously registered in a filter list of the network device so as to enable a user to refuse accessing to an arbitrary address or allow accessing to only an arbitrary address. Thus, the network device ensures security by cutting off connection from an external device having an unknown address.
However, in the IPv6 (Internet Protocol Version 6), one device can hold a plurality of addresses. Consequently, in a network device, if a user wishes to filter an IPv6 address by using the filtering function, it is necessary for the user to register, in a filter list, all the IPv6 addresses that the external device being the target holds.
In a case where the user manually registers the plurality of IPv6 addresses in the filter list, the user has a heavy workload. Moreover, when the plurality of addresses are manually registered, there are cases where incomplete registering, erroneous registering and the like occur, whereby there is a fear that the necessary address is excluded from the target of filtering. As a result, there occurs a problem of vulnerability in network security that the information processing apparatus is unwillingly accessed from an unspecified external device.
In the method proposed in Japanese Patent Application Laid-Open No. 2008-154009, when a user registers a certain address in a filter list, a network device makes an inquiry at a DNS (Domain Name System) server, and thus automatically obtains all the addresses held by an external device having the registered certain address.
That is, in Japanese Patent Application Laid-Open No. 2008-154009, since the network device automatically registers the addresses obtained from the DNS server in the filter list, the filtering in which incomplete registering, erroneous registering and the like do not occur is achieved without imposing a working burden on the user.
Here, it should be noted that the IPv6 address includes an address such as a stateless address of which the value is possibly changed periodically.
In any case, the stateless address is the address which is composed of a prefix number periodically distributed from a router and an interface ID (regularly, a numeric value generated from the MAC (media access control) address of the network device itself by a predetermined calculating method) unique on a network and generated by the network device itself. Here, the stateless address has an expiration date, and this expiration date depends on the setting content of the router. When the expiration date comes, a new prefix number is distributed by the router, and a new stateless address composed of the new prefix number and the interface ID of the device itself is generated.