The present invention relates to a communication system and a communication apparatus, and particularly to a communication system and a communication apparatus that has an identifying function typically based on header information of a packet for enhancing the security of communication so that an external access to the inside of its own organization can be made from a location outside the organization.
A router is an apparatus that has a plurality of network interfaces and is used for relaying packets. FIG. 9 is a block diagram showing a typical configuration of a router 100. In this router 100, a packet received by a predetermined network interface 1a, 1b or 1c is retransmitted by one of the network interfaces 1a, 1b and 1c which is determined by a transmission-network-interface selecting unit 2. A routing table 3 is used by the transmission-network-interface unit 2 in determining one of the network interfaces 1a, 1b and 1c for retransmitting the packet.
A router that is connected to the external world and selectively relays packets from the external world to a predetermined organization in order to protect the network in the organization is in particular called a fire wall. FIG. 10 is a block diagram showing a typical configuration of a fire wall 200. Since the fire wall 200 is a router for selectively relaying packets as described above, the fire wall 200 is the router 100 shown in FIG. 9 that has a packet discriminating unit 11 with a function for selecting and rejecting a packet.
The packet discriminating unit 11 selects a packet by using header information included in the header of the packet. The header information includes, among other data, a source address, a destination address and a protocol type. Thus, the packet discriminating unit 11 can selectively relay only a packet transmitted from a predetermined transmitting host to the organization.
However, the contents of the header information are not always valid. This is because an unauthorized user may use invalid header information. As a result, such an unauthorized user may make an access to the inside of the organization, giving rise to a problem that the communication security cannot be preserved any more.