An appliance (network appliance) is a network device that executes a specific process on network traffic. For example, a firewall is an appliance having a function of discarding a specified packet. Specifically, the firewall refers to a preset rule (policy), and if a received packet has matched a condition specified by this rule, discards this received packet. This can prevent unauthorized access to and attack on a server.
Following is known as a technique related to measures against attack on a server on the Internet.
Patent Literatures 1 (Japanese patent publication JP2006-67078A) discloses an IP router. This IP router includes: an attack detection means, a transfer means, and a filter means. The attack detection means detects attack targeted on a server on the Internet. Upon the attack detection, the transfer means transfers attack detection information to a management device that performs monitoring and status recognition of an entire network. The filter means, in accordance with instructions from the management device, identifies and controls an attack flow that matches a specific bit pattern.
Patent Literature 2 (Japanese patent publication JP2007-201966A) discloses a management server. The management server is connected to a plurality of packet relay devices each having a plurality of ports. This management server includes: a topology information storing portion, a flow information receiving portion, and a flow origin searching portion. The topology information storing portion stores information on connection relationship between the plurality of ports in the plurality of packet relay devices. The flow information receiving portion receives from the plurality of packet relay devices flow information identifying a traffic flow and input port information indicating an input port. The flow origin searching portion, based on the input port information, the flow information and the connection relationship information, searches for an origin of the traffic flow.