会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Preventing denial-of-service attacks employing broadcast packets
    • 使用广播数据包防止拒绝服务攻击
    • US08830997B1
    • 2014-09-09
    • US12917417
    • 2010-11-01
    • Nafea BisharaTsahi DanielDavid MelmanNir Arad
    • Nafea BisharaTsahi DanielDavid MelmanNir Arad
    • H04L12/28
    • H04L45/00H04L12/4641H04L45/54H04L63/1458
    • A network device including a processor having an internet protocol (IP) address, and a processor port configured to communicate exclusively with the processor. The network device also includes a plurality of network ports configured to communicate with network nodes external to the network device. In addition, the network device includes a forwarding engine configured to selectively transfer packets (i) among the plurality of network ports, and (ii) between the processor port and the plurality of network ports; receive a broadcast packet from one of the plurality of network ports, the broadcast packet including a target IP address; and forward the broadcast packet to the processor, via the processor port, only when both (i) the broadcast packet is a control packet, and (ii) the target IP address of the broadcast packet matches the IP address of processor.
    • 一种网络设备,包括具有互联网协议(IP)地址的处理器和被配置为与处理器专用通信的处理器端口。 网络设备还包括被配置为与网络设备外部的网络节点进行通信的多个网络端口。 另外,网络设备包括:转发引擎,被配置为选择性地传送多个网络端口中的分组(i),以及(ii)处理器端口和多个网络端口之间; 从所述多个网络端口之一接收广播分组,所述广播分组包括目标IP地址; 并且只有当(i)广播分组都是控制分组时,并且(ii)广播分组的目标IP地址与处理器的IP地址匹配,则经由处理器端口将广播分组转发到处理器。
    • 2. 发明授权
    • Preventing denial-of-service attacks employing broadcast packets
    • 使用广播数据包防止拒绝服务攻击
    • US07826447B1
    • 2010-11-02
    • US11196961
    • 2005-08-04
    • Nafea BisharaTsahi DanielDavid MelmanNir Arad
    • Nafea BisharaTsahi DanielDavid MelmanNir Arad
    • H04L12/28H04L12/56
    • H04L45/00H04L12/4641H04L45/54H04L63/1458
    • An apparatus having a corresponding method and computer program comprises a processor; a plurality of ports to transmit and receive packets of data, the plurality of ports comprising a processor port in communication with the processor, the packets comprising broadcast packets and multicast packets; a memory to store a table that associates the processor port with one or more Internet protocol (IP) addresses; and a forwarding engine to transfer the packets between the ports, to transfer each of the broadcast packets to the processor port only when the table associates a target IP address of the broadcast packet with the processor port, and to transfer each of the multicast packets to the processor port only when the table associates a target IP address of the multicast packet with the processor port.
    • 具有相应方法和计算机程序的装置包括处理器; 用于发送和接收数据分组的多个端口,所述多个端口包括与所述处理器通信的处理器端口,所述分组包括广播分组和多播分组; 用于存储将处理器端口与一个或多个因特网协议(IP)地址相关联的表的存储器; 以及转发引擎,用于在端口之间传送分组,仅当该表将广播分组的目标IP地址与处理器端口相关联时将每个广播分组传送到处理器端口,并将每个多播分组传送到 处理器端口只有当表将组播数据包的目标IP地址与处理器端口相关联时,
    • 3. 发明授权
    • Secure automatic learning in ethernet bridges
    • 在以太网桥上安全自动学习
    • US07796590B1
    • 2010-09-14
    • US11346089
    • 2006-02-01
    • David MelmanNir AradTsahi Daniel
    • David MelmanNir AradTsahi Daniel
    • H04L12/54
    • H04L45/02H04L45/36H04L45/66H04L49/3009H04L49/351H04L63/0236H04L63/1458
    • A method of managing network traffic. The method includes initializing a database in communication with a network device. The database includes a number of MAC address entries and a network flooding entry associated with each of the number of MAC address entries. Each of the number of MAC address entries is associated with a station known to the network. The method also includes receiving network traffic at the network device. The network traffic is associated with a MAC source address. The method further includes determining whether the MAC source address is included in the database, automatically learning a location associated with the MAC source address, and forwarding the network traffic over the network if the MAC source address is included in the database. Additionally, the method includes dropping or trapping the network traffic if the MAC source address is not included in the database. Dropping the network traffic is performed without interaction with a CPU.
    • 一种管理网络流量的方法。 该方法包括初始化与网络设备通信的数据库。 数据库包括多个MAC地址表项和与每个MAC地址表项相关联的网络洪泛条目。 MAC地址表项中的每一个与网络已知的站相关联。 该方法还包括在网络设备处接收网络流量。 网络流量与MAC源地址相关联。 该方法还包括:如果MAC源地址包括在数据库中,则确定MAC源地址是否包括在数据库中,自动学习与MAC源地址相关联的位置,以及如果MAC源地址被包括在网络中,则转发网络流量。 此外,如果MAC源地址不包括在数据库中,则该方法包括丢弃或捕获网络流量。 执行网络流量下降而不与CPU进行交互。
    • 9. 发明授权
    • Packet forwarding apparatus and method
    • 分组转发装置和方法
    • US08660120B2
    • 2014-02-25
    • US13340393
    • 2011-12-29
    • David MelmanNir AradNafea Bshara
    • David MelmanNir AradNafea Bshara
    • H04L12/28
    • H04L45/04H04L12/46H04L12/4625H04L45/00H04L45/08H04L45/60H04L49/109H04L49/351
    • A network device includes at least one source physical port configured to be coupled to a network, a plurality of egress ports, and a packet processor. The packet processor includes a processing stage configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via one of the at least one source physical port, wherein the source logical port information is based on characteristics of the data packet, wherein the source logical port information corresponds to a logical entity that is different from any source physical port, and a forwarding engine to determine one or more egress ports for forwarding the data packet based on at least the assigned source logical port information.
    • 网络设备包括被配置为耦合到网络,多个出口端口和分组处理器的至少一个源物理端口。 分组处理器包括处理级,其被配置为实现逻辑端口分配机制以将源逻辑端口信息分配给经由至少一个源物理端口之一接收的数据分组,其中源逻辑端口信息基于数据的特性 分组,其中所述源逻辑端口信息对应于不同于任何源物理端口的逻辑实体,以及转发引擎,用于基于至少所分配的源逻辑端口信息来确定用于转发所述数据分组的一个或多个出口。
    • 10. 发明申请
    • PACKET FORWARDING APPARATUS AND METHOD
    • 分组装置和方法
    • US20120106553A1
    • 2012-05-03
    • US13340393
    • 2011-12-29
    • DAVID MELMANNir AradNafea Bshara
    • DAVID MELMANNir AradNafea Bshara
    • H04L12/56
    • H04L45/04H04L12/46H04L12/4625H04L45/00H04L45/08H04L45/60H04L49/109H04L49/351
    • A network device includes at least one source physical port configured to be coupled to a network, a plurality of egress ports, and a packet processor. The packet processor includes a processing stage configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via one of the at least one source physical port, wherein the source logical port information is based on characteristics of the data packet, wherein the source logical port information corresponds to a logical entity that is different from any source physical port, and a forwarding engine to determine one or more egress ports for forwarding the data packet based on at least the assigned source logical port information.
    • 网络设备包括被配置为耦合到网络,多个出口端口和分组处理器的至少一个源物理端口。 分组处理器包括处理级,其被配置为实现逻辑端口分配机制以将源逻辑端口信息分配给经由至少一个源物理端口之一接收的数据分组,其中源逻辑端口信息基于数据的特性 分组,其中所述源逻辑端口信息对应于不同于任何源物理端口的逻辑实体,以及转发引擎,用于基于至少所分配的源逻辑端口信息来确定用于转发所述数据分组的一个或多个出口。