Dynamic security actions for network tunnels against spoofing
US11882150B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 22, 2022 |
| Grant date | Jan 23, 2024 |
| Priority date | — |
| Expiry date | Dec 22, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/686
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.