INTRUSION DETECTION FOR VIRTUAL LAYER-2 SERVICES

INTRUSION DETECTION FOR VIRTUAL LAYER-2 SERVICES

The invention is directed to detecting an attempt of an intruder system to participate in a virtual Layer-2 service provided over a packet switching network. Embodiments of the invention monitor operational status of an interface port of a PE router to which a CE router is communicatively coupled fo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: PROULX DENIS ARMAND
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention is directed to detecting an attempt of an intruder system to participate in a virtual Layer-2 service provided over a packet switching network. Embodiments of the invention monitor operational status of an interface port of a PE router to which a CE router is communicatively coupled for providing the virtual Layer-2 service, determine, consequent to a change in said status, whether information that should relate to the CE router has changed; and thereby, in the affirmative, interpret said change to indicate that an intruder system has attempted to participate in the virtual Layer-2 service. Advantageously, this capability is complementary to other security measures such as MAC filters and Anti-spoofing filters that depend on the content of data packets exchanged between the CE and PE routers and not on the operational status of communicative connections between them.