Described herein is a data-packet-inspection device. The device (20a) comprises a first communication interface (202), which can be connected to a first network, and a second communication interface (206), which can be connected to a second network (30). The device (20a), receives, through the first communication interface (202), one or more data packets that may comprise a request of a first host (10) connected to the first network for access to a resource managed by a second host (40) connected to the second network. The device (20a) detects the access request and analyses the access request for detecting the respective resource requested. Next, the device (20a) determines whether the resource requested is blocked or allowed and identifies the status of the response to the aforesaid access request as blocked or allowed. The device (20a) in the meantime sends the access request to the second communication interface. Consequently, the device (20a) can receive, through the second communication interface (206), one or more data packets that may comprise a response of the second host (40) to the access request. The device (20a) detects this response and verifies the status of the response to determine whether the response is blocked or allowed. For example, in the case where the response is blocked, the device (20a) inhibits forwarding of at least part of the response.
Method for data packet inspection, related device and computer/program product / Pomi, Paolo; Risso, Fulvio. - (2016).
Method for data packet inspection, related device and computer/program product
Risso, Fulvio
2016
Abstract
Described herein is a data-packet-inspection device. The device (20a) comprises a first communication interface (202), which can be connected to a first network, and a second communication interface (206), which can be connected to a second network (30). The device (20a), receives, through the first communication interface (202), one or more data packets that may comprise a request of a first host (10) connected to the first network for access to a resource managed by a second host (40) connected to the second network. The device (20a) detects the access request and analyses the access request for detecting the respective resource requested. Next, the device (20a) determines whether the resource requested is blocked or allowed and identifies the status of the response to the aforesaid access request as blocked or allowed. The device (20a) in the meantime sends the access request to the second communication interface. Consequently, the device (20a) can receive, through the second communication interface (206), one or more data packets that may comprise a response of the second host (40) to the access request. The device (20a) detects this response and verifies the status of the response to determine whether the response is blocked or allowed. For example, in the case where the response is blocked, the device (20a) inhibits forwarding of at least part of the response.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2858069