Communication device and communication control method in communication device

摘要

A system manager sets a port connected to a specific device (for example, a router device) among a plurality of ports of a switch device as a reliable port. If a packet is received in the reliable port, the switch device manages an IP address and a MAC address of the router device by a reliable port information table. When a packet is received from a port not set as the reliable port, the switch device refers to the reliable port information table. At this time, when the received packet is an address resolution packet having impersonated a router device, the switch device discards the packet without transmitting the packet, thereby preventing a cyber attack on a terminal.

主权项

1. A communication device comprising:
a plurality of ports which receive packets; a memory that stores a forwarding destination port table and a reliable port table, the forwarding destination port table associating the ports by port numbers with packet destinations by media access control (MAC) addresses, and the reliable port table associating the ports by the port numbers with a plurality of specified devices connected to the ports by MAC addresses and with the plurality of specified devices connected to the ports by Internet protocol (IP) addresses; a network interface configured to control the ports, and when one of the packets is received by the ports, notify a reception port number of the one of the ports having received the one of the packets; a processor connected to the memory and the network interface, the memory storing instructions that, when executed by the processor, cause the processor to: receive the one of the packets and the reception port number thereof from the network interface, when the received one of the packets is a packet regarding an address resolution, compare the reception port number and a MAC address of a transmission origin device included in the packet regarding the address resolution with the ports and the MAC addresses of the specified devices of the reliable port table stored in the memory, determine whether the packet regarding the address resolution is to be discarded or transferred according to a result of the comparison, when the packet regarding the address resolution is to be transferred, notify the network interface so that one of the ports corresponding to the destination MAC address of the packet regarding the address resolution in the forwarding destination port table transfers the packet regarding the address resolution, when the packet regarding the address resolution is to be discarded, discard the packet regarding the address resolution, when the reception port number of the transmission destination matches one of the port numbers of the reliable port table, determine whether the received one of the packets is a dynamic host configuration protocol (DHCP) packet, and when the received one of the packets is the DHCP packet, update the forwarding destination port table on the basis of the MAC address and the IP address of the transmission origin device included in the DHCP packet and the reception port number.