Abnormal IPSec packet control system using IPSec configuration and session data, and method thereof

摘要

Disclosed are an abnormal Internet Protocol Security (IPSec) packet control system and method using IPSec configuration and session data which detects whether or not the packets encrypted by an Encapsulating Security Payload extended header are abnormal by using IPSec configuration and session data tables without decrypting them, thereby blocking harmful packets. The IPSec packet control system comprises: an extended header processing unit that receives an IPSec packet and extracts the data to be used in traffic control; check units for checking the packets in the stages of IPSec configuration and IPSec communication that receive the extracted data to determine whether or not the IPSec packet has passed; and a control unit that allows the IPSec to pass or to be blocked according to a determination result from the check units for checking the IPSec configuration and communication packets, whereby the abnormal IPSec packets are blocked using the IPSec configuration and session tables without decryption and encryption thereof, thereby processing the IPSec packet without performance degradation.