摘要 |
PROBLEM TO BE SOLVED: To provide an unauthorized communication monitoring device capable of early discovering an attack from a computer infected with a worm to the other computer, and an unauthorized communication monitoring program. SOLUTION: A NIDS 8 allocates an unused IP address notified from a DHCP server 7 to interface hardware and starts the monitoring of a packet signal transmitted to the IP address. For example, when a host computer 2 infected with a worm transmits an ARP request signal designating the unused IP address, the NIDS 8 replies a unique MAC address to the host computer 2 if the corresponding IP address is allocated to the interface hardware. By this, the host computer 2 transmits an attack packet signal to the MAC address of the NIDS 8. Therefore, the NIDS 8 determines whether it is an unauthorized packet signal or not, and notifies a manager of the occurrence of security invasion if the acquired packet signal is the unauthorized signal. COPYRIGHT: (C)2006,JPO&NCIPI
|