US20020062450A1 - Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network - Google Patents
Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network Download PDFInfo
- Publication number
- US20020062450A1 US20020062450A1 US09/999,655 US99965501A US2002062450A1 US 20020062450 A1 US20020062450 A1 US 20020062450A1 US 99965501 A US99965501 A US 99965501A US 2002062450 A1 US2002062450 A1 US 2002062450A1
- Authority
- US
- United States
- Prior art keywords
- modem
- request
- network
- host system
- dhcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2801—Broadband local area networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/80—Responding to QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
Definitions
- the present invention relates to the field of communications in general and more particularly to modems and related methods and systems.
- the user may access the Internet over the cable system using a cable modem to provide data rates of 42 megabaud or higher.
- Accessing the Internet via a cable system may involve initializing the cable modem each time the cable modem is turned on, during which the cable modem may register with the cable system. For example, when the user wishes to access the Internet, the user may turn on the cable modem which then registers with the cable system.
- the time needed to register each cable modem may also increase thereby lengthening the registration time. For example, if hundreds of cable modems are used in a cable system, the registration time for a selected cable modem may be several minutes. Consequently, the user may wish to avoid turning the cable modem off in an effort to avoid the delay incurred by a lengthy registration process. For example, if the user turns the cable modem on just prior to accessing the Internet, the user may need to wait for the registration process to complete before gaining access to the Internet.
- cable systems may also provide television and telephone service to a user's home such as by routing these services through the cable modem to the television and telephone. Accordingly, the user may desire that the cable modem be left on so as not to interrupt telephone or television service.
- the present invention may allow improvement in the security of cable modems by blocking access to the cable modem from the cable system while the cable modem is in safe mode. Blocking data transfers may allow the subscriber to leave the host system connected to the cable modem, thereby possibly avoiding the delay associated with the registration process while reducing the security threats posed by maintaining a physical connection to the cable modem.
- Embodiments according to the present invention provides methods, modems, and systems for blocking the transfer of data in a modem during a safe mode unless the data transfer includes predefined communications.
- the predefined communications can be network access maintenance information such as a request for a network address to maintain access to the network for the host system or a response to the request that includes a network address.
- the safe mode can protect a host system from unauthorized access from the network, while allowing the network service to be maintained for the host system during the safe mode of operation.
- requests for renewals of leases such as Dynamic Host Configuration Protocol (DHCP) requests and responses thereto, on Internet Protocol (IP) addresses used by the host system may not be blocked by the modem during safe mode.
- requests and response for addresses of systems on the network to which the DHCP requests are transmitted such as Address Resolution Protocol (ARP) requests and responses thereto, may also not be blocked during safe mode.
- the blocking is provided at the modem so that multiple host systems can be protected by the modem.
- FIG. 1 is a block diagram of an embodiment of a cable system according to the present invention.
- FIG. 2 is a block diagram of an embodiment of the cable modem 100 of FIG. 1.
- FIG. 3 is a flowchart that illustrates operations of a cable modem according to the present invention.
- FIG. 4 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 5 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 6 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 7 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIGS. 8A and 8B are flowcharts that illustrate embodiments of methods, cable modems, and systems according to the present invention through which host systems can communicate with the Internet.
- FIG. 9 is a flowchart that illustrates cable modems and methods according to embodiments of the present invention.
- the present invention may be embodied as methods, devices, or systems. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects all of which may be generally referred to herein as a “circuit.”
- blocks of the flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or steps, or combinations of special purpose hardware and computer instructions.
- the functions disclosed in the blocks may occur out of the order illustrated in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
- Coupled as used herein to describe arrangements of devices includes arrangements wherein intervening devices are present between the coupled devices. For example, where a first device is described as coupled to a second device, the description will be understood to include other devices located between and coupled to the first and second devices.
- FIG. 1 is a block diagram of an embodiment of a cable system according to the present invention.
- the cable system includes a Cable Modem Termination System or Cable Modem Terminal Server (CMTS) 140 and a plurality of cable modems 100 .
- CMTS 140 can provide services, such as television service, telephone service, and internet service, to subscribers of the cable system via cable modems 100 by transferring data over a cable 110 , such as a coaxial cable.
- a subscriber may access the Internet through the respective cable modem 100 from a host 125 such as a Personal Computer (PC).
- PC Personal Computer
- the CMTS 140 manages the services provided to the respective subscribers in the cable system. For example, a first subscriber may receive television, telephone, and Internet services while a second subscriber may receive only Internet service. Moreover, different subscribers may receive a different quality of service. For example, a first subscriber may receive Internet service at relatively low bandwidth while a second subscriber may receive Internet service at relatively high bandwidth. Accordingly, the CMTS 140 transmits and receives data to and from the respective cable modems 100 a - f at the rates associated with the respective subscribers.
- the CMTS 140 can also adjust parameters of the cable modems 100 a - f used to transfer data such as phase timing, frequencies and power levels associated with the transfer of data between the respective cable modems 100 a - f and the CMTS 140 .
- the CMTS 140 can monitor the timing and power levels of the data transferred from the respective cable modems 100 a - f and instruct each cable modems 100 a - f to adjust the timing and power level of the data transfer performed by the cable modems 100 a - f.
- the Internet service provided by the CMTS 140 includes data transferred between the CMTS 140 and the cable modem 100 a via the cable 110 at respective frequencies.
- the subscriber may request information from the Internet, wherein data is transferred from the host 125 through the cable modem 100 a to the CMTS 140 over the cable 110 at a first frequency.
- the CMTS 140 responds to the request for information by transferring the requested data from the CMTS 140 to the host 125 through the cable modem 100 a over the cable 110 at a second frequency.
- the request is transmitted via a telephone line which is not part of the cable system.
- the data transfers between the CMTS 140 and the cable modem 100 a may be performed according to standards known in the art.
- data transfers between the CMTS 140 and the cable modem 100 a may be performed using a Time Division Multiple Access (TDMA) technique wherein data is transmitted and received over the cable 110 in predefined time-slots.
- TDMA Time Division Multiple Access
- Standards for the transfer of data in cable systems are discussed in the Data Over Cable System Interface Specification (DOCSIS).
- the cable modem 100 a When the cable modem 100 a is turned on, the cable modem 100 a performs an initialization sequence wherein the cable modem 100 a registers with the cable system. In particular, the cable modem 100 a transfers an identifier to the CMTS 140 that identifies the cable modem 100 a within the cable system. Accordingly, the CMTS 140 can communicate with the selected cable modem 100 a using the cable modem's respective identifier.
- the CMTS 140 performs ranging of each of the cable modems 100 a - f registered to adjust for the propagation delay of that data transferred, to adjust the proper power level of the data transfer, and to determine the quality of service provided to the subscriber. If telephone service is provided to the subscriber via the cable system, the registration process can also include the determination of parameters for the telephone service.
- the CMTS 140 After registration, the CMTS 140 provides services to the subscriber via the respective cable modem 100 a . In operation, services are provided by data transfers between the CMTS 140 and the cable modem 100 a . In particular, data is transferred from the CMTS 140 to a selected cable modem 100 a using the identifier that identifies the selected cable modem 100 a in the cable system. In operation, the data transfer to the selected cable modem 100 a, includes the identifier which matches the identifier of the selected cable modem 100 a . For example, if the selected cable modem 100 a has an associated identifier of 800, a data transfer including an identifier of 800 will be accepted by the selected cable modem 100 a . A data transfer can include information and/or a command directed to the selected cable modem 100 a.
- FIG. 2 is a block diagram of an embodiment of the cable modem 100 of FIG. 1.
- Data is transferred between the CMTS 140 and the cable modem 100 by a Media Access Controller (MAC) 105 coupled to the cable 110 .
- the MAC 105 accepts data transfers from the CMTS 140 if the identifier included in the data transfer matches the identifier of the cable modem 100 .
- the data transfer can include information intended for a first host 125 , a second host 120 , a telephone 107 , the cable modem 100 , or other device accessed via the cable modem 100 .
- the data transfer may include information intended for the first host 125 in response to a request made by the first host 125 or a range command for the cable modem 100 to transfer timed information to the CMTS 140 .
- the functions provided by the MAC 105 may be provided by software running on processor 115 or by hardware and/or software separate from the processor. While the processor, media access controller, host interface controller, and telephone interface controller of FIG. 2 are illustrated as separate blocks, it will be understood that one or more of these portions of the modem or sub-portions thereof, can be implemented using combined hardware and/or software.
- the data transfer may include an address specifying which device coupled to the cable modem 100 is the destination of the data transfer. For example, if the data transfer is intended for the second host 120 , the address included in the data transfer identifies the second host 120 as the destination.
- the MAC 105 may be coupled to a Radio Frequency (RF) tuner that modulates and demodulates the data included in the data transfers. For example, data transfers to the CMTS 140 may be modulated and transferred over a first channel on the cable 110 . The RF tuner demodulates the data transferred from the CMTS 140 over a second channel on the cable 110 .
- RF Radio Frequency
- a processor 115 coordinates operations of the cable modem 100 within the cable system to provide the selected services to the subscriber.
- data transfers to addressed hosts are blocked by the processor 115 during a safe mode of operation and not blocked by the processor 115 during normal mode operation.
- blocking can be preformed on a host basis. For example, in one embodiment, data transfers addressed to the first host 125 are blocked while data transfers addressed to the second host 120 are received and provided to the second host 120 .
- data transfers including commands for the cable modem 100 or addressed to devices other than the hosts are unaffected by the safe mode of operation.
- a ranging command issued to the cable modem 100 during safe mode of operation is accepted and responded by the MAC 105 .
- the safe or normal mode of operation is selected using software that maintains a safe mode flag that is set to one of a safe mode state or a normal state flag to indicate the selected mode of operation.
- the flag can be set to the safe mode state to indicate the safe mode of operation and set to the normal mode sate to indicate the normal mode of operation.
- the mode of operation is selected by pressing a safe mode button 108 on the housing of the cable modem 100 a .
- the safe mode button 108 can be momentary switch that causes the processor 115 to toggle the mode of operation.
- the mode of operation is selected via a command issued by the host.
- the subscriber may cause a command to be issued to the cable modem 100 whereupon the cable modem 100 a changes the mode of operation.
- the mode of operation is selected based on a level of activity at the host.
- the safe mode of operation can be selected after a period of inactivity at the first example, the safe mode of operation can be selected after a period of inactivity at the first host 125 is observed over a predetermined time interval.
- the cable modem 100 a can resume the normal mode of operation upon the resumption of activity at the first host 125 .
- the mode of operation can be selected based on the subscriber's use of the host coupled to the cable modem 100 a .
- the cable modem 100 a need not be located near the subscriber for the mode of operation to be selected.
- the cable modem 100 may be located in the basement of the subscriber's home while the host is located in the subscriber's home office.
- a Host Interface Controller (HIC) 135 provides the data received by the processor 115 to the addressed host and provides data from the host to the processor 115 for transfer to the CMTS 140 .
- the HIC 135 can be a controller suitable for interfacing to at least one host, such as an Ethernet controller, Universal Serial Bus (USB) or other type of interface known to those of skill in the art.
- USB Universal Serial Bus
- a telephone interface 116 provides telephone data from a telephone 107 , such a Data Telephone Equipment (DTE), to the processor 115 and provides data transferred from the CMTS 140 to the telephone 107 .
- DTE Data Telephone Equipment
- data transfers to the telephone 107 from the CMTS 140 are unaffected by safe mode of operation.
- FIG. 3 is a flowchart illustrating operations of a cable modem 100 according to the present invention.
- the cable modem 100 performs initialization upon being turned on or reset (block 300 ).
- the processor 115 reads the stored value of the safe mode flag to determine which mode of operation is selected (block 305 ) and resets a host inactivity timer that indicates the elapsed time since host activity was last detected.
- the processor determines if data transfers from the CMTS 140 to host 125 are currently enabled (block 320 ). If data transfers are not enabled (block 320 ) to the host 125 , the processor 115 waits for host activity to be detected (block 340 ) at host 125 . Otherwise, if data transfers are currently enabled (block 320 ) to host 125 , the processor 115 disables data transfers (block 335 ) and then waits for host activity at host 125 to be detected (block 340 ).
- the cable modem 100 continues to operate in the safe mode of operation until host activity is detected at host 125 whereupon the safe mode flag is cleared and the host inactivity timer is reset (block 345 ), or until a safe mode button is pushed (block 350 ) thereby changing the safe mode of operation to the normal mode of operation (block 360 ) and resetting the host inactivity timer.
- the processor determines if data transfers from the CMTS 140 are currently disabled (block 315 ). If data transfers are disabled (block 315 ), the processor 115 enables data transfers and waits for the host inactivity timer to expire (block 330 ). Otherwise the processor 115 waits for the host inactivity timer to expire (block 330 ).
- the cable modem 100 continues to operate in the normal mode of operation until the host inactivity timer expires (block 330 ) whereupon the safe mode flag is set, or until the safe mode button is pushed (block 350 ) thereby changing the normal mode of operation to safe mode of operation (block 360 ).
- the transfer of data through the modem can be blocked during safe mode unless the data transfer includes a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address.
- the safe mode can protect a host system from unauthorized access from the network, while allowing the network service to be maintained for the host system during the safe mode of operation.
- requests for renewals of leases such as Dynamic Host Configuration Protocol (DHCP) requests and responses thereto, of Internet Protocol (IP) addresses used by the host system are not be blocked by the modem during safe mode.
- requests and responses for addresses of systems on the network to which the DHCP requests are transmitted such as Address Resolution Protocol (ARP) requests and responses thereto, may also not be blocked during safe mode.
- the blocking is provided at the modem so that multiple host systems can be protected by the modem.
- blocking all data transfers through the modem may prevent the host system from renewing a lease on an Internet Protocol (IP) address. Failure to renew the lease may cause an interruption in Internet service to the host system until the host system can reacquire a new IP address so that Internet service can be restored.
- IP Internet Protocol
- network address can include logical addresses of systems on a network, such as Internet Protocol (IP) addresses that make up an Internet address.
- IP Internet Protocol
- An IP address also called an IP number
- IP address is used, for example, by servers on the Internet to direct data to the host system associated with the IP address.
- the term “network address” can also include a physical address on a network, such as a MAC address of a host system connected to a Local Area Network (LAN), or the like.
- the MAC address also called an Ethernet address or an IEEE MAC address
- the MAC address is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012 EF, 0 : 80 : 0 : 2 : 20 :EF) which can uniquely identify a host system that connects to the network via an Ethernet interface or a network interface, such as a Universal Serial Bus (USB) that can emulate an Ethernet interface.
- USB Universal Serial Bus
- FIG. 4 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- first and second host systems 420 , 425 transmit predefined communications to a modem 400 which may be transferred to the Internet 440 .
- the modem 400 can also receive predefined communications from the Internet 440 which may be transferred to the host systems 420 , 425 .
- the predefined communications is network access maintenance information that is used to maintain access to the Internet 440 for the host system 420 , 425 .
- the modem 400 is a cable modem.
- the modem 400 can operate in a normal mode wherein all data received at the cable modem 400 is transferred through the modem 400 to the Internet 440 or the first and second host systems 420 , 425 , including the predefined communications.
- the modem 400 can also operate in safe mode wherein data transfers through the modem 400 are blocked unless the data transfer includes the predefined communications. Blocking can be performed on a per host basis. For example, in some embodiments according to the present invention, data transfers addressed to the first host 420 are blocked while data transfers addressed to the second host 425 are allowed.
- the safe mode can be enabled by setting a flag in software.
- the safe mode of operation is selected by “clicking” or otherwise providing input to a Graphical User Interface (GUI) that is interfaced to the modem 400 , such as a web page.
- GUI Graphical User Interface
- the subscriber may cause click on a button on a web page to issue a command to the modem 400 whereupon the modem 400 changes the mode of operation of the modem 400 .
- the first host system 425 can transmit a request 445 for a network address to the modem 400 that is needed to maintain its connection to the Internet 440 .
- the modem 400 determines that the request 445 includes the request for a network address and does not block the data transfer of request 445 to the Internet 440 . Subsequently, if the modem 400 receives a response 450 to the request 445 from the Internet 440 , the modem 400 will not block the transfer of the response 450 to the first host system 420 .
- the second host system 425 can also transmit a request 455 for a network address to the modem 400 that is needed to maintain its connection to the Internet 440 .
- the modem 400 determines that the request 455 includes the request for a network address and does not block the data transfer of request 455 to the Internet 440 . Subsequently, if the modem 400 receives a response 460 to the request 455 from the Internet 440 , the modem 400 will not block the transfer of the response 460 to the second host system 425 .
- the modem 400 can block the transfer of a data transmission 465 from the second host system 425 to the Internet upon determining that the data transmission 465 does not include a request for a network address to maintain its connection to the Internet 440 .
- the modem 400 can also block a data transmission 470 from the Internet 440 upon determining that the data transmission 470 does not include a response to a request for a network address to maintain a connection to the Internet 440 associated with the first or second host systems 420 , 425 .
- the network access maintenance information can be requests for a network address to maintain access to the Internet 440 for the host system 420 , 425 or a response to the request that includes the network address.
- the requests and responses can be ARP requests and ARP responses thereto.
- the ARP requests can be generated by the host systems to determine a physical address of another system with which the host systems communicates.
- the host system can check to see if it has the hardware address (or MAC address) associated with the destination IP address. If the destination system's hardware address is not known to the host system, then the host system can request the MAC address of the destination using an ARP request.
- the ARP request can include the IP address of the system for which the MAC address is sought.
- the system that is using the IP address included in the ARP request can respond by transmitting an ARP response to the host system.
- the ARP response can include the MAC address of the host system to which the ARP response is directed.
- the ARP response can be Unicast over the Internet to the host system.
- the first host system 420 may need to have the MAC address of a CMTS included in the cable system which provides access to the Internet 440 .
- the request 445 can be an ARP request transmitted to the modem 400 by the first host system 420 whereupon the modem 400 can transfer the ARP request to the CMTS according to the present invention.
- the CMTS can transmit an ARP response, such as the ARP response 450 , to the modem 400 that includes the MAC address of the CMTS.
- the modem 400 transfers the ARP response 450 to the first host system 420 upon determining that the ARP request 445 sent by the first host system 420 is still pending.
- the requests and responses can also be DHCP requests and DHCP responses thereto.
- DHCP is based on a client-server paradigm, in which a DHCP client, such as the first and second host systems 420 , 425 of FIG. 4, can contact a DHCP server for configuration parameters.
- One configuration parameter that can be provided by DHCP is an IP address.
- IP address In general, a host system is initially assigned a specific IP address that is appropriate to the network on which the host system is located. If the host system moves to a new network, it can be assigned a new IP address for that new network.
- DHCP can include other configuration parameters such as a subnet mask, a default router, a Domain Name System (DNS) server, and the like.
- DNS Domain Name System
- DHCP can provide IP addresses to the host systems on a “leased” basis.
- a DHCP lease is the amount of time that the DHCP server allows the host system (or DHCP client) permission to use the IP address before the IP address expires.
- a DHCP lease can typically provide an IP address to a host system for several hours or longer.
- the host system having the leased IP address can request a renewal of the lease on the IP address to extend its use of the IP address.
- the host system may begin requesting a renewal of the lease about half way through the lease period. Accordingly, an IP address currently leased to the host system will expire after the lease period expires unless the lease associated with the IP address is renewed by the DHCP client or at the DHCP server. Otherwise, the host system may lose access to the Internet 440 .
- the request 445 in FIG. 4 can be a DHCP request generated by the first host system 420 for renewal of a lease on its current IP address.
- the modem 400 determines that the request 445 includes the DHCP request and transfers the data to the Internet 440 .
- the DHCP request 445 is transmitted on the Internet 440 to a DHCP server that has control over the IP address currently being used by the fist host system 420 .
- the DHCP server can transmit a DHCP response, such as response 450 , that renews the lease of the IP address.
- the modem 400 transfers the data transmitted by the DHCP server to the first host system 420 upon determining that the data includes the DHCP response to the currently pending DHCP request.
- multiple DHCP servers may respond by issuing respective responses 450 to the request 445 , whereupon the first host system 420 can accept one of the responses 450 .
- FIG. 5 is a block diagram that illustrates embodiments of cable modems 500 according to the present invention through which a host system 520 can communicate with the Internet 540 using ARP requests and ARP responses using the MAC address of the host system 520 .
- the host system 520 can transmit an ARP request 545 that includes the MAC address of the host system 520 .
- the cable modem 500 determines that the data received from the host system 520 includes an ARP request and records that the ARP request 545 is pending.
- the cable modem 500 associates the MAC address with the pending ARP request 545 recorded in the cable modem 500 and transfers the ARP request 545 to the Internet 540 .
- the cable modem 500 can maintain a table that indicates which ARP requests are currently pending and what MAC addresses is associated with each pending ARP requests.
- a learn table included in the cable modem 500 can be extended to include the MAC addresses associated with the ARP requests.
- the cable modem 500 determines whether the data includes an ARP response. If the cable modem 500 determines that the data includes an ARP response, the cable modem 500 determines if a MAC address included with the ARP response matches the MAC address associated with the ARP request 545 that is pending in the cable modem 500 . For example, the cable modem 500 can check the table used to record which ARP requests are pending and the MAC addresses associated with each. If the ARP response includes a MAC address which matches the MAC address associated with any of the pending APR requests, the cable modem 500 can transfer the ARP response to the host system having the MAC address associated with the ARP request.
- ARP requests made by other host systems and responses thereto can also be processed by the cable modem 500 .
- a second host system can transmit ARP requests including a second MAC address to the cable modem 500 .
- the cable modem 500 can associate the ARP requests from the second host system with a second MAC address in the same table used to associate the ARP request 545 with the MAC address of the host system 520 .
- the cable modem 500 can disassociate the MAC address with the pending ARP request so that any subsequent data received from the Internet can be blocked by the cable modem 500 even if the data appears to be an ARP response that includes the MAC address that was associated with the previous ARP request. For example, if ARP response 570 is received by the cable modem 500 after receiving ARP response 550 and is determined to include the same MAC address that was included with ARP response 550 , ARP response 570 will be blocked by the cable modem 500 .
- the MAC address can be disassociated from the pending ARP request by deleting the ARP request from the table or by deleting the MAC address from the table, or otherwise indicating that a corresponding response for the pending ARP request has already been received and transferred by the cable modem 500 .
- FIG. 6 is a block diagram that illustrates embodiments of cable modems 600 according to the present invention through which a host system 620 can communicate with a DHCP server 640 using DHCP requests and DHCP responses including Transaction Identifiers (XID) generated by the host system 620 that uniquely identify the DHCP requests and responses.
- the host system 620 can transmit a DHCP request 645 that includes an XID generated by the host system 620 .
- the cable modem 600 determines that the data received from the host system 620 includes a DHCP request and records that the DHCP request 645 is currently pending.
- the cable modem 600 associates the XID with the pending DHCP request 645 recorded in the cable modem 600 and transfers the DHCP request 645 to the DHCP server 640 .
- the cable modem 600 can maintain a table that indicates which DHCP requests are currently pending and what XID is associated with each of the pending DHCP requests.
- the learn table included in the cable modem 600 can be extended to include the XID associated with the DHCP requests.
- the cable modem 600 Upon receiving data from the DHCP server 640 , the cable modem 600 determines whether the data includes a DHCP response. If the cable modem 600 determines that the data includes a DHCP response, the cable modem 600 determines if an XID included with the DHCP response corresponds to the XID associated with any of the DHCP requests that is currently pending in the cable modem 600 . For example, the cable modem 600 can compare the XID included with the DHCP response 650 with the XID associated with DHCP request 645 . If the DHCP response includes an XID which matches the XID associated with any of the pending DHCP requests, the cable modem 600 can transfer the DHCP response to the host system having the XID associated with the DHCP request.
- DHCP requests made by other host systems and responses thereto can also be processed by the cable modem 600 .
- a second host system can transmit DHCP requests including a second XID to the cable modem 600 .
- the cable modem 600 can associate the DHCP requests from the second host system with the second XID in the same table used to associate the DHCP request 645 with the XID of the first host system 620 .
- the cable modem 600 can disassociate the XID with the pending DHCP request so that any subsequent data received can be blocked by the cable modem 600 even if the data appears to be a DHCP response that includes an XID previously associated with a once pending DHCP request. For example, if DHCP response 670 is received by the cable modem 600 after receiving DHCP response 650 and is determined to include the same XID that was included with DHCP response 650 , DHCP response 670 will be blocked by the cable modem 600 .
- the XID can be disassociated from the pending DHCP request by deleting the DHCP request from the table, by deleting the XID from the table, or otherwise indicating that a corresponding response for the pending DHCP request has already been received and transferred by the cable modem 600 .
- the XID can be disassociated from a pending DHCP request when a second DHCP request is received from the same host system before a DHCP response is received to the first (currently pending) DHCP request.
- the cable modem 600 can disassociated the XID from the DHCP request 645 in the cable modem 600 . Subsequently, when the DHCP response 650 is received it will be blocked by the cable modem 600 .
- FIG. 7 is a block diagram that illustrates embodiments of cable modems 700 according to the present invention through which a host system 720 can transmit and receive ARP requests and responses and DHCP requests and responses.
- the host system 720 can include a MAC address in the ARP requests and include an XID in the DHCP requests so that each of the requests can be uniquely identified when determining whether an ARP/DHCP response matches a currently pending ARP/DHCP request in the cable modem 700 .
- the host system 720 transmits an ARP request 745 to determine the MAC address of a CMTS 710 .
- the MAC address of the host system can be included in an ARP request 745 and can be associated with the ARP request 745 in the cable modem 700 .
- the ARP request 745 can be transmitted to the CMTS 710 which can transmit an ARP response 750 to provide the MAC address requested in the ARP request 745 .
- the cable modem 700 determines that the ARP response 750 includes the same MAC address that is associated with the ARP request 745 in the cable modem 700 , transfers the data received from the CMTS 710 to the host system 720 , and disassociates the MAC address with the ARP request 745 in the cable modem so that any subsequent ARP responses having the same MAC address can be blocked by the cable modem 700 .
- the host system 720 transmits a DHCP discover request 755 to a DHCP server 740 for an IP address.
- the DHCP discover request 755 can include an XID 1 that the cable modem 700 associates with the DHCP discover request 755 .
- the cable modem 700 transfers the DHCP discover request 755 , including the XID 1 , to the DHCP server 740 via the CMTS 710 .
- the DHCP server 740 can transmit a DHCP offer 760 of an IP address, including XID 1 , to the cable modem 700 via the CMTS 710 .
- the cable modem 700 determines that the DHCP offer 760 includes the XID 1 that is associated with the currently pending DHCP discover request 755 in the cable modem 700 , transfers the DHCP offer 760 to the host system 720 , and disassociates the DHCP discover request 755 with the XID 1 in the cable modem so that any subsequent DHCP responses that include XID 1 can be blocked by the cable modem 700 .
- the host system 720 transmits a DHCP request 765 , including an XID 2 , to the DHCP server 740 that requests the IP address in the DHCP offer 760 .
- the cable modem 700 associates the DHCP request 765 with the XID 2 in the cable modem 700 and transfers the DHCP request 765 , including the XID 2 , to the DHCP server 740 via the CMTS 710 .
- the DHCP server 740 can transmit a DHCP ACK 770 , including XID 2 , to the cable modem 700 via the CMTS 710 granting the host system 720 the use the requested IP address.
- the cable modem 700 determines that the DHCP ACK 770 includes the XID 2 that is associated with the currently pending DHCP request 765 in the cable modem 700 , transfers the DHCP ACK 760 to the host system 720 , and disassociates the DHCP request 765 with the XID 2 in the cable modem so that any subsequent DHCP ACKs that include XID 2 can be blocked by the cable modem 700 .
- the host system 720 can renew the lease on the IP address by transmitting a new DHCP request before the lease expires.
- leases provided by a DHCP server can last several hours.
- the host system 720 may transmit the DHCP renewal request to the DHCP server 740 about halfway through the current lease. For example, if the current lease will expire about fours hours after the DHCP server 740 transmits the DHCP ACK 770 , the host system 720 may transmit a DHCP renewal request about two hours after the DHCP server 740 transmitted the DHCP ACK 770 .
- the host system 720 may transmit an ARP request 775 to ensure that the host system 720 is using the most current MAC address when communicating with the CMTS 710 and the DHCP server 740 .
- the host system 720 transmits an ARP request 775 to determine the MAC address of the CMTS 710 .
- the MAC address of the host system 720 can be included in the ARP request 775 and can be associated with the ARP request 775 in the cable modem 700 .
- the ARP request 775 can be transmitted to the CMTS 710 which can transmit an ARP response 780 to provide the MAC address requested by the ARP request 775 .
- the cable modem 700 determines that the ARP response 780 includes the same MAC address that is associated with the ARP request 775 in the cable modem 700 , transfers the data received from the CMTS 710 to the host system 720 , and disassociates the MAC address from the ARP request 775 in the cable modem 700 so that any subsequent ARP responses having the same MAC address can be blocked by the cable modem 700 .
- the host system 720 can transmit a DHCP renewal request 785 for the current IP address to the DHCP server 740 via the CMTS 710 .
- the DHCP renewal request 785 can include an XID 3 that the cable modem 700 associates with the DHCP renewal request 785 .
- the cable modem 700 transfers the DHCP renewal request 785 , including the XID 3 , to the DHCP server 740 via the CMTS 710 .
- the DHCP server 740 can transmit a DHCP ACK 790 to the cable modem 700 , including the XID 3 , to grant the renewal of the lease on the current IP address.
- the cable modem 700 determines that the DHCP ACK 790 includes the XID 3 that is associated with the currently pending DHCP renewal request 785 in the cable modem 700 , transfers the DHCP ACK 790 to the host system 720 , and disassociates the DHCP renewal request 785 from the XID 3 in the cable modem 700 so that any subsequent DHCP responses that include XID 3 can be blocked by the cable modem 700 .
- FIGS. 8A and 8B are flowcharts that illustrate embodiments of methods and systems of cable modems according to the present invention.
- the cable modem Upon receiving data from a host system while in safe mode, the cable modem determines whether the received data includes an ARP request (block 800 ) or a DHCP request (block 805 ). Otherwise, the data is blocked (block 810 ).
- the MAC included therewith is associated with the pending ARP request in the cable modem and is transferred to the network in conjunction with setting a time-out interval timer (block 815 ).
- Unlearned entries will be 0:0:0:0:0:0 and shouldn't match
- the XID included therewith is associated with the pending DHCP request in the cable modem and is transferred to the network in conjunction with setting a time-out interval timer (block 820 ).
- Unlearned entries will be 0:0:0:0:0:0 and shouldn't match
- the cable modem Upon receiving data from network while in safe mode, the cable modem determines whether the received data includes an ARP response (block 825 ) or a DHCP response (block 830 ). Otherwise, the data is blocked (block 835 ).
- the MAC address included therewith is checked to determine if it matches the MAC address associated with the pending ARP request in the cable modem (block 840 ). If the a match occurs, the DHCP response is transferred to the host system in conjunction with resetting the time-out interval timer (block 845 ). If the MAC addresses do not match, the data is blocked (block 835 ).
- the XID included therewith is compared to the XID associated with the currently pending DHCP request in the cable modem (block 850 ). If the XIDs match, the DHCP response is transferred to the host system and the DHCP request is disassociated with the XID in the cable modem in conjunction with resetting a time-out interval timer (block 855 ).
- the currently pending request associated with the time-out interval timer that expired is disassociated with the MAC or XID so that any subsequent ARP or DHCP responses including the MAC address or XID can be blocked by the cable mode.
- FIG. 9 is a flowchart that illustrates cable modems and methods according to embodiments of the present invention.
- embodiments of modems according to the present invention can include a safe mode according to the present invention and a firewall mode.
- the respective states of the firewall mode and the safe mode in the cable modem can be changed by, for example, pushing the safe mode button 108 .
- the firewall mode can be provided by commercially available software, such as software marketed by BVRP Software, 1 bis rue Collange, 92593 Levallois Perret Cedex, France and on the web at www.vicomsoft.com. It will be understood by those having skill in the art that a firewall can examine traffic routed between the host system and the Internet if the traffic meets certain criteria. Firewalls can filter data using address filtering, protocol filtering, etc.
- the cable modem powers-up so that the safe mode is disabled and the firewall is off (block 900 ).
- the firewall is enabled and the safe mode is disabled (block 910 ).
- the safe mode is enabled (block 920 ).
- the cable modem disables the firewall and the safe mode (block 900 ). The safe mode and the firewall operation can continue to be cycled each time input is provided to the cable modem.
- Input can be provided to the cable modem by pushing the safe mode button 108 on the modem housing or by clicking on a GUI as described above.
- the user changes the firewall/safe mode by depressing the safe mode button 108 for about a predetermined time and releasing the safe mode button 108 .
- the user can change the firewall/safe mode by depressing the safe mode button 108 for about four seconds and then releasing the safe mode button 108 .
Abstract
The transfer of data through a modem can be blocked in the modem during a safe mode unless the data includes predefined communications such as a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address. Accordingly, the safe mode can protect a host system from unauthorized access from the network, while allowing the network service to be maintained for the host system. In particular, requests for renewals of leases, such as Dynamic Host Configuration Protocol (DHCP) requests and responses thereto, on Internet Protocol (IP) addresses used by the host system may not be blocked by the modem during safe mode. Furthermore, requests and response for addresses of systems on the network to which the DHCP requests are transmitted, such as Address Resolution Protocol (ARP) requests and responses thereto, may also not be blocked during safe mode. Moreover, in some embodiments according to the present invention, the blocking is provided at the modem so that multiple host systems can be protected by the modem. Related methods, modems, and systems are disclosed.
Description
- This application is a Continuation-In-Part (CIP) of, and claims priority to, U.S. patent application Ser. No. 09/307,363, filed May 7, 1999, entitled Cable Modems that Block Data Transfers During Safe Mode of Operation and Related Methods, which is commonly assigned to the assignee of the present CIP, the entire disclosure of which is hereby incorporated herein by reference as if set forth herein in its entirety.
- The present invention relates to the field of communications in general and more particularly to modems and related methods and systems.
- With the rise in popularity of the Internet, many users are accessing the Internet through the Public Switched Telephone Network (PSTN) over a modem connected to a telephone line in the user's home. Unfortunately, the bandwidth provided by home telephone lines may prove to be inadequate for some applications on the Internet. For example, some data sets provided by the Internet may be so large that it is difficult to transfer the data set over the telephone line in a given time so that the application operates in a real-time manner. In particular, current residential telephone modem technology may be limited to data rates on the order of 56 kilobaud (kb).
- In an attempt to reduce the bandwidth problem associated with the telephone lines described above, there have been efforts to provide Internet service over coaxial cables used to provide cable TV. Accordingly, the user may access the Internet over the cable system using a cable modem to provide data rates of 42 megabaud or higher. Accessing the Internet via a cable system may involve initializing the cable modem each time the cable modem is turned on, during which the cable modem may register with the cable system. For example, when the user wishes to access the Internet, the user may turn on the cable modem which then registers with the cable system.
- As the number of cable modems handled by the cable system increases, the time needed to register each cable modem may also increase thereby lengthening the registration time. For example, if hundreds of cable modems are used in a cable system, the registration time for a selected cable modem may be several minutes. Consequently, the user may wish to avoid turning the cable modem off in an effort to avoid the delay incurred by a lengthy registration process. For example, if the user turns the cable modem on just prior to accessing the Internet, the user may need to wait for the registration process to complete before gaining access to the Internet. Moreover, cable systems may also provide television and telephone service to a user's home such as by routing these services through the cable modem to the television and telephone. Accordingly, the user may desire that the cable modem be left on so as not to interrupt telephone or television service.
- Unfortunately, leaving the cable modem turned on may decrease the security of the computer to which the cable modem is attached. In particular, the computer may be more susceptible to attack via the cable. For example, an unauthorized user may attempt to gain access to the computer via the cable. Moreover, because the cable provides relatively high bandwidth, relatively simple attacks, such as trying a large number of password combinations, may require only a short time to be successful. In view of the above, there exists a need to improve the security of cable modems used to access the Internet via cable systems.
- Accordingly, the present invention may allow improvement in the security of cable modems by blocking access to the cable modem from the cable system while the cable modem is in safe mode. Blocking data transfers may allow the subscriber to leave the host system connected to the cable modem, thereby possibly avoiding the delay associated with the registration process while reducing the security threats posed by maintaining a physical connection to the cable modem.
- Embodiments according to the present invention provides methods, modems, and systems for blocking the transfer of data in a modem during a safe mode unless the data transfer includes predefined communications. In some embodiments, the predefined communications can be network access maintenance information such as a request for a network address to maintain access to the network for the host system or a response to the request that includes a network address. Accordingly, the safe mode can protect a host system from unauthorized access from the network, while allowing the network service to be maintained for the host system during the safe mode of operation.
- In particular, requests for renewals of leases, such as Dynamic Host Configuration Protocol (DHCP) requests and responses thereto, on Internet Protocol (IP) addresses used by the host system may not be blocked by the modem during safe mode. Furthermore, requests and response for addresses of systems on the network to which the DHCP requests are transmitted, such as Address Resolution Protocol (ARP) requests and responses thereto, may also not be blocked during safe mode. Moreover, in some embodiments according to the present invention, the blocking is provided at the modem so that multiple host systems can be protected by the modem.
- FIG. 1 is a block diagram of an embodiment of a cable system according to the present invention.
- FIG. 2 is a block diagram of an embodiment of the cable modem100 of FIG. 1.
- FIG. 3 is a flowchart that illustrates operations of a cable modem according to the present invention.
- FIG. 4 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 5 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 6 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIG. 7 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet.
- FIGS. 8A and 8B are flowcharts that illustrate embodiments of methods, cable modems, and systems according to the present invention through which host systems can communicate with the Internet.
- FIG. 9 is a flowchart that illustrates cable modems and methods according to embodiments of the present invention.
- The present invention now will be described more fully hereinafter with reference to the accompanying drawings, in which preferred embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
- As will be appreciated by one of skill in the art, the present invention may be embodied as methods, devices, or systems. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects all of which may be generally referred to herein as a “circuit.”
- The present invention is also described using flowchart illustrations. It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These program instructions may be provided to a processor, such that the instructions which execute on the processor create means for implementing the functions specified in the flowchart block or blocks. The computer program instructions may be executed by the processor to cause a series of operational steps to be performed by the processor to produce a computer implemented process such that the instructions which execute on the processor provide steps for implementing the functions specified in the flowchart block or blocks.
- Accordingly, blocks of the flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or steps, or combinations of special purpose hardware and computer instructions. In some embodiments according to the present invention, the functions disclosed in the blocks may occur out of the order illustrated in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
- It will be understood that the term “coupled” as used herein to describe arrangements of devices includes arrangements wherein intervening devices are present between the coupled devices. For example, where a first device is described as coupled to a second device, the description will be understood to include other devices located between and coupled to the first and second devices.
- FIG. 1 is a block diagram of an embodiment of a cable system according to the present invention. The cable system includes a Cable Modem Termination System or Cable Modem Terminal Server (CMTS)140 and a plurality of cable modems 100. The CMTS 140 can provide services, such as television service, telephone service, and internet service, to subscribers of the cable system via cable modems 100 by transferring data over a
cable 110, such as a coaxial cable. For example, a subscriber may access the Internet through the respective cable modem 100 from ahost 125 such as a Personal Computer (PC). - The
CMTS 140 manages the services provided to the respective subscribers in the cable system. For example, a first subscriber may receive television, telephone, and Internet services while a second subscriber may receive only Internet service. Moreover, different subscribers may receive a different quality of service. For example, a first subscriber may receive Internet service at relatively low bandwidth while a second subscriber may receive Internet service at relatively high bandwidth. Accordingly, theCMTS 140 transmits and receives data to and from the respective cable modems 100 a-f at the rates associated with the respective subscribers. TheCMTS 140 can also adjust parameters of the cable modems 100 a-f used to transfer data such as phase timing, frequencies and power levels associated with the transfer of data between the respective cable modems 100 a-f and theCMTS 140. For example, theCMTS 140 can monitor the timing and power levels of the data transferred from the respective cable modems 100 a-f and instruct each cable modems 100 a-f to adjust the timing and power level of the data transfer performed by the cable modems 100 a-f. - In one embodiment, the Internet service provided by the
CMTS 140 includes data transferred between theCMTS 140 and thecable modem 100 a via thecable 110 at respective frequencies. For example, the subscriber may request information from the Internet, wherein data is transferred from thehost 125 through thecable modem 100 a to theCMTS 140 over thecable 110 at a first frequency. TheCMTS 140 responds to the request for information by transferring the requested data from theCMTS 140 to thehost 125 through thecable modem 100 a over thecable 110 at a second frequency. In another embodiment, the request is transmitted via a telephone line which is not part of the cable system. - It will be understood by those of skill in the art, that the data transfers between the
CMTS 140 and thecable modem 100 a may be performed according to standards known in the art. For example, data transfers between theCMTS 140 and thecable modem 100 a may be performed using a Time Division Multiple Access (TDMA) technique wherein data is transmitted and received over thecable 110 in predefined time-slots. Standards for the transfer of data in cable systems are discussed in the Data Over Cable System Interface Specification (DOCSIS). - When the
cable modem 100 a is turned on, thecable modem 100 a performs an initialization sequence wherein thecable modem 100 a registers with the cable system. In particular, thecable modem 100 a transfers an identifier to theCMTS 140 that identifies thecable modem 100 a within the cable system. Accordingly, theCMTS 140 can communicate with the selectedcable modem 100 a using the cable modem's respective identifier. - During registration, the
CMTS 140 performs ranging of each of the cable modems 100 a-f registered to adjust for the propagation delay of that data transferred, to adjust the proper power level of the data transfer, and to determine the quality of service provided to the subscriber. If telephone service is provided to the subscriber via the cable system, the registration process can also include the determination of parameters for the telephone service. - After registration, the
CMTS 140 provides services to the subscriber via therespective cable modem 100 a. In operation, services are provided by data transfers between theCMTS 140 and thecable modem 100 a. In particular, data is transferred from theCMTS 140 to a selectedcable modem 100 a using the identifier that identifies the selectedcable modem 100 a in the cable system. In operation, the data transfer to the selectedcable modem 100 a, includes the identifier which matches the identifier of the selectedcable modem 100 a. For example, if the selectedcable modem 100 a has an associated identifier of 800, a data transfer including an identifier of 800 will be accepted by the selectedcable modem 100 a. A data transfer can include information and/or a command directed to the selectedcable modem 100 a. - FIG. 2 is a block diagram of an embodiment of the cable modem100 of FIG. 1. Data is transferred between the
CMTS 140 and the cable modem 100 by a Media Access Controller (MAC) 105 coupled to thecable 110. TheMAC 105 accepts data transfers from theCMTS 140 if the identifier included in the data transfer matches the identifier of the cable modem 100. The data transfer can include information intended for afirst host 125, asecond host 120, atelephone 107, the cable modem 100, or other device accessed via the cable modem 100. For example, the data transfer may include information intended for thefirst host 125 in response to a request made by thefirst host 125 or a range command for the cable modem 100 to transfer timed information to theCMTS 140. The functions provided by theMAC 105 may be provided by software running onprocessor 115 or by hardware and/or software separate from the processor. While the processor, media access controller, host interface controller, and telephone interface controller of FIG. 2 are illustrated as separate blocks, it will be understood that one or more of these portions of the modem or sub-portions thereof, can be implemented using combined hardware and/or software. - The data transfer may include an address specifying which device coupled to the cable modem100 is the destination of the data transfer. For example, if the data transfer is intended for the
second host 120, the address included in the data transfer identifies thesecond host 120 as the destination. Although not shown, theMAC 105 may be coupled to a Radio Frequency (RF) tuner that modulates and demodulates the data included in the data transfers. For example, data transfers to theCMTS 140 may be modulated and transferred over a first channel on thecable 110. The RF tuner demodulates the data transferred from theCMTS 140 over a second channel on thecable 110. - A
processor 115 coordinates operations of the cable modem 100 within the cable system to provide the selected services to the subscriber. According to the present invention, data transfers to addressed hosts are blocked by theprocessor 115 during a safe mode of operation and not blocked by theprocessor 115 during normal mode operation. Moreover, blocking can be preformed on a host basis. For example, in one embodiment, data transfers addressed to thefirst host 125 are blocked while data transfers addressed to thesecond host 120 are received and provided to thesecond host 120. Moreover, data transfers including commands for the cable modem 100 or addressed to devices other than the hosts are unaffected by the safe mode of operation. Foe example, a ranging command issued to the cable modem 100 during safe mode of operation is accepted and responded by theMAC 105. - In one embodiment, the safe or normal mode of operation is selected using software that maintains a safe mode flag that is set to one of a safe mode state or a normal state flag to indicate the selected mode of operation. For example, the flag can be set to the safe mode state to indicate the safe mode of operation and set to the normal mode sate to indicate the normal mode of operation. In one embodiment, the mode of operation is selected by pressing a
safe mode button 108 on the housing of thecable modem 100 a. Thesafe mode button 108 can be momentary switch that causes theprocessor 115 to toggle the mode of operation. - In another embodiment, the mode of operation is selected via a command issued by the host. For example, the subscriber may cause a command to be issued to the cable modem100 whereupon the
cable modem 100 a changes the mode of operation. In still another embodiment, the mode of operation is selected based on a level of activity at the host. For example, the safe mode of operation can be selected after a period of inactivity at the first example, the safe mode of operation can be selected after a period of inactivity at thefirst host 125 is observed over a predetermined time interval. Thecable modem 100 a can resume the normal mode of operation upon the resumption of activity at thefirst host 125. Accordingly, the mode of operation can be selected based on the subscriber's use of the host coupled to thecable modem 100 a. Moreover, thecable modem 100 a need not be located near the subscriber for the mode of operation to be selected. For example, the cable modem 100 may be located in the basement of the subscriber's home while the host is located in the subscriber's home office. - A Host Interface Controller (HIC)135 provides the data received by the
processor 115 to the addressed host and provides data from the host to theprocessor 115 for transfer to theCMTS 140. TheHIC 135 can be a controller suitable for interfacing to at least one host, such as an Ethernet controller, Universal Serial Bus (USB) or other type of interface known to those of skill in the art. - A
telephone interface 116 provides telephone data from atelephone 107, such a Data Telephone Equipment (DTE), to theprocessor 115 and provides data transferred from theCMTS 140 to thetelephone 107. As described above, data transfers to thetelephone 107 from theCMTS 140 are unaffected by safe mode of operation. - FIG. 3 is a flowchart illustrating operations of a cable modem100 according to the present invention. According to FIG. 3, the cable modem 100 performs initialization upon being turned on or reset (block 300). The
processor 115 reads the stored value of the safe mode flag to determine which mode of operation is selected (block 305) and resets a host inactivity timer that indicates the elapsed time since host activity was last detected. - If the safe mode flag indicates that safe mode of operation is selected (block310) for
host 115, the processor determines if data transfers from theCMTS 140 to host 125 are currently enabled (block 320). If data transfers are not enabled (block 320) to thehost 125, theprocessor 115 waits for host activity to be detected (block 340) athost 125. Otherwise, if data transfers are currently enabled (block 320) to host 125, theprocessor 115 disables data transfers (block 335) and then waits for host activity athost 125 to be detected (block 340). - The cable modem100 continues to operate in the safe mode of operation until host activity is detected at
host 125 whereupon the safe mode flag is cleared and the host inactivity timer is reset (block 345), or until a safe mode button is pushed (block 350) thereby changing the safe mode of operation to the normal mode of operation (block 360) and resetting the host inactivity timer. - When the normal mode of operation is enabled (block310), due to the commencement of activity at the host 125 (block 345) or by pressing the safe mode button (block 360), the processor determines if data transfers from the
CMTS 140 are currently disabled (block 315). If data transfers are disabled (block 315), theprocessor 115 enables data transfers and waits for the host inactivity timer to expire (block 330). Otherwise theprocessor 115 waits for the host inactivity timer to expire (block 330). - The cable modem100 continues to operate in the normal mode of operation until the host inactivity timer expires (block 330) whereupon the safe mode flag is set, or until the safe mode button is pushed (block 350) thereby changing the normal mode of operation to safe mode of operation (block 360).
- Pursuant to further embodiments according to the present invention, the transfer of data through the modem can be blocked during safe mode unless the data transfer includes a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address. Accordingly, the safe mode can protect a host system from unauthorized access from the network, while allowing the network service to be maintained for the host system during the safe mode of operation.
- In particular embodiments according to the present invention, requests for renewals of leases, such as Dynamic Host Configuration Protocol (DHCP) requests and responses thereto, of Internet Protocol (IP) addresses used by the host system are not be blocked by the modem during safe mode. Furthermore, requests and responses for addresses of systems on the network to which the DHCP requests are transmitted, such as Address Resolution Protocol (ARP) requests and responses thereto, may also not be blocked during safe mode. Moreover, in some embodiments according to the present invention, the blocking is provided at the modem so that multiple host systems can be protected by the modem.
- In contrast, blocking all data transfers through the modem may prevent the host system from renewing a lease on an Internet Protocol (IP) address. Failure to renew the lease may cause an interruption in Internet service to the host system until the host system can reacquire a new IP address so that Internet service can be restored.
- Although embodiments according to the present invention are disclosed herein with reference to cable modems, it will be understood that the invention can be embodied in any device which provides a connection between a network and a host system. Furthermore, although embodiments according to the present invention are disclosed herein with reference to the Internet, it will be understood that the present invention may be practiced with any type of network that provides “always on” connections using network addresses which are renewed over time.
- As used herein the term “network address” can include logical addresses of systems on a network, such as Internet Protocol (IP) addresses that make up an Internet address. An IP address (also called an IP number) can be a number which uniquely identifies a computer system (or host system) that uses the Internet. The IP address is used, for example, by servers on the Internet to direct data to the host system associated with the IP address.
- The term “network address” can also include a physical address on a network, such as a MAC address of a host system connected to a Local Area Network (LAN), or the like. The MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits,0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012EF, 0:80:0:2:20:EF) which can uniquely identify a host system that connects to the network via an Ethernet interface or a network interface, such as a Universal Serial Bus (USB) that can emulate an Ethernet interface.
- FIG. 4 is a block diagram that illustrates embodiments of cable modems according to the present invention through which host systems can communicate with the Internet. As illustrated in FIG. 4, first and
second host systems modem 400 which may be transferred to theInternet 440. Themodem 400 can also receive predefined communications from theInternet 440 which may be transferred to thehost systems Internet 440 for thehost system modem 400 is a cable modem. - The
modem 400 can operate in a normal mode wherein all data received at thecable modem 400 is transferred through themodem 400 to theInternet 440 or the first andsecond host systems modem 400 can also operate in safe mode wherein data transfers through themodem 400 are blocked unless the data transfer includes the predefined communications. Blocking can be performed on a per host basis. For example, in some embodiments according to the present invention, data transfers addressed to thefirst host 420 are blocked while data transfers addressed to thesecond host 425 are allowed. - As discussed above, the safe mode can be enabled by setting a flag in software. For example, in some embodiments according to the present invention, the safe mode of operation is selected by “clicking” or otherwise providing input to a Graphical User Interface (GUI) that is interfaced to the
modem 400, such as a web page. For example, the subscriber may cause click on a button on a web page to issue a command to themodem 400 whereupon themodem 400 changes the mode of operation of themodem 400. - The
first host system 425 can transmit arequest 445 for a network address to themodem 400 that is needed to maintain its connection to theInternet 440. Themodem 400 determines that therequest 445 includes the request for a network address and does not block the data transfer ofrequest 445 to theInternet 440. Subsequently, if themodem 400 receives aresponse 450 to therequest 445 from theInternet 440, themodem 400 will not block the transfer of theresponse 450 to thefirst host system 420. - Still referring to FIG. 4, the
second host system 425 can also transmit arequest 455 for a network address to themodem 400 that is needed to maintain its connection to theInternet 440. Themodem 400 determines that therequest 455 includes the request for a network address and does not block the data transfer ofrequest 455 to theInternet 440. Subsequently, if themodem 400 receives aresponse 460 to therequest 455 from theInternet 440, themodem 400 will not block the transfer of theresponse 460 to thesecond host system 425. - In contrast, the
modem 400 can block the transfer of adata transmission 465 from thesecond host system 425 to the Internet upon determining that thedata transmission 465 does not include a request for a network address to maintain its connection to theInternet 440. Themodem 400 can also block adata transmission 470 from theInternet 440 upon determining that thedata transmission 470 does not include a response to a request for a network address to maintain a connection to theInternet 440 associated with the first orsecond host systems - In some embodiments according to the present invention, the network access maintenance information can be requests for a network address to maintain access to the
Internet 440 for thehost system - The ARP request can include the IP address of the system for which the MAC address is sought. The system that is using the IP address included in the ARP request can respond by transmitting an ARP response to the host system. The ARP response can include the MAC address of the host system to which the ARP response is directed. In some embodiments according to the present invention, the ARP response can be Unicast over the Internet to the host system.
- For example, the
first host system 420 may need to have the MAC address of a CMTS included in the cable system which provides access to theInternet 440. Accordingly, therequest 445 can be an ARP request transmitted to themodem 400 by thefirst host system 420 whereupon themodem 400 can transfer the ARP request to the CMTS according to the present invention. - The CMTS can transmit an ARP response, such as the
ARP response 450, to themodem 400 that includes the MAC address of the CMTS. Themodem 400 transfers theARP response 450 to thefirst host system 420 upon determining that theARP request 445 sent by thefirst host system 420 is still pending. - The requests and responses can also be DHCP requests and DHCP responses thereto. DHCP is based on a client-server paradigm, in which a DHCP client, such as the first and
second host systems - One configuration parameter that can be provided by DHCP is an IP address. In general, a host system is initially assigned a specific IP address that is appropriate to the network on which the host system is located. If the host system moves to a new network, it can be assigned a new IP address for that new network. DHCP can include other configuration parameters such as a subnet mask, a default router, a Domain Name System (DNS) server, and the like.
- DHCP can provide IP addresses to the host systems on a “leased” basis. A DHCP lease is the amount of time that the DHCP server allows the host system (or DHCP client) permission to use the IP address before the IP address expires. A DHCP lease can typically provide an IP address to a host system for several hours or longer. The host system having the leased IP address can request a renewal of the lease on the IP address to extend its use of the IP address. In some embodiments, the host system may begin requesting a renewal of the lease about half way through the lease period. Accordingly, an IP address currently leased to the host system will expire after the lease period expires unless the lease associated with the IP address is renewed by the DHCP client or at the DHCP server. Otherwise, the host system may lose access to the
Internet 440. - For example, the
request 445 in FIG. 4 can be a DHCP request generated by thefirst host system 420 for renewal of a lease on its current IP address. Themodem 400 determines that therequest 445 includes the DHCP request and transfers the data to theInternet 440. TheDHCP request 445 is transmitted on theInternet 440 to a DHCP server that has control over the IP address currently being used by thefist host system 420. The DHCP server can transmit a DHCP response, such asresponse 450, that renews the lease of the IP address. Themodem 400 transfers the data transmitted by the DHCP server to thefirst host system 420 upon determining that the data includes the DHCP response to the currently pending DHCP request. Although asingle response 450 to therequest 455 is described above, in some embodiments according to the present invention, multiple DHCP servers may respond by issuingrespective responses 450 to therequest 445, whereupon thefirst host system 420 can accept one of theresponses 450. - FIG. 5 is a block diagram that illustrates embodiments of
cable modems 500 according to the present invention through which ahost system 520 can communicate with theInternet 540 using ARP requests and ARP responses using the MAC address of thehost system 520. According to FIG. 5, thehost system 520 can transmit anARP request 545 that includes the MAC address of thehost system 520. Thecable modem 500 determines that the data received from thehost system 520 includes an ARP request and records that theARP request 545 is pending. Thecable modem 500 associates the MAC address with the pendingARP request 545 recorded in thecable modem 500 and transfers theARP request 545 to theInternet 540. For example, thecable modem 500 can maintain a table that indicates which ARP requests are currently pending and what MAC addresses is associated with each pending ARP requests. In some embodiments according to the present invention, a learn table included in thecable modem 500 can be extended to include the MAC addresses associated with the ARP requests. - Upon receiving data from the
Internet 540, thecable modem 500 determines whether the data includes an ARP response. If thecable modem 500 determines that the data includes an ARP response, thecable modem 500 determines if a MAC address included with the ARP response matches the MAC address associated with theARP request 545 that is pending in thecable modem 500. For example, thecable modem 500 can check the table used to record which ARP requests are pending and the MAC addresses associated with each. If the ARP response includes a MAC address which matches the MAC address associated with any of the pending APR requests, thecable modem 500 can transfer the ARP response to the host system having the MAC address associated with the ARP request. - It will be understood that ARP requests made by other host systems and responses thereto can also be processed by the
cable modem 500. For example, a second host system can transmit ARP requests including a second MAC address to thecable modem 500. Thecable modem 500 can associate the ARP requests from the second host system with a second MAC address in the same table used to associate theARP request 545 with the MAC address of thehost system 520. - After transferring the data, the
cable modem 500 can disassociate the MAC address with the pending ARP request so that any subsequent data received from the Internet can be blocked by thecable modem 500 even if the data appears to be an ARP response that includes the MAC address that was associated with the previous ARP request. For example, ifARP response 570 is received by thecable modem 500 after receivingARP response 550 and is determined to include the same MAC address that was included withARP response 550,ARP response 570 will be blocked by thecable modem 500. - In some embodiments according to the present invention, the MAC address can be disassociated from the pending ARP request by deleting the ARP request from the table or by deleting the MAC address from the table, or otherwise indicating that a corresponding response for the pending ARP request has already been received and transferred by the
cable modem 500. - FIG. 6 is a block diagram that illustrates embodiments of
cable modems 600 according to the present invention through which ahost system 620 can communicate with aDHCP server 640 using DHCP requests and DHCP responses including Transaction Identifiers (XID) generated by thehost system 620 that uniquely identify the DHCP requests and responses. According to FIG. 6, thehost system 620 can transmit aDHCP request 645 that includes an XID generated by thehost system 620. Thecable modem 600 determines that the data received from thehost system 620 includes a DHCP request and records that theDHCP request 645 is currently pending. Thecable modem 600 associates the XID with the pendingDHCP request 645 recorded in thecable modem 600 and transfers theDHCP request 645 to theDHCP server 640. For example, thecable modem 600 can maintain a table that indicates which DHCP requests are currently pending and what XID is associated with each of the pending DHCP requests. In some embodiments according to the present invention, the learn table included in thecable modem 600 can be extended to include the XID associated with the DHCP requests. - Upon receiving data from the
DHCP server 640, thecable modem 600 determines whether the data includes a DHCP response. If thecable modem 600 determines that the data includes a DHCP response, thecable modem 600 determines if an XID included with the DHCP response corresponds to the XID associated with any of the DHCP requests that is currently pending in thecable modem 600. For example, thecable modem 600 can compare the XID included with theDHCP response 650 with the XID associated withDHCP request 645. If the DHCP response includes an XID which matches the XID associated with any of the pending DHCP requests, thecable modem 600 can transfer the DHCP response to the host system having the XID associated with the DHCP request. - It will be understood that DHCP requests made by other host systems and responses thereto can also be processed by the
cable modem 600. For example, a second host system can transmit DHCP requests including a second XID to thecable modem 600. Thecable modem 600 can associate the DHCP requests from the second host system with the second XID in the same table used to associate theDHCP request 645 with the XID of thefirst host system 620. - After transferring the data, the
cable modem 600 can disassociate the XID with the pending DHCP request so that any subsequent data received can be blocked by thecable modem 600 even if the data appears to be a DHCP response that includes an XID previously associated with a once pending DHCP request. For example, if DHCP response 670 is received by thecable modem 600 after receivingDHCP response 650 and is determined to include the same XID that was included withDHCP response 650, DHCP response 670 will be blocked by thecable modem 600. - In some embodiments according to the present invention, the XID can be disassociated from the pending DHCP request by deleting the DHCP request from the table, by deleting the XID from the table, or otherwise indicating that a corresponding response for the pending DHCP request has already been received and transferred by the
cable modem 600. In some embodiments according to the present invention, the XID can be disassociated from a pending DHCP request when a second DHCP request is received from the same host system before a DHCP response is received to the first (currently pending) DHCP request. For example, if thecable modem 600 receives a second DHCP request from thehost system 620 before theDHCP response 650 is received by thecable mode 600, the cable modem can disassociated the XID from theDHCP request 645 in thecable modem 600. Subsequently, when theDHCP response 650 is received it will be blocked by thecable modem 600. - As illustrated in FIG. 7 is a block diagram that illustrates embodiments of
cable modems 700 according to the present invention through which ahost system 720 can transmit and receive ARP requests and responses and DHCP requests and responses. As discussed above, thehost system 720 can include a MAC address in the ARP requests and include an XID in the DHCP requests so that each of the requests can be uniquely identified when determining whether an ARP/DHCP response matches a currently pending ARP/DHCP request in thecable modem 700. - According to FIG. 7, the
host system 720 transmits anARP request 745 to determine the MAC address of aCMTS 710. The MAC address of the host system can be included in anARP request 745 and can be associated with theARP request 745 in thecable modem 700. TheARP request 745 can be transmitted to theCMTS 710 which can transmit anARP response 750 to provide the MAC address requested in theARP request 745. Thecable modem 700 determines that theARP response 750 includes the same MAC address that is associated with theARP request 745 in thecable modem 700, transfers the data received from theCMTS 710 to thehost system 720, and disassociates the MAC address with theARP request 745 in the cable modem so that any subsequent ARP responses having the same MAC address can be blocked by thecable modem 700. - The
host system 720 transmits a DHCP discoverrequest 755 to aDHCP server 740 for an IP address. The DHCP discoverrequest 755 can include an XID1 that thecable modem 700 associates with the DHCP discoverrequest 755. Thecable modem 700 transfers the DHCP discoverrequest 755, including the XID1, to theDHCP server 740 via theCMTS 710. TheDHCP server 740 can transmit aDHCP offer 760 of an IP address, including XID1, to thecable modem 700 via theCMTS 710. Thecable modem 700 determines that theDHCP offer 760 includes the XID1 that is associated with the currently pending DHCP discoverrequest 755 in thecable modem 700, transfers the DHCP offer 760 to thehost system 720, and disassociates the DHCP discoverrequest 755 with the XID1 in the cable modem so that any subsequent DHCP responses that include XID1 can be blocked by thecable modem 700. - If the host system decides to accept the IP address included in the
DHCP offer 760, thehost system 720 transmits aDHCP request 765, including an XID2, to theDHCP server 740 that requests the IP address in theDHCP offer 760. Thecable modem 700 associates theDHCP request 765 with the XID2 in thecable modem 700 and transfers theDHCP request 765, including the XID2, to theDHCP server 740 via theCMTS 710. TheDHCP server 740 can transmit aDHCP ACK 770, including XID2, to thecable modem 700 via theCMTS 710 granting thehost system 720 the use the requested IP address. Thecable modem 700 determines that theDHCP ACK 770 includes the XID2 that is associated with the currently pendingDHCP request 765 in thecable modem 700, transfers theDHCP ACK 760 to thehost system 720, and disassociates theDHCP request 765 with the XID2 in the cable modem so that any subsequent DHCP ACKs that include XID2 can be blocked by thecable modem 700. - The
host system 720 can renew the lease on the IP address by transmitting a new DHCP request before the lease expires. Typically, leases provided by a DHCP server can last several hours. Thehost system 720 may transmit the DHCP renewal request to theDHCP server 740 about halfway through the current lease. For example, if the current lease will expire about fours hours after theDHCP server 740 transmits theDHCP ACK 770, thehost system 720 may transmit a DHCP renewal request about two hours after theDHCP server 740 transmitted theDHCP ACK 770. - Before transmitting the DHCP renewal request, the
host system 720 may transmit anARP request 775 to ensure that thehost system 720 is using the most current MAC address when communicating with theCMTS 710 and theDHCP server 740. Thehost system 720 transmits anARP request 775 to determine the MAC address of theCMTS 710. The MAC address of thehost system 720 can be included in theARP request 775 and can be associated with theARP request 775 in thecable modem 700. TheARP request 775 can be transmitted to theCMTS 710 which can transmit anARP response 780 to provide the MAC address requested by theARP request 775. Thecable modem 700 determines that theARP response 780 includes the same MAC address that is associated with theARP request 775 in thecable modem 700, transfers the data received from theCMTS 710 to thehost system 720, and disassociates the MAC address from theARP request 775 in thecable modem 700 so that any subsequent ARP responses having the same MAC address can be blocked by thecable modem 700. - The
host system 720 can transmit aDHCP renewal request 785 for the current IP address to theDHCP server 740 via theCMTS 710. TheDHCP renewal request 785 can include an XID3 that thecable modem 700 associates with theDHCP renewal request 785. Thecable modem 700 transfers theDHCP renewal request 785, including the XID3, to theDHCP server 740 via theCMTS 710. TheDHCP server 740 can transmit aDHCP ACK 790 to thecable modem 700, including the XID3, to grant the renewal of the lease on the current IP address. Thecable modem 700 determines that theDHCP ACK 790 includes the XID3 that is associated with the currently pendingDHCP renewal request 785 in thecable modem 700, transfers theDHCP ACK 790 to thehost system 720, and disassociates theDHCP renewal request 785 from the XID3 in thecable modem 700 so that any subsequent DHCP responses that include XID3 can be blocked by thecable modem 700. - FIGS. 8A and 8B are flowcharts that illustrate embodiments of methods and systems of cable modems according to the present invention. Upon receiving data from a host system while in safe mode, the cable modem determines whether the received data includes an ARP request (block800) or a DHCP request (block 805). Otherwise, the data is blocked (block 810). In some embodiments according to the present invention, the ARP and DHCP requests can be determined using functions illustrated by the following pseudo code example:
Input: EthPkt - Pointer to Ethernet (layer 2) packet Length - Length of packet Returns: TRUE - Packet should be forwarded (at least continue processing) FALSE - Packet is discarded Pseudo Code: RetValue = FALSE if safemode is enabled AND modem is in OPERATIONAL state if Packet is ARP if SetARPPending(SRC MAC) successful Retvalue = TRUE Else if Packet is IP Initialize pointer to IP part of packet if IP->Protocol = UDP Initialize pointer to UDP part of Packet iif UDP->Destination Port = BOOTP SERVER (67) Initialize Pointer to Bootp/DHCP packet (same header) if SetDHCPPending (SRC MAC, DHCP->XID) successful RetValue = TRUE Return RetValue - If the data is determined to include an ARP request (block800), the MAC included therewith is associated with the pending ARP request in the cable modem and is transferred to the network in conjunction with setting a time-out interval timer (block 815). In some embodiments according to the present invention, the ARP request can be made pending and associated with the MAC address using functions illustrated by the following pseudo code example:
Set Arp Pending Input: CpeMAC -Pointer to CPE MAC (Ethernet) address Returns: TRUE -ARP pending flag set for valid CPE, FALSE if not Pseudo Code: RetValue = FALSE ! Assume no entry ! Unlearned entries will be 0:0:0:0:0:0 and shouldn't match For I = 0 to I < (Maximum # of hosts supported) if LearnTable [i] .EthAddr = HostMAC LearnTable [i] .ArpPending = TRUE RetValue = TRUE Return RetValue - If the data is determined to include a DHCP request (block805), the XID included therewith is associated with the pending DHCP request in the cable modem and is transferred to the network in conjunction with setting a time-out interval timer (block 820). In some embodiments according to the present invention, the DHCP request can be made pending and associated with the XID using functions illustrated by the following pseudo code example:
Set DHCP Pending Input: HostMAC -Pointer to CPE MAC (Ethernet) address XID -DHCP Message Transaction ID will be the same through a complete sequence Returns: TRUE -DHCP XID set for valid CPE, FALSE if not Pseudo Code: RetValue = FALSE ! Assume no entry ! Unlearned entries will be 0:0:0:0:0:0 and shouldn't match For I = 0 to I < (Maximum # of hosts supported) if LearnTable[i] .EthAddr = HostMAC Learn Table [i] .DHCPXID = XID RetValue = TRUE Return RetValue - Upon receiving data from network while in safe mode, the cable modem determines whether the received data includes an ARP response (block825) or a DHCP response (block 830). Otherwise, the data is blocked (block 835). In some embodiments according to the present invention, the ARP and DHCP responses can be determined using functions illustrated by the following pseudo code example:
Input: EthPkt - Pointer to ethernet (layer 2) packet Length - Length of packet Returns: TRUE - Packet should be forwarded FALSE - Packet is discarded Pseudo Code: RetValue = FALSE if safemode is enabled AND modem is in OPERATIONAL state if Packet is ARP ! Note that this clears pending data found if IsARPPending(DST MAC) successful Retvalue = TRUE Else if Packet is IP Initialize pointer to IP part of packet if IP->Protocol = UDP Initialize pointer to UDP part of Packet if UDP->Source Port = BOOTP SERVER (67) Initialize Pointer to Bootp/DT-ICP packet (same header) ! Note that this clears pending data if found if IsDHCPPending(DST MAC, DHCP->XID) successful RetValue = TRUE Return RetValue - If the data is determined to include an ARP response (block825), the MAC address included therewith is checked to determine if it matches the MAC address associated with the pending ARP request in the cable modem (block 840). If the a match occurs, the DHCP response is transferred to the host system in conjunction with resetting the time-out interval timer (block 845). If the MAC addresses do not match, the data is blocked (block 835). In some embodiments according to the present invention, the ARP response can be processed using functions illustrated by the following pseudo code example:
Is Arp Pending Input: CpeMAC - Pointer to CPE MAC (ethernet) address Returns: Value of ARP pending flag if found, FALSE otherwise Pseudo Code: RetValue = FALSE ! Assume no entry For I = 0 to I < (Maximum # hosts supported) if LearnTable[i] .EthAddr = CpeMAC RetValue = LearnTable [i] .ArpPending Learn Table [i] .ArpPending = FALSE; Return RetValue - If the data is determined to include an DHCP response (block830), the XID included therewith is compared to the XID associated with the currently pending DHCP request in the cable modem (block 850). If the XIDs match, the DHCP response is transferred to the host system and the DHCP request is disassociated with the XID in the cable modem in conjunction with resetting a time-out interval timer (block 855). In some embodiments according to the present invention, the DHCP request can be made pending and associated with the XID using functions illustrated by the following pseudo code example:
Is DHCP Pending Input: XID - Transaction ID from DHCP response Returns: TRUE if XID found in table, FALSE otherwise Pseudo Code: RetValue = FALSE ! Assume no enty ! Unlearned entries will be 0:0:0:0:0:0 and shouldn't match For I = 0 to I < (Maximum # hosts supported) if LearnTable(i] .DHCPXID = XID RetValue = TRUE Learn Table [i] .DHCPXID = 0 Return RetValue - If one of the time-out interval timers expires before receiving an acceptable ARP or DHCP response (block860), the currently pending request associated with the time-out interval timer that expired is disassociated with the MAC or XID so that any subsequent ARP or DHCP responses including the MAC address or XID can be blocked by the cable mode.
- FIG. 9 is a flowchart that illustrates cable modems and methods according to embodiments of the present invention. In particular, embodiments of modems according to the present invention can include a safe mode according to the present invention and a firewall mode. The respective states of the firewall mode and the safe mode in the cable modem can be changed by, for example, pushing the
safe mode button 108. - It will be understood by those having skill in the art that, in some embodiments according to the present invention, the firewall mode can be provided by commercially available software, such as software marketed by BVRP Software,1 bis rue Collange, 92593 Levallois Perret Cedex, France and on the web at www.vicomsoft.com. It will be understood by those having skill in the art that a firewall can examine traffic routed between the host system and the Internet if the traffic meets certain criteria. Firewalls can filter data using address filtering, protocol filtering, etc.
- As shown in FIG. 9, the cable modem powers-up so that the safe mode is disabled and the firewall is off (block900). When input is provided to the cable modem (block 905), the firewall is enabled and the safe mode is disabled (block 910). When input is again provided (block 915), the safe mode is enabled (block 920). When input is again provided (block 925) the cable modem disables the firewall and the safe mode (block 900). The safe mode and the firewall operation can continue to be cycled each time input is provided to the cable modem.
- Input can be provided to the cable modem by pushing the
safe mode button 108 on the modem housing or by clicking on a GUI as described above. In some embodiments according to the present invention, the user changes the firewall/safe mode by depressing thesafe mode button 108 for about a predetermined time and releasing thesafe mode button 108. For example, the user can change the firewall/safe mode by depressing thesafe mode button 108 for about four seconds and then releasing thesafe mode button 108. - In the drawings and specification, there have been disclosed typical embodiments of the invention and, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation, the scope of the invention being set forth in the following claims.
Claims (36)
1. A method for providing a host system access to a network through a modem, the method comprising:
blocking transfer of data in a modem during a safe mode of operation of the modem unless the data transfer includes predefined communications.
2. The method of claim 1 wherein the predefined communications comprise network access maintenance information.
3. The method of claim 1 wherein the predefined communications comprise a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address.
4. The method of claim 1 further comprising:
allowing the transfer of data other than the predefined communications through the modem during a normal mode of operation of the modem.
5. The method of claim 3 wherein the request is received from the host system and the response to the request is received from the network.
6. The method of claim 3 wherein the blocking transfer of data in a modem during a safe mode of operation of the modem unless the data transfer includes predefined communications comprises:
blocking transfer of the data from the host system to the network unless it is determined that the request comprises an Address Resolution Protocol (ARP) request for a MAC address of a system on the network that uniquely identifies the ARP request as originating from the host system; and
blocking transfer of the data from the network to the host system unless it is determined that the response comprises an ARP response that includes the MAC address requested by the ARP request.
7. The method of claim 3 wherein the blocking transfer of data in a modem during a safe mode of operation of the modem unless the data transfer includes predefined communications comprises:
determining if data received at the modem from the host system comprises an Address Resolution Protocol (ARP) request for a MAC address of a system on the network that uniquely identifies the ARP request as originating from the host system;
associating the MAC address with the ARP request in the modem and transmitting the ARP request including the MAC address from the modem to the network upon determining that the request comprises the ARP request;
determining if data received from the network at the modem comprises an ARP response including the MAC address associated with the ARP request; and
transmitting the data received from the network to the host system upon determining that the data received from the network comprises the ARP response including the MAC address associated with the ARP request.
8. The method of claim 7 further comprising:
disassociating the MAC address with the ARP request in the modem after transmitting the data received from the network to the host system.
9. The method of claim 7 wherein the data received from the network at the modem comprises first data and wherein the ARP response comprises a first ARP response, the method further comprising:
blocking second data received from the network at the modem after the first data is received upon determining that the second data comprises a second ARP response including the MAC address associated with the first ARP request.
10. The method of claim 7 further comprising:
disassociating the MAC address with the ARP request in the modem upon determining that the ARP response including the MAC address associated with the ARP request has not been received from the network within a time-out interval.
11. The method of claim 10 wherein the ARP request comprises a first ARP request, the method further comprising:
disassociating the MAC address with the first ARP request in the modem upon receiving a second ARP request from the host system; and
blocking data received from the network at the modem upon determining that the data received from the network comprises the first ARP response including the MAC address associated with the first ARP request.
12. The method of claim 3 wherein the blocking transfer of data in a modem during a safe mode of operation of the modem unless the data transfer includes predefined communications comprises:
blocking transfer of the data from the host system to the network unless it is determined that the request comprises an Dynamic Host Control Protocol (DHCP) request for an Internet Protocol (IP) address for the host system including a Transaction Identifier (XID) that uniquely identifies the DHCP request as originating from the host system; and
blocking transfer of the data from the network to the host system unless it is determined that the response comprises an DHCP response that includes the XID associated with the DHCP request.
13. The method of claim 3 wherein the blocking transfer of data in a modem during a safe mode of operation of the modem unless the data transfer includes predefined communications comprises:
determining if data received at the modem from the host system comprises a Dynamic Host Control Protocol (DHCP) request for an Internet Protocol (IP) address for the host system including a Transaction Identifier (XID) that uniquely identifies the DHCP request as originating from the host system;
associating the XID with the DHCP request in the modem and transmitting the DHCP request including the XID from the modem to the network upon determining that the request comprises the DHCP request;
determining if data received from the network at the modem comprises a DHCP response including the XID associated with the DHCP request; and
transmitting the data received from the network to the host system upon determining that the data received from the network comprises the DHCP response including the XID associated with the DHCP request.
14. The method of claim 13 further comprising:
disassociating the XID with the DHCP request in the modem after transmitting the data received from the network to the host system.
15. The method of claim 13 wherein the XID is generated by the host system.
16. The method of claim 13 wherein the data received from the network at the modem comprises first data and wherein the DHCP response comprises a first DHCP response, the method further comprising:
blocking second data received from the network at the modem after the first data is received upon determining that the second data comprises a second DHCP response including the XID associated with the first DHCP request.
17. The method of claim 13 further comprising:
disassociating the XID with the DHCP request in the modem upon determining that no data received from the network comprises the DHCP response including the XID associated with the DHCP request within a time-out interval.
18. The method of claim 17 wherein the DHCP request comprises a first DHCP request, the method further comprising:
disassociating the XID with the first DHCP request in the modem upon receiving a second DHCP request from the host system; and
blocking data received from the network at the modem upon determining that the data received from the network comprises the first DHCP response including the XID associated with the first DHCP request.
19. The method of claim 1 further comprising:
receiving input to the modem; and
ceasing blocking transfer of data in the modem in response to the input.
20. The method of claim 19 wherein receiving input to the modem comprises at least one of clicking on a Graphical User Interface and pushing a safe mode button on the modem.
21. The method of claim 1 wherein the host system comprises a first host system, the method further comprising:
allowing transfer of data associated with a second host system during a normal mode of operation of the modem associated with the second host system.
22. The method of claim 1 further comprising:
receiving input to the modem;
changing at least one of operation of a firewall associated with the modem and the safe mode in response to the input.
23. A modem that transfers data between a network and a host system, the modem comprising:
a processor circuit in the modem that is configured to block the transfer of data through the modem during a safe mode of operation of the modem unless the data includes predefined communications.
24. The modem of claim 23 wherein the predefined communications comprise network access maintenance information.
25. The modem of claim 23 wherein the predefined communications comprise a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address.
26. The modem of claim 23 wherein the processor circuit is further configured to allow the transfer of data other than the predefined communications through the modem during a normal mode of operation of the modem.
27. The modem of claim 25 wherein the request is received from the host system and the response to the request is received from the network.
28. The modem of claim 25 wherein the processor circuit is further configured to block transfer of the data transfer from the host system to the network unless it is determined that the request comprises an Address Resolution Protocol (ARP) request for a MAC address of a system on the network that uniquely identifies the ARP request as originating from the host system and to block transfer of the data from the network to the host system unless it is determined that the response comprises an ARP response that includes the MAC address requested by the ARP request.
29. The modem of claim 25 wherein the processor circuit is further configured to:
determine if data received at the modem from the host system comprises an Address Resolution Protocol (ARP) request for a MAC address of a system on the network that uniquely identifies the ARP request as originating from the host system;
associate the MAC address with the ARP request in the modem and transmitting the ARP request including the MAC address from the modem to the network upon determining that the request comprises the ARP request;
determine if data received from the network at the modem comprises an ARP response including the MAC address associated with the ARP request; and
transmit the data received from the network to the host system upon determining that the data received from the network comprises the ARP response including the MAC address associated with the ARP request.
30. The modem of claim 25 wherein the processor circuit is further configured to:
block transfer of the data from the host system to the network unless it is determined that the request comprises an Dynamic Host Control Protocol (DHCP) request for an Internet Protocol (IP) address for the host system including a Transaction Identifier (XID) that uniquely identifies the DHCP request as originating from the host system; and
block transfer of the data from the network to the host system unless it is determined that the response comprises an DHCP response that includes the XID associated with the DHCP request.
31. The modem of claim 25 wherein the processor circuit is further configured to:
determine if data received at the modem from the host system comprises a Dynamic Host Control Protocol (DHCP) request for an Internet Protocol (IP) address for the host system including a Transaction Identifier (XID) that uniquely identifies the DHCP request as originating from the host system;
associate the XID with the DHCP request in the modem and transmitting the DHCP request including the XID from the modem to the network upon determining that the request comprises the DHCP request;
determine if data received from the network at the modem comprises a DHCP response including the XID associated with the DHCP request; and
transmit the data received from the network to the host system upon determining that the data received from the network comprises the DHCP response including the XID associated with the DHCP request.
32. A modem that transfers data between a network and a host system, the modem comprising:
means for blocking the transfer of data through a modem during a safe mode of operation of the modem unless the data includes predefined communications.
33. The modem of claim 32 wherein the predefined communications comprise network access maintenance information.
34. The modem of claim 32 wherein the predefined communications comprise a request for a network address to maintain access to the network for the host system or a response to the request that includes the network address.
35. The modem of claim 34 wherein the means for blocking comprises:
means for determining if data received at the modem from the host system comprises an Address Resolution Protocol (ARP) request for a MAC address of a system on the network that uniquely identifies the ARP request as originating from the host system;
means for associating the MAC address with the ARP request in the modem and transmitting the ARP request including the MAC address from the modem to the network upon determining that the request comprises the ARP request;
means for determining if data received from the network at the modem comprises an ARP response including the MAC address associated with the ARP request;
means for transmitting the data received from the network to the host system upon determining that the data received from the network comprises the ARP response including the MAC address associated with the ARP request.
36. The modem of claim 34 wherein the means for blocking comprises:
means for determining if data received at the modem from the host system comprises a Dynamic Host Control Protocol (DHCP) request for an Internet Protocol (IP) address for the host system including a Transaction Identifier (XID) that uniquely identifies the DHCP request as originating from the host system;
means for associating the XID with the DHCP request in the modem and transmitting the DHCP request including the XID from the modem to the network upon determining that the request comprises the DHCP request;
means for determining if data received from the network at the modem comprises a DHCP response including the XID associated with the DHCP request; and
means for transmitting the data received from the network to the host system upon determining that the data received from the network comprises the DHCP response including the XID associated with the DHCP request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/999,655 US20020062450A1 (en) | 1999-05-07 | 2001-10-30 | Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/307,363 US6643780B1 (en) | 1999-05-07 | 1999-05-07 | Modems that block data transfers during safe mode of operation and related methods |
US09/999,655 US20020062450A1 (en) | 1999-05-07 | 2001-10-30 | Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/307,363 Continuation-In-Part US6643780B1 (en) | 1999-05-07 | 1999-05-07 | Modems that block data transfers during safe mode of operation and related methods |
Publications (1)
Publication Number | Publication Date |
---|---|
US20020062450A1 true US20020062450A1 (en) | 2002-05-23 |
Family
ID=23189423
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/307,363 Expired - Lifetime US6643780B1 (en) | 1999-05-07 | 1999-05-07 | Modems that block data transfers during safe mode of operation and related methods |
US09/999,655 Abandoned US20020062450A1 (en) | 1999-05-07 | 2001-10-30 | Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/307,363 Expired - Lifetime US6643780B1 (en) | 1999-05-07 | 1999-05-07 | Modems that block data transfers during safe mode of operation and related methods |
Country Status (3)
Country | Link |
---|---|
US (2) | US6643780B1 (en) |
AU (1) | AU4361200A (en) |
WO (1) | WO2000069144A1 (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030223457A1 (en) * | 2002-06-03 | 2003-12-04 | Lucent Technologies Inc. | Sub-network and related methods for routing signaling messages |
US20040233926A1 (en) * | 2003-05-19 | 2004-11-25 | Broadcom Corporation | System, method, and computer program product for facilitating communication between devices implementing proprietary features in a DOCSIS-compliant broadband communication system |
US20050033833A1 (en) * | 2003-08-05 | 2005-02-10 | International Business Machines Corporation | Method, system, and program product fo rmanaging device identifiers |
US20050078699A1 (en) * | 2003-10-10 | 2005-04-14 | Broadcom Corporation | System, method, and computer program product for utilizing proprietary communication parameters to improve channel efficiency in a DOCSIS-compliant broadband communication system |
US20050097617A1 (en) * | 1999-08-31 | 2005-05-05 | Currivan Bruce J. | Ranging and registering cable modems under attenuated transmission conditions |
US20050169282A1 (en) * | 2002-06-12 | 2005-08-04 | Wittman Brian A. | Data traffic filtering indicator |
US20050198242A1 (en) * | 2004-01-05 | 2005-09-08 | Viascope Int. | System and method for detection/interception of IP collision |
US20050265398A1 (en) * | 2004-05-25 | 2005-12-01 | Cisco Technology, Inc. | Tunneling scheme for transporting information over a cable network |
US20050265392A1 (en) * | 2004-05-25 | 2005-12-01 | Fox David B | Wideband cable downstream protocol |
US20060002294A1 (en) * | 2004-05-25 | 2006-01-05 | Chapman John T | Wideband provisioning |
US20060109847A1 (en) * | 2004-09-27 | 2006-05-25 | Sou Satou | Subscriber line accommodation apparatus and packet filtering method |
US20070142946A1 (en) * | 2005-12-17 | 2007-06-21 | Dr. Johannes Heidenhain Gmbh | Method for the start-up of numerical controls of machine tools or production machinery and numerical control for machine tools or production machinery |
US20070282955A1 (en) * | 2006-05-31 | 2007-12-06 | Cisco Technology, Inc. | Method and apparatus for preventing outgoing spam e-mails by monitoring client interactions |
US20080298277A1 (en) * | 2004-05-25 | 2008-12-04 | Cisco Technology, Inc. | Neighbor discovery proxy with distributed packet inspection scheme |
US20080320099A1 (en) * | 2007-06-19 | 2008-12-25 | Samsung Electronics Co., Ltd. | Connector and communication method thereof |
US20090047015A1 (en) * | 2003-06-17 | 2009-02-19 | Christopher Pierce Williams | Addressable Fiber Node |
US7533255B1 (en) * | 2003-07-11 | 2009-05-12 | Cisco Technology, Inc. | Method and apparatus for restricting address resolution protocol table updates |
US20090185574A1 (en) * | 2004-05-25 | 2009-07-23 | Cisco Technology, Inc. | Timing system for modular cable modem termination system |
US20100122320A1 (en) * | 2008-11-07 | 2010-05-13 | Next Gaming, Llc | Secure and Self Monitoring Slot Gaming Network |
US7810137B1 (en) * | 2003-12-22 | 2010-10-05 | Cisco Technology, Inc. | Method of controlling network access that induces consumption of merchant goods or services |
US8135028B2 (en) | 2004-05-25 | 2012-03-13 | Cisco Technology, Inc. | Neighbor discovery in cable networks |
US8553704B2 (en) | 2004-05-25 | 2013-10-08 | Cisco Technology, Inc. | Wideband upstream protocol |
US8825839B2 (en) * | 2010-11-24 | 2014-09-02 | Unisys Corporation | Snooping DNS messages in a server hosting system providing overlapping address and name spaces |
US20150134726A1 (en) * | 2013-11-14 | 2015-05-14 | Eric P. Vance | System and Method For Machines to Communicate over the Internet |
US20160248751A1 (en) * | 2014-12-04 | 2016-08-25 | Huawei Technologies Co., Ltd. | Cm registration method and apparatus |
US11153261B2 (en) * | 2020-01-22 | 2021-10-19 | Cisco Technology, Inc. | Routing traffic for virtualized/containerized network functions |
US11516177B1 (en) * | 2014-02-28 | 2022-11-29 | CSC Holdings, LLC | Detecting and remediating non-responsive customer premise equipment |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6993007B2 (en) * | 1999-10-27 | 2006-01-31 | Broadcom Corporation | System and method for suppressing silence in voice traffic over an asynchronous communication medium |
US7200156B2 (en) * | 1999-12-21 | 2007-04-03 | Skarpness Mark L | Modular broadband adapter system |
WO2001061924A2 (en) * | 2000-02-15 | 2001-08-23 | Broadcom Corporation | Cable modem system and method for specialized data transfer |
US7010802B1 (en) * | 2000-03-01 | 2006-03-07 | Conexant Systems, Inc. | Programmable pattern match engine |
US6765925B1 (en) * | 2000-09-28 | 2004-07-20 | Nortel Networks Limited | Apparatus and method of maintaining state in a data transmission system |
US7769047B2 (en) * | 2001-02-15 | 2010-08-03 | Broadcom Corporation | Methods for specialized data transfer in a wireless communication system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4680773A (en) * | 1985-10-30 | 1987-07-14 | Microcom, Inc. | Data telecommunications system and method utilizing a multi-mode modem |
US5790806A (en) * | 1996-04-03 | 1998-08-04 | Scientific-Atlanta, Inc. | Cable data network architecture |
US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6556574B1 (en) * | 1999-03-31 | 2003-04-29 | Cisco Technology, Inc. | Duplicate ignore delay timer for ARP like protocol messages using are protocol |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4313176A (en) * | 1980-03-07 | 1982-01-26 | The Lockwood Association, Inc. | Data controlled switch for telephone inputs to a computer |
US4951309A (en) | 1988-10-14 | 1990-08-21 | Compag Computer Corporation | Power-down modem |
US5896497A (en) * | 1996-08-07 | 1999-04-20 | Halstead; William D. | System for securing a computer |
US5999526A (en) * | 1996-11-26 | 1999-12-07 | Lucent Technologies Inc. | Method and apparatus for delivering data from an information provider using the public switched network |
US5956481A (en) * | 1997-02-06 | 1999-09-21 | Microsoft Corporation | Method and apparatus for protecting data files on a computer from virus infection |
JP3922312B2 (en) | 1997-02-13 | 2007-05-30 | ソニー株式会社 | Cable modem and cable modem control method |
US6269154B1 (en) * | 1998-02-04 | 2001-07-31 | Texas Instruments Incorporated | Splitterless modem with integrated off-hook detector |
-
1999
- 1999-05-07 US US09/307,363 patent/US6643780B1/en not_active Expired - Lifetime
-
2000
- 2000-04-19 AU AU43612/00A patent/AU4361200A/en not_active Abandoned
- 2000-04-19 WO PCT/US2000/010473 patent/WO2000069144A1/en active Application Filing
-
2001
- 2001-10-30 US US09/999,655 patent/US20020062450A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4680773A (en) * | 1985-10-30 | 1987-07-14 | Microcom, Inc. | Data telecommunications system and method utilizing a multi-mode modem |
US5790806A (en) * | 1996-04-03 | 1998-08-04 | Scientific-Atlanta, Inc. | Cable data network architecture |
US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6556574B1 (en) * | 1999-03-31 | 2003-04-29 | Cisco Technology, Inc. | Duplicate ignore delay timer for ARP like protocol messages using are protocol |
Cited By (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050097617A1 (en) * | 1999-08-31 | 2005-05-05 | Currivan Bruce J. | Ranging and registering cable modems under attenuated transmission conditions |
US7856049B2 (en) * | 1999-08-31 | 2010-12-21 | Broadcom Corporation | Ranging and registering cable modems under attenuated transmission conditions |
US20030223457A1 (en) * | 2002-06-03 | 2003-12-04 | Lucent Technologies Inc. | Sub-network and related methods for routing signaling messages |
US7315555B2 (en) * | 2002-06-03 | 2008-01-01 | Lucent Technologies Inc. | Sub-network and related methods for routing signaling messages |
US20050169282A1 (en) * | 2002-06-12 | 2005-08-04 | Wittman Brian A. | Data traffic filtering indicator |
US7818794B2 (en) * | 2002-06-12 | 2010-10-19 | Thomson Licensing | Data traffic filtering indicator |
US8040915B2 (en) * | 2003-05-19 | 2011-10-18 | Broadcom Corporation | System, method, and computer program product for facilitating communication between devices implementing proprietary features in a DOCSIS-compliant broadband communication system |
US8498310B2 (en) | 2003-05-19 | 2013-07-30 | Broadcom Corporation | System, method, and computer program product for facilitating communication between devices implementing proprietary features in a DOCSIS-compliant broadband communication system |
US20040233926A1 (en) * | 2003-05-19 | 2004-11-25 | Broadcom Corporation | System, method, and computer program product for facilitating communication between devices implementing proprietary features in a DOCSIS-compliant broadband communication system |
US8130651B2 (en) * | 2003-06-17 | 2012-03-06 | Time Warner Cable, Inc. | Addressable fiber node |
US20090047015A1 (en) * | 2003-06-17 | 2009-02-19 | Christopher Pierce Williams | Addressable Fiber Node |
US7533255B1 (en) * | 2003-07-11 | 2009-05-12 | Cisco Technology, Inc. | Method and apparatus for restricting address resolution protocol table updates |
US20050033833A1 (en) * | 2003-08-05 | 2005-02-10 | International Business Machines Corporation | Method, system, and program product fo rmanaging device identifiers |
US20050078699A1 (en) * | 2003-10-10 | 2005-04-14 | Broadcom Corporation | System, method, and computer program product for utilizing proprietary communication parameters to improve channel efficiency in a DOCSIS-compliant broadband communication system |
US7810137B1 (en) * | 2003-12-22 | 2010-10-05 | Cisco Technology, Inc. | Method of controlling network access that induces consumption of merchant goods or services |
US20050198242A1 (en) * | 2004-01-05 | 2005-09-08 | Viascope Int. | System and method for detection/interception of IP collision |
US8149833B2 (en) | 2004-05-25 | 2012-04-03 | Cisco Technology, Inc. | Wideband cable downstream protocol |
US8135028B2 (en) | 2004-05-25 | 2012-03-13 | Cisco Technology, Inc. | Neighbor discovery in cable networks |
US20090185574A1 (en) * | 2004-05-25 | 2009-07-23 | Cisco Technology, Inc. | Timing system for modular cable modem termination system |
US8553704B2 (en) | 2004-05-25 | 2013-10-08 | Cisco Technology, Inc. | Wideband upstream protocol |
US20080298277A1 (en) * | 2004-05-25 | 2008-12-04 | Cisco Technology, Inc. | Neighbor discovery proxy with distributed packet inspection scheme |
US20050265398A1 (en) * | 2004-05-25 | 2005-12-01 | Cisco Technology, Inc. | Tunneling scheme for transporting information over a cable network |
US7835274B2 (en) | 2004-05-25 | 2010-11-16 | Cisco Technology, Inc. | Wideband provisioning |
US8160093B2 (en) | 2004-05-25 | 2012-04-17 | Cisco Technology, Inc. | Timing system for modular cable modem termination system |
US7864686B2 (en) | 2004-05-25 | 2011-01-04 | Cisco Technology, Inc. | Tunneling scheme for transporting information over a cable network |
US20050265392A1 (en) * | 2004-05-25 | 2005-12-01 | Fox David B | Wideband cable downstream protocol |
US8102854B2 (en) * | 2004-05-25 | 2012-01-24 | Cisco Technology, Inc. | Neighbor discovery proxy with distributed packet inspection scheme |
US20060002294A1 (en) * | 2004-05-25 | 2006-01-05 | Chapman John T | Wideband provisioning |
US20060109847A1 (en) * | 2004-09-27 | 2006-05-25 | Sou Satou | Subscriber line accommodation apparatus and packet filtering method |
US20070142946A1 (en) * | 2005-12-17 | 2007-06-21 | Dr. Johannes Heidenhain Gmbh | Method for the start-up of numerical controls of machine tools or production machinery and numerical control for machine tools or production machinery |
US8032738B2 (en) * | 2005-12-17 | 2011-10-04 | Dr. Johannes Heidenhain Gmbh | Method for the start-up of numerical controls of machine tools or production machinery and numerical control for machine tools or production machinery |
US20070282955A1 (en) * | 2006-05-31 | 2007-12-06 | Cisco Technology, Inc. | Method and apparatus for preventing outgoing spam e-mails by monitoring client interactions |
US8601065B2 (en) * | 2006-05-31 | 2013-12-03 | Cisco Technology, Inc. | Method and apparatus for preventing outgoing spam e-mails by monitoring client interactions |
US20080320099A1 (en) * | 2007-06-19 | 2008-12-25 | Samsung Electronics Co., Ltd. | Connector and communication method thereof |
US20100122320A1 (en) * | 2008-11-07 | 2010-05-13 | Next Gaming, Llc | Secure and Self Monitoring Slot Gaming Network |
US8825839B2 (en) * | 2010-11-24 | 2014-09-02 | Unisys Corporation | Snooping DNS messages in a server hosting system providing overlapping address and name spaces |
US20150134726A1 (en) * | 2013-11-14 | 2015-05-14 | Eric P. Vance | System and Method For Machines to Communicate over the Internet |
US10164857B2 (en) * | 2013-11-14 | 2018-12-25 | Eric P. Vance | System and method for machines to communicate over the internet |
US11516177B1 (en) * | 2014-02-28 | 2022-11-29 | CSC Holdings, LLC | Detecting and remediating non-responsive customer premise equipment |
US20160248751A1 (en) * | 2014-12-04 | 2016-08-25 | Huawei Technologies Co., Ltd. | Cm registration method and apparatus |
US11153261B2 (en) * | 2020-01-22 | 2021-10-19 | Cisco Technology, Inc. | Routing traffic for virtualized/containerized network functions |
US11888808B2 (en) | 2020-01-22 | 2024-01-30 | Cisco Technology, Inc. | Routing traffic for virtualized/containerized network functions |
Also Published As
Publication number | Publication date |
---|---|
AU4361200A (en) | 2000-11-21 |
WO2000069144A1 (en) | 2000-11-16 |
US6643780B1 (en) | 2003-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20020062450A1 (en) | Methods, modems, and systems for blocking data transfers unless including predefined communications to provide access to a network | |
US6603758B1 (en) | System for supporting multiple internet service providers on a single network | |
US8646033B2 (en) | Packet relay apparatus | |
US8209529B2 (en) | Authentication system, network line concentrator, authentication method and authentication program | |
US9112725B2 (en) | Dynamic VLAN IP network entry | |
US7490351B1 (en) | Controlling ARP traffic to enhance network security and scalability in TCP/IP networks | |
US6907470B2 (en) | Communication apparatus for routing or discarding a packet sent from a user terminal | |
US6754622B1 (en) | Method for network address table maintenance in a data-over-cable system using destination reachibility | |
US7474655B2 (en) | Restricting communication service | |
US20080186932A1 (en) | Approach For Mitigating The Effects Of Rogue Wireless Access Points | |
US8296560B2 (en) | Method and apparatus for restricting address resolution protocol table updates | |
US7099338B1 (en) | System and method for insuring dynamic host configuration protocol operation by a host connected to a data network | |
KR20040024917A (en) | Apparatus and method for allocating the ip address | |
CA2274050A1 (en) | System, device, and method for routing dhcp packets in a public data network | |
US20220345437A1 (en) | Systems and methods for improving arp/nd performance on host communication devices | |
KR20130005973A (en) | A network security system and network security method | |
US8149808B2 (en) | Electronic apparatus having communication function and control method | |
CN110445889B (en) | Method and system for managing IP address of switch under Ethernet environment | |
JP2001326696A (en) | Method for controlling access | |
JP2005517354A (en) | Method and apparatus for determining lease time for dynamic host configuration protocol | |
US7570647B2 (en) | LAN type internet access network and subscriber line accommodation method for use in the same network | |
JP2002084306A (en) | Packet communication apparatus and network system | |
EP2074747B1 (en) | Method for automatically providing a customer equipment with the correct service | |
WO2003045034A1 (en) | Security of data through wireless access points supporting roaming | |
RU2788673C1 (en) | Network access control system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ERICSSON INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CARLSON, BRIAN;COOPER, GERALD MEADE;KENT, JAMES SHELDON;REEL/FRAME:012348/0485 Effective date: 20011024 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |