United States Patent (19)
`Maria et al.
`
`54). APPARATUS FOR FILTERING PACKETS
`USING A DEDICATED PROCESSOR
`
`US0060921.10A
`Patent Number:
`11
`(45) Date of Patent:
`
`6,092,110
`*Jul.18, 2000
`
`5,826,014 10/1998 Coley et al. ............................ 713/201
`5,848,233 12/1998 Radia et al. ............................ 713/201
`5,884,025 3/1999 Baehr et al. ............................ 713/201
`FOREIGN PATENT DOCUMENTS
`
`(75) Inventors: Arturo Maria, Bellevue; Leslie Dale
`Owens, Issaquah, both of Wash.
`73 Assignee: AT&T Wireless Svcs. Inc., Redmond,
`Wash.
`This patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`Notice:
`
`*
`
`0 743 777 11/1996 European Pat. Off..
`WO96/13 113 5/1996 WIPO.
`OTHER PUBLICATIONS
`Patent Abstracts of Japan, vol. 097, No. 010, Oct. 31, 1997
`& JP 09–152969 A (Kenwood Corp.), Jun. 10, 1997.
`Skokowski P: Penny-Pinching Networks for Distributed
`Control, Control Engineering, vol.39, No. 5, Jan. 1992, pp.
`35-37.
`Andrew S. Tanenbaum: Computer Networks, 1996, Pren
`tice-Hall International, Upper Saddle River, New Jersey,
`US, pp. 7-16.
`Primary Examiner Viet D. Vu
`157
`ABSTRACT
`A dedicated data packet filtering processor whose only
`function is to filter data packets based on a list of source IP
`addresses Stored in high-speed memory of the processor. The
`processor has a Specialized operating System which controls
`the operation of the processor. The processor examines the
`Source IP address of each received data packet to determine
`if the Source IP address matches one of the stored source IP
`addresses, and if there is a match, either discards or forwards
`the data packet depending on the processor configuration.
`4,715,030 12/1987 Koch et al. ............................... 370/85
`The list of Source IP addresses are updated by a service
`4,888,796 12/1989 Olivo, Jr. ...
`379/101.01
`56. 12: S. Jr. .....
`- - - - 3. provider having a central administrative Site. The Service
`5.448.69s 9/1995 Symm.
`... 709f245
`provider keeps these lists up to data and periodically updates
`5,481,720
`1/1996 Loucks et al. ...
`... 364/284.2
`the Source IP addresses Stored in the random acceSS memory
`5,561,770 10/1996 de Bruijn et al.
`709/225
`of the dedicated IP filtering processors.
`5,606,668 2/1997 Shwed ....................................... 380/42
`5,615,340 3/1997 Dai et al. ................................ 709/250
`
`21 Appl. No.: 08/956,993
`22 Filed:
`Oct. 23, 1997
`(51) Int. Cl." ...................................................... G06F 13/00
`52 U.S. Cl. .......................... 709/225; 709/238; 709/250;
`713/201
`58 Field of Search ..................................... 709/217, 218,
`709/219, 227, 224, 225, 229, 250, 313,
`206, 238; 713/201; 707/9, 10
`
`56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`21 Claims, 4 Drawing Sheets
`
`
`
`
`
`
`
`
`
`
`
`HGH
`PERFORMANCE
`
`
`
`20
`
`LAN/F CONN.
`
`802.3
`INTERFACE
`
`28
`
`30
`
`DRAM
`CONTROL
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 1 of 10
`
`

`

`U.S. Patent
`
`Jul.18, 2000
`
`Sheet 1 of 4
`
`6,092,110
`
`FIC. 1
`
`
`
`NETWORK B
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 2 of 10
`
`

`

`U.S. Patent
`
`Jul.18, 2000
`
`Sheet 2 of 4
`
`6,092,110
`
`FIC. 2
`
`3 4.
`
`LAN/F CONN.
`
`RS232
`CONN.
`
`802.3
`INTERFACE
`
`20
`
`22
`
`26
`
`28
`
`CLK
`
`CKT
`
`DRAM
`CONTROL
`
`USER PARAMETERS
`
`802.3/F
`LAN/F CONN.
`
`46
`
`48
`
`
`
`
`
`
`
`
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 3 of 10
`
`

`

`U.S. Patent
`
`Jul.18, 2000
`
`Sheet 3 of 4
`
`6,092,110
`
`FIC. 3
`
`RECEIVE PACKET
`
`DETERMINE SOURCE
`ADDRESS
`
`COMPARE SOURCE
`ADDRESS WITH LIST
`
`
`
`ADDRESS ON
`LIST
`
`58
`
`YES
`LOG PACKET ATTEMPT
`
`50
`
`52
`
`54
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DROP PACKET
`
`NO
`
`PASS PACKET
`
`
`
`
`
`YES
`SEND PACKET TO
`DESTINATION NETWORK
`
`60
`
`62
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 4 of 10
`
`

`

`U.S. Patent
`
`Jul.18, 2000
`
`Sheet 4 of 4
`
`6,092,110
`
`FIG. 4
`
`84
`
`CPU/MEMORY BUS
`
`72
`
`74
`
`76
`
`78
`
`80
`
`82
`
`MAIN
`
`CPU
`
`MEMORY o ADAPTER || "VSI" | "YS | | CONTROL
`
`BUS
`
`LIST
`REPLICATION |
`
`USER
`| INTERFACE
`
`SYSTEM
`
`I/O BUS
`
`86
`
`88
`
`88
`
`88
`
`I/O CONT.
`
`I/O CONT.
`
`I/O CONT.
`
`EXTERNAL
`of
`
`DATABASE
`
`NETWORK
`INTERC
`
`90
`
`92
`
`94
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 5 of 10
`
`

`

`1
`APPARATUS FOR FILTERING PACKETS
`USING A DEDICATED PROCESSOR
`FIELD OF THE INVENTION
`The invention relates to packet filters in general. More
`particularly, the invention relates to a method and apparatus
`for filtering data packets using a dedicated processor and a
`list of Source addresses Stored in high-Speed memory, as well
`as a means for periodically updating the list of Source
`addresses to ensure the list is kept current.
`BACKGROUND OF THE INVENTION
`Many companies and individual homes have access to the
`Internet, and more particularly, the World Wide Web
`(WWW). With the growing number of Internet sites, there is
`also a growing number of Sites which provide content that
`Some companies may deem inappropriate for the workplace.
`Similarly, there are many Internet Sites which provide con
`tent that parents may deem inappropriate for young children.
`Data packet filters are currently available which filter out
`data packets from certain Internet Sites. On the commercial
`Side, these filters are often implemented as part of a router
`or “firewall.” On the individual side, these filters are imple
`mented as programs which run on a personal computer and
`operate in conjunction with individual browser Software.
`Both the commercial and individual filterS operate by Storing
`lists of prohibited Source addresses, Such as Internet Proto
`col (IP) addresses, and filtering out any data packets
`received from a site with a prohibited source IP address. One
`problem with the currently available filters is that there is a
`performance degradation as the list of prohibited Source IP
`addresses grows. Another problem is the administration of
`prohibited source IP address lists. Internet sites are being
`added and changed every day, and it is very difficult to keep
`a prohibited source IP address list up to date.
`One example of a conventional data packet filter is
`described in U.S. Pat. No. 5,606,668 titled “System for
`Securing Inbound and Outbound Data Packet Flow in a
`Computer Network.” The 668 patent relates to computer
`network security and the control of information flow
`between internal and external network destinations. The
`patent broadly describes prior art packet filtering using
`access list tables. The patent is directed to a filter module
`which provides network Security by Specifying Security rules
`for network traffic and accepting or dropping data packets
`according to the Security rules. The rules are implemented in
`packet filter code which is executed by packet filter modules
`located at various locations within the network.
`The packet filter disclosed in the 668 patent, however, is
`less than Satisfactory for a number of reasons. In accordance
`with the disclosure of the 668 patent, the packet filter
`modules are embodied as “virtual machines' residing on
`existing network host computers. Thus, these filters are
`Software modules executing on existing network computers,
`and are not separate dedicated filtering processors. Further,
`this patent fails to describe a method for administering and
`updating the access list tables. In addition, the packet filter
`disclosed in the 668 patent is implemented between the data
`link layer and network layer of the International Standard
`ization Organization (ISO) protocol stack as set forth in ISO
`standard 7498 titled “Basic Reference Model for Open
`Systems Interconnection” (1984). Therefore, the packets
`must unnecessarily pass through the protocols Set forth for
`the data link layer before being filtered, which slows down
`the processing Speed of the packet filter.
`Another example of a conventional data packet filter is
`shown in U.S. Pat. No. 5,615,340 titled “Network Interfac
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,092,110
`
`2
`ing Apparatus and Method Using Repeater and Cascade
`Interface with Scrambling.” The 340 patent relates to
`interfacing nodes in a network. Each node is associated with
`a plurality of working ports. When a node receives an
`incoming data packet, the destination address of the data
`packet is compared against a stored address table to deter
`mine if the data packet is destined for a working port
`associated with the node. The node will only transmit the
`data packet to the node's working ports if there is a match.
`Similarly, when a node receives an outgoing data packet, the
`destination address of the data packet is compared against
`the Stored address table to determine if the data packet is
`destined for a working port associated with the node. If there
`is a match, then the node will transmit the data packet back
`to its working nodes. Otherwise, the node will transmit the
`data packet to the network. This System is not used for
`filtering unwanted data packets, but is instead used for
`network routing of data packets. Further, as with the 668
`patent, the 340 patent fails to disclose a means for updating
`the Source address list.
`From the foregoing, it can be appreciated that a Substan
`tial needs exists for a high performance data packet filter
`which can work with a large number of source IP addresses.
`There is also a need for an efficient way to administer Source
`IP address lists.
`
`SUMMARY OF THE INVENTION
`One embodiment of the present invention proposes a
`dedicated data packet filtering processor whose only func
`tion is to filter data packets based on a list of source IP
`addresses Stored in high-speed memory of the processor. The
`processor has a Specialized operating System which controls
`the operation of the processor. The only function of the
`processor is to look at the Source IP address of each received
`data packet to determine if the Source IP address matches
`one of the Stored Source IP addresses, and if there is a match,
`to either discard or forward the data packet depending on the
`processor configuration. Since the processor is dedicated to
`one task, it can perform the filtering proceSS very quickly
`and efficiently. In various embodiments, the filtering pro
`ceSSor may be used in conjunction with a local area network
`and many end users (such as in a commercial or business
`environment), or a single end user computer (Such as in a
`home environment). Further, the filtering processor may be
`connected to the Internet via wired connections or wireleSS
`connections, Such as a fixed wireleSS network.
`With these and other advantages and features of the
`invention that will become hereinafter apparent, the nature
`of the invention may be more clearly understood by refer
`ence to the following detailed description of the invention,
`the appended claims and to the Several drawings attached
`herein.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 illustrates a network topology suitable for prac
`ticing one embodiment of the invention.
`FIG. 2 is a block diagram of a packet filter processor in
`accordance with one embodiment of the invention.
`FIG. 3 is a block flow diagram of steps for filtering data
`packets in accordance with one embodiment of the inven
`tion.
`FIG. 4 is a block diagram of a list Server in accordance
`with one embodiment of the invention.
`DETAILED DESCRIPTION
`Referring now in detail to the drawings wherein like parts
`are designated by like reference numerals throughout, there
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 6 of 10
`
`

`

`3
`is illustrated in FIG. 1 a network topology suitable for
`practicing one embodiment of the invention. AS shown in
`FIG. 1, a first network 10 is connected to a router 12. Router
`12 is in turn connected to a packet filter processor 14. Packet
`filter processor 14 is connected to a Second network 16 and
`an end-user terminal 18.
`Networks 10 and 16 are packet based networks, such as
`Transmission Control Protocol/Internet Protocol (TCP/IP)
`networks or X.25 networks. A packet originates from net
`work 10 with an intended destination to network 16 or
`end-user terminal 18. Both the Source and destination
`addresses are included in the packet.
`It is worthy to note that the network topology shown in
`FIG. 1 is exemplary only. The possible number of network
`configurations is virtually limitleSS, the design of which is
`well-known in the art. The present invention may work on
`any network configuration utilizing packet technology for
`transporting Voice, image or data Signals.
`The placement of packet filter processor 14 in a network
`is also variable depending on where a network designer
`would desire to control the in-flow or out-flow of packets
`between networks or network devices. In this embodiment
`of the invention, packet filter processor 14 is positioned at
`the only entry and exit point of either network 10 or 16,
`thereby controlling which packets enter either network. It
`can be appreciated, however, that packet filter processor 14
`could be placed on an individual network device, Such as a
`personal computer, thereby controlling the flow of packets
`only to the personal computer, or in any other Strategic point
`within a network.
`FIG. 2 is a block diagram of a packet filter processor in
`accordance with one embodiment of the invention. AS
`shown in FIG. 2, Local Area Network (LAN) interface (I/F)
`connectors 20 and 48 are coupled to network interface cards
`22 and 46, respectively. Connector 20 and card 22 are used
`to interface with network 10, and to accept packets origi
`nating from network 10. Connector 48 and card 46 are used
`to interface with network 16 or end-user terminal 18, and to
`accept packets originating from network 16 or terminal 18.
`Connectors 20 and 48, as well as cards 22 and 46, operate
`in accordance with principles well-known in the art.
`Further, cards 22 and 46 are designed to adhere to the
`Institute of Electrical and Electronics Engineers (IEEE)
`standard titled “Carrier Sense Multiple Access with Colli
`sion Detection (CSMA/CD) Access Method and Physical
`Layer Specifications, American National Standard ANSI/
`IEEE Standard 802.3, 1985 (“IEEE 802.3 standard”). The
`IEEE 802.3 standard defines a technique referred to as
`CSMA/CD, which is appropriate for a network having a
`buS/tree topology. It can be appreciated, however, that
`network interfaces designed to work with other medium
`access techniqueS or Standards could be used for packet filter
`processor 14, and still fall within the scope of the invention.
`Cards 22 and 44 are connected to one another, and also to
`First In First Out (FIFO) buffers 24 and 44, respectively.
`FIFO buffers 24 and 44 are used to store incoming or
`outgoing packets in memory until each packet can be
`compared and sent to networks 10 or 16.
`Packet filter processor 14 also includes several types of
`high-Speed memory. By way of example, this embodiment
`of the invention includes a 96 kilobyte (K) Programmable
`Read Only Memory (PROM) 40, a 32K Non-Volatile Ran
`dom. Access Memory (NVRAM) 42, and a Dynamic Ran
`dom. Access Memory (DRAM) bank 32. There is also a
`DRAM control 30 for DRAM bank 32.
`Each type of memory is used to Store data for packet filter
`processor 14. For example, PROM 40 is used to store an
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,092,110
`
`4
`operating system 39 for packet filter processor 14. NVRAM
`42 is used to Store user defined parameters 45, and operating
`System parameters 43 used by the operating System Stored in
`PROM 40. DRAM bank 32 is used to Store an address list
`33 of Source IP addresses.
`The heart of packet filter processor 14 is a dedicated high
`performance microprocessor 38. Any microprocessor
`capable of operating at the Speeds necessary to implement of
`the functions of the packet filter processor is appropriate.
`Examples of processors Suitable to practice the invention
`includes the INTEL family of processors, such as the
`Pentium(R), Pentium(R) Pro, and Pentium(R II microproces
`SOS.
`Packet filter processor 14 also includes a connector 34 and
`interface 36, both of which are attached to processor 38.
`Connector 34 and interface 36 both adhere to Electronic
`Industries Association (EIA) Standard RS-232-C titled
`“Interface Between Data Terminal Equipment and Data
`Communication Equipment Employing Serial Binary Data
`Interexchange,” October, 1969. Finally, packet filter proces
`Sor 14 includes a clock 26 and clock counter 28 to control
`the timing of packet filter processor 14.
`Packet filter processor 14 operates in accordance with
`operating System 39, which is comprised of a set of com
`puter program instructions which are stored in PROM 40.
`Since a list of Source IP addresses can include a large
`number of addresses, e.g., ranging from hundreds to Several
`thousand, the processing time required to compare a Source
`IP address of an incoming packet with a list of Several
`thousand Source IP addresses is enormous, and Significantly
`degrades the performance of many conventional packet
`filters. According to the principles of the present invention,
`however, packet filter processor 14 combines the elements
`of a high-speed microprocessor, a Source IP address list
`Stored in high-Speed memory, and a dedicated proprietary
`operating System, to ensure that data packets can be filtered
`at a high-rate of Speed.
`Operating System 39 is designed to control the operation
`of the processor. More particularly, operating System 39 is
`designed Such that the processor is directed to look at the
`Source IP address of each received data packet to determine
`if the Source IP address matches one of the stored source IP
`addresses, and if there is a match, to either discard or
`forward the data packet depending on the processor con
`figuration. Since operating System 39 and processor 38 are
`dedicated to one task, packet filter processor 14 can perform
`the filtering proceSS very quickly and efficiently. The opera
`tion of operating System 39, and of packet filter processor 14
`in general, will be described in more detail with reference to
`FIG. 3.
`Another reason packet filter processor 14 is So efficient is
`that packet filter processor 14 is implemented between the
`physical layer and data link layer of the ISO 7498 protocol
`Stack. The Significance of this implementation can be better
`appreciated in View of Some background information of
`network architectures in general.
`A network architecture defines protocols, message
`formats, and Standards to which products must conform in
`order to connect properly with the network. Architectures
`are developed by Standards organizations, common carriers,
`and a computer and network vendors. Network architectures
`use a layered approach, whereby functions are organized
`into groups and assigned to Specific functional layers in the
`architecture. Network architectures define the interfaces
`between layers in a given network node and within the same
`layer in two different nodes.
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 7 of 10
`
`

`

`S
`OSI provides a generalized model of System interconnec
`tion. It encompasses Seven layers: application, presentation,
`Session, transport, network, data link, and physical. A brief
`Summary for each layer is given as follows:
`1. Physical Layer
`The physical layer is responsible for the transmission of
`bit Stream acroSS a particular physical transmission medium.
`It involves a connection between two machines that allows
`electrical Signals to be exchanged between them.
`2. Data Link Layer
`The data link layer is responsible for providing reliable
`data transmission from one node to another and for Shielding
`higher layers form any concerns about the physical trans
`mission medium. It is concerned with the error free trans
`mission of frames of data.
`3. Network Layer
`The network layer is concerned with routing data from
`one network node to another. It is responsible for
`establishing, maintaining, and terminating the network con
`nection between two users and for transferring data along
`that connection.
`4. Transport Layer
`The transport layer is responsible for providing data
`transfer between two users at an agreed on level of quality.
`5. Session Layer
`The Session layer focuses on providing Services used to
`organize and Synchronize the dialog that takes place
`between users and to manage data eXchange.
`6. Presentation Layer
`The presentation layer is responsible for the presentation
`of information in a way that is meaningful to the network
`users, e.g., character code translation, data conversion, or
`data compression or expansion.
`7. Application Layer
`The application layer provides a means for application
`processes to access the System interconnection facilities in
`order to exchange information.
`Packet filter processor 14 is implemented between the
`physical layer and data link layerS described above, in order
`to increase the Speed at which packets are filtered. The
`physical layer is responsible for data encoding and decod
`ing. Data encoding refers to translating the bits being
`transmitted into the proper electrical Signals to be sent acroSS
`the transmission medium. Data decoding translates the elec
`trical Signals received over the transmission medium into the
`bit stream those signals represent. The data link layer is
`concerned with data encapsulation/decapsulation and media
`access management. These functions, however, are not nec
`essary for identifying the Source address of the packet. For
`example, data decapsulation is the function of recognizing
`the destination address, determining if it matches the receiv
`ing Station's address, performing error checking, and remov
`ing control information that was added by the data encap
`Sulation function in the Sending Station. Therefore, by
`implementing packet filter processor 14 between the physi
`cal layer and data link layer, processor 14 can maximize the
`Speed at which it filters each packet.
`FIG. 3 illustrates a block flow diagram of steps for
`filtering data packets in accordance with one embodiment of
`the invention. The description with respect to FIG. 3 will
`assume that a packet is originating from network 10 and has
`an intended destination address that is within network 16. It
`can be appreciated, however, that the operation of packet
`filter processor 14 is identical when the packet originates
`from network 16 or terminal 18 and has an intended desti
`nation address within network 10.
`Packet filter processor 14 receives a packet at step 50.
`Connector 20 receives the packet and passes the packet to
`
`5
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,092,110
`
`6
`interface card 22 which is designed to convert the electrical
`impulses received over the physical transmission media into
`packets conforming to the standards set forth in IEEE 802.3.
`The packet is stored in FIFO 24.
`Processor 38 reads the source IP address for the packet at
`step 52, and compares the source IP address with list 33,
`which is stored in DRAM bank 32, at step 54. List 33 is
`stored in DRAM bank 32 in order to increase the speed at
`which data from the list could be retrieved by processor 38,
`as compared to, e.g., when data is Stored on Some other
`computer readable medium Such as a hard drive or floppy
`disk. Step 56 comprises a test to determine whether there is
`a match at step 54. If there is a match at step 54, then packet
`filter processor 58 records the attempt at step 58 before
`passing control to Step 60. If there is not a match at Step 54,
`then control is directly passed to step 60.
`Packet filter processor 14 determines whether the packet
`should be passed at step 60. The decision whether to pass the
`packet or not is dependent upon the mode in which processor
`14 is currently configured. Packet filter processor 14 has a
`restrictive mode and a permissive mode. Restrictive mode
`refers to a condition where a Select number of packets are to
`be passed, and all others blocked. Permissive mode is where
`all packets are to be passed except for a Select few that
`require blocking. Thus, in permissive mode, the packet is
`passed if the Source IP address for a packet does not match
`an address on list 33. If there is a match, packet filter
`processor 14 drops the packet. In restrictive mode, the
`packet is passed if the Source IP address does match an
`address from list 33, and is dropped otherwise.
`At step 60, packet filter processor 14 determines whether
`the packet should be passed depending on whether processor
`14 has been set to permissive mode or restrictive mode. If
`processor 14 has been Set to restrictive mode, and there is a
`match at Step 56, then the packet is passed at Step 62 to the
`destination network which in this embodiment of the inven
`tion is network 16 or terminal 18. If processor 14 has been
`Set to restrictive mode, and there is not a match at Step 56,
`then the packet is dropped at Step 64. Conversely, if pro
`ceSSor 14 has been Set to permissive mode, and there is a
`match at step 56, then the packet is dropped at step 64. If
`processor 14 has been Set to permissive mode, and there is
`not a match at Step 56, then the packet is passed to the
`destination network at step 62. In this embodiment of the
`invention, a default condition is that no feedback is given to
`the System Sending the packets for Security reasons if a
`packet is dropped at Step 64. It can be appreciated, however,
`that this default condition can be changed and still fall within
`the Scope of the invention.
`In accordance with the System administration aspects of
`the invention, a Service provider administers a database of
`Source IP address lists. Each list may contain the IP
`addresses of particular types of Internet Sites. The Service
`provider keeps these lists up to data and periodically updates
`list33 stored in DRAM bank 32 of packet filter processor 14.
`In this manner, end users can be assured that the Source IP
`address lists Stored in their filtering processor are up to date.
`List 33 can be updated in at least two ways. First, list 33
`could be updated by connecting Data Terminal Equipment
`(DTE) such as an asynchronous (ASCII) terminal (or per
`Sonal computer emulating an asynchronous terminal) to
`RS-232 connector 34 of packet filter processor 14. This
`method would enhance Security when updating list 33.
`Alternatively, a network connection is formed with a
`central administrative site equipped with a list server 70,
`preferably through an Internet Service Provider (ISP) using
`a direct network connection or via RS-232 connector 34.
`
`Ex.1006
`CISCO SYSTEMS, INC. / Page 8 of 10
`
`

`

`7
`List 33 is then updated from the central administrative site,
`either by a request by the list server 70 of the administrative
`Site, or on the request of packet filter processor 14. List
`server 70 is described in more detail with reference to FIG.
`4.
`FIG. 4 is a block diagram of a list server suitable for
`practicing one embodiment of the invention. List server 70
`comprises a main memory module 72, a central processing
`unit (CPU)74, a system control module 82, a bus adapter 76,
`a list replication module 78, and a user interface module 80,
`each of which is connected to a CPU/memory bus 84 and an
`Input/Output (I/O) bus 86 via bus adapter 76. Further, list
`server 70 contains multiple I/O controllers 88, as well as an
`external memory 90, a database 92 and network interface 94,
`each of which is connected to I/O bus 86 via I/O controllers
`88.
`The overall functioning of list server 70 is controlled by
`CPU 74, which operates under the control of executed
`computer program instructions that are Stored in main
`memory 72 or external memory 90. Both main memory 72
`and external memory 90 are machine readable Storage
`devices. The difference between main memory 72 and
`external memory 90 is that CPU 74 can typically access
`information stored in main memory 72 faster than informa
`tion stored in external memory 90. Thus, for example, main
`memory 72 may be any type of machine readable Storage
`device, Such as random access memory (RAM), read only
`memory (ROM), programmable read only memory
`(PROM), erasable programmable read only memory
`(EPROM), electronically erasable programmable read only
`memory (EEPROM). External memory 90 may be any type
`of machine readable Storage device, Such as magnetic Stor
`age media (i.e., a magnetic disk), or optical Storage media
`(i.e., a CD-ROM). Further, list server 70 may contain
`various combinations of machine readable Storage devices
`through other I/O controllers, which are accessible by CPU
`74, and which are capable of Storing a combination of
`computer program instructions and data.
`CPU 74 includes any processor of sufficient processing
`power to perform the functionality found in list server 70.
`Examples of CPUs suitable to practice the invention
`includes the INTEL family of processors, such as the
`Pentium(R), Pentium(R) Pro, and Pentium(R II microproces
`SOS.
`Network interface 94 is used for communications between
`list Server 70 and a communications network, Such as the
`Public Switched Telephone Network (PSTN) or the Internet.
`Network interface 94 Supports appropriate Signaling, ringing
`functions and Voltage levels, in accordance with techniques
`well known in the art.
`I/O controllers 88 are used to control the flow of infor
`mation between list server 70 and a number of devices or
`networks such as external memory 90, database 92 and
`network interface 94. System control module 82 includes
`human user System control and operation. Bus adapter 76 is
`used for transferring data back and forth between CPU/
`memory bus 84 and I/O bus 86.
`List replication module 78 and user interface module 80
`implements the main functionality for list server 70. It is
`noted that modules 78 and 80 are shown as separate func
`tional modules in FIG. 4. It can be appreciated, however, that
`the functions performed by these modules can be further
`Separated into more modules, combined together to form
`one module, or be distributed throughout the System, and
`still fall within the scope of the invention. Further, the
`functionality of these modules may be implemented in
`hardware, Software, or a combination of hardware and
`Software, using well-known signal processing techniques.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6,092,110
`
`8
`List server 70 operates as follows. A profile is established
`for each packet filter processor customer Subscribing to the
`list updating Service. The profile contains a copy of list 33
`for each packet filter processor. List 33 at list server 70 is
`updated with new Source IP addresses on a periodic basis.
`Similarly, old or invalid source IP addresses are removed
`from list 33 on a periodic basis.
`The updating of list 33 at list server 70 can be accom
`plished in two ways. First, the central administrator for list
`server 70 obtains new Source IP address information from
`various Sources, Such as Service providers or Search robots
`Specializing in gathering Source IP addresses by category,
`e.g., telemarketers, adult material, advertising entities, hate
`groups, and So forth. The central administrator for list Server
`70 then updates list 33 at list server 70 with the new source
`IP address information in a timely manner, e.g., within hours
`of receiving the new information. Second, the user of a
`packet filter processor can access list Server 70 via user
`interface module 80, and perform updates to list 33 at list
`server 70 directly. The user could update list server 70 in a
`variety of ways, Such as adding, deleting or modifying the
`Source IP addresses of list 33 stored in database 92 of list
`Server 70.
`Once list 33 at list server 70 is updated, list replication
`module Sends updated list 33 to each packet filter processor
`according to the profile of each packet filter processor. The
`profile for each packet filter processor contains information
`regarding when and how often list 33 at list server 70 is to
`be replicated to the packet filter processor. For example, list
`33 at list server 70 can be replicated to a packet filter
`processor on a periodic basis, Such as every day at a certain
`time, or whenever a change to list 33 at list server 70 is
`performed. In addition, a user of a packet filter processor
`may request an update of list 33, Such as when the user has
`modified list 33 at server 70, or in the event list 33 at the
`packet filter processor has become corrupted or lost.
`In addition to updating existing lists for packet filter
`processors, list server 70 has predetermined lists of source IP
`addresses by category