Esc

Inbound Traffic Filtering

Definition

Restricting network traffic originating from untrusted networks destined towards a private host or enclave.

How it works

Inbound Traffic, in this context, is network traffic originating from an untrusted network towards a private host or enclave. For example:

An untrusted network host connecting to a internal commercial portal, shopping.example.com
An external mail server connecting to an internal mail server, mail.example.com

Filtering policies are developed by administrators to meet business requirements and limit connectivity. These policies are implemented on edge devices such as firewalls, routers, and intrusion prevention systems. Examples of filters:

Blocking incoming traffic from spoofed internally facing IP addresses
Blocking specific ports and services from establishing connections
Limiting specific IP ranges from connecting to the network
Dynamic inbound filtering (Hole punching, STUN, NAT-T)

Considerations

Business requirements typically drive the development of filtering rulesets
Protocols using non-standard ports may circumvent filtering technology, which does not detect application protocol based on traffic content

Implementations

OpenWRT (Embedded)
Netfilter (Linux)
Windows Firewall
pf(BSD)

json

Technique Subclasses

There are 2 techniques in this category, Inbound Traffic Filtering.

Name	ID	Definition	Synonyms
Inbound Traffic Filtering	D3-ITF	Restricting network traffic originating from untrusted networks destined towards a private host or enclave.
- Email Filtering	D3-EF	Filtering incoming email traffic based on specific criteria.

References

All

Patent

Internet Article

The following references were used to develop the Inbound Traffic Filtering knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Active firewall system and methodology

Reference Type: Patent Organization: McAfee LLC Author: Emilio Villa, Adrian Zidaritz, Michael David Varga, Gerhard Eschelbeck, Michael Kevin Jones, Mark James McArdle

Source: https://patents.google.com/patent/US6550012B1

Automatically generating rules for connection security

Reference Type: Patent Organization: Microsoft Author: Charles D. Bassett; Eran Yariv; Ian M. Carbaugh; Lokesh Srinivas Koppolu; Maksim Noy; Sarah A. Wahlert; Pradeep Bahl

Source: https://patents.google.com/patent/US20120054825

FWTK - Firewall Toolkit

Reference Type: Internet Article

Source: https://blogs.gartner.com/john_pescatore/2008/10/02/this-week-in-network-security-history-the-firewall-toolkit/

Firewall for interent access

Reference Type: Patent Organization: Secure Computing LLC Author: Edward B Stockwell, Alan E Klietz

Source: https://patents.google.com/patent/GB2317539A

Firewall for processing a connectionless network packet

Reference Type: Patent Organization: National Security Agency Author: Patrick W. Dowd, John T. McHenry

Source: https://patents.google.com/patent/US7073196B1

Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network

Reference Type: Patent Organization: National Security Agency Author: Patrick W. Dowd, John T. McHenry

Source: https://patents.google.com/patent/US6615358B1

Firewalls that filter based upon protocol commands

Reference Type: Patent Organization: Intel Corp Author: James E. Toga

Source: https://patents.google.com/patent/US6832256B1

Method for controlling computer network security

Reference Type: Patent Organization: Checkpoint Software Technologies Ltd Author: Gil Shwed

Source: https://patents.google.com/patent/EP0658837B1/

Network firewall with proxy

Reference Type: Patent Organization: Secure Computing LLC Author: Michael W Green, Ricky Ronald Kruse

Source: https://patents.google.com/patent/GB2318031A

D3FEND^™

A knowledge graph of cybersecurity countermeasures