Not sure you could or should patent something as simple as a transparent bridge firewall. Not only is this nothing innovative or out of the ordinary but it goes against everything the solution is built on in my humble opinion. Just my 2 cents.

Cory Oldford
PeaceWorks Technology Solutions
204.480.0314 1.888.817.3048
direct: 204.480.0394 x6010
www.peaceworks.ca


----- Original Message -----

From: "Eric Barnes" <***@barnestormertechnologies.com>
To: debian-***@lists.debian.org
Sent: Wednesday, July 10, 2013 9:21:13 AM
Subject: RE: Ethernet with no IP address



Man - thanks so much for all the answers so quickly. Without going into boring detail....I have a client that has a patent on a network security device that he now wants me to build a prototype for. Part of the patent states that the device is 'invisible' to the Internet because it has no configured IP ports. It is supposed to sit INLINE in the network somewhere (say between router and single PC) and filter/block packets that come through it to the destination PC or vica-versa. It's kinda like a bridge (only with logic processing during the bridge operation). If we address the ports, then I depart from the patent and I have no idea what is allowed from a legal standpoint in doing something like this. As a high level application programmer (mostly Java for the past 15 years), I find myself
woefully short on the knowledge/experience to accomplish such a task.



But again - thanks all for the responses!



Eric




From: Keith Osborne [mailto:***@tdrnetworks.com]
Sent: Wednesday, July 10, 2013 8:56 AM
To: Eric Barnes
Cc: debian-***@lists.debian.org
Subject: Re: Ethernet with no IP address





Eric,

You'll need to enable IP forwarding in Debian and use IP tables to do packet inspection and act on whatever rules you write.

I don't see how Debian can be part of the process without the packets landing on a configured interfacce to examine the packets and then forward them based on rules.

Keith




TDR Networks
[ hosting | e-commerce | custom development | linux | cisco ]
e: ***@tdrnetworks.com
w: http://www.tdrnetworks.com


On 10/07/2013 14:45, Eric Barnes wrote:




Greetings and Salutations;



Is it possible to access an Ethernet port in Debian WITHOUT it being configured?

I would like a device that has two ports with no IPs and acts as a SWITCH, but with logic to examine and act on packets as they come through.
Just looking for some confirmation either way from people that know. :-)



Thanks,

Eric

You're saying he has a patent for OpenBSD Bridging Firewall and/or Linux
Netfilter functionality? Interesting to say at least. I even suspect it
would cover IBM/Intel Tokenring Bridges as well. Then again I'm not a
lawyer luckily and/or on your end of the table.

If he wants to sell it as an appliance without source code, then OpenBSD
may be a better path to follow due to the nature of the BSD and GPL
licenses. Otherwise he/you may go the path of D-Link/AVM/SUN when SFLC
finds out what your client is doing. You may want to get some legal
advise and SFLC is in most cases willing to answer your questions btw.

Hans

Hello Eric,

Very interesting, to have a patent without an implementation :)
The idea of an "invisible" network security device itself is not new (I
bet your mail to this list did pass through a few of them, including
some operated by the NSA). The entire patent however may describe
something new.

"Packets" are a layer3 concept. Ethernet is layer2, and there the data
units are called "frames". Confusingly, the documentation on Linux is in
the packet(7) manpage.

If you want to program this yourself, then have a look at the socket(2)
and packet(7) manpages as a starting point. The Ethernet interface
itself does need a little bit of configuration: all you need to do is
bring it up (ip link set eth0 up).

If your your rules for filtering/blocking frames are more modest, then
you should use ebtables(8) instead of programming it yourself.

In both cases, you'll want to use brctl(8) to set up 2 network
interfaces as a bridge (switch).

Sounds exactly like what Bro, Snort, and similar systems do.
https://en.wikipedia.org/wiki/Snort_%28software%29
http://www.bro.org/documentation/overview.html

On Wed, 10 Jul 2013 09:21:13 -0500, Eric wrote in message
..with a patent number, no doubt?
I see the other guys here has given you tech and legal hints,
so I'll limit myself to legal hints and politics.
..if you give, sell, loan etc him that prototype, and he is not part
of your business or household etc, you will want check up on the
distribution language in the GPL and the other relevant licenses.
..the primary idea behind the patent legislation, is help you
learn from the patented ideas, how they works etc, etc, so you
can find even better ways to do what the patents claims, and
patent your own improvements, if they are good enough, they
"improve the arts."

..about the only thing you can not do with something that's
patented, is sell etc distribute the patented items, the other
"secondary" point with patents is reward the innovator with a
20 year sales monopoly so he can recover his R&D costs and earn
an honest decent profit.