Abstract: A new port state (called “Limited (Lim)”) and a new flag “Port-Limited”) are introduced. The Port-Limited flag is used to move a port of a network device from an Enabled state to the Limited state when the line protocol status for the port goes from down to up. In one embodiment, when the port is in the Limited port state, only a predefined set of protocols can work over the port. Restriction can be defined by the administrator of the network device.

Abstract: Transmitting node (120) and receiving node (121) for handling LLDP messages in a communication network (100). The transmitting node (120) transmits a LLDP message to the receiving node (121), which LLDP message comprises security related information enabling to verify authenticity of the transmitting node (120). The receiving node (121) receives one or more LLDP messages, at least one comprising security related information enabling to verify authenticity of the transmitting node (120; 124) that transmitted the LLDP message.

Abstract: Management of network nodes comprised in a communication network. A management node receives, from at least some of said network nodes, LLDP information based on one or more LLDP messages received from neighboring network nodes that are neighbouring said at least some network nodes. The LLDP information comprises security status information regarding said neighbouring network nodes, indicating if a neighbouring network node has been verified to be authentic and indicates if the neighbouring network node has been verified to be not authentic.

Abstract: A new port state (called “Limited (Lim)”) and a new flag “Port-Limited”) are introduced. The Port-Limited flag is used to move a port of a network device from an Enabled state to the Limited state when the line protocol status for the port goes from down to up. In one embodiment, when the port is in the Limited port state, only a predefined set of protocols can work over the port.

Abstract: A method for obtaining information from a server. The method includes a client device receiving a link layer message transmitted by a network node, the link layer message comprising authentication information; and the client device using the authentication information to obtain information from the server.

Abstract: Management of network nodes comprised in a communication network. A management node receives, from at least some of said network nodes, LLDP information based on one or more LLDP messages received from neighboring network nodes that are neighbouring said at least some network nodes. The LLDP information comprises security status information regarding said neigbouring network nodes, indicating if a neighbouring network node has been verified to be authentic and indicates if the neighbouring network node has been verified to be not authentic.

Abstract: Transmitting node (120) and receiving node (121) for handling LLDP messages in a communication network (100). The transmitting node (120) transmits a LLDP message to the receiving node (121), which LLDP message comprises security related information enabling to verify authenticity of the transmitting node (120). The receiving node (121) receives one or more LLDP messages, at least one comprising security related information enabling to verify authenticity of the transmitting node (120; 124) that transmitted the LLDP message.

Abstract: A method (100), performed by a first network node in a communication network, is disclosed. The first network node is connected to a second network node of the communication network via an interface implementing a GPRS Tunnelling Protocol (GTP). The method comprises selecting a user data packet for transmission to the second network node (110) and identifying information about the user data packet which impacts how the user data packet should be routed over the interface (120). The method further comprises encoding the identified information into a User Datagram Protocol (UDP) header of the user data packet (130) and forwarding the user data packet to the interface for transmission to the second network node (140). Another method (300) is disclosed, performed by a node in a Mobile Transport Network, the Mobile Transport Network providing a GTP based interface between a first network node of a communication network and a second network node of the communication network.

Abstract: The present invention provides a method and apparatus for detecting that an attacker has sent one or more messages to a receiver node. The method comprises storing at least a portion of an nth message received by the receiver node from a sender node in a memory device; sending an integrity check message to the sender node comprising an indication of the value of n; receiving a reply message from the sender node including at least a portion of the nth message sent by the sender node to the receiver node; and comparing the at least a portion of the nth message sent by the sender node to the receiver node with the nth message received by the receiver node from the sender node stored in the memory device.

Abstract: A method (100), performed by a first network node in a communication network, is disclosed. The first network node is connected to a second network node of the communication network via an interface implementing a GPRS Tunnelling Protocol (GTP). The method comprises selecting a user data packet for transmission to the second network node (110) and identifying information about the user data packet which impacts how the user data packet should be routed over the interface (120). The method further comprises encoding the identified information into a User Datagram Protocol (UDP) header of the user data packet (130) and forwarding the user data packet to the interface for transmission to the second network node (140). Another method (300) is disclosed, performed by a node in a Mobile Transport Network, the Mobile Transport Network providing a GTP based interface between a first network node of a communication network and a second network node of the communication network.

Abstract: The present invention provides a method and apparatus for detecting that an attacker has sent one or more messages to a receiver node. The method comprises storing at least a portion of an nth message received by the receiver node from a sender node in a memory device; sending an integrity check message to the sender node comprising an indication of the value of n; receiving a reply message from the sender node including at least a portion of the nth message sent by the sender node to the receiver node; and comparing the at least a portion of the nth message sent by the sender node to the receiver node with the nth message received by the receiver node from the sender node stored in the memory device.