ROUTING CLIENT REQUESTS
Granted: August 15, 2013
Application Number:
20130212266
Methods and systems for routing client requests are provided. According to one embodiment, a request handling server obtains a rule set for managing the traffic of a content publisher. A request associated with the content publisher is received at the request handling server. When the received request is a content request, directly servicing the received request or redirecting the received request by the request handling server to another server capable of handling the request based on…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: August 1, 2013
Application Number:
20130198839
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
METHOD, APPARATUS, SIGNALS AND MEDIUM FOR ENFORCING COMPLIANCE WITH A POLICY ON A CLIENT COMPUTER
Granted: July 18, 2013
Application Number:
20130185762
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: July 4, 2013
Application Number:
20130170346
Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: June 20, 2013
Application Number:
20130156033
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a router. A data structure is maintained by the router and contains therein information regarding the multicast sessions, including a first pointer for each of the multicast sessions, at least one chain of one or more blocks of second pointers and one or more transmit control blocks (TCBs). Each first pointer points to a chain of…
PERFORMING RATE LIMITING WITHIN A NETWORK
Granted: June 20, 2013
Application Number:
20130155862
Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second component thereby collectively providing multiple paths between the first and second components. Packets are received by the first…
OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR
Granted: June 13, 2013
Application Number:
20130152203
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus…
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: May 16, 2013
Application Number:
20130125238
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway…
ADAPTIVE LOAD BALANCING
Granted: May 16, 2013
Application Number:
20130121152
Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of virtual networks, into which a network has been logically divided that can be used by a first component is maintained. Each of the virtual networks is a loop-free switching path, reverse path learning network and provides a path through the network between the first component and a second component. A packet destined for the second component is received by the…
DETECTION OF UNDESIRED COMPUTER FILES IN ARCHIVES
Granted: April 25, 2013
Application Number:
20130104235
Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based…
MANAGING AND PROVISIONING VIRTUAL ROUTERS
Granted: April 4, 2013
Application Number:
20130083697
Methods and systems are provided for provisioning and managing network-based virtual private networks (VPNs). According to one embodiment, routing information, including virtual private network (VPN) addresses reachable, for customer sites connected via service processing switches is learned or discovered. The routing information is disseminated among routers associated with multiple network-based customer VPNs for multiple customers. A routing configuration is generated for a…
IDENTIFYING NODES IN A RING NETWORK
Granted: January 24, 2013
Application Number:
20130022049
Methods, systems and data structures for determining a token master on a ring network are provided. According to one embodiment, determining a token master on a ring network includes receiving a packet containing a network token at a first node on the network. If the network token does not arrive within a preselected timeout period, generating an arbitration token. If the packet contains an arbitration token, determining if the arbitration token was modified by a higher priority node of…
DELEGATED NETWORK MANAGEMENT SYSTEM AND METHOD OF USING THE SAME
Granted: January 10, 2013
Application Number:
20130013777
A method for providing a management function requested by a user that uses a managed device includes establishing a session on a managed device in response to a user logging into an account on the managed device, establishing a delegated management session on a management device, the delegated management session corresponding to the session on the managed device, receiving a management message on the management device, the management message being related to a management function…
PACKET ROUTING SYSTEM AND METHOD
Granted: December 20, 2012
Application Number:
20120324532
Methods and systems for offering network-based managed security services are provided. According to one embodiment, an IP service processing switch includes multiple service blades and one or more packet-passing data rings. The service blades each have multiple processors for providing customized security services to subscribers of a service provider. Upon receipt of a packet by a service blade from the one or more packet-passing data rings, a PEID value within the packet is inspected…
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK
Granted: December 20, 2012
Application Number:
20120324216
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscriber is received at a service management system (SMS) of the service provider. A tunnel is established between service processing switches coupled in communication through a public network. First…
VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH
Granted: December 13, 2012
Application Number:
20120317646
Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A general purpose processor receives and stores a data segment to a first memory at a virtual address. The first memory contains paging data structures for translating virtual addresses to physical addresses. The general purpose processor directs a virus processing hardware accelerator to scan the data segment based on…
SWITCH MANAGEMENT SYSTEM AND METHOD
Granted: December 6, 2012
Application Number:
20120311125
Methods and systems for managing a service provider switch are provided. According to one embodiment, a method is provided for provisioning a switch with a network-based managed Internet Protocol (IP) service. A network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing…
COMPUTERIZED SYSTEM AND METHOD FOR HANDLING NETWORK TRAFFIC
Granted: November 15, 2012
Application Number:
20120291117
Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, content processing of network traffic associated with multiple virtual domains is performed by a service daemon process initiated within a firewall. The service daemon process handles content processing of network traffic for the virtual domains by aggregating communication channels associated with the virtual domains and by applying to the network…
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: November 1, 2012
Application Number:
20120278896
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: September 27, 2012
Application Number:
20120246712
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional…
