Statistics collection for network traffic
Granted: April 20, 2010
Patent Number:
7702806
A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to…
Service detection
Granted: April 13, 2010
Patent Number:
7698730
A new service detection process in a network retrieves a baseline list of port protocols used by a entity being tracked. The baseline value is determined over a baseline period. A current list of port protocols for the entity being tracked is also retrieved and is compared to determine whether there is a difference in the port protocols, by having a protocol that was in a current list but was not in the baseline list. If there is a difference the process indicates a new service involving…
Data collectors in connection-based intrusion detection
Granted: February 16, 2010
Patent Number:
7664963
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores…
Architecture to thwart denial of service attacks
Granted: February 2, 2010
Patent Number:
7657934
A monitoring device is disposed to thwart denial of service attacks on a data center. The monitoring device is a device that collects statistical information on packets that are sent between a network and the data center for a plurality of customers by examining traffic as if the device was disposed on links that are downstream from links that the provisioned monitor is disposed on.
Content delivery for client-server protocols with user affinities using connection end-point proxies
Granted: January 19, 2010
Patent Number:
7650416
In a network supporting transactions between clients and servers over a network path having operating characteristics to overcome, data is transported to overcome the operating characteristics using user affinities and dynamic user location information to selectively preload data, or representations, signatures, segments, etc. of data, in order to overcome the one or more operating characteristic. Examples of operating characteristics to overcome include bandwidth limitations, errors and…
Architecture to thwart denial of service attacks
Granted: August 25, 2009
Patent Number:
7581023
An arrangement is disposed in a network. The arrangement includes a device that is logically disposed adjacent logically nearby routers having a first type of probe that are disposed to sample traffic, and that is has second type of probe that is disposed in-line during an attack by modifying router tables on the nearby routers.
Service curve mapping
Granted: January 20, 2009
Patent Number:
7480240
A method for configuring service curves for managing the output port of a networking device includes the following steps. A multitude of traffic classes is defined, each traffic class being characterized by a bandwidth and a delay priority. A multitude of traffic service curves is computed, each of the plurality of traffic service curves is associated with a different one of the multitude of traffic classes. At least one of the multitude of traffic classes service curves is characterized…
Content-based segmentation scheme for data compression in storage and transmission including hierarchical segment representation
Granted: January 13, 2009
Patent Number:
7477166
In a coding system, input data within a system is encoded. The input data might include sequences of symbols that repeat in the input data or occur in other input data encoded in the system. The encoding includes determining a target segment size, determining a window size, identifying a fingerprint within a window of symbols at an offset in the input data, determining whether the offset is to be designated as a cut point and segmenting the input data as indicated by the set of cut…
Transaction accelerator for client-server communication systems
Granted: September 23, 2008
Patent Number:
7428573
In a network having transaction acceleration, for an accelerated transaction, a client directs a request to a client-side transaction handler that forwards the request to a server-side transaction handler, which in turn provides the request, or a representation thereof, to a server for responding to the request. The server sends the response to the server-side transaction handler, which forwards the response to the client-side transaction handler, which in turn provides the response to…
Cooperative proxy auto-discovery and connection interception
Granted: January 8, 2008
Patent Number:
7318100
In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at…
Transaction accelerator for client-server communication systems
Granted: October 10, 2006
Patent Number:
7120666
In a network having transaction acceleration, for an accelerated transaction, a client directs a request to a client-side transaction handler that forwards the request to a server-side transaction handler, which in turn provides the request, or a representation thereof, to a server for responding to the request. The server sends the response to the server-side transaction handler, which forwards the response to the client-side transaction handler, which in turn provides the response to…
