Abstract: A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

Abstract: A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host. The priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event, and the characteristic is determined not solely by information included in the packets.

Abstract: An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.

Abstract: In an IP network during a DDoS attack on a website or other internet entity having an IP address, selective black-holing of attack traffic is performed such that some of the traffic destined for the IP address under attack continues to go to the IP address under attack while other traffic, destined for the same IP address is, rerouted via BGP sessions to a black-hole router. Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted.

Abstract: A system and method for aiding the handling of DDoS attacks in which VPN traffic entering an ISP network at some points will be black-holed, while VPN traffic entering the ISP network at other points will be routed, as it should be, to the system-under-attack. Thus, the system-under-attack is made available to some of the user community and made unavailable to suspect portions of the user community. Furthermore, the number of entry points where black-holing of VPN traffic occurs can be selected and changed in real-time during a DDoS attack.

Abstract: A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

Abstract: A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

Abstract: Example methods and apparatus to enhance security in residential networks and residential gateways are disclosed. A disclosed example apparatus includes a transceiver to receive an Internet protocol (IP) packet, a first packet processing module associated with a protected IP address, the first packet processing module to be communicatively coupled to a first network device, a second packet processing module associated with a public IP address, the second packet processing module to be communicatively coupled to a second network device, and a packet diverter to route the received IP packet to the first packet processing module when the IP packet contains the protected IP address and to route the IP packet to the second packet processing module when the IP packet does not contain the protected IP address.

Abstract: A computer readable storage medium storing a set of instructions that are executable by a processor, the set of instructions being operable to store a virtual representation of a plurality of physical components, display the virtual representation, receive user interaction with at least one of the virtual representations and send a command to the physical component corresponding to the user interaction.

Abstract: A method and system for detecting routing loops and time-to-live (TTL) expiry attacks in a telecommunications network are disclosed. The detection of routing loops and TTL expiry attacks can be achieved based on the comparison of TTL expiries occurring on two or more routers in the network. A quantity of TTL expiries associated with a router can be summed. Additionally, a quantity of TTL expiries associated with other routers that are operatively coupled to the router can be summed. A difference between the sums can be calculated and a determination of whether a routing loop exists can be made in response to the difference.

Abstract: In an IP network during a DDoS attack on a website or other internet entity having an IP address, selective black-holing of attack traffic is performed such that some of the traffic destined for the IP address under attack continues to go to the IP address under attack while other traffic, destined for the same IP address is, rerouted via BGP sessions to a black-hole router. Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted.

Abstract: In an IP network during a DDoS attack on a website or other internet entity having an IP address, selective black-holing of attack traffic is performed such that some of the traffic destined for the IP address under attack continues to go to the IP address under attack while other traffic, destined for the same IP address is, rerouted via BGP sessions to a black-hole router. Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted.

Abstract: In an IP network during a DDoS attack on a website or other internet entity having an IP address, selective black-holing of attack traffic is performed such that some of the traffic destined for the IP address under attack continues to go to the IP address under attack while other traffic, destined for the same IP address is, rerouted via BGP sessions to a black-hole router. Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted.

Abstract: A system and method for aiding the handling of DDoS attacks in which VPN traffic entering an ISP network at some points will be black-holed, while VPN traffic entering the ISP network at other points will be routed, as it should be, to the system-under-attack. Thus, the system-under-attack is made available to some of the user community and made unavailable to suspect portions of the user community. Furthermore, the number of entry points where black-holing of VPN traffic occurs can be selected and changed in real-time during a DDoS attack.

Abstract: Group-wise testing of the clocks arriving at a switching office is undertaken by multiplexing the clocks onto a single line and developing a signal therefrom that is indicative of a problem, if it exists, in any of the component signals that were multiplexed. In one embodiment, the developed signal is a gated portion of the multiplexed signal. That signal is integrated over an integration frame and compared to the integrated signal of another integration frame. A difference between the two compared signals indicates that at least one of the clocks is out of frequency synch. Subsequent tests identify the offending clock, or clocks.

Abstract: By recognizing that it is not necessary to identify a synchronization failure immediately when the failure occurs, but rather not until the failure results in a detectable difference, the method and system described herein can distinguish between Cell Delay Variation (CDV) and loss of synchronization. Because CDV will have a larger effect on the stability than a failure of the frequency recovery system at the precise moment of the failure, a synchronization failure cannot usually be distinguished from CDV for several minutes or hours, depending upon the stability of the reference clock. The present invention monitors a fill level of a play-out buffer in the ATM network, and attempts to determine if a variation in the fill level is linear with time, which is indicative of a synchronization failure. Upon detecting such a failure, the method of the present invention switches to an adaptive method for frequency recovery.