Abstract: Information technology/cyber security for computer-related processes in which vulnerabilities are identified and, those vulnerabilities which are technology-related are automatically remediated by determining and executing network-based tasks. The most granular level of computer-related process assessment in made possible by reliance on a critical function/process taxonomy this is automatically generated and, as such, the present invention, identifies both technology and non-technology-related vulnerabilities.

Abstract: This disclosure relates to the processing of data streams. More specifically, application of particular protocols to a stream and a detection analysis facilitate a selective, reliable and efficient transmission of pertinent stream data to destination addresses.

Abstract: Web traffic at different geographic traffic distribution buckets are compared against each other to try and machine-learn the underlying traffic parameters of legitimate (human-initiated) traffic. Distributions of the traffic parameters for the web traffic at multiple servers are compared to see whether they match. If so, matching or substantially matching traffic parameters signal that such web traffic is, in fact, legitimate. A clean profile is built with the matching traffic parameters and used to determine how much bot traffic is resident in web traffic at different servers.

Abstract: Disclosed is a system for processing data streams that includes a parallel processor and a netflow aggregator module to generate a storage representation for data packets. Each storage representation includes segments of information about the data packet, the segments of information including information about a communication protocol specification related to the data packet. The netflow aggregator module generates a composite index to identify a data packet association characteristic for each data packet and stores the composite index in a segment of the storage representation. The netflow aggregator module groups data packets by their composite index. The netflow aggregator module generates a session flow identifier by identifying a beginning and/or end of a transmission netflow for each data packet having the same data packet association characteristic. The netflow aggregator module aggregates and orders the data packets having the same session flow identifiers into a flow channel.

Abstract: A method (1400) of and a system (222) for associating past activity indications (602) associated with past activities of a user (170) with items. The method comprises accessing (1402) the past activity indications (602); accessing (1404) item indications; determining (1406) a past activity feature vector (606); determining (1408) a text feature vector (706) corresponding to the text features; mapping (1410) the past activity feature vector (606) and the text feature vector (706) to generate a text feature space (904); determining (1412) an image feature vector (806); mapping (1414) the past activity feature vector (606) and the image feature vector (806) to generate an image feature space (1004); generating a user item space (1104); and storing (1418) the user item space (1104). A method (1500) of and a system (222) for associating a first item and a second item are also disclosed.

Abstract: System and techniques for network architecture for Internet-of-Things (IoT) device are described herein. An indication may be received from a pre-certified IoT blank device. Here, the indication includes a unique identifier and a request for configuration information. An application to send to the IoT device may be located using the unique identifier. The application may be sent to the IoT device. data from the IoT device corresponding to a sensor on the IoT device operated using the application may be received.

Abstract: A computer system performs tracking of security context for confidential or untrusted values input from sources in an executing application to sinks in the executing application. The security context includes indications of sources and declassifier methods corresponding to the values and has been previously defined prior to the tracking. Prior to release of a selected confidential or untrusted value by a sink in the executing application, security context is fetched for the selected confidential or untrusted value. A selected declassifier method is caused to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink. The selected declassifier method obfuscates the selected confidential or untrusted value and is selected based on the security context for the selected confidential or untrusted value. The obfuscated confidential or untrusted value is caused to be released to the sink in the executing application.

Abstract: A system and method are disclosed for providing an enhanced email client having interactive content capabilities. The system includes a recipient email server for receiving emails from a sender email server and for receiving dynamic interactive content from a third party content service provider when it is determined that the email includes capabilities for displaying interactive content. The method includes steps of sanitizing a received email at a user's computing system, checking the sanitized email to determine if it contains interactive content, and retrieving the interactive content in the sanitized email without requiring the user to click out to a separate window or browser instance.

Abstract: Systems and methods are described to predict spikes in requests for content on a computing network based on referrer field values of prior requests associated with spikes. Specifically, a traffic spike prediction service is disclosed that can analyze information regarding past requests on the computing network to detect a spike in requests to a content item, where a significant number of request within the spike include a common referrer field value. The traffic spike prediction service can then detect a request to a second content also including the common referrer field value, and predict that a spike is expected to occur with respect to the second content. The traffic spike prediction service can manage the expected spike by increasing an amount of computing resources available to service requests to the second content.

Abstract: The systems and methods described herein can enable the indirect transmission of session data between different domains. The system can pass the session data through a hashing function so that the data from a given domain remains private and secure to the specific domain. The system can generate clusters of associated domains for a given client device that the system can use to maintain a session between the client device and the domain.

Abstract: A routing system for distributing multicast routing information for a multicast service includes a plurality of routers including a multicast source router and a plurality of multicast receiver routers, the plurality of routers providing a multicast service, wherein the routers are configured to exchange multicast information associated with the multicast service including identification of multicast sources and the multicast receivers.

Abstract: A method for data center network segmentation is provided. The data center network segmentation is for a hybrid environment including physical servers and appliances as well as virtual servers and appliances. The data center network segmentation uses software-defined networking (SDN) technology of physical SDN-ready servers/appliances and virtual SDN-ready servers/appliances. The method includes centralizing the management of network security policies for physical and virtual firewalls. The method includes using SDN to direct network traffic between physical servers through physical firewalls, and to direct network traffic between virtual servers through virtual firewalls. The method further includes using the SDN to direct network traffic from physical servers to virtual servers through physical firewalls, and to direct network traffic from virtual servers to physical servers through virtual firewalls.

Abstract: To detect a communication by a predetermined type of software, which disguises normal communication, an information processing apparatus includes: a communication data acquiring unit 21 configured to acquire communication data generated by a terminal connected to a network; a distribution calculating unit 24 configured to calculate distribution of attribute information of a plurality of communications with a same communication destination, based on the acquired communication data; and an estimating unit 25 configured to estimate whether a detected communication is a communication by a predetermined type of software by determining whether the calculated distribution satisfies a predetermined criterion.

Abstract: Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that maintain an application context model for a protected application based on ingested logs. The application context model includes a map of network infrastructure associated with the protected application. Using the application context model, potential attack(s) against the protected application are identified and possible mitigation action(s) to take in response to one or more of the identified potential attack(s) are scored. A stored policy is executed to evaluate the possible mitigation action(s) based on the scoring. One or more of the possible mitigation action(s) are initiated on the identified potential attack(s) based on the evaluation. With this technology, malicious network activity can be more effectively and quickly detected and mitigated resulting in improved network security.

Abstract: Disclosed are a system, method, and computer readable storage medium having instructions for applying a plurality of interconnected filters to protect a computing device from a DDoS attack. The method includes, responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device, determining data transmission parameters, assigning an initial danger rating to the network node, identifying a subset of the plurality of the interconnected filters which are concurrently triggered, changing the danger rating of the network node based on an application of the subset of the plurality of interconnected filters that are triggered and the data transmission parameters, and responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device.

Abstract: A network security system implements connectivity policies of a network environment. The network security system may use a network topology mapping to implement connectivity policies, where the network topology mapping includes sets of security zones, security devices, and zone paths between the security zones via the one or more security devices. The network security system can generate a universal representation of a connectivity policy for the network environment using a universal syntax. Using the network topology mapping, the network security system can identify zone paths between the security zones for implementing the connectivity policy. The network security system can configure security devices along the zone paths in accordance with the connectivity policies. Configuring security devices may include converting some or all of the universal representation of the connectivity policy into a device-specific representation in a native syntax of the security device.

Abstract: Some embodiments provide a method for a first network slice selector that selects network slices for connections from endpoint devices located within a first geographic range. The method selects a network slice for a connection between a mobile endpoint device and a network domain that originates when the mobile endpoint device is located within the first geographic range. The method stores state that maps the connection to the selected network slice. The method forwards data traffic belonging to the connection from the mobile endpoint device onto the selected network slice using the stored state. After the mobile endpoint device moves from the first geographic range to a second geographic range, the method receives data traffic belonging to the connection from a second network slice selector that selects network slices for connections from endpoint devices within the second geographic range and forwards said received data traffic onto the selected network slice.

Abstract: A managing unit included in a distributed storage network (DSN) receives an event representation request, and identifies event record entries based on that request. The event record entries include information associating reporting entities with the event record entries. The management unit obtains the event record entries from the reporting entities; at least one event record entry is obtained from a first reporting entity, and at least another event record entry is obtained from a second reporting entity. In response to receiving the event representation request, the management unit generates a representation of the event record entries, and outputs the representation to a requesting entity.

Abstract: Methods and systems are disclosed for document isolation. A host computer system may be configured to implement document isolation via one or more of a host-based firewall, an internet isolation firewall, and/or a segregation of a trusted memory space and an untrusted memory space. The host computer system may be configured to access one or more files using a first set of one or more applications and/or processes operating within the trusted memory space and/or a second set of one or more applications and/or processes operating within an untrusted memory space. The host computer system may be configured to open (e.g., always open) the one or more accessed files in the trusted memory space of the host computer system.

Abstract: A system and method for applying extended regular expressions against arbitrary data objects, wherein a state machine maintains an internal state model for the system, an object analysis server receives data objects from a data source, and the object analysis server analyzes the structure and contents of the objects, compares them against received search pattern, and directs the state machine to update the state model based on either or both of the analysis and comparison operations.

Abstract: An information processing device (20) performs a session timer updating process of restoring the remaining time of a session timer to N seconds whenever a packet is received from a client (10). The information processing device (20) does not perform the session timer updating process even when a packet is received from the client (10) until a session timer update stop time (?) elapses after the session timer was last updated. The information processing device (20) resumes the session timer updating process after the session timer update stop time (?) has elapsed after the session timer was last updated.

Abstract: A security gateway security gateway provisions a web browser hosted on a user device with a proxy auto-configuration file configured to automatically redirect the web browser to the security gateway as a proxy server for clientless virtual private network (VPN) operation when the web browser browses any uniform resource locator including a particular domain name that encompasses a private network. Upon receiving from the web browser over a public network a request to access a private resource on the private network, the security gateway establishes a secure public connection to the web browser, establishes a private connection to the private resource, and associate the private connection with the secure public connection to form a clientless VPN connection between the web browser and the private resource. The security gateway forwards content between the private resource and the web browser over the clientless VPN connection without performing any content rewrite operations.

Abstract: Methods, systems, and computer readable media may be operable to wireless hotspot activity of one or more access points supporting multiple radios. A DHCP relay agent may receive a DHCP request from a device seeking to join a hotspot service provided through a gateway. If the number of currently connected devices is less than the maximum connected device limit, then the agent may increase the number of currently connected devices by one, and relay the encapsulated DHCP request over a GRE tunnel. If the number of connected devices already meets or exceeds the allowed limit, then the DHCP relay agent may instruct the gateway or its access point to disconnect the new device.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.

Abstract: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.

Abstract: Methods, devices and apparatus for verifying a terminal device are provided. In one aspect, a method includes: recording a correspondence between a source IP address of an authentication message and an MAC address of the terminal device in a first whitelist after successful authentication is performed for the terminal device based on the authentication message, where the authentication message carries an MAC address of the terminal device; querying the first whitelist based on a source IP address of a data packet when the data packet from the terminal device is monitored; confirming the terminal device is successfully authenticated if the source IP address hits the first whitelist.

Abstract: An information handling system operating a low power communications engine comprising a wireless adapter for communicating on a low power communication technology network for receiving low power communication technology data traffic for at least one always-on remote management service for the information handling system, a controller receiving a location status of the information handling system via the low power communication technology network indicating a location or network, where the controller executes code instructions for a low power communications engine to assess a location trust level from an environment characteristics analysis engine to determine whether the location status is a trusted zone location or an untrusted zone location utilizing binary classification machine learning based on input variables including data relating to history of activity at the location or on the network learned by the environment characteristics analysis engine from reported operational or network activity, and the co

Abstract: In general, certain embodiments of the present disclosure provide techniques or mechanisms for automatically filtering network messages in an aviation network for an aircraft based on a current system context. According to various embodiments, a method is provided comprising receiving a network message transmitted from a source avionic device to a destination avionic device via one or more network packets within the aviation network. A current system context, indicating an aggregate status of avionic devices within the aviation network, is determined based on monitoring the avionic devices. The network message is analyzed by identifying a plurality of attributes corresponding to header and data fields of the one or more network packets corresponding to the network message. The acceptability of the network message within the current system context is determined based on one or more filter rules that specify what attributes are allowed within a particular system context.

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

Abstract: A method of requesting a search query to be displayed in a web browser. The method includes receiving search terms and slash operators and generating results based on the search terms and slash operators.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: Example methods and systems are provided for network-address-to-identifier translation in a virtualized computing environment. The method may comprise: based on traffic flow information associated with a first network address and a second network address, determining that the first network address is associated with a first identifier that identifies the first virtualized computing instance. The method may also comprise: obtaining network topology information specifying how the first virtualized computing instance is connected to the second virtualized computing instance via one or more logical forwarding elements; and based on the network topology information, determining that the second network address is associated with a second identifier that identifies the second virtualized computing instance.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, for pre-boot network-based authentication. In some implementations, a computing device enters a UEFI environment upon powering on the computing device. While in the UEFI environment, the computing device restricts booting of an operating system of the computing device, accesses a signed certificate corresponding to a particular user, sends a verification request to a server system over a communication network, and receives a verification response from the server system over the communication network. In response to receiving the verification response, the computing device (i) enables the operating system to boot and (ii) verifies the identity of the particular user to the operating system such that the operating system logs in the particular user without requiring further proof of identity for the particular user.

Abstract: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.

Abstract: To improve the access control in regard to safety and protection of network operation and network data when controlling accesses to networks based on IT systems including embedded systems or distributed systems, it is proposed that observation and evaluation (detection) of the communication in a network (performance of a network communication protocol collation of the observed protocol with a multiplicity of reference protocols, preferably stored in a list, that are usually used in operation- and/or safety-critical networks) be used to independently identify whether an uncritical or critical network is involved in the course of a network access, in particular the setup of a network connectivity, to at least one from at least one network that is uncritical in regard to operation and/or safety, in particular referred to as a standard network, and at least one network that is critical in regard to operation and/or safety.

Abstract: A DMA (Direct Memory Access) transfer apparatus acquires information including a transfer source address and a transfer destination address based on a received transfer instruction, selects whether to perform first checksum calculation for data from an area of a memory corresponding to the transfer source address or perform second checksum calculation different from the first checksum calculation, and transfers data obtained via the checksum calculation selected in the selecting to an area of the memory corresponding to the transfer destination address.

Abstract: A monitoring method implemented by an access point for a network that can maintain an address association table is described. The method can include selecting at least two entries in the address association table, storing at least one predetermined characteristic obtained over a predefined period of time for each inflow and each outflow associated with the selected entries, and comparing, for at least one pair of selected entries, at least one stored characteristic for an inflow associated with one of the entries of the pair with the at least one corresponding stored characteristic for an outflow associated with the other entry of the pair. If, for at least one pair of entries, the comparison step indicates that an inflow associated with one of the entries of the pair transports an application content of the same nature as an outflow associated with the other entry of the pair, a risk of fraud can be detected.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for vulnerability assessment and hash generation for exterior data deployment. In this way, the system utilizes a vulnerability assessment to generate a permit to send approval for dissemination of data, files, or the like outside of the entity via an electronic communication. The vulnerability assessment determines a permit to send status for the communication. The system may then generate a hash for the communication and embed the hash within the data of the communication. Upon sending, the entity will only permit communications with a known hash embedded therein from being transmitted outside of the internal entity network.

Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses systems, and methods are also disclosed.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: A wireless mobile device (“UE”) operating in a battery-conserving low-power state processes incoming signaling or data in a received message to determine whether to act further on information in the message by enabling additional processing capability in the UE. A server may generate awaken information derived from a stored secret value that only the UE device and a server that manages the UE can obtain. The awaken information may also be based on a shared value shared between the server and the UE. The UE may separately derive the awaken information and may exit a low power state when awaken information received from the server in an awaken message in a first protocol matches the separately derived awaken information. The server may transmit a fall-back second awaken message in a different protocol than the first protocol if no confirmation is received that the UE received the first awaken message.

Abstract: Example embodiments disclosed herein relate to implementing pre-filter rules at a network infrastructure device. In one example, the network infrastructure device receives a packet flow including a first pre-filter tag including information from implementation of a first subset of a set of pre-filter rules. In the example, the network infrastructure device includes logic to implement a second subset of the pre-filter rules. The second subset of pre-filter rules are different from the first subset of pre-filter rules. The second subset of pre-filter rules are implemented on the packet flow to yield a pre-filter result.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: generating a first mobile device fingerprint of a mobile device and associating the first mobile device fingerprint to an identifier, and generating a second mobile device fingerprint of the mobile device and associating the second mobile device fingerprint to a MAC address of a mobile device. The methods, computer program products, and systems can include, for instance: receiving a first mobile device fingerprint of a mobile device and an identifier associated to the first mobile device fingerprint; receiving a second mobile device fingerprint of the mobile device and a MAC address associated to the second mobile device fingerprint; and associating received data received from the mobile device to the identifier.

Abstract: Techniques are described of forming a mesh network for wireless communication. One method includes broadcasting, from a first node connected to a core network, a beacon signal, receiving a connection establishment request from a second node in response to the broadcasted beacon signal; determining a radio resource availability associated with a plurality of radios of the first node based on the connection establishment request, and establishing a connection with the second node using a radio of the plurality of radios based on the radio resource availability. In some cases, the radio resource availability may include a number of active connections associated with one or more radios of the plurality of radios of the first node.

Abstract: The present invention is related to verifying an installed lighting system (300), in particular an Ethernet-based lighting system (300), without it being necessary to employ a designated lighting controller and without it being necessary to completely commission the installed lighting system (300). According to an aspect of the invention, this is achieved by providing a network switch (200) that comprises a plurality of ports for coupling luminaires (312A, 312B, 312C, 312D) and sensors and/or actuators (314A, 314B) of the lighting system (300) to the network switch (200); and by setting the network switch (200) such that a signal received at a first port (e.g. port 4) of the plurality of ports is only forwarded to pre-selected ports (e.g. ports 2,3,5,6 and 7) of the plurality of ports.

Abstract: Embodiments relate to systems, computer readable media, devices, and computer-implemented methods for providing improved network security by receiving a network packet, applying a filter rule in a first instance of a distributed reputation database to the network packet, determining, using a network interface card with a field programmable gate array, to drop or modify the network packet based on the applying, and transmitting reputation data to a security control center that includes a second instance of the distributed reputation database, where the reputation data includes information corresponding to the network packet that was dropped or modified.