Abstract: A method includes receiving summary messages summarizing respective aggregated traffic metadata packets output from the at least one traffic management device and an engine. Each summary message identifies an origination pair having a traffic management device and an aggregation engine and a sequence number. The method further includes tracking per subinterval of a series of sub-intervals, highest and lowest sequence numbers and a count of summary messages received for each unique origination pair from the beginning of the subinterval. The method further includes accumulating, per interval, accumulated highest and lowest sequence numbers and an accumulated count of summary messages for each unique origination pair from the beginning of the interval and for all previous subintervals for tracking dropped aggregated traffic metadata packets for the interval.

Abstract: A system and method are provided for monitoring traffic in an enterprise network. Similar hosts may be grouped using flow information. Network policy may then be created at the group level based on the signatures of the hosts and groups of hosts in the enterprise. Hosts may be arranged in hierarchical clusters. Some of these clusters may be selected as groups based on a desired degree of similarity between hosts in a group. The similarity between hosts may be determined based on similarity of network behavior of the hosts.

Abstract: A system and method is provided for detecting, tracking and/or blocking control signal attacks, which can occur between local computer systems and/or between remote computer systems, network links, and/or routing systems over a computer network. The system includes a router monitor adapted to receive a plurality of control signals and related information from the computer network and to process the plurality of control signals and related information to detect one or more control signal anomalies. The router monitor is further adapted to generate a plurality of alert signals representing the one or more control signal anomalies. The system further includes a controller that is coupled to the router monitor and is adapted to receive the plurality of alert signals from the router monitor.

Abstract: A system is provided that polls one or more caching nameservers and compares their results to a trusted or standard set of data. The set of data may be, for example, stored in a computer system or distributed among several computer systems. In one aspect, the system comprises a discrepancy detector that detects discrepancies between one or more copies of mapping information. Mapping information may be, for example, mapping stored on a Domain Name System (DNS).

Abstract: A system and method is provided for detecting, tracking and/or blocking control signal attacks, which can occur between local computer systems and/or between remote computer systems, network links, and/or routing systems over a computer network. The system includes a router monitor adapted to receive a plurality of control signals and related information from the computer network and to process the plurality of control signals and related information to detect one or more control signal anomalies. The router monitor is further adapted to generate a plurality of alert signals representing the one or more control signal anomalies. The system further includes a controller that is coupled to the router monitor and is adapted to receive the plurality of alert signals from the router monitor.

Abstract: In one aspect, it is realized that changes in routing configuration (and therefore network topology) may have an effect on how data is forwarded in a communication network. More particularly, it is realized the changes in the control plane have a statistical effect on information tracked in the data plane, and this relation may be used by a network manager in monitoring the network and determining a control plane cause of a data plane forwarding effect. For instance, a change in BGP routing information (control plane information) may affect the data forwarded by a router based on the changed BGP routing information (e.g., next hop data may be forwarded to a different BGP router attached to another physical port). A system and method are provided that correlate control plane and data plane information to support root cause analysis functions.

Abstract: In one aspect, it is realized that changes in routing configuration (and therefore network topology) may have an effect on how data is forwarded in a communication network. More particularly, it is realized the changes in the control plane have a statistical effect on information tracked in the data plane, and this relation may be used by a network manager in monitoring the network and determining a control plane cause of a data plane forwarding effect. For instance, a change in BGP routing information (control plane information) may affect the data forwarded by a router based on the changed BGP routing information (e.g., next hop data may be forwarded to a different BGP router attached to another physical port). A system and method are provided that correlate control plane and data plane information to support root cause analysis functions.

Abstract: A system and method are provided for monitoring traffic in an enterprise network. Similar hosts may be grouped using flow information. Network policy may then be created at the group level based on the signatures of the hosts and groups of hosts in the enterprise. Hosts may be arranged in hierarchical clusters. Some of these clusters may be selected as groups based on a desired degree of similarity between hosts in a group. The similarity between hosts may be determined based on similarity of network behavior of the hosts.

Abstract: A system and method are provided for monitoring traffic in an enterprise network. Similar hosts may be grouped using flow information. Network policy may then be created at the group level based on the signatures of the hosts and groups of hosts in the enterprise. Hosts may be arranged in hierarchical clusters. Some of these clusters may be selected as groups based on a desired degree of similarity between hosts in a group. The similarity between hosts may be determined based on similarity of network behavior of the hosts.