Abstract: Methods, apparatuses and systems directed to facilitating transitions from IPv4 to IPv6 networks. In particular implementations, the invention facilitates or enables accessibility of network application services between IPv4 and IPv6 hosts, or traversal of network paths including both IPv6 or IPv4 domains. Particular implementations of the invention are directed to selective mapping of network layer addresses between IPv6 and IPv4 protocols and Domain Name System records under one or more policy controls. Other implementations of the invention are directed to a proxy-to-proxy based tunnel architecture allowing hosts implementing a first network layer protocol, such as IPv4, to traverse a network implementing a second network layer protocol, such as IPv6.

Abstract: Methods, apparatuses and systems directed to detecting network applications whose data flows have been encrypted. The present invention extends beyond analysis of explicitly presented packet attributes of data flows and holistically analyzes the behavior of host or end systems as expressed in related data flows against a statistical behavioral model to classify the data flows.

Abstract: Methods, apparatuses and systems directed to facilitating transitions from IPv4 to IPv6 networks. In particular implementations, the invention facilitates or enables accessibility of network application services between IPv4 and IPv6 hosts, or traversal of network paths including both IPv6 or IPv4 domains. Particular implementations of the invention are directed to selective mapping of network layer addresses between IPv6 and IPv4 protocols and Domain Name System records under one or more policy controls. Other implementations of the invention are directed to a proxy-to-proxy based tunnel architecture allowing hosts implementing a first network layer protocol, such as IPv4, to traverse a network implementing a second network layer protocol, such as IPv6.

Abstract: A log file from a server is analyzed and entries in the log file are deleted, combined, or condensed to create a list of page views that more accurately reflects traffic to a server. The list of page views may be added to a database for searching, sorting, and analyzing the page views.

Abstract: Methods, apparatuses and systems directed to detecting network applications whose data flows have been encrypted. The present invention extends beyond analysis of explicitly presented packet attributes of data flows and holistically analyzes the behavior of host or end systems as expressed in related data flows against a statistical behavioral model to classify the data flows.

Abstract: Methods, apparatuses and systems directed to detecting, and in some implementations, responding to, asymmetric routing in network deployments. In a particular embodiment, a first process detects asymmetric routing at connection initiation, while the second process can detect asymmetric routing that may after connection initiation.

Abstract: A system and method to securely deliver software updates to an appliance are provided. The system comprises a key generator, a reporting module, and a certificate signing request (CSR) module. The key generator may be configured to generate, at the processing system, verification data for the processing system. The reporting module may be configured to communicate the verification data from the processing system to a verification database. The certificate signing request (CSR) module may be configured to obtain a signed certificate from a certificate authority (CA) based on the verification data stored in the verification database.

Abstract: Techniques for suspending a TCP three-way handshake, offering the partial connection to an L-7 application or module at a proxy to perform further processing, and then allowing the L-7 application or module to instruct the proxy's network kernel to perform various actions are described. In various embodiments these actions may include: silently dropping the connection, verbosely rejecting the connection, accepting and processing the connection locally, or forwarding the connection to another proxy or the original destination. This additional functionality is provided, in one particular embodiment, via extensions to the POSIX socket API.

Abstract: Methods, apparatuses and systems directed to facilitating transitions from IPv4 to IPv6 networks. In particular implementations, the invention facilitates or enables accessibility of network application services between IPv4 and IPv6 hosts, or traversal of network paths including both IPv6 or IPv4 domains. Particular implementations of the invention are directed to selective mapping of network layer addresses between IPv6 and IPv4 protocols and Domain Name System records under one or more policy controls. Other implementations of the invention are directed to a proxy-to-proxy based tunnel architecture allowing hosts implementing a first network layer protocol, such as IPv4, to traverse a network implementing a second network layer protocol, such as IPv6.

Abstract: A system and method for prefetching one or more embedded objects marked uncacheable using a buffer on a prefetch cache to temporarily store the uncacheable object. The buffer is allocated to a socket that is established between the prefetch cache and a server subsequent to the establishment of an initial connection. A prefetch caching process retrieves one or more embedded objects from the server using the socket based on the preconfigured set of rules. The prefetch caching process determines whether the embedded object is uncacheable, and if so loads the object into the buffer. The prefetch caching process waits a predetermined time period for client request for the object. If the request is received prior to expiration of the time period, the prefetch caching process sends the object to the client. Otherwise, the process “flushes” the buffer, thereby discarding the object, and then closes the socket.

Abstract: Consistent with one embodiment of the invention, a wireless mobile device is configured to receive a configuration file from a configuration server. After receiving the configuration file, the wireless mobile device establishes a wireless communication session with a computing device within proximity of the mobile device. The mobile device is configured to send the configuration file to the computing device so as to enable a configuration application executing on the computing device to configure the computing device in accordance with configuration information included in the configuration file.

Abstract: A Layer 2 packet return mechanism in a proxy, such as a web cache, operatively associated with a redirecting router. In a particular embodiment, the present invention provides a Layer 2 packet return mechanism in a Web Cache Communication Protocol (WCCP) network environment. In one embodiment, the present invention provides an efficient mechanism allowing a proxy or web cache to recognize WCCP redirected packets, forwarded using Layer 2 forwarding mechanisms, and subsequently to return unprocessed packets to the original forwarding WCCP router using a Layer 2 packet return mechanism.

Abstract: A system for controlling an application process comprises an injector, redirect code operable to be placed in a memory of the application process, and a library of redirect functions operable to be referenced by the redirect code during the application process execution. The redirect code is operable to intercept a set of target function calls made by the application process and execute the redirect functions for the intercepted target function calls.

Abstract: The present invention extends to methods, systems, and computer program products for dynamically rating Internet content. A computer receives an indication that at least one URL is available to be rated and that resources (e.g., a content rater) are available for rating the URL. The computer selects a URL, which identifies a portion of Internet content, and transfers the URL to at least two different content classifiers. The computer accesses first rating data corresponding to the identified portion of Internet from a first content classifier. The computer accesses second rating data corresponding to the identified portion of Internet from a second content classifier. The computer combines at least the first rating data and the second rating data into a combined rating corresponding to a specified content category. The computer indicates that the identified portion of Internet content is included in the specified content category.

Abstract: A DLL that includes an API hook is injected into the address space of a target computer process called by an application program. Upon termination of the application program, computer-readable instructions describing a process for filtering exceptions returned from the target computer process are stored in memory locations accessible to the target computer process and the DLL is ejected from the address space.

Abstract: A method and apparatus for policy management in a network intermediary device. One embodiment of the invention, includes establishing a session between a client and an intermediary device on a network to enable processing of a communication between the client and the intermediary device. Then, the communication is processed by the intermediary device while maintaining a consistent version of policy throughout the communication. Finally, after the communication is complete, the intermediary terminates the communication. The intermediary device may maintain consistent policy by utilizing a policy ticket upon which transactional information is stored and that references the version of policy that was current when the communication first began.

Abstract: In response to an indication of a desire to initiate a secure communication session (e.g., a session utilizing a the SSL communication protocol) with a computer resource, a digital certificate indicative of whether or not a user consents to monitoring of the secure communication session is requested. The response to this request will permit or deny such monitoring, allowing the session to proceed or be cancelled, accordingly.

Abstract: The invention provides a method and system for caching information objects transmitted using a computer network. A cache engine determines directly when and where to store those objects in a memory (such as RAM) and mass storage (such as one or more disk drives), so as to optimally write those objects to mass storage and later read them from mass storage, without having to maintain them persistently. The cache engine actively allocates those objects to memory or to disk, determines where on disk to store those objects, retrieves those objects in response to their network identifiers (such as their URLs), and determines which objects to remove from the cache so as to maintain sufficient operating space. The cache engine collects information to be written to disk in write episodes, so as to maximize efficiency when writing information to disk and so as to maximize efficiency when later reading that information from disk.

Abstract: Systems, methods, and computer products for protecting information during troubleshooting are provided. A dumping mechanism includes marking at least one of a plurality of memory regions in the computer-readable medium as non-dumpable, initiating a core dump, determining which memory regions of the plurality regions are non-dumpable, and dumping the contents only of memory regions not marked as non-dumpable.

Abstract: In the face of data loss on connections between a content source and a content consumer, additional connections therebetween are opened. These additional connections are preferably opened between the content source and a proxy disposed between the content source and the content consumer. The proxy may then seam together data streams received from the content source across the additional connections in a recording on a computer-readable medium. The seamed stream may be constructed by filling in information gaps in any of the data streams received from the content source with content derived from others of the data streams received from the content source. This derivation may be made on the basis of identifying characteristics (e.g., packet contents) of packets from each of the data streams received from the content source.