Abstract: Conventional efforts for estimating the geographic location (geolocation) of devices associated with particular Internet Protocol (IP) addresses typically yield woefully inaccurate results. In many cases, the estimated IP geolocations are on the wrong continent. Embodiments of the present technology include techniques for identifying and improving incorrect estimates based on latency measurements, Domain Name Server (DNS) information, and routing information. For example, latency measurements from multiple collectors can be used to rate the plausibility of an IP geolocation estimate and in certain cases, to increase the accuracy of the IP geolocation estimate. DNS and routing information can be used to corroborate the estimated IP geolocation. The resulting more accurate IP geolocation estimate can be used to route Internet traffic more efficiently, to enforce rules for routing sensitive information, and to simplify troubleshooting.

Abstract: Every day, thousands of routing “hijacks” occur on the Internet, almost all of them benign. The malicious ones and the resulting misdirection of Internet traffic can be identified by applying sophisticated analytics to extensive global real-time feeds of Border Gateway Protocol (BGP) routing updates. When legitimate attacks are discovered, the automated analysis may be augmented with Domain Name Service (DNS) data (to determine the likely targets), traceroute data (to determine if they represent Man-In-The-Middle exploits), interred business relationships (to understand the scope of the impacts) and even the raw BGP messages. These techniques can be used to uncover attacks against both commercial and government entities.

Abstract: Conventional efforts for estimating the geographic location (geolocation) of devices associated with particular Internet Protocol (IP) addresses typically yield woefully inaccurate results. In many cases, the estimated IP geolocations are on the wrong continent. Embodiments of the present technology include techniques for identifying and improving incorrect estimates based on latency measurements, Domain Name Server (DNS) information, and routing information. For example, latency measurements from multiple collectors can be used to rate the plausibility of an IP geolocation estimate and, in certain cases, to increase the accuracy of the LP geolocation estimate. DNS and routing information can be used to corroborate the estimated IP geolocation. The resulting more accurate IP geolocation estimate can be used to route Internet traffic more efficiently, to enforce rules for routing sensitive information, and to simplify troubleshooting.

Abstract: Every day, thousands of routing “hijacks” occur on the Internet, almost all of them benign. The malicious ones and the resulting misdirection of Internet traffic can be identified by applying sophisticated analytics to extensive global real-time feeds of Border Gateway Protocol (BGP) routing updates. When legitimate attacks are discovered, the automated analysis may be augmented with Domain Name Service (DNS) data (to determine the likely targets), traceroute data (to determine if they represent Man-In-The-Middle exploits), inferred business relationships (to understand the scope of the impacts) and even the raw BGP messages. These techniques can be used to uncover attacks against both commercial and government entities.

Abstract: An alert system and method are provided to identify and characterize real-time information transmission anomalies in high-frequency global and local traceroute data. The system includes active network sensors and/or collector devices, which collect traceroute data associated with transmissions to different points in a computer network and provide the traceroute data to a master server. The traceroute data is obtained by the active network sensors by sending probing data packets to numerous computing target devices located locally with respect to the target device and/or globally. The master server determines one or more anomalies from the received traceroute data and characterizes the anomaly in terms of type, severity, location, affected Domain Name System (DNS) server and/or Internet Service Provider (ISP).

Abstract: Conventional internet routing is handled using routing protocols such as the Border Gateway Protocol (BGP). However, simple BGP does not account for latency, packet loss, or cost. To address this problem, smart routing systems that route traffic fast and in a cost-effective manner are implemented. In one approach, smart routing systems measure, compare, and analyze round-trip latencies and other metrics between a customer premises and one or more endpoints. Optimal inbound and outbound transit providers are selected for each endpoint based on these measurements. Other smart routing systems collect and analyze Real User Monitoring (RUM) data to predict latency performance of different content origins for serving data to a particular client based on the client's IP address and the content origins' IP addresses, which are ranked by performance.

Abstract: Conventional efforts for estimating the geographic location (geolocation) of devices associated with particular Internet Protocol (IP) addresses typically yield woefully inaccurate results. In many cases, the estimated IP geolocations are on the wrong continent. Embodiments of the present technology include techniques for identifying and improving incorrect estimates based on latency measurements, Domain Name Server (DNS) information, and routing information. For example, latency measurements from multiple collectors can be used to rate the plausibility of an IP geolocation estimate and, in certain cases, to increase the accuracy of the LP geolocation estimate. DNS and routing information can be used to corroborate the estimated IP geolocation. The resulting more accurate IP geolocation estimate can be used to route Internet traffic more efficiently, to enforce rules for routing sensitive information, and to simplify troubleshooting.

Abstract: An alert system and method are provided to identify and characterize real-time information transmission anomalies in high-frequency global and local traceroute data. The system includes active network sensors and/or collector devices, which collect traceroute data associated with transmissions to different points in a computer network and provide the traceoute data to a master server. The traceroute data is obtained by the active network sensors by sending probing data packets to numerous computing target devices located locally with respect to the target device and/or globally. The master server determines one or more anomalies from the received traceroute data and characterizes the anomaly in terms of type, severity, location, affected Domain Name System (DNS) server and/or Internet Service Provider (ISP).

Abstract: Conventional efforts for estimating the geographic location (geolocation) of devices associated with particular Internet Protocol (IP) addresses typically yield woefully inaccurate results. In many cases, the estimated IP geolocations are on the wrong continent. Embodiments of the present technology include techniques for identifying and improving incorrect estimates based on latency measurements, Domain Name Server (DNS) information, and routing information. For example, latency measurements from multiple collectors can be used to rate the plausibility of an IP geolocation estimate and, in certain cases, to increase the accuracy of the IP geolocation estimate. DNS and routing information can be used to corroborate the estimated IP geolocation. The resulting more accurate IP geolocation estimate can be used to route Internet traffic more efficiently, to enforce rules for routing sensitive information, and to simplify troubleshooting.

Abstract: In some instances, it could be advantageous to return different IP addresses for a query relating to a domain name. Conventional methods for returning different IP addresses for a given query include modifying the authoritative DNS server. However, such modifications do not scale well and increase the complexity of the system. To address this problem, a proxy server configured for intelligent DNS forwarding is disclosed. DNS queries from an end user are forwarded to the authoritative DNS server via the proxy server. Responses from the authoritative DNS servers include metadata with embedded policies and rules defined by customers. The proxy server processes the metadata by executing the embedded policies and rules, looking up network resources based on the embedded rules, and determining an optimal IP address based on the look up data and embedded policies. This optimal IP address is sent to the end user in response to the query.

Abstract: Conventional internet routing is handled using routing protocols such as the Border Gateway Protocol (BGP). However, simple BGP does not account for latency, packet loss, or cost. To address this problem, smart routing systems that route traffic fast and in a cost-effective manner are implemented. In one approach, smart routing systems measure, compare, and analyze round-trip latencies and other metrics between a customer premises and one or more endpoints. Optimal inbound and outbound transit providers are selected for each endpoint based on these measurements. Other smart routing systems collect and analyze Real User Monitoring (RUM) data to predict latency performance of different content origins for serving data to a particular client based on the client's IP address and the content origins' IP addresses, which are ranked by performance.

Abstract: Provided are an electronic mail server manager, and a system and method for coordinating operation of multiple electronic mail servers to efficiently store, process, and forward a high volume of electronic mail. The system for managing operation of multiple email servers in accordance with one embodiment may comprise an email message queue; a plurality of receiving email servers; a plurality of sending email servers; and an email server manager having a memory and a processor configured by the memory to perform the steps of storing received email messages in an email message queue; extracting destinations from the email messages; and delivering the email messages to the destinations by way of the sending email servers in correspondence to feedback received from the sending email servers and/or the destinations.

Abstract: Provided are an electronic mail server manager, and a system and method for coordinating operation of multiple electronic mail servers to efficiently store, process, and forward a high volume of electronic mail. The system for managing operation of multiple email servers in accordance with one embodiment may comprise an email message queue; a plurality of receiving email servers; a plurality of sending email servers; and an email server manager having a memory and a processor configured by the memory to perform the steps of storing received email messages in an email message queue; extracting destinations from the email messages; and delivering the email messages to the destinations by way of the sending email servers in correspondence to feedback received from the sending email servers and/or the destinations.

Abstract: Conventional efforts for estimating the geographic location (geolocation) of devices associated with particular Internet Protocol (IP) addresses typically yield woefully inaccurate results. In many cases, the estimated IP geolocations are on the wrong continent. Embodiments of the present technology include techniques for identifying and improving incorrect estimates based on latency measurements, Domain Name Server (DNS) information, and routing information. For example, latency measurements from multiple collectors can be used to rate the plausibility of an IP geolocation estimate and, in certain cases, to increase the accuracy of the IP geolocation estimate. DNS and routing information can be used to corroborate the estimated IP geolocation. The resulting more accurate IP geolocation estimate can be used to route Internet traffic more efficiently, to enforce rules for routing sensitive information, and to simplify troubleshooting.

Abstract: An alert system and method are provided to identify and characterize real-time information transmission anomalies in high-frequency global and local traceroute data. The system includes active network sensors and/or collector devices, which collect traceroute data associated with transmissions to different points in a computer network and provide the traceoute data to a master server. The traceroute data is obtained by the active network sensors by sending probing data packets to numerous computing target devices located locally with respect to the target device and/or globally. The master server determines one or more anomalies from the received traceroute data and characterizes the anomaly in terms of type, severity, location, affected Domain Name System (DNS) server and/or Internet Service Provider (ISP).

Abstract: The disclosed methods and systems include collecting routing data from a plurality of network routers, and correlating the routing data across routers and across time to obtain network data. The network data can be streamed to a user in real-time and the user can interactively query the data. In one embodiment, interactive routing analyzes, drill-down, and forensics can be performed using a repository of Border Gateway Protocol (BGP) update traffic. Alarms can be set to detect selected routing problems. In setting the alarms, the message data for each router can be processed in timestamp order. Current message data from each router can be compared with previous message data to determine a condition status. An alarm can be provided when the condition status meets a temporal correlation criterion and/or a spatial correlation criterion.

Abstract: The disclosed methods and systems include collecting routing data from a plurality of network routers, and correlating the routing data across routers and across time to obtain network data. The network data can be streamed to a user in real-time and the user can interactively query the data. In one embodiment, interactive routing analyses, drill-down, and forensics can be performed using a repository of Border Gateway Protocol (BGP) update traffic. Alarms can be set to detect selected routing problems. In setting the alarms, the message data for each router can be processed in timestamp order. Current message data from each router can be compared with previous message data to determine a condition status. An alarm can be provided when the condition status meets a temporal correlation criterion and/or a spatial correlation criterion.

Abstract: Provided are an electronic mail server manager, and a system and method for coordinating operation of multiple electronic mail servers to efficiently store, process, and forward a high volume of electronic mail. The system for managing operation of multiple email servers in accordance with one embodiment may comprise an email message queue; a plurality of receiving email servers; a plurality of sending email servers; and an email server manager having a memory and a processor configured by the memory to perform the steps of storing received email messages in an email message queue; extracting destinations from the email messages; and delivering the email messages to the destinations by way of the sending email servers in correspondence to feedback received from the sending email servers and/or the destinations.

Abstract: The disclosed methods and systems include collecting routing data from a plurality of network routers, and correlating the routing data across routers and across time to obtain network data. The network data can be streamed to a user in real-time and the user can interactively query the data. In one embodiment, interactive routing analyses, drill-down, and forensics can be performed using a repository of Border Gateway Protocol (BGP) update traffic. Alarms can be set to detect selected routing problems. In setting the alarms, the message data for each router can be processed in timestamp order. Current message data from each router can be compared with previous message data to determine a condition status. An alarm can be provided when the condition status meets a temporal correlation criterion and/or a spatial correlation criterion.

Abstract: Internet data such as Border Gateway Protocol routing information and traceroute measurements are processed to create realistic predictive models of the paths IP traffic is likely to take between any two points on the Internet, even when direct measurements of the paths is not feasible. The prediction includes three categories: topology (what paths may exist), weighting (which paths are more or less likely to be taken under varying operational circumstances), and performance (latency, loss, jitter, etc. across the predicted paths).