Abstract: A security device may receive a request, from a client device and intended for a server device, to provide a resource. The resource may be associated with information stored by the server device. The security device may identify the request as being associated with a malicious script. The malicious script may execute on the client device and may include a script that performs one or more undesirable tasks directed to the server device. The security device may receive, from the server device, a response to the request. The response may include information associated with the requested resource. The security device may modify the response to form a modified response. The response may be modified in an attempt to cause the malicious script to experience an error. The security device may provide the modified response to the client device.

Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

Abstract: A system may determine to perform an internal malware detection operation to detect malware executing on a client device. The system may perform the internal malware detection operation. The internal malware detection operation may be performed locally on a particular device without requiring communication with another device. The system may modify an environment executing on the particular device, to form a modified environment, based on performing the internal malware detection operation. The system may monitor the modified environment for a particular behavior indicative of a malware infection. The system may detect that the particular behavior has occurred. The system may provide a notification that the client device is infected with malware based on detecting that the particular behavior has occurred. The notification may cause one or more network devices to block network traffic to or from the client device.

Abstract: A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers.

Abstract: A device identifies, based on a program code instruction, an attempted write access operation to a fenced memory slab, where the fenced memory slab includes an alternating sequence of data buffers and guard buffers. The device assigns read-only protection to the fenced slab and invokes, based on the attempted write access operation, a page fault operation. When a faulting address of the attempted write operation is not an address for one of the multiple data buffers, the device performs a panic routine. When the faulting address of the attempted write operation is an address for one of the multiple data buffers, the device removes the read-only protection for the fenced slab and performs a single step processing routine for the program code instruction.

Abstract: Computer program products and methods of inspecting a log of security records in a computer network are provided. The method includes retrieving a log record, processing the log record including deriving a key to a table, determining a data value from information in the log record and adding the data value to a list of data values associated with the key if the data value is unique. One or more entries of the table are evaluated based on predetermined criteria to detect attempted security breaches.

Abstract: Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network to a different one of the routers operating as an egress router for the respective ring LSP. Moreover, each of the ring LSPs comprises a bidirectional, multipoint-to-point (MP2P) LSP for which any of the routers can operate as an ingress to source packet traffic into the ring LSP for transport to the respective egress router for the ring LSP. Separate protection paths, bypass LSPs, detours or loop-free alternatives need not be signaled.

Abstract: A method and apparatus for switching a data packet between a source and destination in a network. The data packet includes a header portion and a data portion. The header portion includes routing information for the data packet. The method includes defining a data path in the router comprising a path through the router along which the data portion of the data packet travels and defining a control path comprising a path through the router along which routing information from the header portion travels. The method includes separating the data path and control path in the router such that the routing information can be separated from the data portion allowing for the separate processing of each in the router. The data portion can be stored in a global memory while routing decisions are made on the routing information in the control path.

Abstract: A first server may receive, from a client device, an indication of a request for a content file via a network address; identify that the network address is a dynamic network address; establish a communication session with a second; receive a portion of the content file from the second server; determine an index parameter based on receiving the portion of the content file; determine whether the content file is being stored by the first server based on a cache index and based on the index parameter or based on information associated with the request for the content file; receive a remaining portion of the content file based on determining that the content file is not being stored by the first server; and provide the content file to the client device.

Abstract: Selection of proper virtual routing and forwarding (VRF) tables is based on a logical interface that is not associated with a physical interface. The selected VRF table is used to perform an output interface lookup for outgoing packets. In one example, a router includes a plurality of network interfaces, and a processing unit configured to select a logical interface not associated with any of the plurality of network interfaces based on an association with a received packet of a virtual private network, select one of a plurality of VRF tables in which to perform an output interface lookup for the packet that corresponds to the selected logical interface, and determine one of the plurality of network interfaces from the one of the plurality of VRF tables based on a destination of the packet, wherein the determined one of the plurality of network interfaces is configured to forward the packet.

Abstract: A secondary protection device may receive a voltage surge. The voltage surge may be received based on a failure associated with a primary protection device. The secondary protection device may protect a piece of protected equipment from the voltage surge based on receiving the voltage surge. The secondary protection device may generate a failure notification based on protecting the piece of protected equipment from the voltage surge. The failure notification may indicate the failure associated with the primary protection device. The secondary protection device may provide the failure notification.

Abstract: In general, techniques are described to dynamically refresh a timer for a communication session provided by a bidirectional forwarding detection (BFD) protocol. The techniques potentially mitigate network load by reducing the number of BFD packets required to maintain a BFD communication session. An example network device includes a memory, programmable processor(s), a network interface, and a control unit configured to establish a BFD communication session between the network device and a peer network device that is communicatively coupled to the network device via the network interface, determine whether a packet associated with a communication session other than the BFD communication session is a relevant packet to the BFD communication session, and in response to determining that the packet is the relevant packet, refresh a timer that executes on the network device and is associated with the BFD communication session.

Abstract: Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.

Abstract: A first device may receive a content request from a second device. The content request may include a dynamic network address and a request for a content file. The first device may determine that the dynamic network address is not included in a first index; determine one or more response values associated with the content file; determine that the one or more response values are included in a second index when the one or more response values match one or more response values included in the second index; generate an association between the dynamic network address and the second index to map the dynamic network address to the second index and to the content file based on determining that the one or more response values are included in the second index; and provide the content file to the second device.

Abstract: A system is configured to determine a first power level of a first signal output from a first modulator, and determine a second power level of a second signal output from a second modulator. The first signal may include a first optical signal associated with a particular polarization orientation, and the second signal may include a second optical signal associated with the particular polarization orientation. The system is configured to determine a relationship between the first power level and the second power level, and to set, based on the relationship between the first power level and the second power level, a reverse bias voltage associated with the first modulator, where the reverse bias voltage may be used to control the first power level of the first signal.

Abstract: A rack system may include a first plurality of line cards, where a particular one of the first plurality of line cards receives or sends packets via ports; a plurality of fabric cards, where a particular one of the plurality of fabric cards includes a switching fabric; a second plurality of line cards, where a particular one of the second plurality of line cards receives or sends packets via ports; a first backplane that connects the first plurality of line cards to the plurality of fabric cards; and a second backplane that connects the second plurality of line cards to the plurality of fabric cards.

Abstract: In some embodiments, an apparatus comprises a core network node and a control module within an enterprise network architecture. The core network node is configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive a first tunneled packet associated with a first session from a wired network node from the set of wired network nodes. The core network node is configured to also receive a second tunneled packet associated with a second session from a wireless network node from the set of wireless network nodes through intervening wired network nodes from the set of wired network nodes. The control module is operatively coupled to the core network node. The control module is configured to manage the first session and the second session.

Abstract: A security device may receive a request from an attacker device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate an unsolvable challenge-response test based on identifying the request as being associated with the malicious activity. The unsolvable challenge-response test may be generated using at least one construction technique and may be configured in an attempt to block the attacker device without making the attacker device aware that the attacker device is being blocked. The security device may provide the unsolvable challenge-response test to the attacker device, and may receive a solution associated with the unsolvable challenge-response test. The security device may notify the attacker device that the solution is incorrect regardless of whether the solution is actually correct.

Abstract: A computer-implemented method for load balancing multicast traffic may include (1) identifying a plurality of switches that include at least a first switch that is connected to a second switch by a first path and a second path, (2) calculating a plurality of multicast distribution trees for distributing multicast traffic among the plurality of switches that includes (i) a first tree that includes the first path and whose root is different than the root of a second tree and (ii) the second tree that includes the second path, (3) receiving a plurality of multicast packets ingress to the plurality of switches at the first switch, and (4) using at least two of the plurality of multicast distribution trees to transmit the plurality of multicast packets from the first switch to the second switch. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A housing includes a mount projection defining a first notch, a second notch, and a recessed wall. At least a portion of the recessed wall defines a substantially conical cross-sectional shape between a maximum width and a length from a leading portion to a line associated with the maximum width. The mount projection is configured to complimentarily mate to a bracket defining a recessed wall with a maximum width, corresponding to the maximum width of the mount projection, and a length, corresponding to the length of the mount projection, from a leading portion to a line associated with the maximum width. The mount projection is releasably retained within an opening of the bracket when a first projection and a second projection of the bracket are disposed within the first notch and the second notch, respectively, of the mount projection.