Abstract: The present application describes systems and methods for filtering of malicious domain name system (DNS) queries. A DNS filter inspects a DNS query and drops the DNS query if the DNS query is deemed invalid. The DNS filter allows or drops the DNS query based on a set of rules. The set of rules includes one or more criteria for the validity or invalidity one or more DNS query attributes. The DNS filter logs the dropped DNS queries and provides them to the security analysis service for further investigation. In some examples, the DNS filter runs in a container or a virtual machine (VM) on the same system as the DNS server, or on a separate system in-line with the DNS servers.

Abstract: A steam distributor for a coffee machine and a coffee machine are described. The steam distributor includes a rod-like distributor body and an outlet area for discharging steam and/or air from an interior of the distributor body into a surrounding of the distributor body. The outlet area is arranged on an outer surface of the distributor body and is configured to discharge the steam and/or the air in such a way that the steam and/or the air forms a flow which has a tangential flow direction with respect to the distributor body and flows tangentially out of the distributor body. This structure of the distributor body allows milk or a milk substitute liquid to be foamed advantageously, because a circular flow is produced in the milk or the milk substitute liquid.

Abstract: The present application describes systems and methods for secured network information transmission. A network tunnel may be established from a customer premises equipment (CPE) to a routing device at a provider site. The network tunnel may traverse over one or more networks while maintaining a secure path for data. A customer may indicate a chosen configuration for a CPE, and a device at a provider site, a customer device, and/or the CPE itself may automatically, or manually, configure the CPE based on the chosen configuration to allow and/or disallow certain customer network information from being received and/or transmitted through the network tunnel.

Abstract: A network filter request arbiter is provided. An interface (e.g., user interface and/or programmatic interface, such as an application programming interface (API)), is for configuring and automatically implementing one or more filters in an internal and/or external network. The filters may be used to stop distributed denial of service (DDOS) attacks and/or prevent malicious network traffic from reaching a target network or target device(s) within the target network. Filters implemented in a target network may also be distributed to other (e.g., upstream) networks. The distributed filters may similarly be used to stop DDOS attacks and/or prevent malicious network traffic from being carried by the networks and from reaching a target network or target device(s) within the target network.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: The present application describes systems and methods for network-based blocking threat intelligence. An access control list (ACL) generator may modify ACLs and provide modified ACLs to provider edge routers based on the capabilities of the provider edge routers. In some cases, an additional provider edge router that is more capable of implementing longer ACLs may be used. In some cases, a collector may identify when threat communications are bypassing provider edge routers with limited ACL lengths and provide the customer an opportunity to buy a better router or access to an additional router that supports longer or additional ACLs. A threat intelligence system may update (e.g., continuously update) the ACL provided to the ACL generator, and the ACL generator may accordingly update the modified ACLs provided to the provider edge routers.

Abstract: This disclosure describes systems, methods, and devices related to managing network capacity using cloud edge providers. A method may include identifying, by an edge device of a network, a request for network capacity received via an application programming interface (API), from a user of the network; identifying offers received via the API by cloud edge providers; determining that the network capacity is available at at least one of the cloud edge providers based on the offers; deploying an edge server at the at least one of the cloud edge providers based on the network capacity being available at the at least one of the cloud edge providers; and directing traffic between the user and the edge server based on the deployment.

Abstract: This disclosure describes systems, methods, and devices related to managing egress traffic from a network to one or more peer networks. A method may include generating, using a load balancer of a network, a dynamic logical egress traffic threshold for a peer network; determining, using the load balancer, that first traffic from the network to the peer network is below the logical egress traffic threshold; directing second traffic from the network to the peer network based on the determination that the first traffic is below the logical egress traffic threshold; determining, using the load balancer, that the second traffic from the network to the peer network has reached the logical egress traffic threshold; and directing third traffic from the network away from the peer network based on the determination that the second traffic has reached the logical egress traffic threshold.

Abstract: A route viewing system includes a computing system that receives information associated with one or more routes through a network, and identifies the routes that are associated with at least one illicit user computer used by an illicit user. The computing system then obtains a source location of a source address of the routes and a destination location of a destination address of the routes, and displays the routes on a geographical display at the source location of the source address and the destination location of the destination address of each of the routes.

Abstract: An ammunition cartridge casing is provided having a primer body and a casing body. The primer body has an inner primer portion and an outer primer portion configured to nest in conformance with an outer surface of the inner primer portion. The outer surface of the inner primer portion provides a circumferential trench having a radially outwardly extending circumferential wall portion contiguous with an axially extending circumferential wall portion. The casing body has a distal end portion and a proximal end portion. The proximal end portion of the casing body is interposed between the inner primer portion and the outer primer portion within the trench having an interlocked axially extending circumferential portion and an interlocked radially outwardly extending disc portion of the casing body entrapped between the inner primer portion and the outer primer portion. A method is also provided.

Abstract: Novel tools and techniques are provided for implementing cloud-based voice calling service, video calling service, and/or over-the-top (“OTT”) services. In various embodiments, with a unified communications and collaboration interconnection (“UCCI”) interconnection established between separate hyperscalers or communication service providers that have separate administrative domains, Internet Protocol (“IP”) based communications services may be instantiated between a first user device or a first telephone number (or call identifier (“ID”)) via a first hyperscaler and a second user device or a second telephone number (or call ID) via a second hyperscaler, without touching or traversing the public switched telephone network (“PSTN”).

Abstract: Implementations described and claimed herein provide systems and methods for custom-defined network routing. In one implementation, a set of custom defined network flow rules is received at an edge router of a primary network, which is in communication with a customer network. The set of custom defined network flow rules correspond to network traffic associated with the customer network. The set of custom defined network flow rules is stored in a forwarding table on the edge router. A packet of data is received at the edge router. The packet of data is attributed to the customer network. The set of custom defined network flow rules is applied to the pack of data using the forwarding table.

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

Abstract: Novel tools and techniques are provided for implementing emergency call record and address validation. In various embodiments, a computing system may simultaneously initiate two or more test calls among a plurality of test calls to an emergency service provider system. Each test call may simulate an emergency services validation call initiated from a telephone number among a plurality of telephone numbers associated with a corresponding plurality of users to request a determination as to whether a 911 or enhanced 911 (“E911”) address associated with the telephone number is an accurate 911 or E911 address. In response to receiving a corresponding plurality of call responses from the emergency service provider system, the computing system may analyze each call response to determine a result of each corresponding simulated emergency services validation call; and may send each determined result to a corresponding requesting party.

Abstract: A data network analysis system includes a computer-executable set of instructions that obtain service account information associated with a route provided to a customer through a data communication network having network elements. Using the service account information, the instructions identify a termination port that terminates the route to a customer premises equipment of the customer, and at least one target port of the route and those network elements that are assigned to convey the route through one or more of the network elements. The instructions then obtain the routing information for the route from each of the network elements that are assigned to convey the route.

Abstract: Systems and methods of disconnecting a network service provided over a network service path include using a computing device that obtains a service identifier assigned to network service and identifies a port of a network device included in a network service path associated with the service. The computing device transmits a request to the network device for port configuration data of the network device and based on the received port configuration data, determines whether the port is assigned to the network service. If so, the computing devices executes a remediation operation which includes transmitting a reconfiguration command to the network device that is adapted to cause the network device to update the port configuration data to free the port.

Abstract: Direct to systems and methods for a service activation system in a telecommunications network that utilizes one or more generic container files for building the configuration file to instantiate the service on the network. A request for service from a network may be received from an order entry system that includes specific information about the requested service. A collection of generic configuration files may be selected based on the information included in the service order and arranged to build a configuration file to be executed on the network. The service activation system may also include a component or group of components to verify a received service order and alter the service order with default information or data where applicable. The configuration file may also be executed on the network through one or more drivers communicating with the affected devices to configure the one or more network devices.

Abstract: Aspects of the present disclosure involve systems and methods for a collaboration conferencing system to track a total number of concurrently utilized ports across any number of conferencing bridges of the network for a particular customer and one or more billing actions may occur based on this tracking. This may result in an alternate billing option for the customer's use of the system. Further, a telecommunications network administrator may provide access to the collaboration conferencing system based on a total number of concurrently utilized ports rather than on a per conference or per minute basis. With the information of the number of purchased ports by the customer, the administrator may more accurately predict an available capacity for the collaboration conferencing system needed to support all of the users of the system and the potential collaboration conferences.

Abstract: Novel tools and techniques are provided for implementing fraud or distributed denial of service (“DDoS”) protection for session initiation protocol (“SIP”)-based communication. In various embodiments, a computing system may receive, from a first router, first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address and a called party at a destination address. The computing system may analyze the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions. If so, the computing system may reroute the first SIP data to a security deep packet inspection (“DPI”) engine, which may perform a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data. If so, the security DPI engine may initiate mitigation actions.