Abstract: A detection system in which a user can indicate the permissible sequences of packets (e.g., by virtue of a state transition table), and the detection system detects packets which are inconsistent with such permissible sequences. As a result, all anomalies (which are inconsistent with the user specified normal behavior) may be reliably detected.

Abstract: Using one set of processors for downloading (and associated processing of) signature data corresponding to security application, and using another set of processors for forwarding/switching. The associated processing may include decompression of the data, authentication (hash computation and verification). Due to the use of separate processors for signature downloads, the forwarding throughput performance of a switching device (e.g., gateway/router) may not be impeded at least substantially during signature data download. Similarly, an out-of-band connection can also optionally be used for signature download.

Abstract: According to an aspect of the present invention, routers are notified of occurrence of denial of service (DoS) attack. The DoS attack can be within another router or other user systems contained in an inter-networked environment. The routers may perform actions such as throttling/blocking packets which would continue to cause such DoS attack. Multiple routers may collaboratively mitigate the effect of the DoS attack.

Abstract: Providing fail_over call processing services by sniffing signaling traffic, without the overhead of configuring/provisioning terminals (phones), call servers etc. According to an aspect of the present invention, the integrated device operates as a backup call server when external call servers are unavailable. In one embodiment, the integrated device checks whether a first call server, to which a call setup request is destined to, is available, and forwards the request to another call server if the first call server is unavailable. According to another aspect, the integrated device detects the access information of each terminal registering with a call server, and uses the detected information to provide responses to call setup requests when the call servers are unavailable. As a result, the IP phones in a local network can continue initiating calls even when call servers located at remote sites, become unavailable.