Abstract: An approach for tracking denial-of-service (DoS) flood attacks using an overlay IP (Internet Protocol) network is disclosed. One or more tracking routers form an overlay tracking network over the network of an Internet Service Provider (ISP). The ISP network includes numerous transit routers and edge routers. The tracking routers communicate directly with all the edge routers using IP tunnels. The edge routers within the ISP network perform security diagnostic functions, in part, to identify a DoS flood attack that has been launched by one or more attackers. To track down an attacker, an egress edge router identifies the DoS flood attack datagrams, rerouting these datagrams to the overlay tracking network. The tracking routers perform hop-by-hop input debugging to identify the ingress edge router associated with the source of the DoS flood attack.

Abstract: A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. Both network ports have the same network address, making the device transparent to the local area network in which it is spliced. The device operates by selectively encrypting or decrypting only the data portion of a data packet, leaving the routing information contained in the header and trailer portions of the data packet unchanged.

Abstract: A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. The device operates in one of two modes by selectively encrypting or decrypting packets or portions of packets based on information contained in a packer's header.

Abstract: A computer network encryption/decryption device includes at least one microprocessor, microprocessor support hardware, at least two network ports for connecting to upstream and downstream networks, memory hardware for storing program, configuration, and keylist data, and data encryption/decryption hardware. Both network ports have the same network address, making the device transparent to the local area network in which it is spliced. The device operates by selectively encrypting or decrypting only the data portion of a data packet, leaving the routing information contained in the header and trailer portions of the data packet unchanged.