Abstract: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.

Abstract: An email system comprises a plurality of email servers connected by a data communications network. The email system avoids single points of failure by employing multiple email servers which self configure, without requiring dedicated servers, through self addressing and discovery and announcement protocols. An email server can act as a primary email server by executing an administration tool allowing an administrator to modify the configuration data set which the email servers utilize, and the primary email server will then announce the resulting change in the version level of the configuration data set to other email servers. Each email server will then determine and request any needed updates to its respective configuration data set from the primary email server or another email server.

Abstract: A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a distinguished network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination.

Abstract: Sensor nodes (or addresses therefore), acting as real-time message decoys, are distributed across a real-time communications network to attract unsolicited real-time messages. Filtering rules are derived from the message characteristics (such as the source address) and messaging content of the traffic encountered at the sensor nodes. The filtering rules are distributed to filtering agents positioned in the communications network in such a way that they can filter traffic for legitimate users. The filtering agents may identify and control the disposition of real-time messaging traffic that is part of a mass communication campaign on behalf of legitimate users of the real-time messaging communication system. Disposition may include suppressing, diverting, or labeling.

Abstract: A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a distinguished network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination.

Abstract: An email system comprises a plurality of email servers connected by a data communications network. The email system avoids single points of failure by employing multiple email servers which self configure, without requiring dedicated servers, through self addressing and discovery and announcement protocols. An email server can act as a primary email server by executing an administration tool allowing an administrator to modify the configuration data set which the email servers utilize, and the primary email server will then announce the resulting change in the version level of the configuration data set to other email servers. Each email server will then determine and request any needed updates to its respective configuration data set from the primary email server or another email server.

Abstract: A Voice over IP (VoIP) or Real Time Messaging (RTM) firewall device is claimed that protects VoIP or RTM network traffic by identifying and controlling the delivery of such network traffic that is unsolicited and undesired by the recipient (i.e. VoIP or RTM spam). The system involves applying a unique marking to RTM messages close to a point of message origination and then at a point close to message termination for the intended recipient examining a reputation store for information on the unique marking and using that information in conjunction with a set of policy rules to decide whether to pass, reject, pass on to an RTM store or otherwise filter the RTM message. The unique marking serves to identify a source characteristic of the message such as the message originator, a corporate affiliation for the originator, or a RTM network characteristic of the originator such as a transmission gateway.

Abstract: A method of “stateful failover” is provided that allows email gateway systems in a cluster to deliver email messages that have been accepted for delivery by a member of the cluster, but has failed with out delivering the messages. The method involves creating a backup copy of the messages that have been accepted for delivery by one email gateway system in the stateful failover cluster on one or more other email gateway systems in the stateful failover cluster. Upon detecting the failure of the email gateway system that accepted the message, another member of the stateful failover cluster that has access to the backup copy of the message queue takes responsibility for the delivery of the messages on the mirrored queue.

Abstract: A system and method of detecting undesired email containing image-based messages employs a statistical analysis process which identifies and assigns probability values to the presence of each of a pre-selected set of text-related characteristics of an email under consideration and to the presence of each of a pre-selected set of image-related characteristics of the email under consideration. The identified characteristics and their associated probability values are used to determine whether the email is undesired. In one embodiment, the identification and assignment of probability values is a Bayesian analysis and, preferably, a Statistical Token Analysis. The system and method can identify undesired emails which contain images having messages, generally in the form of text in the image.

Abstract: A system and method are provided to couple tunnel servers to tunnel clients executing host applications for use in a virtual private network (VPN) environment. A receiver receives requests from host applications executing on the tunnel clients. The requests are addressed to the tunnel coupling system to establish a VPN tunnel. A processor processes the requests and an indication of loads on the tunnel servers to establish the VPN tunnels by designating at least one of the tunnel servers to each requested tunnel. A tunnel traffic distributor distributes tunnel traffic to the tunnel servers based at least part on the designations. In additional aspects, an evaluation processor evaluates the tunnel traffic before the tunnel traffic distributor distributes the tunnel traffic to the tunnel servers. For example, the evaluation performed by the evaluation processor includes at least performing security functions on the tunnel traffic.

Abstract: A hardware-based policy engine that employs a policy cache to process packets of network traffic. The policy engine includes a stream classifier that associates each packet with at least one action processor based on data in the packet, and the action processor further acts on the packets based on the association determined by the stream classifier.

Abstract: A networking device may operate according to a first configuration profile adapted to cause the device to conform to restrictions applicable within a plurality of different locations. The networking device may obtain a second, location-aware configuration profile, which may include restrictions applicable to the location where the device is deployed. The second, location-aware configuration profile may be provided by a location-aware configuration service responsive to a request from the device. The service may determine a location of the device from the request. The service may identify restrictions applicable within the region the device is located.

Abstract: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.

Abstract: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.

Abstract: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.

Abstract: A system and method for recognizing an incoming email as a desired email examines outgoing email messages to arrange the email into fragments for which representations are created and stored. When an incoming message is received, the message is arranged into fragments for which representations are created. The representations of the incoming message are compared to the stored representations and if the matches between stored representations and the representations of the incoming message meet a predefined threshold test, the incoming message is recognized as being desirable. An incoming email message which has been recognized as being desirable can be subjected to a lesser examination to recognize a SPAM message, or to no further examination to recognize a SPAM message.

Abstract: Sensor nodes (or addresses therefore), acting as real-time message decoys, are distributed across a real-time communications network to attract unsolicited real-time messages. Filtering rules are derived from the message characteristics (such as the source address) and messaging content of the traffic encountered at the sensor nodes. The filtering rules are distributed to filtering agents positioned in the communications network in such a way that they can filter traffic for legitimate users. The filtering agents may identify and control the disposition of real-time messaging traffic that is part of a mass communication campaign on behalf of legitimate users of the real-time messaging communication system. Disposition may include suppressing, diverting, or labeling.

Abstract: A Voice over IP (VoIP) or Real Time Messaging (RTM) firewall device is claimed that protects VoIP or RTM network traffic by identifying and controlling the delivery of such network traffic that is unsolicited and undesired by the recipient (i.e. VoIP or RTM spam). The system involves applying a unique marking to RTM messages close to a point of message origination and then at a point close to message termination for the intended recipient examining a reputation store for information on the unique marking and using that information in conjunction with a set of policy rules to decide whether to pass, reject, pass on to an RTM store or otherwise filter the RTM message. The unique marking serves to identify a source characteristic of the message such as the message originator, a corporate affiliation for the originator, or a RTM network characteristic of the originator such as a transmission gateway.

Abstract: An email system comprises a plurality of email servers connected by a data communications network. The email system avoids single points of failure by employing multiple email servers which self configure, without requiring dedicated servers, through self addressing and discovery and announcement protocols. An email server can act as a primary email server by executing an administration tool allowing an administrator to modify the configuration data set which the email servers utilize, and the primary email server will then announce the resulting change in the version level of the configuration data set to other email servers. Each email server will then determine and request any needed updates to its respective configuration data set from the primary email server or another email server.

Abstract: A method of “stateful failover” is provided that allows email gateway systems in a cluster to deliver email messages that have been accepted for delivery by a member of the cluster, but has failed with out delivering the messages. The method involves creating a backup copy of the messages that have been accepted for delivery by one email gateway system in the stateful failover cluster on one or more other email gateway systems in the stateful failover cluster. Upon detecting the failure of the email gateway system that accepted the message, another member of the stateful failover cluster that has access to the backup copy of the message queue takes responsibility for the delivery of the messages on the mirrored queue.