Abstract: Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.

Abstract: A system for ciphering data for transmission by a communication device is provided. The system includes a memory device having a memory buffer a first access port connected to the memory buffer and a second access port connected to the memory buffer. The system also has a data processing processor connected to the first access port via a first bus and a ciphering processor connected to the second access port via a second bus. The first access port and the second access port each provide mutually independent access to the memory buffer. The second bus is not connected to the first bus. The data processing processor is adapted to receive the data and provide the data to the memory buffer over the first bus. The ciphering processor is adapted to retrieve the data from the memory buffer over the second bus, generate ciphered data from the data, generate integrity check information for the ciphered data using the data and provide the ciphered data to the memory buffer over the second bus.

Abstract: An insert (10) for use in connecting two length of pipe each of use has a plastic liner. The insert consists of an inner tubular member (12) of plastics material for connection at either end to the liners of two pipe length's, an insulating sleeve (14) surrounding a central portion of the inner tubular member (12) and a ring (16) of heat-resistant material overlying part of the insulating sleeve (14) to be positioned, in use, beneath a location at which the pipe length or butt welded. The insulating sleeve (14) comprises an insulating material (22) which is at least partially enclosed with a sheath (24) such that the sheath (24) can be mechanically connected to the interior of one said pipe length.

Abstract: A modified security protocol for remotely managed computer-based communications devices is presented. The protocol is based on the Syslog Sign protocol but is altered to allow an entity that collects log events from and/or remotely manages the device to provide authenticated acknowledgement of event logs that have been successfully received. This is achieved through an Acknowledgement Block which is signed by the entity and made available to the device.

Abstract: Methods of preventing flooding-type denial-of-service attacks in a computer-based network are described. Connection establishing messages known as SYN packets are matched with connection terminating messages (FIN packets) by using a hash algorithm. The hash algorithm or message digest uses source and destination IP addresses, port numbers, and a secret key as input parameters. The SYN packets and FIN packets are mapped to buckets using the hash algorithm and statistics are maintained for each bucket. A correspondence between SYN packets and FIN packets is maintained to close a security hole.

Abstract: Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.

Abstract: System and method of providing authentication of files downloaded from a source to an embedded system are described. The files or other digital data is combined with a header that includes target state information. The target state information is typically identification information such as target address or data revision levels. The embedded system verifies the target state information before uploading the files or digital data. The header may also include a digital signature as a further authentication measure.

Abstract: A method and system for providing routing information for use in virtual private networks is disclosed. The method supports a variety of different secure network topologies. According to the method a static map is generated including information on each static gateway and resources accessible therethrough. The map also contains security information for accessing and authenticating a gateway.

Abstract: A method and system for implementing network policy is described. The method involves storing policy data using certificates using a certificate database server. Upon retrieval, a policy is then validated as properly certified prior to use. When a policy is not validated, it indicates tampering or improper policy data entry. When policy data is successfully validated, the policy is implemented.