Abstract: A processing device receives an event notification indicating a security configuration change of a cloud computing resource associated with a member account. In response, the processing device identifies a security policy associated with an administrative account corresponding to the member account and evaluates the security policy against the security configuration change to determine compliance with the policy. If not in compliance, the processing device generates a change event indicating a repair to the security configuration of the cloud computing resource to bring the security configuration into compliance with the security policy.

Abstract: A technology is described for prioritizing DNS name resolutions requests received from DNS resolvers. An example method may include identifying a resolver as a public DNS resolver. Receiving a DNS name resolution request from the public DNS resolver. Assigning a priority to the DNS name resolution request received from the public DNS resolver that is lower priority as compared to a priority assigned to DNS name resolution requests received from known DNS resolvers, and providing the DNS name resolution request to the DNS name server according to the priority assigned to the DNS name resolution request.

Abstract: A processing device receives an event notification indicating a security configuration change of a cloud computing resource associated with a member account. In response, the processing device identifies a security policy associated with an administrative account corresponding to the member account and evaluates the security policy against the security configuration change to determine compliance with the policy. If not in compliance, the processing device generates a change event indicating a repair to the security configuration of the cloud computing resource to bring the security configuration into compliance with the security policy.

Abstract: A technology is described for prioritizing DNS name resolutions requests received from DNS resolvers. An example method may include receiving a DNS name resolution request addressed to a DNS name server from a DNS resolver. The DNS resolver associated with the DNS name resolution request may be identified as a known DNS resolver or an unknown DNS resolver, where a known DNS resolver may have DNS resolver characteristics that correspond to a valid DNS resolver. The DNS name resolution request may be prioritized according to the identity of the DNS resolver as a known DNS resolver or an unknown DNS resolver. The DNS name resolution request may then be provided to the DNS name server according to the priority assigned to the DNS name resolution request.

Abstract: A technology is described for prioritizing network packets using suspicion weights assigned to packet attributes of the network packets. An example method may include analyzing a network packet for packet attributes that have values indicating that the network packet may be associated with a potential network attack. Suspicion weights for the packet attributes identified as having a value that indicates that the network packet is associated with the potential network attack may be obtained, and a suspicion score may be calculated for the network packet using the suspicion weights.

Abstract: Technology is described for establishing and transferring transmission control protocol (TCP) connections. A connection may be established when an acknowledgement (ACK) packet is received from the client. A connection handoff packet may be generated that includes connection parameters that describe the connection with the client. The connection handoff packet may be sent to a destination host to enable the destination host to take over the connection with the client based on the connection parameters in the SYN cookie.

Abstract: A technology is described for limiting the rate at which a number of requests to perform a network action are granted using rate limiters. An example method may include receiving a request for a token granting permission to perform a network action via a computer network. In response, rate limiters may be identified by generating hash values using hash functions and a network address representing a source network where the hash values identify memory locations for the rate limiters. The rate limiters may have a computer memory capacity to store tokens that are distributed in response to the request. Token balances for the rate limiters may be determined, and permission to perform the network action may be granted as a result of at least one of the token balances being greater than zero.