Abstract: A network processor is used for the routing of objects in non-data networking applications. The processor utilizes the Open Shortest Path First (OSPF) algorithm to capitalize on the benefits of data control for object traffic control and costs. A network processor is used at each point in a grid represented by intersecting paths. One or more routing tables are embedded in each network processor. Each routing table describes links with other network processors in the grid to which the network processor is interconnected. A cost factor is associated with each link and is constantly updated by the OSPF as new information becomes available. If a link or route becomes unavailable, the cost is set at infinity. The system then creates an alternative path for the object between a source and the desired destination that bypasses the unavailable link or route.

Abstract: A system and method for detecting a drone implanted by a vandal in a network connected host device such as a computer, and controlling the output of the drone. The system includes an inbound intrusion detection system (IDS), an outbound IDS, a blocker such as a firewall, an inbound trace log for storing a trace of inbound traffic to the protected device, an outbound trace log for storing a trace of outbound traffic from the protected device, and a correlator. When the outbound IDS detects outbound distributed denial of service (DDoS) traffic, the outbound IDS instructs the blocker to block the outbound DDos traffic. The correlator then recalls the outbound trace log and the inbound trace log, correlates the logs, and deduces the source ID of a message responsible for triggering the drone. The correlator then instructs the blocker to block incoming messages that bear the source ID.

Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC includes a standard cell. The standard cell includes a plurality of logic functions. The ASIC also includes at least one bus coupled to at least a portion of the logic functions and a plurality of internal signals from the plurality of logic functions. Finally, the ASIC includes a field programmable (FP) function coupled to the at least one bus and at least a portion of the plurality of internal signals. The FP function provides access to internal signals for observation and control. An ASIC using a field programmable gate array (FPGA) function within a standard cell design is utilized to create an internal-to-the-ASIC bridging of internal signals to observe and control of the internal signals of the ASIC. By the placement of logic, which expresses a test program, into the FPGA function that manipulates the I/O pins and/or other functional entities of interest, the ASIC function and/or surrounding logic can be easily verified.

Abstract: A defense against spoofing vandals is provided, where the defense enlists the network-addressable device whose identity is used by the vandal. A network-addressable device checks incoming messages for communication protocol violations that indicate that a spoofer is using the identity of the network-addressable device. When such a protocol violation is detected, the network-addressable device records attributes of the incoming message in a spoofing logbook database. Further, the network-addressable device increments a counter associated with the identity of the spoofer's target. The value of the counter is compared with a predetermined threshold, in order to determine if the supposed spoofing is an isolated incident or part of a persistent attack. When the value of the counter exceeds the threshold, the network-addressable device constructs a spoofing alert, and sends the spoofing alert to a network administrator. The network-addressable device then rejects the message associated with the protocol violation.

Abstract: An intrusion detection system checks a list of business rules at predetermined update times, and determines whether any provision of the business rules has become newly operative since the last update time. Provisions of the business rules prescribe alterations to intrusion signatures, thresholds, actions, or weights that are appropriate to broader circumstances evident at the update time. Whenever a new provision is found to be operative, the effected signatures, thresholds, actions, or weights are altered accordingly.

Abstract: This invention makes use of the capability of a network processor (as described more fully herein) to perform software directed tree searches. Pattern recognition data processing, as expanded upon in the detailed description, opens possibilities for data mining, virus protection, security and other functions. As realized in accordance with the varying embodiments of this invention, significant performance improvements are obtained and highly scaleable systems are created which are capable of examining large amounts of data, both in real time and in batch modes.

Abstract: An intrusion detection security system (IDSS) guards a server against vandals' attacks such as denial of service, distributed denial of service, and common gateway interface attacks. An incoming source address is compared with the contents of a database of privileged addresses. If the incoming address is present in the database, the IDSS instructs protective equipment such as a firewall or router to allow the incoming message to pass to the web server despite any ongoing attack, thus allowing messages from customers or suppliers, for example, through. Otherwise, the IDSS checks a database of blocked addresses. When the incoming address is absent, the IDSS writes the address to the database of blocked addresses and instructs the protective equipment to block subsequent messages from the incoming address.

Abstract: An intrusion detection system monitors for signature events, which are part of base intrusion sets that include signature event counters, signature thresholds, and base actions. Associated with each base intrusion set is an action set including an action counter, an action threshold, and an action variable. The associated action counter is updated when the base action of the base intrusion set is invoked responsive to the count of associated signature events meeting the associated signature threshold. The action counter is compared with an action threshold. If the action counter meets the threshold, the associated action variable is updated. The action variable is then passed to an analysis engine comprising a set of rules, which analyses the action variable either in isolation or together with other action variables associated with other base intrusion sets. According to the analysis, an element of a base intrusion set or an action set may be changed.

Abstract: A method and system for verifying the availability of a back-up virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a backup tunnel verification test message to the second network element over the back-up secure tunnel upon receipt of a backup tunnel verification test command. The back-up secure tunnel includes two unidirectional tunnels. The second network element receives the back-up tunnel verification test message over the first back-up unidirectional secure tunnel and transmits a response back to the first network element over the second back-up unidirectional secure tunnel.

Abstract: Disclosed is an apparatus including an interchassis network having a plurality of network interface connections; and an interchassis switch coupled to an egress communications system having an egress transmission capacity, a plurality of ingress transmission channels coupled to the plurality of network interface connections collectively having a potential ingress transmission capacity greater than the egress transmission capacity, and a capacity controller coupled to the plurality of ingress transmission channels for controlling an operational ingress capacity of the plurality of network interface connections. The method of controlling an ingress transmission capacity of an interchassis switch includes the steps of comparing the ingress transmission capacity to a threshold capacity; and controlling the ingress transmission capacity responsive to the ingress transmission capacity comparing step.

Abstract: Disclosed is an apparatus including an interchassis network having a plurality of network interface connections; an interchassis switch coupled to an egress communications system, the interchassis switch having an egress transmission capacity, the interchassis switch including a plurality of ingress transmission connections collectively having an ingress transmission capacity; and a controller, coupled to the plurality of network interface connections and to the interchassis switch, for controlling a maximum ingress transmission capacity of the interchassis switch. The method of controlling an ingress transmission capacity of an interchassis switch includes comparing the ingress transmission capacity to a threshold capacity; and controlling, using a controller external to the interchassis switch, the ingress transmission capacity responsive to the ingress transmission capacity comparing step.

Abstract: A system and method in which network packets sharing a common destination are bundled into one or more larger packets. In one embodiment, an originating server, gateway, or other network device recognizes the presence of multiple, small IP packets having a common IP address. The network device according to the present invention is configured to concatenate or bundle two or more such small packets. The bundled packet as a whole is then given a new header, the bundle header, that includes the network destination address and information that informs the receiving protocol processing device that the packet is a bundled packet. The receiving device can then strip off the bundle header and process the component packets individually according to an existing protocol.

Abstract: A method and system for determining the connectivity of a virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a connectivity test message to the second network element over the secure tunnel upon receipt of an initiate connectivity test command. The secure tunnel includes two unidirectional tunnels. The second network element receives the connectivity test message over the first unidirectional secure tunnel and transmits a response back to the first network element over the second unidirectional secure tunnel. The number of successful responses received from the second network element are accumulated and the results are reported back to the source of the connectivity test command.

Abstract: A method and system for providing multilevel information about aspects of accounting. The method comprises the steps of generating a display, on a computer display screen, of a tree having a plurality of nodes, and embedding in the nodes multilevel information about said accounting aspects. For example, trees may be generated that represent credit, debit, revenue, expense, credit and/or debit plans, credit or debit thresholds, assets (cash, investments, receivables), inventory costing and control, short term and/or long term liabilities (stocks, bonds, mortgage notes), stockholders (equity, dividends, cost basis, restrictions, donations), working capital, cash flow (income statement, operations, earnings, forecast, historical data), customer data, manufacturing costs (processing, target), profit (product, division) taxes (income, sales, real estate, etc.). Information may be embedded with a matrix approach.

Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC comprises a standard cell, the standard cell including a plurality of logic functions. The ASIC further includes at least one FPGA interconnect coupled to at least a portion of the logic functions. The FPGA interconnect can be configured to select a particular logic function of the plurality of logic functions. An ASIC in accordance with the present invention allows “field selection” of functions that are connected to the internal bus(es) and to external I/O. In addition, functional block connections made with internal buses can be significantly wider and faster than buses brought on chip via external chip I/Os. Further, the ASIC reduces cost because selective bus connections can be made internal to the chip, thus eliminating the need for external pins. Finally, the ASIC reduces the cost of the packaged component by allowing the chip to be packaged in a lower pin count package.

Abstract: A method and system for detecting attempted intrusions into a network, including: providing a network processor for monitoring packets transmitted over a communications link of the network; receiving a plurality of packets from the communications link by the network processor; and pre-filtering the plurality of packets by the network processor to identify packets potentially with patterns of interest. These packets are forwarded to a NIDS. The NIDS then examines the forwarded packets to identify the packets that have the pattern of interest. By using the network processor to pre-filter the packets, the number of packets examined by the NIDS is significantly reduced. Also, the capacity of the NIDS can be increased without requiring changes in the NIDS.

Abstract: A method and system for providing multilevel information about aspects of accounting. The method comprises the steps of generating a display, on a computer display screen, of a tree having a plurality of nodes, and embedding in the nodes multilevel information about said accounting aspects. For example, trees may be generated that represent credit, debit, revenue, expense, credit and/or debit plans, credit or debit thresholds, assets (cash, investments, receivables), inventory costing and control, short term and/or long term liabilities (stocks, bonds, mortgage notes), stockholders (equity, dividends, cost basis, restrictions, donations), working capital, cash flow (income statement, operations, earnings, forecast, historical data), customer data, manufacturing costs (processing, target), profit (product, division), taxes (income, sales, real estate, etc.). Information may be embedded with a matrix approach.

Abstract: An apparatus for performing complex pattern matching in a data stream within a computer network is disclosed. The apparatus includes a serial array register and a content-addressable memory (CAM). The CAM includes multiple CAM entries, and each of the CAM entries includes a k-byte pattern concatenated with an n-byte mask. The positions of the k-byte pattern and n-byte mask in each of the CAM entries offset from those in other CAM entries by one byte. Preferably, the k-byte pattern is each of the CAM entries represents a known computer virus pattern. After the capture of a data pattern from a data stream by the serial array register, the CAM register performs a comparison operation between the captured data pattern and all the CAM entries. If there is a match between the captured data pattern and one of the CAM entries, the CAM signals that the data stream contains information that are potentially harmful to the computer network.

Abstract: A method and system for providing multilevel information about multicast distribution. The method comprises the steps of generating a display, on a computer display screen, of a tree having a plurality of nodes, and embedding in the nodes information about the multicast distribution. The tree may display information about one or more of a variety of aspects of the multicast distribution. These aspects include display of the members of each of a plurality of particular multicast groups, group and/or member connectivity, group parameters, group statistics control, monitor and maintenance; acknowledge and/or operational status, etc. As a specific example, the nodes may represent capacities of a defined aspect. Displays may allow users having particular privileges to add, delete and/or modify nodes. Geometric shapes, having geometric aspects, may be used to represent the nodes; and the aspects of these shapes may be used to represent predetermined aspect of the multicast distribution.

Abstract: A network processor is disclosed. The network processor comprises a plurality of standard cells; and at least one field programmable gate array (FPGA) cell that can communicate with at least one of the standard cells. The at least one FPGA cell can provide a specified function based upon field programming techniques to allow for customization of the network processor. Utilizing a method and system in accordance with the present invention, a network processor can be customized to implement a variety of functions in hardware using embedded FPGA macros. The combined technology of ASIC standard cells plus FPGA cells enables fast time-to-market for new designs while optimizing cost and performance. In addition, the combined ASIC plus FPGA on a single die allows the chip developer to use proven standard cell macros for common logic and programmable cells for high-risk logic.