Abstract: Managing assistance to a communication network capable of routing traffic characteristic of a computer attack. A method includes upon detecting a computer attack, identifying at least a first node of the network, requiring a mitigation intervention, and identifying a traffic routing policy in the network; controlling a movement of at least one mobile object comprising at least one communication interface, so as to connect the mobile object to at least a second node of the network determined relative to the first node according to the traffic routing policy; and controlling at least part of the traffic routed by the network, so as to redirect the part of the traffic to the mobile object via at least the second node of the network.

Abstract: A method for managing communication between a first terminal and a second terminal in a communication network is disclosed. The method includes, at the first terminal: discovering at least one proxy node between the first terminal and the second terminal, the proxy node being capable of providing at least one service for the communication, and if the first terminal accepts the service, sending to the second terminal, in an establishment phase or during the communication, an encrypted proxy information message containing data identifying the at least one proxy node and a token intended to be provided to the second terminal by the at least one proxy node.

Abstract: Services for detecting and mitigating computer attacks are proposed by some access providers to their customers. However, sometimes a message to request support for the management of attacks issued by a node of a client domain under computer attack is sent to a mitigation server that is unable to process it. Such a request will be systematically rejected and no mitigation action will be implemented. The present solution makes it possible to ensure that no request message issued by a node goes unanswered, even if it is transmitted to a mitigation server that is unable to process it. To this end, when a mitigation server determines that it is unable to process a request message, instead of rejecting this request, it will seek to identify at least one other mitigation server that would be able to process this request message.

Abstract: A method for allocating an identifier to a first client node of a client domain, the first client node managing traffic associated with the client domain to protect it against a computing attack. The method includes: receiving a request for allocating a client node identifier from the first client node, the request including information identifying the client node; obtaining a list of client node identifiers already allocated to the client nodes active at least in the client domain; allocating to the first client node a client node identifier not belonging to the list obtained; recording in a local memory an association between the allocated identifier and the information; sending a response to the first client node, including the allocated identifier; and sending a request for recording the identifier allocated to the first client node in the domain to a traffic management server associated with the domain.

Abstract: A method for sending an information item allows reputation management of IP resources in a set of networks including at least a first network and a second network. The method is implemented by a device of the first network, called an “emitter device”, an includes a step in which the emitter device sends to a device of the second network, called a “receiver device”, an information item representative of a prefix size of an IP address assigned to an equipment item connected to the first network.

Abstract: Managing assistance to a communication network capable of routing traffic characteristic of a computer attack is disclosed. A method includes upon detecting a computer attack, identifying at least a first node of the network, requiring a mitigation intervention, and identifying a traffic routing policy in the network; controlling a movement of at least one mobile object comprising at least one communication interface, so as to connect the mobile object to at least a second node of the network determined relative to the first node according to the traffic routing policy; and controlling at least part of the traffic routed by the network, so as to redirect the part of the traffic to the mobile object via at least the second node of the network.

Abstract: A method for controlling a check carried out on data conveyed in a network when a first device of a user accesses a service provided by a second device via a primary connection. The method is implemented by a control entity and includes: triggering, with a coordinating entity, a configuration of the service such that data conveyed on the primary connection and on at least one secondary connection established on the fringes of the primary connection for the provision of the service pass through a checking entity selected by the control entity to analyze the data; and notifying the coordinating entity if an event is detected in a digital identity of the user conveyed when accessing the service and including identification information in relation to the user obtained from the data analyzed by the checking entity.

Abstract: A method for controlling a client device to access a service via at least one network. The control method is implemented by a trusted entity for the service and/or the client device and includes: controlling a configuration of the client device, during access by the latter to the service, in order for it to transmit, to at least one device designated for the service and authorised by the trusted entity, at least one domain name resolution request emitted by the client device within the context of the service.

Abstract: A method for a client device to obtain an IP address in order to access a network resource via at least one IP network. The method includes: inserting, in a request for obtaining an IPv6 address in order to access the network resource intended for a DNS server, a piece of information representing an IP address type expected by the client device of the DNS server in response to the obtaining request if the network resource has an IPv4 connectivity; and sending the obtaining request to the DNS server.

Abstract: A method for identifying sensitive data in at least one data packet emitted by at least one terminal connected to a network, items of identification information relating to an identity and/or environment of an entity to which the at least one terminal belongs being able to be determined from sensitive data having been inserted into the at least one packet before it reaches a destination equipment item. The method includes steps implemented by a searching device, including: receiving the at least one data packet, searching for sensitive data in the at least one data packet, and, where applicable, providing the entity with items of information about the detected sensitive data.

Abstract: A method for processing at least one data packet generated by at least one terminal connected to a network, where items of identification information relating to the identity and/or environment of an entity to which the at least one terminal belongs are able to be predetermined based on sensitive data having been inserted into the at least one packet before it reaches the destination equipment item. The method is implemented by at least one modifying device, each modifying device executing a set of steps of: obtaining at least one control rule of the broadcasting of at least one predetermined sensitive datum, and, if the at least one sensitive datum is detected in the at least one data packet, applying the at least one control rule to the at least one data packet.

Abstract: A method of controlling an access by at least one item of client equipment to an application service in a telecommunications network. The at least one item of client equipment is configured to access the application service. The method includes: obtaining event information relating to the processing, by at least one item of service equipment involved in implementing the application service, of messages exchanged during at least one access to the application service; detecting, from the information obtained, a processing anomaly by at least one the item of service equipment in relation to at least one given service execution criterion; and transmitting at least one control message containing at least one control action of a processing of at least one access request to the service by the item of client equipment.

Abstract: A method for coordinating mitigation of a cyber attack, an associated device and system. The coordination method is implemented by a device managing resources in a computing domain, wherein the resources are protected by a plurality of services protecting against cyber attacks. The method includes: producing mitigation plans implemented by protection services from the plurality of protection services in response to a cyber attack targeting at least one of the resources in the computing domain; and following a detection of at least one incompatibility between the mitigation plans produced, coordinating an adjustment to all or some of the incompatible mitigation plans, among the protection services that have implemented the incompatible mitigation plans, so as to eliminate the incompatibility.

Abstract: A method of automatic setup by a first device of a session complying with a dynamic routing protocol with a second device. The setup method includes, subsequent to detection by the first device of existence of a connectivity with the second device, the first device being associated with a first autonomous system number and not knowing any autonomous system number associated with the second device: an exchange with the second device including announcement to the second device of the first autonomous system number, and discovery of a second autonomous system number with which the second device is associated; or allocation to the second device of a third autonomous system number and announcement to the second device of the third autonomous system number which has been allocated to it; and setup with the second device of a session according to the routing protocol by using the autonomous system numbers exchanged.

Abstract: A method for protecting a client domain, for example against a computing attack, implemented in a client node of the client domain. The method includes: discovering at least one other client node of the client domain, called a discovered node; detecting a conflict between at least two management rules for the traffic associated with the client domain; and resolving the detected conflict, including: if one of the rules was installed by a the discovered node, modifying the rule or a state associated with the discovered node; and otherwise, obtaining, from a the discovered node, an item of information for identifying at least one node of the client domain that installed one of the rules; and detecting and/or resolving the conflict using information obtained during the discovery of the at least one other node of the client domain.

Abstract: A method of collaboration between protecting services associated with one or more domains. Such a method includes: getting a first agent used by a first protecting service to identify an attack on at least one resource managed by a domain protected by the first protecting service; and transmitting, to at least one second agent used by a second protecting service having taken out a subscription to at least one information-sharing service offered by the first protecting service, at least one piece of information relating to the attack identified by the first agent.

Abstract: A method for managing a communication according to a transport protocol of a terminal equipment in a communication network. The method includes: detecting presence, on a path allowing the terminal equipment to be reached on a second IP address of the terminal equipment, of a status function which maintains a status associated with a communication on the path, including transmitting a first message from a first IP resource of the terminal equipment, including a first IP address and a first port number, to a second IP resource of the terminal equipment, including the second IP address and a second port number, and deciding on presence of a status function on the path according to data received by the second IP resource in response the first message; and managing a communication of the terminal equipment on the path allowing the terminal equipment to be reached on the second IP address.

Abstract: Methods for traffic redirection, corresponding terminal, controller, authorization server, name resolution servers and computer program. A name resolution method implemented in a terminal connected to a communication network includes: transmitting, to a first name resolution server, a name resolution message via a secure communication channel between the terminal and the first name resolution server; if a redirection of the DNS traffic of the terminal is authorized, obtaining at least one identifier of a second name resolution server for the redirection; and executing at least one action for managing the redirection of the DNS traffic of the terminal to the second name resolution server, at least from among: verifying legitimacy of the second name resolution server, sending an indication of a failure of a connection of the terminal with the second name resolution server; and requesting deactivation of the redirection of the DNS traffic to the second name resolution server.

Abstract: A method for detecting a malicious device in a communication network, corresponding communication device and computer program. The method is implemented in a communication device configured with at least one name resolution server which is referred to as a legitimate name resolution server and associated with at least one network interface through which the communication device is able to communicate using at least one first identifier. The method includes: obtaining at least one second identifier, separate from the first identifier, for the communication device and the at least one network interface; obtaining configuration information from a name resolution service for the communication device using the at least one second identifier; and detecting presence of a malicious device in the event of an anomaly in the processing of a name resolution request sent by the communication device using the at least one second identifier and the obtained configuration information.

Abstract: A method for configuring a user apparatus and implemented by the user apparatus. The method including: deactivating, for at least one encrypted communication of the user apparatus with a remote device via a network, at least one encryption procedure selected by the user apparatus and implemented with a first entity of the network involved in routing data exchanged between the user apparatus and the remote device during the encrypted communication, the data being subject to at least one other encryption procedure separate from the at least one deactivated encryption procedure.