Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.

Abstract: A method of encoding network packets for storage and later transmitting emulated packets includes determining a protocol for the packet and validating the protocol as belonging to a list of recognized protocols. Upon validating the packet, a protocol attribute value from the packet is parsed and a dictionary is referenced using the protocol attribute value to obtain a binary encoding, which is stored as an encoded packet. The packet, for example, may be an HTTP protocol request packet and parsing may include parsing a TYPE attribute value where the TYPE attribute value indicates whether the packet is a GET, POST, PUT or OTHER type of HTTP request. The method may further include modifying environmental data in the packet when the packet is later generated for transmission on a network. The method may further include, for packets of unrecognized protocols, learning and creating an encoding for new protocols.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

Abstract: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.

Abstract: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.

Abstract: A system and method for allocating bandwidth across a network to and from different end point nodes improves the predictability and efficiency of best effort network architectures. Advanced traffic processors associated with end point nodes detect and classify packets transferred across a network and allocate bandwidth. A packet policy module of the advanced traffic processor allocates bandwidth by applying policy definitions, flow ID rules, and flow policy maps to prioritize packet flows. In one embodiment, bandwidth is allocated on demand on a per-download basis so that bulk file transfers are provided substantially reduced download times through allocation of bandwidth for a premium fee.

Abstract: A remote XDSL transceiver unit (16) includes an XDSL transceiver (19) and a control block (18). The XDSL transceiver (19) is operable to establish and communicate across an XDSL physical layer. The control block (18) is coupled to the XDSL transceiver (19) and operates to transmit a request for service to a loop termination point. The control block (18) also operates to identify a signal received from the loop termination point (14) and respond based upon a current context of the remote XDSL transceiver unit (16). Further, the control block (18) operates to control power-up and training of the XDSL transceiver (19) such that the XDSL physical layer can be dynamically brought up and down. In one embodiment, the control block (18) operates to store profile information for an established XDSL physical layer to use for future re-establishing of the XDSL physical layer.

Abstract: The invention provides a marine propulsion device comprising a powerhead including an exhaust gas discharge port, a gearcase rotatably supporting a propeller shaft connected to the powerhead and including an exhaust gas discharge, and a lower unit including an upper portion supporting the powerhead and a lower portion connected to the gearcase, with the lower unit comprising an inner exhaust housing having a generally vertical wall, an open top in communication with the powerhead exhaust gas discharge port, a bottom having therein a first exhaust gas outlet and a second exhaust gas outlet at the top portion of the wall, and an outer exhaust housing also having a generally vertical wall in surrounding relation to the inner exhaust gas housing and defining a vertically extending generally annular space between the inner and outer exhaust gas housings, the space communicating with the second exhaust gas outlet.