Abstract: Examples of the present disclosure are directed to systems and methods for using router identifier information to mitigate denial of service attacks in an autonomous system (AS). Each router of the AS may be assigned a router identifier (ID) that is unique to the AS and may be periodically changed. The ingress router first receiving the packet within a particular AS may insert its router ID into the packet. A threat intelligence system may sample packets of traffic received by the AS and examine the inserted ingress router IDs in making a threat determination. If a distribution of detected ingress router IDs from sampled packets does not match an expected distribution of ingress router IDs, one or more threat mitigation actions may be invoked.

Abstract: The present application describes a system and method for determining a latency between a client device and various servers of a networking system.

Abstract: The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

Abstract: Internet-connected devices are commonly used in various applications including home automation and industrial telemetry and control. Such devices may have relatively constrained needs for the various types of communications that are possible within the local network and with other devices on the internet, but the networks to which they are connected may nonetheless grant such devices unrestricted access. This may result in vulnerabilities that may be exploited by a malicious actor. As such, a system and method for providing security to internet-connected devices are provided.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

Abstract: Graphical codes, such as Quick Response (QR) codes, are commonly used for convenient acquisition by a mobile device of a text string (e.g., a Uniform Resource Locator identifying a website) or other data word. Such an acquisition, however, may be a relatively low-security operation because of the relative ease with which such graphical codes may be produced. As such, a system and method for secure code scanning and verification are provided.

Abstract: A method for controlling deployment of network configuration changes includes receiving, by centralized network management system executed by a processor and memory, configuration change instructions to alter a configuration of a network; computing, by the centralized network management system, a weighted impact of the configuration change instructions; determining, by the centralized network management system, whether the weighted impact of the configuration change instructions exceeds a threshold impact level; and in response to determining that the weighted impact does not exceed the threshold impact level, executing the configuration change instructions.

Abstract: A method for suppressing network traffic includes: detecting an overload condition at a target device in a network; determining a source address of high traffic associated with the overload condition at the target device; generating a traffic suppression request including a source-destination tuple including a source identifier corresponding to the source address and a destination identifier corresponding to an address of the target device; sending the traffic suppression request to a router; configuring the router with a filter based on the source-destination tuple of the traffic suppression request; and filtering traffic between the source address and the target device based on the configured filter.

Abstract: In a system with a plurality of servers serving one or more clients, situations may arise in which a client has a connection to a first server which is providing a service to the client, and in which it would be advantageous to transfer the connection to a second server, in a manner that does not require the re-establishing of the connection or the making of a renewed request, by the client, for the service. As such, a system and method for transferring a client connection from one server to another server are provided.

Abstract: The present application describes a system and method for determining a latency between a client device and various servers of a networking system.

Abstract: Systems and methods for evaluating rendering of a webpage are provided. In an example, a render of a portion of a webpage is analyzed to determine if the webpage is being properly loaded at a device. Loading of a webpage may be based on a browser loading the webpage and/or device information (e.g., an operating system running on the device, if the device is a desktop or mobile device, the size of the device, etc.). Renders of the webpage are analyzed to determine if a browser and/or device information is certifiable or suspect for the webpage. Browsers and/or device information that is certified may allow exemption of analysis of renders sent from devices with the same browser and/or device information. Alternatively, devices that have browsers and/or device information that is suspect may be sent feedback providing recommendations for alternate browsers or redirected to a simpler interface for the webpage.

Abstract: Example systems and methods permit threat intelligence to be determined and used at a local, regional, and/or global level in a communications network. A threat intelligence system may collect traffic information from local computing systems and analyze it for malicious traffic. If a measure of malicious traffic in a local computing system is reached, mitigation actions may be taken in that local computing system. In addition, threat measures may be amplified in other local computing systems, other regions, or globally in the network, in order to more quickly react to a known threat as it may spread in a network.

Abstract: The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

Abstract: In examples, a first Anycast advertisement is received from a first server identifying the first server as a primary address for a service. In addition, a second Anycast advertisement is received from the first server identifying the first server as a secondary address for the service. Further, a third Anycast advertisement is received from a second server identifying the second server as the secondary address for the service. A first community advertisement is also from the first server identifying the first server as a member of a first community. Thereafter, a first request is received from a client including the primary address, and the request is routed to the first server. When a second request from the client is received including the secondary address, based at least on the community advertisement, the first server is ignored, and the second request is routed to the second server.

Abstract: A system includes: a webserver system configured to host a dynamic webpage; a requestor device configured to communicate with the webserver system over a first network to receive the dynamic webpage; and a resource device communicably connected to the requestor device over a second network, and configured to cache a core-static webpage corresponding to the dynamic webpage. In response to the webserver system being unavailable to provide the dynamic webpage, the requestor device is configured to communicate with the resource device over the second network to request the core-static webpage.

Abstract: The present application describes systems and methods for populating a DNS cache of a recursive DNS server using information gathered by a threat intelligence system. The threat intelligence system may collect some or all DNS responses from one or more recursive DNS servers as the one or more DNS servers process various received requests. Since the threat intelligence engine has access to this DNS data, the DNS data may be used to seed a DNS cache of a recursive DNS server.

Abstract: Dynamic and self-healing optimized traffic rerouting is provided. A system and method are described for determining and implementing optimized traffic routing decision. A route orchestration system monitors network resource performance characteristics information for identifying a traffic redirection triggering event and for determining an optimized traffic control decision based on the network resource performance characteristics information. The decision may include software defined networking (SDN) instructions that may be communicated to one or more network resources (e.g., PE devices, P devices, and/or routers) that may cause traffic to be rerouted the one or more targeted servers. For example, the optimized traffic control decision may be determined to improve load balancing amongst performing servers and other network resources in the network while reducing or minimizing administrative costs.

Abstract: The present application describes a system and method for determining a latency between a client device and various servers of a networking system.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.