Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

Abstract: A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices one each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, mediate for proxy services by generation and maintenance of a token between the proxy devices capable of providing the corresponding proxy services. In the case of transfer of a data frame, a proxy device having received a frame from an end station determines whether any other proxy device possess a token authorizing the establishment of a circuit connection via a wide area network for transfer of the frame to another local area network. If the proxy devices determines that another proxy device possess the token, the proxy device lacking the token drops the frame. If the proxy device possesses the token, then the frame can be transferred via the wide area network.

Abstract: A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices on each LAN for internetwork communications. The proxy devices, implemented as data link switching (DLSw) devices, prevent looping of traffic such as explorer frames by sharing their MAC addresses to enable the proxy devices to recognize data packets from another proxy device. Incoming explorer frames from the wide area network are modified by performing an address substitution, where the source address in a received explorer frame is replaced with the address of the local proxy device. The proxy device then outputs the modified explorer frame onto the local area network. Any other proxy device on that same local network will then be able to detect the modified explorer frame as a frame forwarded by another proxy device, as opposed to a data frame from an end station on that local area network.

Abstract: A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices on each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, identify amongst each other a master proxy device for mediating services to be provided to an end station on the local area network. Each proxy device connected to the local area network sends a request to the identified master proxy device in response to detecting a frame transmitted by an end station on the local area network, for permission to establish a circuit connection for transfer of the frame via a wide area network. The master proxy device, based on prescribed criteria, selects one of the proxy devices for transferring the frame, and sends a grant response to the selected proxy device.

Abstract: The topology of a computer network is represented, for each routing device in the network, as a tree structure with the root of the tree designating the particular routing device. Tree nodes represent LANs, while arcs connecting the nodes represent other routing devices. Thus, the number of first-level links to children off the root is equal to the number of LANs connected to the source routing device, and those first-level links point to nodes representing the LANs (or LAN segments) directly connected to the source routing device. As a result of this representation, each routing device can store a representation of the entire network adequate to facilitate routing, but with much less memory utilization than a list of addresses. Furthermore, because the network is represented at a more general level than that of individual station addresses, changes to the topology of the network can be readily introduced without the need for extensive (e.g., address by address) reconfiguration.