Abstract: Method for unified networking for a device in heterogeneous mobile environments includes maintaining and monitoring active network interfaces, managing the location of the device, managing network access security, enabling disruption tolerance support for applications, enabling service sharing and session mobility, managing system parameters for one or more active application sessions, managing storage functionality in one or more memory devices, and maintaining a mapping for one or more flows corresponding to the one or more active application sessions, maintaining one or more policies, and performing flow control decisions based upon the policies using a policy engine. The method can also include monitoring for network events, evaluating whether to perform a handover based upon policies, and providing seamless secure handovers in a heterogeneous mobile environment. A device, non-transitory computer-readable medium, and a system for unified networking are also provided.

Abstract: Method for unified networking for a device in heterogeneous mobile environments includes maintaining and monitoring active network interfaces, managing the location of the device, managing network access security, enabling disruption tolerance support for applications, enabling service sharing and session mobility, managing system parameters for one or more active application sessions, managing storage functionality in one or more memory devices, and maintaining a mapping for one or more flows corresponding to the one or more active application sessions, maintaining one or more policies, and performing flow control decisions based upon the policies using a policy engine. The method can also include monitoring for network events, evaluating whether to perform a handover based upon policies, and providing seamless secure handovers in a heterogeneous mobile environment. A device, non-transitory computer-readable medium, and a system for unified networking are also provided.

Abstract: Method for unified networking for a device in heterogeneous mobile environments includes maintaining and monitoring active network interfaces, managing the location of the device, managing network access security, enabling disruption tolerance support for applications, enabling service sharing and session mobility, managing system parameters for one or more active application sessions, managing storage functionality in one or more memory devices, and maintaining a mapping for one or more flows corresponding to the one or more active application sessions, maintaining one or more policies, and performing flow control decisions based upon the policies using a policy engine. The method can also include monitoring for network events, evaluating whether to perform a handover based upon policies, and providing seamless secure handovers in a heterogeneous mobile environment. A device, non-transitory computer-readable medium, and a system for unified networking are also provided.

Abstract: Method for unified networking for a device in heterogeneous mobile environments includes maintaining and monitoring active network interfaces, managing the location of the device, managing network access security, enabling disruption tolerance support for applications, enabling service sharing and session mobility, managing system parameters for one or more active application sessions, managing storage functionality in one or more memory devices, and maintaining a mapping for one or more flows corresponding to the one or more active application sessions, maintaining one or more policies, and performing flow control decisions based upon the policies using a policy engine. The method can also include monitoring for network events, evaluating whether to perform a handover based upon policies, and providing seamless secure handovers in a heterogeneous mobile environment. A device, non-transitory computer-readable medium, and a system for unified networking are also provided.

Abstract: A device receives an attack on a Session Initiation Protocol (SIP) based device, and applies, based on a type of the attack, a method vulnerability based filter to the attack.

Abstract: A device may verify whether pinholes in a perimeter protection device are open and may determine pinhole opening and closing delays. The method for determining the pinhole opening delay may include sending a stream of packets for passing through the pinhole in the network perimeter protection device. The packets in the stream may be sent at known time intervals. The method may include receiving one or more of the packets in the stream, wherein the received packets passed through the pinhole. The pinhole opening delay may be based on an indication of the position of the first one of the packets received in the stream and the known time intervals. The pinhole closing delay may be based on the number of packets having passed through the pinhole, after sending a session termination message, and the known time intervals.

Abstract: A method may include receiving a first packet; determining, in a first processor, whether the first packet meets a criterion to be forwarded to a destination indicated in the first packet; receiving a second packet; determining whether the second packet is of a type for changing the criterion and sending the second packet to a second processor if the second packets is of the type for changing the criterion; receiving instructions, based on the second packet sent to the second processor, to change the criterion; and changing the criterion.

Abstract: Method for unified networking for a device in heterogeneous mobile environments includes maintaining and monitoring active network interfaces, managing the location of the device, managing network access security, enabling disruption tolerance support for applications, enabling service sharing and session mobility, managing system parameters for one or more active application sessions, managing storage functionality in one or more memory devices, and maintaining a mapping for one or more flows corresponding to the one or more active application sessions, maintaining one or more policies, and performing flow control decisions based upon the policies using a policy engine. The method can also include monitoring for network events, evaluating whether to perform a handover based upon policies, and providing seamless secure handovers in a heterogeneous mobile environment. A device, non-transitory computer-readable medium, and a system for unified networking are also provided.

Abstract: A device receives an attack on a Session Initiation Protocol (SIP)-based device, determines a type of the attack, and applies, based on the determined type of the attack, a return routability check filter to the attack.

Abstract: A test method for Internet-Protocol packet networks that verifies the proper functioning of a dynamic pinhole filtering implementation as well as quantifying network vulnerability statistically, as pinholes are opened and closed is described.

Abstract: A method may include receiving a session initiation protocol (SIP) request message and determining whether a dialog exists corresponding to the request message. The method may also include determining whether the dialog is in a first phase or a second phase when a dialog exists corresponding to the session control protocol message and querying a table indicating valid protocol requests for the determined phase to determine whether the received request message is valid. The method may include rejecting the request message when determined that the request message is not valid.

Abstract: A method may include receiving a session control protocol request message and fingerprinting the received session control protocol message. The method may further include comparing the fingerprint of the received request message to a list of fingerprints associated with known malicious user agents and rejecting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known malicious user agents. The method may include comparing the fingerprint of the received request message to the list of fingerprints associated with known non-malicious user agents and accepting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known non-malicious user agents.

Abstract: A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering.

Abstract: A device prevents theft of service attacks on a Session Initiation Protocol (SIP)-based device using an identity assurance protection mechanism, a multiple end-points protection mechanism, and an intrusion detecting protection mechanism.

Abstract: Testing of Internet-Protocol packet network perimeter protection devices, e.g., Border Gateways such as Session Border Controllers, including dynamic pinhole capable firewalls are discussed. Analysis and testing of these network perimeter protection devices is performed to evaluate the ability of such device to perform at carrier class levels while being subjected to many different protocol test cases. The efficiency of state look table functions as well as call signaling processing capacity, implemented in a particular perimeter protection device, are determined and evaluated. Proper performance and efficiency of such perimeter protection devices are evaluated as a function of: incoming call rate, total pre-existing active calls, and different protocol test cases. Various different network perimeter protection devices, e.g.

Abstract: A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering.

Abstract: A method may include receiving a session control protocol request message and fingerprinting the received session control protocol message. The method may further include comparing the fingerprint of the received request message to a list of fingerprints associated with known malicious user agents and rejecting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known malicious user agents. The method may include comparing the fingerprint of the received request message to the list of fingerprints associated with known non-malicious user agents and accepting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known non-malicious user agents.

Abstract: A method may include receiving a session initiation protocol (SIP) request message and determining whether a dialog exists corresponding to the request message. The method may also include determining whether the dialog is in a first phase or a second phase when a dialog exists corresponding to the session control protocol message and querying a table indicating valid protocol requests for the determined phase to determine whether the received request message is valid. The method may include rejecting the request message when determined that the request message is not valid.

Abstract: A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering.

Abstract: A method may include receiving a first packet; determining, in a first processor, whether the first packet meets a criterion to be forwarded to a destination indicated in the first packet; receiving a second packet; determining whether the second packet is of a type for changing the criterion and sending the second packet to a second processor if the second packets is of the type for changing the criterion; receiving instructions, based on the second packet sent to the second processor, to change the criterion; and changing the criterion.