Abstract: Certain exemplary embodiments can comprise a method, which can comprise automatically providing content to an information device from a content distribution node of a plurality of content distribution nodes. The information device can be adapted to send a request for the content from the first content distribution node utilizing an Internet Protocol (IP) address of the content distribution node.

Abstract: A route control architecture allows a network operator to flexibly control routing between the traffic ingresses and egresses in a computer network, without modifying existing routers. An intelligent route service control point (IRSCP) replaces distributed BGP decision processes of conventional network routers with a route computation that is flexible and logically centralized but physically distributed. One embodiment supplements the traditional BGP decision process with a ranking decision process that allows route-control applications to explicitly rank traffic egresses on a per-destination, per-router basis. A straightforward set of correctness requirements prevents routing anomalies in implementations that are scalable and fault-tolerant.

Abstract: A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.

Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.

Abstract: Certain exemplary embodiments comprise a method comprising: for selected traffic that enters a backbone network via a predetermined ingress point and is addressed to a predetermined destination, via a dynamic tunnel, automatically diverting the selected traffic from the predetermined ingress point to a processing complex; and automatically forwarding the selected traffic from the processing complex toward the predetermined destination.

Abstract: Certain exemplary embodiments comprise a method comprising a plurality of activities, comprising: for each of the plurality of routing entities in an AS: obtaining IGP topology information; learning available BGP routes associated with the routing entity; utilizing the available BGP routes and the IGP topology information for all routing entities in the AS, assigning the routing entity a customized routing decision comprising a BGP route; and sending the customized routing decision to the routing entity.

Abstract: A reverse firewall for removing undesirable traffic from a computing network, such as a virtual private network (VPN), is disclosed. The reverse firewall uses firewall rules that may be determined and maintained within the enterprise network to control communication sent between computers in the computing network. The reverse firewall rules may be used to identify the communications between computers in the network that are undesirable and/or intrusive. For example, a computer in a network that is infected with a worm or that is surreptitiously hosting a denial-of-service attack may be identified by the reverse firewall and quarantined. The reverse firewall may be implemented in hardware and/or software.

Abstract: Certain exemplary embodiments comprise a method comprising: within a backbone network: for backbone network traffic addressed to a particular target and comprising attack traffic and non-attack traffic, the attack traffic simultaneously carried by the backbone network with the non-attack traffic: redirecting at least a portion of the attack traffic to a scrubbing complex; and allowing at least a portion of the non-attack traffic to continue to the particular target without redirection to the scrubbing complex.

Abstract: The invention comprises a method and apparatus for managing route selection in a network. Specifically, the method comprises receiving a set of routes from each of a plurality of routers, filtering each of the sets of routes, and selecting at least one route from each of the filtered sets of routes according to routing information associated with each of the respective routers.

Abstract: A transmit and receive system for transmitting data between a transmit site and a receive site. The system includes a tunnel source, router and modulator for dividing a transmit data stream having a first bit rate into multiple data streams with each of the multiple data streams having a bit rate which is lower than the first bit rate, transmitting each of the multiple data streams over a plurality of RF channels. The system further includes a demodulator and destination source for recombining the multiple data streams at the receive site to provide a receive data stream having a bit rate equal to the first bit rate.