Abstract: A system of network proxies distributes data to multiple servers. Each network proxy is associated with a server. A network proxy intercepts a client request for data. If the network proxy determines that the request can be served using a copy of data stored on the local server, rather than the data stored on a remote server, it diverts the request to the local server. If the network proxy determines that the request cannot be served using a data from the local server, the network proxy diverts the request to a remote server storing the primary copy of the data. A server map specifies the locations of the primary copies of data. When a primary copy of data is updated on one of the servers, the associated network proxy propagates the updated data to the other servers. The servers can provide data from files, e-mail services, databases, or multimedia services.

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.

Abstract: Transaction accelerators can be configured to terminate secure connections. A server-side accelerator intercepts a secure connection request that is from a client and that is directed to a server. The server-side accelerator responds to the secure connection request in place of the server, thereby establishing a secure connection between the client and the server-side accelerator. Alternatively, the server-side accelerator monitors the establishment of a secure connection between the client and the server. After the secure connection has been established, the server-side accelerator forwards security information to a client-side accelerator, enabling the client-side accelerator to assume control of the secure connection. As a result of this arrangement, the client-side accelerator is able to encrypt and decrypt data on the secure connection and accelerate it in cooperation with the server-side accelerator.

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract: A system of network proxies distributes data to multiple servers. Each network proxy is associated with a server. A network proxy intercepts a client request for data. If the network proxy determines that the request can be served using a copy of data stored on the local server, rather than the data stored on a remote server, it diverts the request to the local server. If the network proxy determines that the request cannot be served using a data from the local server, the network proxy diverts the request to a remote server storing the primary copy of the data. A server map specifies the locations of the primary copies of data. When a primary copy of data is updated on one of the servers, the associated network proxy propagates the updated data to the other servers. The servers can provide data from files, e-mail services, databases, or multimedia services.

Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.

Abstract: Transparent network devices intercept messages from non-transparent network devices that establish a connection. Transparent network devices modify these messages to establish an inner connection with each other. The transparent network devices mimic at least some of the outer connection messages to establish their inner connection. The mimicked messages and any optional reset messages are intercepted by the transparent network devices to prevent them from reaching the outer connections. Transparent network devices modify network traffic, using error detection data, fragmentation data, or timestamps, so that inner connection network traffic inadvertently received by outer connection devices is rejected or ignored by the outer connection network devices. Transparent network devices may use different sequence windows for inner and outer connection network traffic.

Abstract: Presently disclosed are methods and apparatus for analyzing packets and packet flows to detect covert communications channels (including reverse tunnels) in real time. These systems actively probe a suspicious connection in ways that are not possible in prior art log-based techniques and may initiate countermeasures against discovered covert channels. The present system may be implemented in a network device, such as an intrusion detection system, content engine, or other intermediary device employing a web cache. Embodiments automatically detect suspicious activity at particular source addresses by using relatively simple tests to detect suspect packets that should receive more extensive scrutiny. After more rigorous secondary testing (optionally including active probing techniques), suspect packets are either returned to the occasionally-checked state or flagged for further action, such as raising an alert or taking automatic countermeasures against the covert channel or its originators.

Abstract: Presently disclosed are apparatus and methods for coordinating the delivery of messages and/or message notifications among multiple messaging media and message services so that the successful delivery of one copy of a message results in the deletion of other, redundant message copies still in transit to the recipient and the cancellation of any other message waiting notifications still pending. The system may be implemented with a network-connected device (such as but not limited to a server, switch, or router) containing or having connected to it a user interface, a coordination server, and a plurality of message services. Embodiments of the invention thus provide message delivery management that is more user-friendly, computationally- and resource-efficient and more adaptable to changing user preferences and user locations/addresses.

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract: In an edge network, message traffic between the edge network and a core network passes through the edge router. A port scanning attack directed to the network as a whole (core network) potentially emanates from within the LAN. The edge router includes a network throttling device which identifies and mitigates harmful transmissions such that they do not propagate to the core network. The network throttling device has a connection daemon to scan transactions and determine deviant or atypical connection attempts. A session database stores a transaction history representing a window of previous connection attempts. A pattern detector examines the history and looks for malicious behavior. Identified deviant patterns cause a throttler enforcer to limit the triggering user by restricting future connection attempts, thus mitigating harmful effects. Usage, therefore, is not prevented, but resilience to deviant practices is provided.

Abstract: Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking. Asymmetric routing can be detected and proxies configured for connection forwarding as necessary.

Abstract: A GUI and CDN server device provide user modifiable selections of preferences for delivery treatment, and map the user selections to technical operational parameters in the CDN servers for effecting the requested delivery treatment. Users typically find it beneficial to interact with a file (content) entity in terms of the user visible delivery treatment. The server device provides the ability to define the delivery treatment according to the manner in which the user finds most beneficial. However, the CDN operational parameters for effecting such delivery are not readily available or understood by a typical user. Using the GUI, the CDN server identifies a content entity, and receives at least one user selection variable indicative of delivery treatment of the identified content entity.

Abstract: Multicast groups provide a mechanism to deliver simultaneous media content to a plurality of users. In streaming media systems, such as audio and video systems, each multicast recipient simultaneously receives similar content. Accordingly, each recipient must initiate transmission at the same time. A data communications device delivers multiple media streams of similar content to each of a plurality of users by converging a set of media streams and merging the converged streams onto a single stream for simultaneous delivery to each of the plurality of users from a single media stream resource. A convergence processor identifies a set of streams carrying similar content in a slightly time-shifted manner with respect to the other streams. The convergence processor filters certain streams to augment the streams to converge at a particular point, at which time the streams align respect to media content therein, and merge onto a multicast stream for the duration.

Abstract: Presently disclosed is a method and apparatus for monitoring and diagnosing a content delivery network (CDN) by examining received content elements that have been marked with one or more identifiers. Diagnosing is accomplished by using all or part of one or more of the identifiers associated with errored or corrupted content elements to determine which network elements or connection paths are faulty. The identifiers may contain content-, server-, or receiver-specific data that denotes, respectively, the source of the content, the links associated with one or more of the servers utilized in the network, and/or data associated with the receiving computer system. Both marking and diagnosing may be performed at any location within the CDN or at any host computer connected to the CDN or receiver. The marking may also be dynamically reconfigured in order to facilitate diagnosis.

Abstract: Conventional countermeasures to Distributed Denial of Service (DDoS) attacks typically focus on practices and rules for organizing a robust, DDoS-resilient network which anticipates proactive cooperation of users. Such measures involve widespread implementation cooperation and may be difficult or problematic to enforce in a large organization. Configurations of the invention employ the attacker's technique preventatively against the attack to identify sources likely to be employed for DDoS attacks. Crawlers scan web sites for identifying pages likely to be exploited as launch pads by DDoS attackers. A scanner device dispatches robots for sending probe messages from the launch pads which emulate an actual attack. Each of the probe messages are sent to a known, predetermined destination for determining identifying characteristics of such a message. The identifying characteristics define a signature of messages emanating from the launch pad.

Abstract: A presence server provides presence information to content subscribers via unicast transmission of the presence information. In the case where the presence server receives, from a subscriber, a subscription request for presence information having a relatively large number of subscribers, the presence server directs the content subscriber to a multicast transmission channel. The content subscriber, in turn, accesses the presence information via the multicast transmission channel. By directing content subscribers toward the multicast transmission channel, the presence server conserves connection resources associated with the presence system, thereby allowing the presence system to distribute presence information with a relatively high level of speed and efficiency. Furthermore, by directing content subscribers toward the multicast transmission channel, the presence server minimizes the costs associated with adding new subscribers to the presence system.

Abstract: A control signal is provided to a video data acquisition system that generates video data. In response to receiving the control signal, the video data acquisition system modifies at least a portion of the video data to produce an output signal. Authenticity of the output signal from the video data acquisition system is verified by checking that the video data includes modifications according to the control signal. If the video data does not include such modifications, it is known that the video data acquisition system needs to be checked for tampering or system failures.

Abstract: A system and method provide for transferring remote media from a remote media source to a communication or other end device at a time prior to a hold period, which media is usable as local MOH media during a hold period. A system and method further provide for responding to an initiated hold time by replacing remote MOH media with the local MOH media if remote MOH media is received in conjunction with the hold period.