Abstract: A network apparatus receives a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends the second message to the client computing device to cause the client computer device to close the QUIC connection.

Abstract: A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.

Abstract: A network apparatus is configured to detect a network connection request on a platform having a hardware accelerator to process network traffic, wherein the hardware accelerator implements computing tasks related to data packets of at least part of the network traffic. The network apparatus is further configured to intercept the network traffic related to the network connection request before the start of the hardware accelerator process, to extract network connection data required by a network traffic analysis function from the network traffic, to allow the hardware accelerator to start acceleration process after the network connection data extraction has finished, and to analyse the network connection based on the extracted network connection data.

Abstract: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.

Abstract: A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.

Abstract: A network apparatus receives a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends the second message to the client computing device to cause the client computer device to close the QUIC connection.

Abstract: A network apparatus is configured to detect a network connection request on a platform having a hardware accelerator to process network traffic, wherein the hardware accelerator implements computing tasks related to data packets of at least part of the network traffic. The network apparatus is further configured to intercept the network traffic related to the network connection request before the start of the hardware accelerator process, to extract network connection data required by a network traffic analysis function from the network traffic, to allow the hardware accelerator to start acceleration process after the network connection data extraction has finished, and to analyse the network connection based on the extracted network connection data.

Abstract: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.