Abstract: Methods for traffic redirection, corresponding terminal, controller, authorization server, name resolution servers and computer program. A name resolution method implemented in a terminal connected to a communication network includes: transmitting, to a first name resolution server, a name resolution message via a secure communication channel between the terminal and the first name resolution server; if a redirection of the DNS traffic of the terminal is authorized, obtaining at least one identifier of a second name resolution server for the redirection; and executing at least one action for managing the redirection of the DNS traffic of the terminal to the second name resolution server, at least from among: verifying legitimacy of the second name resolution server, sending an indication of a failure of a connection of the terminal with the second name resolution server; and requesting deactivation of the redirection of the DNS traffic to the second name resolution server.

Abstract: A method for detecting a malicious device in a communication network, corresponding communication device and computer program. The method is implemented in a communication device configured with at least one name resolution server which is referred to as a legitimate name resolution server and associated with at least one network interface through which the communication device is able to communicate using at least one first identifier. The method includes: obtaining at least one second identifier, separate from the first identifier, for the communication device and the at least one network interface; obtaining configuration information from a name resolution service for the communication device using the at least one second identifier; and detecting presence of a malicious device in the event of an anomaly in the processing of a name resolution request sent by the communication device using the at least one second identifier and the obtained configuration information.

Abstract: A method for configuring a user apparatus and implemented by the user apparatus. The method including: deactivating, for at least one encrypted communication of the user apparatus with a remote device via a network, at least one encryption procedure selected by the user apparatus and implemented with a first entity of the network involved in routing data exchanged between the user apparatus and the remote device during the encrypted communication, the data being subject to at least one other encryption procedure separate from the at least one deactivated encryption procedure.

Abstract: A method for managing communication between at least one first communication device and at least one second communication device in a communication network is implemented by an intermediate entity positioned on at least one path taken by data packets of said communication. The method includes a step of obtaining a communication identifier included in a data packet exchanged during the communication, and a step of processing the data packet depending on the result of a check of the compliance of the communication identifier with at least one communication identifier mask accessible to the intermediate entity.

Abstract: A method for managing communications in accordance with a given transport protocol. The method is implemented by a first device and includes, following detection of a cyber attack, activating, in the first device, collaboration with at least one entity of the network in order to mitigate the cyber attack, this collaboration including execution, by the first device, of at least one determined action, called collaboration action, during at least one the communication of the first device in accordance with the given transport protocol, via the network.

Abstract: A method for configuring a first network node using a first autonomous system (AS) number in at least one session established with another node according to a dynamic routing protocol is described. The method is implemented by the first node and includes receiving a configuration message comprising at least one piece of information that is representative of a second AS number intended to be used by the first node as a replacement for the first number, configuring the first node with the second AS number, identifying at least one second node having at least one session according to the dynamic routing protocol, active with the first node, in which the first node is associated with the first AS number, and sending a control message to the at least one second node requesting the replacement of the first AS number with the second AS number by the at least one second node, such that, after the replacement, the first node is associated with the second AS number in the at least one active session.

Abstract: Assistance method for managing a cyber attack, and device and system thereof. The assistance method is implemented by a device managing resources of a computing domain, these resources being protected by a plurality of cyber attack protection services. The method includes: determining an incapability of a first protection service from among the plurality of protection services to handle a cyber attack targeting at least one resource of the computing domain; developing a mitigation plan for mitigating the attack based on a mitigation plan obtained from a second protection service from among the plurality of protection services or using assistance provided by at least the second protection service; and transmitting the developed mitigation plan to the first protection service to handle the attack.

Abstract: A configuration method includes: receiving, by a first device of a network, a first control message having configuration elements for activating a dynamic routing protocol in the network; configuring by the first device setup parameters for establishing sessions according to the protocol used by the first device on the basis of configuration elements included in the first message; if the configuration elements in the message include a management instruction for handling sessions according to the protocol in the network, executing by the first device the at least one management instruction; and if the configuration elements in the message include a setting for directing propagation of the configuration elements in the network, dispatching by the first device in accordance with the propagation setting at least one second control message to at least one second device of the network, which includes all or some of the configuration elements.

Abstract: A method for managing traffic associated with a client domain, implemented in a server. The method includes: detecting a communication problem between the server and at least one first client node of the client domain, called failed node, identifying at least one second client node belonging to the client domain, verifying if a session between the server and the at least one second client node is active, and if no session is active: triggering a mitigation procedure on at least one IP resource associated with the client domain if at least one session is active: the use of the second client node associated with the at least one active session, called active node, to initiate an action managing the traffic associated with the client domain.

Abstract: A method for coordinating mitigation of a cyber attack, an associated device and system. The coordination method is implemented by a device managing resources in a computing domain, wherein the resources are protected by a plurality of services protecting against cyber attacks. The method includes: producing mitigation plans implemented by protection services from the plurality of protection services in response to a cyber attack targeting at least one of the resources in the computing domain; and following a detection of at least one incompatibility between the mitigation plans produced, coordinating an adjustment to all or some of the incompatible mitigation plans, among the protection services that have implemented the incompatible mitigation plans, so as to eliminate the incompatibility.

Abstract: A method for managing communication between a first terminal and a second terminal in a communication network is disclosed. The method includes, at the first terminal: discovering at least one proxy node between the first terminal and the second terminal, the proxy node being capable of providing at least one service for the communication, and if the first terminal accepts the service, sending to the second terminal, in an establishment phase or during the communication, an encrypted proxy information message containing data identifying the at least one proxy node and a token intended to be provided to the second terminal by the at least one proxy node.

Abstract: A method for a client device to obtain an IP address in order to access a network resource via at least one IP network. The method includes: inserting, in a request for obtaining an IPv6 address in order to access the network resource intended for a DNS server, a piece of information representing an IP address type expected by the client device of the DNS server in response to the obtaining request if the network resource has an IPv4 connectivity; and sending the obtaining request to the DNS server.

Abstract: A method for communication in a network is disclosed, between a first and second terminal between which is established a first encrypted connection for transmitting data. The method comprises at the first terminal: storing, in association with the first connection, at least one second connection between the first terminal and the second terminal via an intermediate processing function intended to be applied between the first terminal and the second terminal to a part of the data referred to as eligible for the second connection, and a filter characterizing the data eligible for the second connection, the second connection being encrypted between the first terminal and the intermediate processing function, and sending, via the second connection, a message intended for the intermediate function and carrying data for the second terminal corresponding to the filter, the first message sent comprising information according to which the data are intended for the second terminal.

Abstract: A method for managing a communication according to a transport protocol of a terminal equipment in a communication network. The method includes: detecting presence, on a path allowing the terminal equipment to be reached on a second IP address of the terminal equipment, of a status function which maintains a status associated with a communication on the path, including transmitting a first message from a first IP resource of the terminal equipment, including a first IP address and a first port number, to a second IP resource of the terminal equipment, including the second IP address and a second port number, and deciding on presence of a status function on the path according to data received by the second IP resource in response the first message; and managing a communication of the terminal equipment on the path allowing the terminal equipment to be reached on the second IP address.

Abstract: A method for processing a transaction between a source terminal and a destination terminal having a transaction phase is disclosed. In one aspect the method comprises receiving by a source BTS, connected to the source terminal a transaction request originating from the source terminal the request carrying at least one identifier of the destination terminal and a transaction amount. Then obtaining by the source BTS destination terminal location information on the basis of at least one location database, denoted BLDB and the destination terminal identifier. Then determining by the source BTS at least one destination BTS connected to the destination terminal on the basis of the destination terminal location information. Then transmitting to the destination terminal by the destination BTS the request or one item of information relating to the transaction.

Abstract: Managing assistance to a communication network capable of routing traffic characteristic of a computer attack is disclosed. A method includes upon detecting a computer attack, identifying at least a first node of the network, requiring a mitigation intervention, and identifying a traffic routing policy in the network; controlling a movement of at least one mobile object comprising at least one communication interface, so as to connect the mobile object to at least a second node of the network determined relative to the first node according to the traffic routing policy; and controlling at least part of the traffic routed by the network, so as to redirect the part of the traffic to the mobile object via at least the second node of the network.

Abstract: A method for communication in an IP network is described. A first communicating device initializes a communication with a second communicating device, signaling to the second communicating device that the first communicating device is compatible with multi-path communications based on the User Datagram Protocol (UDP). If the second communicating device is also compatible with multi-path UDP communications, one of the first communicating device and the second communication device transmits data to the other device using the UDP transport protocol, including in the messages containing said data, regardless of the path used, a single identifier, known as the context identifier, allowing the other communicating device to correlate all of the UDP datagrams associated with the same multi-path UDP communication.

Abstract: A method for protecting a client domain, for example against a computing attack, implemented in a client node of the client domain. The method includes: discovering at least one other client node of the client domain, called a discovered node; detecting a conflict between at least two management rules for the traffic associated with the client domain; and resolving the detected conflict, including: if one of the rules was installed by a the discovered node, modifying the rule or a state associated with the discovered node; and otherwise, obtaining, from a the discovered node, an item of information for identifying at least one node of the client domain that installed one of the rules; and detecting and/or resolving the conflict using information obtained during the discovery of the at least one other node of the client domain.

Abstract: A method for allocating an identifier to a first client node of a client domain, the first client node managing traffic associated with the client domain to protect it against a computing attack. The method includes: receiving a request for allocating a client node identifier from the first client node, the request including information identifying the client node; obtaining a list of client node identifiers already allocated to the client nodes active at least in the client domain; allocating to the first client node a client node identifier not belonging to the list obtained; recording in a local memory an association between the allocated identifier and the information; sending a response to the first client node, including the allocated identifier; and sending a request for recording the identifier allocated to the first client node in the domain to a traffic management server associated with the domain.

Abstract: A method of collaboration between protecting services associated with one or more domains. Such a method includes: getting a first agent used by a first protecting service to identify an attack on at least one resource managed by a domain protected by the first protecting service; and transmitting, to at least one second agent used by a second protecting service having taken out a subscription to at least one information-sharing service offered by the first protecting service, at least one piece of information relating to the attack identified by the first agent.