Abstract: A system to dynamically protect access to a first network receives a data unit containing a source address indicating a source of the data unit. The source address is matched with information stored in the system, and entry of the data unit to the first network is enabled or denied based on the matching. It is determined whether the data unit contains an identifier of a codec type that matches a stored codec type, and occurrence of an attack of the first network is indicated in response to determining that the identifier is of a codec type that does not match the stored codec type.

Abstract: A method and apparatus of protecting a first network from unauthorized access includes storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information. The profile information includes a predetermined threshold indicating a maximum acceptable rate of incoming data units from an external network to the first network. If the incoming data unit rate exceeds the predetermined threshold, then a security action is taken, such as generating an alarm or preventing further transport of data units from the external network to the first network.

Abstract: A system to dynamically protect access to a first network receives a data unit containing a source address indicating a source of the data unit. The source address is matched with information stored in the system, and entry of the data unit to the first network is enabled or denied based on the matching. It is determined whether the data unit contains an identifier of a codec type that matches a stored codec type, and occurrence of an attack of the first network is indicated in response to determining that the identifier is of a codec type that does not match the stored codec type.

Abstract: A method and apparatus of protecting a first network from unauthorized access includes storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information. The profile information includes a predetermined threshold indicating a maximum acceptable rate of incoming data units from an external network to the first network. If the incoming data unit rate exceeds the predetermined threshold, then a security action is taken, such as generating an alarm or preventing further transport of data units from the external network to the first network.

Abstract: A method and apparatus for communicating data units (e.g., Internet Protocol or IP packets) between devices on one or more networks includes storing address and/or port translation information, and receiving a data unit having a source address and port and a destination address and port. Both the source and destination addresses and/or ports are translated, with the data unit containing the translated source and destination addresses and/or ports transmitted to a destination.

Abstract: A method and apparatus comprises a controller to establish a call session between a first endpoint and a second endpoint. Without exchanging call setup signaling with the first endpoint, the controller is able to pivot the call session from the second endpoint to another endpoint so that media communication can occur between the first and other endpoints. The first endpoint remains “anchored” in the call session. The pivot is accomplished by sending a call request to the other endpoint and exchanging messages with a media portal that controls the communication of packets between endpoints. The media portal contains a network address and translation module that performs translation of addresses and/or ports of media packets communicated from one endpoint to another.

Abstract: A method and apparatus of protecting a first network from unauthorized access includes storing profile information for each call session, and determining if an unauthorized access of the first network is occurring based on the profile information. The profile information includes a predetermined threshold indicating a maximum acceptable rate of incoming data units from an external network to the first network. If the incoming data unit rate exceeds the predetermined threshold, then a security action is taken, such as generating an alarm or preventing further transport of data units from the external network to the first network.

Abstract: A method and apparatus comprises a controller to establish a call session between a first endpoint and a second endpoint. Without exchanging call setup signaling with the first endpoint, the controller is able to pivot the call session from the second endpoint to another endpoint so that media communication can occur between the first and other endpoints. The first endpoint remains “anchored” in the call session. The pivot is accomplished by sending a call request to the other endpoint and exchanging messages with a media portal that controls the communication of packets between endpoints. The media portal contains a network address and translation module that performs translation of addresses and/or ports of media packets communicated from one endpoint to another.

Abstract: A method and apparatus for communicating data units (e.g., Internet Protocol or IP packets) between devices on one or more networks includes storing address and/or port translation information, and receiving a data unit having a source address and port and a destination address and port. Both the source and destination addresses and/or ports are translated, with the data unit containing the translated source and destination addresses and/or ports transmitted to a destination.