Abstract: A method, device, and storage medium are provided and configured control one or more network functions for user devices in a local network. A fingerprint determination model is provided and configured to determine one or more characteristics of user devices based on messages generated by respective user devices. A first message from a user device is received and processed to determine a set of one or more user device message characteristics. Device fingerprint data, representing at least one determined characteristic of the user device, is generated by processing the set of one or more user device message characteristics using the fingerprint determination model. One or more network functions for the user device are controlled based on the at least one determined characteristics of the user device represented in the device fingerprint data.

Abstract: A method and system for managing domain name requests over a communications network, wherein the method involves predicting domain names associated with requests generated by a user device using a model. The model predicts domain names likely to be requested following receipt of an initial domain name request. The method also includes receiving the initial domain name request, processing it to determine predicted domain names, and sending a request including these predicted domain names to a domain name categorization server. A response is received containing categorization data for the initial and predicted domain names. This categorization data is used to filter domain name requests, controlling access to resources associated with these domain names.

Abstract: A network management device for controlling one or more networks, and a computer-implemented method for the network management device is provided. The method involves monitoring network traffic to generate device fingerprint data, the device fingerprint data including a plurality of records, each record associated with one of a plurality of records, each record associated with one or a plurality of devices in the one or more networks and including a respective MAC address and a set of one or more characteristics associated with a respective device. The method involves determining whether two or more devices are utilizing a common MAC address based at least on the device fingerprint data, and performing a predetermined action dependent on the determining whether two or more devices are utilizing the common MAC address.

Abstract: A network edge device configured to perform a method for controlling access to services in a network, the network including at least one device configured to provide a service, the service being associated with a port is provided. The method involves performing a port identification scan on the network to generate port data representing the service and the port; obtaining port vulnerability data; generating a port vulnerability score for the port based on the port data and the port vulnerability data; obtaining a threshold port vulnerability score; and controlling access to the port in dependence on a comparison of the port vulnerability score with the threshold port vulnerability score.

Abstract: A wireless network comprises a plurality of wireless clients and an access point. Broadcast of at least a first SSID service set identifier from the access point is inhibited. A first probe message from a first wireless client is received at the access point carrying a first SSID. A first request message is sent from the access point to a server of the access point requesting a wireless local area network profile associated with the first SSID. A message carrying a first wireless local area network profile for the first SSID is received at the access point from the server and a first BSSID basic service set identifier is used to establish an association between the first wireless client and the access point to provide access to a wireless local area network according to the first wireless local area network profile.

Abstract: A method for a network device is provided, the method comprising obtaining device fingerprint data representing a first set of characteristics of a device connected to the network and an associated confidence score representative of a confidence in the first set of characteristics, obtaining a threshold confidence score, receiving a service advertisement message from the device, the service advertisement message including an indication of a second set of characteristics of the device. The method then involves determining whether the first set of characteristics are inconsistent with the second set of characteristics and performing a predetermined action in dependence on an outcome of this determining and on a comparison of the confidence score with the threshold confidence score. A network device configured to perform the method, and a non-transitory computer-readable storage medium comprising instructions for executing the method are also provided.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for locating a wireless communication attack includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect a communication attempt by a suspected criminal device to an illicit device. If the communication attempt by the suspected criminal device is detected by the analysis, a communication to the criminal device is controlled so as to delay completion of the communication to the criminal device in order to provide time to locate the criminal device.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for locating a wireless communication attack includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect a communication attempt by a suspected criminal device to an illicit device. If the communication attempt by the suspected criminal device is detected by the analysis, a communication to the criminal device is controlled so as to delay completion of the communication to the criminal device in order to provide time to locate the criminal device.

Abstract: A technique for the detection of an unauthorized wireless communication device includes monitoring of Bluetooth® communications activity by a Bluetooth® capable communication device. Any monitored communication activity is analyzed against parameters that are predefined to detect suspected illegal activity. If illegal activity is suspected by the analysis, an alert is generated for a system administrator. The predefined parameters associate illegal activity with; data that includes credit card numbers and expiration dates, credit card transaction logging information, non-discoverable devices, activity after store hours, exceedingly long activity, etc.

Abstract: A technique for distributed propagation of data in a wireless communication network includes providing 600 a unique host identifier for each peer network entity in the wireless communication network, each host identifier having a length of B bits. A next step includes requesting 602 data from peer network entities using a request having a host identifier of the requesting network entity. A next step includes, if a peer network entity is hosting the requested data, comparing 608 the host identifiers of the requesting network entity and the peer network entity receiving the request to determine a match. A next step includes responding 610 to the request if a match is determined.

Abstract: A technique for synchronization of mobile device information in a wireless communication network includes associating 300 a mobile device (MD) to a first access point (AP). A next step includes transmitting 302 a roam notification message from the first AP to all APs in network. A next step includes associating 304 the MD to a second AP. A next step includes establishing 306 that the first and second APs are roaming neighbors. A next step includes building 308 a roaming neighbor list in the associated first and second APs for the MD, wherein the list includes those neighboring APs where the MD has been associated. A next step includes determining 310 that the MD is currently associated with an AP. A next step includes preemptively pushing 312 information about the MD to those APs in the list of the determined AP for synchronization.

Abstract: A technique for synchronization of mobile device information in a wireless communication network includes associating 300 a mobile device (MD) to a first access point (AP). A next step includes transmitting 302 a roam notification message from the first AP to all APs in network. A next step includes associating 304 the MD to a second AP. A next step includes establishing 306 that the first and second APs are roaming neighbors. A next step includes building 308 a roaming neighbor list in the associated first and second APs for the MD, wherein the list includes those neighboring APs where the MD has been associated. A next step includes determining 310 that the MD is currently associated with an AP. A next step includes preemptively pushing 312 information about the MD to those APs in the list of the determined AP for synchronization.

Abstract: A technique for distributed propagation of data in a wireless communication network includes providing 600 a unique host identifier for each peer network entity in the wireless communication network, each host identifier having a length of B bits. A next step includes requesting 602 data from peer network entities using a request having a host identifier of the requesting network entity. A next step includes, if a peer network entity is hosting the requested data, comparing 608 the host identifiers of the requesting network entity and the peer network entity receiving the request to determine a match. A next step includes responding 610 to the request if a match is determined.

Abstract: Apparatus and methods are provided for implementing a firewall in a network infrastructure component. A method comprises generating a search tree for a plurality of rules. The search tree comprises a first node having a first field bounds and a first set of rules of the plurality of rules, and a plurality of child nodes for the first node. Each child node has child field bounds based on an intersection of the first field bounds and the first set of rules, and each child node is assigned a respective subset of the first set of rules based on the respective child field bounds. The method further comprises receiving a first packet, identifying a first child node of the plurality of child nodes based on values for one or more fields of the first packet, and applying the respective subset of rules assigned to the first child node to the first packet.

Abstract: Apparatus and methods are provided for implementing a firewall in a network infrastructure component. A method comprises generating a search tree for a plurality of rules. The search tree comprises a first node having a first field bounds and a first set of rules of the plurality of rules, and a plurality of child nodes for the first node. Each child node has child field bounds based on an intersection of the first field bounds and the first set of rules, and each child node is assigned a respective subset of the first set of rules based on the respective child field bounds. The method further comprises receiving a first packet, identifying a first child node of the plurality of child nodes based on values for one or more fields of the first packet, and applying the respective subset of rules assigned to the first child node to the first packet.