Abstract: A network analysis architecture provides a suite of complementary logic operable at different temporal and spatial timescales. The distinct temporal and spatial scales define different tiers, each analyzing network events according to predetermined temporal and spatial scales of progressive magnitude. Particular event detection logic may be operable on an immediate temporal scale, while other logic identifies trends over a longer time period. Similarly, different spatial scales are appropriate to different algorithms, as in logic that examines only headers or length of packets, or inspects an entire payload or transferred file. Deployment of logic that is focused on different timing and scope of data allows timely action in the case of readily apparent deviations, and permits longer term analysis for identifying trends that emerge over time.

Abstract: A method, apparatus and computer program product for providing a precedence drop quality of service is presented. A drop precedence value for a packet is determined and inserted into the packet which is then transmitted having the drop precedence value inserted therein. The packet is received and a determination made regarding whether a sum of queued packet sizes of previously received packets having a higher drop precedence value than the packet is larger than a first threshold value. The packet is dropped when the sum of queued packet sizes of the previously received packets having a higher drop precedence value than the packet is larger than the first threshold value.

Abstract: Method for source-spoofed internet protocol packet traceback. This is an IP packet traceback technique for locating the origin of a malicious packet, even if the packet's IP source address is incorrect (spoofed). This is done by having routers lookup the source address in their routing tables, and mark the relevant entry.

Abstract: A network analysis architecture provides a suite of complementary logic operable at different temporal and spatial timescales. The distinct temporal and spatial scales define different tiers, each analyzing network events according to predetermined temporal and spatial scales of progressive magnitude. Particular event detection logic may be operable on an immediate temporal scale, while other logic identifies trends over a longer time period. Similarly, different spatial scales are appropriate to different algorithms, as in logic that examines only headers or length of packets, or inspects an entire payload or transferred file. Deployment of logic that is focused on different timing and scope of data allows timely action in the case of readily apparent deviations, and permits longer term analysis for identifying trends that emerge over time.

Abstract: Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.

Abstract: A network processor [200] performs Cyclic Redundancy Check (CRC) operations using specialized hardware circuits [308-308]. The network processor [200] includes a plurality of hardwired CRC polynomials that are used to implement the CRC operations. A CRC instruction selects which polynomial to use when performing the CRC operation.

Abstract: Method for source-spoofed internet protocol packet traceback. This is an IP packet traceback technique for locating the origin of a malicious packet, even if the packet's IP source address is incorrect (spoofed). This is done by having routers lookup the source address in their routing tables, and mark the relevant entry.

Abstract: The disclosed technology provides a system and method of synchronizing cryptographic operation between a transmitter and a receiver. A transmitter can communicate encrypted data to a receiver according to a first communications protocol, and communicate a transmitter number and a portion of the encrypted data to the receiver according to a second communications protocol. The receiver can be in communication with a memory space containing locations that are each associated with an encrypted data and that can contain a previous receiver number. The receiver can receive transmitted encrypted data and an associated transmitter number and can search the memory space to find a location wherein the encrypted data associated with the location is entirely, or in part, the same as the transmitted encrypted data. When such a location is found, the receiver can compare the transmitter number with the previous receiver number stored in the location.

Abstract: The disclosed technology provides a system and method of securely communicating data. An encryptor located at a transmitter can provide encrypted data to the transmitter. The transmitter can maintain a packet number indicating a particular packet for carrying the encrypted data and a sub-packet number indicating a position within the packet where the encrypted data is to be stored. The encryptor can produce the encrypted data using an encryptor seed generated based on the packet number and sub-packet number. A receiver can maintain a receiver packet number indicating a number of previously received packets and can compute a receiver sub-packet number. The receiver can receive a packet containing encrypted data and can decrypt the encrypted data using a decryptor seed generated based on the receiver packet number and sub-packet number.