公开(公告)号：US10917501B1

公开(公告)日：2021-02-09

申请号：US16687786

申请日：2019-11-19

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Nathan E. Bahr ,  Ranga S. Ramanujan

IPC: H04L29/06 ,  H04L29/08

Abstract: Embodiments for a method of controlling entry of packets into a broadcast network are provided. The method includes providing a plurality of edge devices communicatively disposed on an edge of the broadcast network. Reachability information is exchanged amongst the plurality of edge devices by translating Internet Protocol (IP) packets into ZOOM packets and including the reachability information in the ZOOM packets. A ZOOM packet has a data field that is a copy of a data field of the IP packet and a header that includes the reachability information. A first edge device of the plurality of edge devices maintains a table of forward destinations reachable via the broadcast network based on the reachability information exchanged. The first edge device discards IP packets from endpoint devices if the IP packets do not have a destination that is indicated as reachable in the table of forward destinations for that edge device.

公开(公告)号：US10574688B1

公开(公告)日：2020-02-25

申请号：US15611106

申请日：2017-06-01

Applicant: Architecture Technology Corporation

Inventor： Ryan L. Hagelstrom ,  Ranga S. Ramanujan ,  Nathan E. Bahr

IPC: H04L29/06 ,  H04L29/12

Abstract: A method of cyber-attack protection is provided. The method includes receiving one or more internet group management protocol (IGMP) membership report messages on one or more ports of a network switch. A table is maintained associating each of the one or more ports to the one or more group addresses of which any hosts coupled to that port are members. An IGMP group leave message is received at a first port of the network switch. A group address in the group leave message is compared to all group addresses associated in the table with the first port. If the group address in the group leave message does not match any group address associated with the first port, the group leave message is dropped without being acted on in accordance with IGMP.

公开(公告)号：US11218569B1

公开(公告)日：2022-01-04

申请号：US16842625

申请日：2020-04-07

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： John Wu ,  Nathan E. Bahr ,  Ranga S. Ramanujan

IPC: H04L29/06 ,  H04L29/08

Abstract: A method of embedding information in a packet with low overhead is provided. The method includes receiving an IP packet at a first networking device and translating it into an intermediary packet having a non-IP header and a data field. Translating includes copying at least the transport layer data field into the data field of the intermediary packet, compressing the IP header, and embedding out-of-band data into the non-IP header of the intermediary packet. The intermediary packet is sent to second networking device. At the second networking device the intermediary packet is translated into a re-created IP packet. The re-created IP packet is sent toward a destination of the original IP packet.

公开(公告)号：US10721213B1

公开(公告)日：2020-07-21

申请号：US15611127

申请日：2017-06-01

Applicant: Architecture Technology Corporation

Inventor： Ryan L. Hagelstrom ,  Ranga S. Ramanujan ,  Nathan E. Bahr

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/741 ,  G06F21/60

Abstract: A method of obfuscating a source of a multicast packet is provided. The method includes receiving a plurality of multicast packets at a first device from one or more second devices, the multicast packets received over one or more network links. A source internet protocol (IP) address of each multicast packet of the plurality of multicast packets is an IP address of the one or more second devices that sent the multicast packet. The source IP address of each of the plurality of multicast packets is changed to an IP address other than an IP address of the first device or an IP address of the one or more second devices. The plurality of multicast packets can then be sent.

公开(公告)号：US10708295B1

公开(公告)日：2020-07-07

申请号：US15611074

申请日：2017-06-01

Applicant: Architecture Technology Corporation

Inventor： Ryan L. Hagelstrom ,  Ranga S. Ramanujan ,  Nathan E. Bahr

IPC: H04L29/06 ,  H04L12/715 ,  H04L12/18 ,  H04L12/46

Abstract: A method of cyber-attack protection is provided. The method includes receiving a unicast packet at a first router and determining whether a destination for the unicast packet is behind a cooperating router. If the destination for the unicast packet is behind a cooperating router, the unicast packet is tunneled from the first router to a tunnel multicast address to which the cooperating router subscribes.