摘要:
Described are computer-based methods and apparatuses, including computer program products, for filtering and policing for defending against denial of service attacks on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
Described are computer-based methods and apparatuses, including computer program products, for filtering and policing for defending against denial of service attacks on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
Described are computer-based methods and apparatuses, including computer program products, for identifying attackers on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
Described are computer-based methods and apparatuses, including computer program products, for identifying attackers on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
Described are computer-based methods and apparatuses, including computer program products, for scalable filtering and policing mechanism for protecting user traffic in a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
Described are computer-based methods and apparatuses, including computer program products, for scalable filtering and policing mechanism for protecting user traffic in a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要:
A computer-implemented method for inserting an out-of-band signaling packet into a real-time protocol (RTP) stream is provided. The method includes receiving the out-of-band signaling packet intended for transmission to a user device and forming a synthesized packet based on payload information from the out-of-band signaling packet and header information stored in a data structure describing the RTP stream. The method also includes inserting the synthesized packet into the RTP stream. The method further includes receiving an RTP packet intended for transmission to the user device via the RTP stream, analyzing an insertion sequence number and an insertion flag maintained in the data structure, and discarding or forwarding the RTP packet via the RTP stream based on the analyzing.
摘要:
A computer-implemented method for inserting an out-of-band signaling packet into a real-time protocol (RTP) stream is provided. The method includes receiving the out-of-band signaling packet intended for transmission to a user device and forming a synthesized packet based on payload information from the out-of-band signaling packet and header information stored in a data structure describing the RTP stream. The method also includes inserting the synthesized packet into the RTP stream. The method further includes receiving an RTP packet intended for transmission to the user device via the RTP stream, analyzing an insertion sequence number and an insertion flag maintained in the data structure, and discarding or forwarding the RTP packet via the RTP stream based on the analyzing.
摘要:
The invention features a computer-implemented method for playing back an announcement message to a user device. The method includes initiating, by a computing device, an announcement session in response to a user device establishing communication with the computing device and determining, by the computing device, the announcement message to be played back to the user device. The method includes loading, by the computing device, into a queue associated with the announcement session, a descriptor referencing a memory buffer on the computing device. The memory buffer includes a plurality of memory partitions, each memory partition storing at least one portion of the announcement message encoded at a different rate. The method includes the computing device scheduling play back of the announcement message, playing the announcement message to the user device at a first rate and receiving a request from the user device for playback at a second rate.
摘要:
The invention features a computer-implemented method for playing back an announcement message to a user device. The method includes initiating, by a computing device, an announcement session in response to a user device establishing communication with the computing device and determining, by the computing device, the announcement message to be played back to the user device. The method includes loading, by the computing device, into a queue associated with the announcement session, a descriptor referencing a memory buffer on the computing device. The memory buffer includes a plurality of memory partitions, each memory partition storing at least one portion of the announcement message encoded at a different rate. The method includes the computing device scheduling play back of the announcement message, playing the announcement message to the user device at a first rate and receiving a request from the user device for playback at a second rate.