公开(公告)号：US12244640B2

公开(公告)日：2025-03-04

申请号：US18535021

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US11843632B2

公开(公告)日：2023-12-12

申请号：US18096143

申请日：2023-01-12

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1425 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US11483243B2

公开(公告)日：2022-10-25

申请号：US16434523

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L47/10 ,  H04L47/70 ,  H04L47/2441 ,  H04L65/80 ,  H04L9/40 ,  H04L65/60 ,  H04L67/10

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US20210400011A1

公开(公告)日：2021-12-23

申请号：US17466370

申请日：2021-09-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L29/06

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

公开(公告)号：US20190327111A1

公开(公告)日：2019-10-24

申请号：US16502572

申请日：2019-07-03

Applicant: Cisco Technology, Inc.

Inventor： Gonzalo Salgueiro ,  Prashanth Patil ,  K. Tirumaleswar Reddy ,  Carlos M. Pignataro

IPC: H04L12/46 ,  H04L12/741 ,  H04L29/08 ,  H04L12/751

Abstract: A network node in a service function chaining system receives multiple media streams of a media session between endpoints. Each media stream is encapsulated with a service header indicating a service function path and a session identifier. The network node determines that multiple service functions connected to the network node perform a particular service function in the service function path. The network node provides all of the media streams of the media session to a single service function instance to ensure that the media session is processed by the single service function.

公开(公告)号：US10320676B2

公开(公告)日：2019-06-11

申请号：US14194348

申请日：2014-02-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US10284520B2

公开(公告)日：2019-05-07

申请号：US15422638

申请日：2017-02-02

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy

IPC: H04L29/06 ,  H04L29/12

Abstract: Presented herein are techniques for mitigating a domain name system (DNS) amplification attack. A methodology is provided including receiving, at a (DNS) server, a DNS request, determining whether the DNS request has a source IP address that matches a predetermined source IP address and a port number that falls within a predetermined port range. When the DNS request has a source IP address that matches the predetermined source IP address and a port number that falls within the predetermined port range, determining whether the DNS request includes validation information. Based on the presence or content of the validation information, determining whether the DNS request is a valid DNS request, and dropping the DNS request when it is determined that the DNS request is not a valid DNS request.

公开(公告)号：US10225270B2

公开(公告)日：2019-03-05

申请号：US15226758

申请日：2016-08-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Carlos M. Pignataro ,  James Guichard ,  Daniel G. Wing ,  Michael D. Geller

IPC: H04L29/06 ,  H04L12/701 ,  H04L29/08 ,  G06F21/53

Abstract: Aspects of the embodiments are directed to a service classifier configured for steering cloned traffic through a service function chain. The service classifier is configured to create a cloned data packet by creating a copy of a data packet; activate a mirror bit in a network service header (NSH) of the cloned data packet, the mirror bit identifying the cloned packet to a service function forwarder network element as a cloned packet; and transmit the cloned packet to the service function forwarder network element.

公开(公告)号：US10009336B2

公开(公告)日：2018-06-26

申请号：US15157588

申请日：2016-05-18

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/30 ,  H04L9/3263 ,  H04L9/3268 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/0428 ,  H04L63/1466 ,  H04L63/166 ,  H04L67/2847 ,  H04L69/326

Abstract: In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.

公开(公告)号：US20180159894A1

公开(公告)日：2018-06-07

申请号：US15366354

申请日：2016-12-01

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/02 ,  H04L63/1416 ,  H04L2463/141

Abstract: Presented herein are techniques for mitigating a distributed denial of service attack. A method includes, at a network security device, such as a firewall, monitoring network traffic, flowing through the firewall, destined for a network device, determining whether the network traffic is below a predetermined amount, while the network traffic is below the predetermined amount, sending to the network device a plurality of probes, receiving responses from the network device in response to the probes, and setting one or more thresholds for subsequent traffic destined for the network device based on the responses received from the network device.