公开(公告)号：US12244640B2

公开(公告)日：2025-03-04

申请号：US18535021

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US11843632B2

公开(公告)日：2023-12-12

申请号：US18096143

申请日：2023-01-12

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1425 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US11483243B2

公开(公告)日：2022-10-25

申请号：US16434523

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L47/10 ,  H04L47/70 ,  H04L47/2441 ,  H04L65/80 ,  H04L9/40 ,  H04L65/60 ,  H04L67/10

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US20210400011A1

公开(公告)日：2021-12-23

申请号：US17466370

申请日：2021-09-03

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L29/06

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

公开(公告)号：US10523657B2

公开(公告)日：2019-12-31

申请号：US14942898

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： K Tirumaleswar Reddy ,  Daniel G. Wing ,  Prashanth Patil ,  Sandeep Rao

IPC: H04L29/06 ,  H04L12/18

Abstract: In one embodiment, a first request may be received from a first endpoint to access a cloud-based conference platform. The first request can include a first access token. Based at least on the first request, a first certificate may be provided to the first endpoint, wherein the first certificate may not include an identity of the first endpoint. A second request may be received from a second endpoint to access the cloud-based conference platform. The second request can include a second access token. Based at least on the second request, a second certificate can be provided to the second endpoint, wherein the second certificate may not include an identity of the second endpoint. Data can be routed within the cloud-based conference platform between the first endpoint and second endpoint based at least upon the first certificate and the second certificate.

公开(公告)号：US10320676B2

公开(公告)日：2019-06-11

申请号：US14194348

申请日：2014-02-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Ram Mohan Ravindranath ,  Muthu Arul Mozhi Perumal ,  Daniel G. Wing ,  William C. VerSteeg

IPC: H04L12/801 ,  H04L12/911 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

公开(公告)号：US10225270B2

公开(公告)日：2019-03-05

申请号：US15226758

申请日：2016-08-02

Applicant: CISCO TECHNOLOGY, INC.

Inventor： K. Tirumaleswar Reddy ,  Carlos M. Pignataro ,  James Guichard ,  Daniel G. Wing ,  Michael D. Geller

IPC: H04L29/06 ,  H04L12/701 ,  H04L29/08 ,  G06F21/53

Abstract: Aspects of the embodiments are directed to a service classifier configured for steering cloned traffic through a service function chain. The service classifier is configured to create a cloned data packet by creating a copy of a data packet; activate a mirror bit in a network service header (NSH) of the cloned data packet, the mirror bit identifying the cloned packet to a service function forwarder network element as a cloned packet; and transmit the cloned packet to the service function forwarder network element.

公开(公告)号：US10009336B2

公开(公告)日：2018-06-26

申请号：US15157588

申请日：2016-05-18

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/30 ,  H04L9/3263 ,  H04L9/3268 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/0428 ,  H04L63/1466 ,  H04L63/166 ,  H04L67/2847 ,  H04L69/326

Abstract: In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.

公开(公告)号：US20180159894A1

公开(公告)日：2018-06-07

申请号：US15366354

申请日：2016-12-01

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/02 ,  H04L63/1416 ,  H04L2463/141

Abstract: Presented herein are techniques for mitigating a distributed denial of service attack. A method includes, at a network security device, such as a firewall, monitoring network traffic, flowing through the firewall, destined for a network device, determining whether the network traffic is below a predetermined amount, while the network traffic is below the predetermined amount, sending to the network device a plurality of probes, receiving responses from the network device in response to the probes, and setting one or more thresholds for subsequent traffic destined for the network device based on the responses received from the network device.

公开(公告)号：US20170374016A1

公开(公告)日：2017-12-28

申请号：US15191172

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  David McGrew ,  Blake Harrell Anderson ,  Daniel G. Wing

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/721 ,  H04L29/06

CPC classification number: H04L61/1511 ,  H04L47/2433 ,  H04L61/1541 ,  H04L63/0428 ,  H04L67/322 ,  H04L69/22

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.