Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

A device establishes a first transmission control protocol (TCP) connection with a client device associated with a wireless network, and establishes a second TCP connection with a server device associated with the wireless network. The device also provides a first TCP window size to the client device via the first TCP connection, and provides a second TCP window size to the server device via the second TCP connection, where the first TCP window size is different than the second TCP window size.

Methods and apparatus relating to transmission on physical channels, such as in networks on chips (NoCs) or between chiplets, are provided. One example apparatus generally includes a higher bandwidth client; a lower bandwidth client; a first destination; a second destination; and multiple physical channels coupled between the higher bandwidth client, the lower bandwidth client, the first destination, and the second destination, wherein the higher bandwidth client is configured to send first traffic, aggregated across the multiple physical channels, to the first destination and wherein the lower bandwidth client is configured to send second traffic, concurrently with sending the first traffic, from the lower bandwidth client, dispersed over two or more of the multiple physical channels, to the second destination.

Methods for removing a middlebox from a network connection include determining a degree of mismatch between a sequence number in a first connection between the middlebox and a client and a sequence number in a second connection between the middlebox and a server, delaying acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch, and establishing a direct connection between the client and the server without mediation by the middlebox when the degree of mismatch is zero.

Systems and methods described herein are directed to techniques for selective TCP spoofing of a TCP connection between a first and a second host based on spoofing resource conditions and characteristics of the hosts involved in the TCP connection. In implementations, spoofing resource conditions may be based on a percentage of available resources in use by each of a TCP spoofer and a TCP spoofer peer. In implementations, characteristics of the hosts may be determined by tracking i) each TCP connection application type seen for each host over a time window; and ii) packet loss conditions of local hosts over a time window.

A data transmitter is provided, having: a generator for generating transmission data packets, configured to split a first data packet destined for a first data receiver into at least two transmission data packets, wherein each of the transmission data packets destined for the first data receiver is shorter than the first data packet; a transmission element for transmitting data packets, configured to transmit the at least two transmission data packets destined for the first data receiver via a communications channel with a time gap; wherein the transmission element for transmitting data packets is configured to transmit at least one further transmission data packet to the first data receiver or a second data receiver in the time gap between the at least two transmission data packets destined for the first data receiver.

A data transmitter is provided, having: a generator for generating transmission data packets, configured to split a first data packet into at least three transmission data packets, each of the transmission packets being shorter than the first data packet, the generator being configured to channel-encode the at least three transmission packets such that only a portion thereof is required for decoding the first data packet; a transmission element for transmitting data packets, configured to transmit the at least three transmission packets in a frequency channel via a communications channel with a time gap; a monitor element for monitoring the frequency channel, configured to recognize an interference or transmission of a further data transmitter in the frequency channel; the transmission element being configured not to transmit via the communications channel a packet, waiting for transmission, of the at least three transmission packets if an interference or transmission from a further data transmitter is recognized by the monitor element at the time of transmitting the transmission data packet.

A communication control method comprises transmitting, by a user terminal to a base station, a message including information, where the information indicates a frequency used for receiving a discovery signal from another user terminal in a discovery procedure for discovering a proximal terminal. The communication control method further comprises notifying, by the user terminal, the base station of a resource used in the discovery procedure and included in system information of a cell different from a serving cell of the user terminal.

Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

A method of reducing the bandwidth usage of a network comprises intercepting traffic between a TCP server and a TCP client using TCP protocols that use client acknowledgements; identifying client acknowledgements from the TCP protocols; identifying the sequence number of a last received client acknowledgements from the intercepted traffic; identifying the sequence number of a last sent client acknowledgement from the intercepted traffic; calculating an unacknowledged byte value based on the difference between the last received client acknowledgement sequence number and the last sent client acknowledgement sequence number; comparing the calculated unacknowledged byte value with a predetermined threshold value, to determine whether the calculated unacknowledged byte value is at least as great as the predetermined threshold value; and transmitting the identified client acknowledgements into the network when the compared unacknowledged byte value is at least as great as the predetermined threshold value.