A method, computer program product and a user equipment (UE) are provided for assisting a user equipment (UE) in selecting a network function. A first message is received from the UE. The first message includes UE request capabilities. A second message is sent to the UE. The second message includes an indication that promotes the UE attempting to connect to a particular Public Land Mobile Network (PLMN) using a network function belonging to the particular PLMN.

Systems, methods, and apparatus to identify media presentation devices are disclosed. An example method includes associating a domain name service query received at a pseudo DNS server with a media exposure measurement location based on a public Internet Protocol address of the received domain name service query, wherein the pseudo DNS server does not provide domain name-to-IP address translation, and wherein the pseudo DNS server is to receive the domain name service query and transmit a redirect message identifying a conventional DNS server. The example method further includes crediting the media exposure measurement location with accessing media identified based on the domain name service query.

Systems, methods, and apparatus to identify media presentation devices are disclosed. An example method includes associating a domain name service query received at a pseudo DNS server with a media exposure measurement location based on a public Internet Protocol address of the received domain name service query, wherein the pseudo DNS server does not provide domain name-to-IP address translation, and wherein the pseudo DNS server is to receive the domain name service query and transmit a redirect message identifying a conventional DNS server. The example method further includes crediting the media exposure measurement location with accessing media identified based on the domain name service query.

Network equipment for processing a request from a terminal configured to be connected to a network to which the network equipment can be connected is described. The network equipment includes a receiver configured to receive, from the terminal, a message part of the processing request, a relay agent configured to provide a network identification information into the received message, and a load balancer configured to forward the received message to one of a plurality of processing units of the network equipment, depending on workload information associated with the processing units. The processing units are further configured to retrieve, based on the network identification information extracted from the received message, context information from a database unit shared between the processing units and to process the received message according to a state of the processing request, the processing request state being retrieved from the context information.

Example embodiments disclosed herein relate to monitoring Dynamic Device Configuration Protocol offers via a control plane. In one example, an address range or multiple address ranges for sources of the Dynamic Device Configuration Protocol offers can be tracked. In this example, an anomaly can be determined based on one of the Dynamic Device Configuration Protocol offers and the address range(s).

Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the DHCP server to the one or more host devices. The mapping is relayed directly or indirectly to a network security device. Network traffic management/security policies are defined within the network security device corresponding to at least one of the unique physical addresses.

A method, apparatus and product for sub-networks based cyber security. One method for managing a local network, which is divided into subnets, comprises: monitoring communication traffic of devices in each of the subnets; performing anomaly detection to detect an abnormal communication of a device connected to a subnet; blocking the abnormal communication of the device; and removing the device from the subnet and connecting the device to a quarantine subnet of the local network, whereby reducing connectivity of the device with other devices connected to the local network.

Aspects of methods and systems for frequency multiplexing suitable for Data Over Cable Service Interface Specification (DOCSIS) are provided. A system for multiplexing signals according to frequency comprises a DOCSIS port interface, an upstream interface, a downstream interface, and a circulator subsystem. The DOCSIS port interface comprises a plurality of channel filters. The upstream interface is operably coupled to a first channel filter of the plurality of channel filters, and the downstream interface is operably coupled to a second channel filter of the plurality of channel filters. The circulator subsystem is able to direct a first signal from the upstream interface to the DOCSIS port interface and is able to direct a second signal from the DOCSIS port interface to the downstream interface.

MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. A computer system generates artificial requests for network configuration information and monitors responses. Multiple responses indicate a MITM attack. Responses that are different from previously-recorded responses also indicate a MITM attack. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.

An electronic apparatus for establishing a Dual-Stack Lite (DS-lite) tunnel is provided. The apparatus sends a request for an Internet Protocol (IP) address of a Domain Name System (DNS) server and a domain name of an Address Family Transition Router (AFTR) server to a Dynamic Host Configuration Protocol (DHCP) server using an IP address of the DHCP server, receives the IP address of the DNS server and the domain name of the AFTR server from the DHCP server in response to the request, sends a DNS query including the domain name of the AFTR server to the DNS server using the IP address of the DNS server. In response to the DNS query being successful, the apparatus receives an IP address of the AFTR server from the DNS server, and establishes the DS-lite tunnel between the apparatus and the AFTR server using the IP address of the AFTR server.