A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

A method includes: When receiving at least one policy, a first network device sends one or more policies in the at least one policy to a second network device based on filtering information. The filtering information includes a policy address family identifier and a device identifier of the second network device.

A computer-implemented method includes: (i) receiving location information that represents a physical location of a user; (ii) receiving first sensor data that has been generated by a sensor on a client device of the user; (iii) in response to receiving the first sensor data, obtaining second sensor data that has been generated by a sensor on a sensor device and that represents an environmental condition of an area around the physical location; (iv) determining whether the first sensor data matches the second sensor data; and (v) in response to determining that the first sensor data matches the second sensor data, determining that the user is authentic.

A method and system for characterizing application layer flood denial-of-service (DDoS) attacks carried by advanced application layer flood attack tools. The method comprises receiving an indication on an on-going DDoS attack directed toward a protected entity; analyzing requests received during the on-going DDoS attack to determine a plurality of different attributes of the received requests; generating a dynamic applicative multi-paraphrase signature by clustering at least one value of the plurality of different attributes, wherein the multi-paraphrase signature characterizes requests with different attributes as generated by an advanced application layer flood attack tool executing the on-going DDoS attack; and characterizing each incoming request based on the multi-paraphrase signature, wherein the characterization provides an indication for each incoming request whether a request is generated by the attack tool.

A VPN servers request is transmitted from a user device to a central server. A first VPN server is received from the central server at the user device. Responsive to the user device failing to establish a first encrypted tunnel with the first VPN server, a request for another VPN server is transmitted from the user device to the central server. A second VPN server is received from the central server. A second encrypted tunnel is established with the second VPN server. An encrypted communication is obtained by encrypting a communication directed to a network server. The encrypted communication is transmitted from the user device to the VPN second server.

Embodiments of the present disclosure disclose a method, apparatus, device, and storage medium for processing a network request. The method comprises: activating a domain name server proxy based on local socket service in a preset application; in accordance with a determination that the preset application invokes a preset connect function, acquiring the preset connect function and replacing a destination file path in the preset connect function with a target file path corresponding to the domain name server proxy to establish a connection between the preset application and the domain name server proxy, wherein the target file path is pre-written in the preset application; receiving via the domain name server proxy a network request from the preset application, and parsing a domain name of the network request, and determining a first processing way of the network request based on a result of the parsing of the domain name. With the above technical solution, the domain name server proxy is implemented inside the application, and all network requests are taken over from the parsing of the domain name, which facilitates comprehensive detection and control of network traffic and avoidance of omissions.

A client node (CN) requests content from an access node (AN). Rule set ACR_CN is provided to CN and AN and ACR_AN is used by AN. A request sent by CN in violation of ACR_CN may be blocked and cause AN to block subsequent requests from CN that would be allowed per ACR_CN. A request blocked according to ACR_AN but not ACR_CN is blocked but subsequent requests may still be allowed according to ACR_CN and ACR_AN. Authenticated distribution of the ACR_CN and ACR_AN may be performed in cooperation with a controller using authenticated tokens (AT).

A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a second server device hosting the source virtual machine, compare the second tunnel identifier with the first tunnel identifier to determine whether the tunnel on which the first inbound packet was received is the same as a tunnel used for forwarding traffic to the source virtual machine, and drop the inbound packet when the second tunnel identifier does not match the first tunnel identifier.

A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.

In an example, a security service providing system receives a service request for requesting security service for a target flow, determine a security device for providing security service for the target flow and first service configuration information and next-hop information of the security device according to security service information carried in the service request, and configure the first service configuration information and the next-hop information of the security device onto the security device, so that the security device provides security service to the target flow according to the first service configuration information and forwards the target flow according to the next-hop information