This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer-readable media, for tracking network traffic for local area network (LAN) subnets in a wireless wide area network (WWAN). In some implementations, a UE of the WWAN may assign a unique public IP address to each router of the LAN. The UE may transmit network traffic received from the LAN to the WWAN. The network traffic originating from any router of the LAN may be associated with the unique public IP address that was assigned to that router. The WWAN may use the unique public IP addresses to generate network traffic information that may indicate amounts of network traffic flowing from each router of the LAN. The WWAN, for example, may use the network traffic information to determine billing information for any router in the LAN.

Examples include a computing system having a plurality of processing cores and a memory coupled to the plurality of processing cores. The memory has instructions stored thereon that, in response to execution by a selected one of the plurality of processing cores, cause the following actions. The selected processing core to receive a packet and get an original tuple from the packet. When no state information for a packet flow of the packet exists in a state table, select a new network address as a new source address for the packet, get a reverse tuple for a reverse direction, select a port for the packet from an entry in a mapping table based on a hash procedure using the reverse tuple, and save the new network address and selected port. Translate the packet's network address and port and transmit the packet.

The disclosure relates to an electronic apparatus and a method of controlling the same. The electronic apparatus includes: a communication interface; and a processor configured to receive log data of a plurality of devices connected to a network through the communication interface, acquire operation time information of each of the devices from the received log data, calculate similarity of the operation time between the plurality of devices based on the acquired operation time information, and determine a device group including two or more devices with relatively high calculated similarity among the plurality of devices.

A method for filtering internet traffic is provided. The method may include using a private network for receiving a request message from an electronic device within the private network and identifying the type of the electronic device. When the electronic device is identified as a non-IoT type device, the method may include transmitting the request message through the non-IoT output channel and when the electronic device is identified as an IoT type device the method may include transmitting the request message through the IoT output channel. The method may further include using an IP address filter gateway for filtering incoming traffic to a web server, the filtering may include granting device access to the web server when the request message is received through the non-IoT output channel and denying access to the web server when the request message is received through the IoT output channel.

Systems and methods for altering the character of data originating from a Virtual Private Network (VPN) are provided. First data is received from the VPN by a first network interface. The first data comprises a first plurality of packets. A message is generated by combining the first plurality of packets. Second data is generated by segmenting the message into a second plurality of packets. A third plurality of packets in the second plurality of packets is equal to the network maximum transfer unit allowed by the Internet and the last packet in the second plurality of packets is less than the network maximum transfer unit allowed by the Internet. The second data is forwarded to the second network interface. The second network interface sends the data to a web server.

A method and system for detection of malicious network resources in a distributed computer system are provided. The method comprises: receiving, by a first computing device, disposed inside the distributed computer system, an outbound traffic, detecting, by the first computing device, a suspicious external IP address in the outbound traffic, scanning, by the first computing device, a suspicious device located at the suspicious IP address to obtain a list of services running thereon, transmitting, by the first computing device, the suspicious IP address and the list of services to a second computing device disposed outside the distributed computer system, comparing, by the second computing device, the list of services with known malicious services, and in response to a match between at least one service from the list of services and a respective one of the known malicious services: determining the suspicious device, at the suspicious IP address, as being malicious.

A method in a cloud network to detect compromises within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network. The method includes receiving, at a tunnel gateway server within the cloud network, a first set of packets via a tunnel across a public network from a first server within the enterprise network, where the first set of packets were generated responsive to the first server receiving a second set of packets that originated from within the enterprise network and that included data and a source enterprise network address, where the first set of packets does not include the source enterprise network address and the data includes a token. The method further includes transmitting, by the tunnel gateway server, the data within a third set of packets to a second server that acts as if it were an enterprise server within the enterprise network.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

The present disclosure envisages enforcing micro-segmentation policies on a user computer that intermittently migrates between a secured enterprise network and an unsecured network, for instance, a public network. The present disclosure envisages switching between appropriate micro-segmentation policies, in-line with the change in the current location of the user device, the change triggered by the user device migrating from the enterprise network to an unsecured network or vice-versa. The present disclosure envisages selectively enforcing micro-segmentation policies upon a user device based on the current location thereof, such that the micro-segmentation policies and the corresponding access permissions assigned to the user device differ in line with the current location of the user device, thereby exposing sensitive enterprise resources, forming a part of the enterprise network, in a selective and restricted manner, in line with the micro-segmentation policies enforced upon the user device based primarily on the current location of the user device.