Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Technology described herein determines whether a device is Internet facing. An Internet facing device is a device where traffic coming from the Internet is routable to the device. The technology described herein may comprise two components that work together to identify Internet-facing devices. The first component is a monitoring agent installed on organizational devices. The second component is an Internet-facing management service, which may be cloud based. The monitoring agent communicates connection-event notices to the Internet-facing management service. The source IP address in the connection-event notice is compared to a list of organizational IP addresses. If the source IP address is not on the list, then the computing device associated with the notice is added to a list of Internet-facing devices because the connection originated from the Internet. Software listed in the connection-event notice may be added to a list of internet-facing software instances.

A system described herein may provide a technique for providing updated address mapping information associated with a service mesh via which one or more containerized instances communicate. The system may include and/or implement an application programming interface (“API”) via which the service mesh may provide address mapping information, that includes public and private addresses associated with containerized instances that communicate via the service mesh. The updated information may be received on an ongoing basis, and may be provided to another system that has subscribed to receiving updated mapping information associated with one or more containerized instances.

The present invention relates to systems and methods for matching and collecting user data and/or user device data within a current Internet access session of a user for use by user notification systems that generate, distribute and display informational messages over the Internet. The system comprises a source data reception unit configured to receive a source IP address and a source user device port matched with the translated IP address and with the translated port of the operator or the provider from the NAT service, and a data matching unit configured to match user data and/or user device data from all available sources, including but not limited to operator or provider databases, using the received source IP address and the received user device port. Advantageously, the invention provides delivery of informational messages based on collected/matched user data and/or user device data provided according to the present system to the maximum number of real identified users.

A network device for use with a client device and a cable modem termination system (“CMTS”), the client device being configured to run applications requiring data traffic of a first and second quality of service (“QoS”). The CMTS is configured to provide a first service flow and a second service flow to the network device. The network device provides a local area network (“LAN”) for connection to the client device and a network address translation (“NAT”). The NAT is configured to map the network device IP address to the client device IP address; divide the source ports into a first range and a low latency range; assign the respective data traffic of the applications to at least one port within the first range and to at least one port within the low latency range; and modify the low latency range of source ports based on a change in data traffic.

Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling network path probing with a communications device by sending probes via a network connection to a STUN server and receiving probe replies. The communications device may increment a counter and transmit a test probe configured to be dropped at the first access point (NAT) causing all subsequent NATs to release their IP/port mappings. The communications device may send another probe to the STUN server and receive a probe reply. The communications device may compare the first and second probe replies to determine whether the final IP addresses within the network path match. By continuously incrementing the counter and querying access points, the communications device may determine the number of access points lay along any given network path. The presence of addition or unexpected numbers of NAT Servers may indicate the presence of a rogue access point.

Technology described herein determines whether a device is Internet facing. An Internet facing device is a device where traffic coming from the Internet is routable to the device. The technology described herein may comprise two components that work together to identify Internet-facing devices. The first component is a monitoring agent installed on organizational devices. The second component is an Internet-facing management service, which may be cloud based. The monitoring agent communicates connection-event notices to the Internet-facing management service. The source IP address in the connection-event notice is compared to a list of organizational IP addresses. If the source IP address is not on the list, then the computing device associated with the notice is added to a list of Internet-facing devices because the connection originated from the Internet. Software listed in the connection-event notice may be added to a list of internet-facing software instances.

Presented herein are embodiments that provide mobile edge computing (MEC) with low latency traffic segregation within a packet data network (PDN) using dedicated bearers. Techniques are provided that are performed at an edge user plane entity and a control plane entity to coordinate the directing of low latency traffic over a dedicated bearer broken out at the edge, and to communicate normal latency traffic over a default bearer that is centrally broken out.

In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

This application provides a communication method, a CP device, and a NAT device; pertains to the field of communication technologies; and relate to a scenario of performing NAT tracing based on a CU-separated BNG. The CP device delivers, to the NAT device, an IP address assigned to a user. Under a trigger condition of receiving the IP address delivered by the CP device, the NAT device assigns a public network IP address to the user, and reports the public network IP address to the CP device. The CP device adds, to an accounting packet, the IP address assigned by the CP device and the public network IP address assigned by the NAT device, and sends the accounting packet to a RADIUS server, to report the public network IP address to the RADIUS server, so that the NAT tracing is performed on the RADIUS server.