The disclosed systems and methods use a public eNodeB to access a private P-GW, IMS and ePDG for testing purposes. The method of testing a DUT teaches loading the DUT with a designation of a test APN to access through a cellular or WiFi calling network. The APN names a test P-GW controlled by a testing entity—the P-GW name resolvable by accessing a GRX. The test P-GW is specially adapted to testing and providing control over tests. The DUT initiates contact with the network to establish an end-to-end IP connection through the P-GW designated by the APN. The P-GW generates test error conditions and codes during establishment of the connection, and can include attack messages, payloads and recording responses of the DUT to the APN attack messages and payloads. For other tests, the end-to-end connection is established, test traffic is carried over the connection, and test analysis is performed.

A method including receiving to-be-queried domain names; obtaining a query capacity of a preset query group; allocating the domain names to a matching query group according to the query capacity; and querying domain name information of the domain names through a query interface of the matching query group. In one aspect, by flexible domain name allocation, query resources are fully utilized, and the quantity of concurrent domain name queries is increased, thereby improving query efficiency and reducing a query time. In another aspect, queries are performed by using a particular query interface, and settings of the query interface are maintained, thereby avoiding that settings of the query interface need to be switched due to queries for different types of domain names, and improving query efficiency and reducing a query time.

Techniques to facilitate enhanced addressing of local and network resources from a computing system are provided herein. In one implementation, a method of mapping a virtual address space for an application on a computing system includes in response to initiating the application, identifying access information for at least one configuration resource. The method further includes transferring a request to the at least one configuration resource for a virtual addressing configuration, and receiving the virtual addressing configuration from the at least one configuration resource. The method further provides, based on the virtual addressing configuration, generating a mapping of virtual addresses for the application to local addresses for local resources and network addresses and network addresses for network resources.

In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.

To mitigate attacks utilizing compromised DNS caches, a server gateway provides clients with unique IP addresses to contact the server. Packets sent to a server IP address from a particular client which are not linked to that particular with the server gateway are dropped. Thus, even if a client is compromised, the IP address for the server in the client's DNS cache cannot be used by other machines or virtual machines. With a one to one client to server IP address relationship, malicious actors cannot use numerous machines or virtual machines to overload the server with requests.

Aspects of the disclosure are directed to systems, network nodes, and methods performed in a network node. A network node can host a TCP/ICN proxy for routing TCP packets through an ICN network. The network node can serve as a forward proxy or a reverse proxy. As a forward proxy, the network node can receive a first packet at the network node, the first packet compliant with a Transmission Control Protocol (TCP) protocol; encapsulate one or more TCP headers from the first packet into a payload field of a second packet, the second packet compliant with an Information Centric Networking (ICN) protocol; and transmit the second packet to a destination through an ICN network. As a reverse proxy, the network node can receive an ICN packet from an ICN network, decapsulate the ICN packet to its TCP components, and transmit the TCP packet through a TCP network.

Examples include techniques for virtual Ethernet switching of a multi-node fabric. In some examples, first Ethernet links coupled with a group of Ethernet gateways are link aggregated. The group of Ethernet gateways couple with respective individual physical switch ports of a fabric switch of a multi-node fabric to form a default logical gateway to provide an uplink between a virtual Ethernet switch and an Ethernet network external to the multi-node fabric. Also, one or more individual Ethernet gateways coupled with respective individual physical switch ports of the fabric switch may be arranged to provide one or more respective downlinks between the virtual Ethernet switch and one or more Ethernet nodes external to the multi-node fabric via respective second Ethernet links coupled with the one or more individual Ethernet gateways.

In one embodiment, a device in a first network receives traffic flow information regarding a plurality of traffic flows in the first network. The device labels the traffic flow information by associating classifier labels to the traffic flow information. The device receives a generic traffic classifier that was trained using a training data set that comprises labeled traffic flow information for a plurality of other networks and excludes the traffic flow information regarding the plurality of traffic flows in the first network. The device acclimates the generic traffic classifier to the first network using the labeled traffic flow information regarding the plurality of traffic flows in the first network.

The present disclosure relates to a method, system, and medium to generate a response to a client device in an IoT domain. The disclosed system can receive a request, which includes a resource parameter in a plural form, from a client device to retrieve information from an IoT API. The system then derives a singular form of the resource parameter. Also, the system inquires to the IoT API whether the singular form of the resource parameter is a valid object type in an IoT domain. If so, the system retrieves information about a plurality of objects corresponding to the valid object type, and generates a response comprising the information about the plurality of objects to the client device.