A wireless mesh network is configured to implement a latency-sensitive communication protocol in order to facilitate data communications between devices coupled to that network and configured to communicate with one another based on that protocol. Specifically, a node within the wireless mesh network receives a continuous stream of data that includes an N-bit sequence from an upstream device coupled to the wireless mesh network. The node transmits the N-bit sequence to a downstream node within the wireless mesh network. The downstream node re-creates the continuous stream of bits based on the received N-bit sequence, and then transmits the re-created continuous stream of bits to another device coupled to the wireless mesh network. By operating in conjunction with one another, the nodes within the wireless mesh network facilitate communication between the devices coupled to wireless mesh network according to the latency-sensitive communication protocol.

A queue management method, system, and recording medium include Selective Acknowledgments (SACK) examining to examine SACK blocks of the forwarder to selectively drop packets in the forward flow queue based on a reverse flow queue and MultiPath Transmission Control Protocol (MPTCP) examining configured to examine multipath headers to recognize MPTCP flows and examine the reverse flow queue to determine if redundant data has been sent such that the dropping drops the redundant data.

Methods, systems, and computer readable media can be operable to facilitate the spoofing of domain name system requests by a customer premise equipment (CPE) device. The CPE device may detect and block a DNS (domain name system) request received from a client device, and the CPE device may generate a DNS response that includes a pre-configured redirect address. The CPE device may block an identified DNS request when the CPE device is unable to retrieve content associated with the DNS request. The CPE device may output the DNS response to the client device from which the DNS request was received, and in response, the client device may output a request on the pre-configured redirect address that is included within the DNS response. The redirect address may direct the client device to an alternate content source.

Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

Middleboxes include a processor configured to determine a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device. A network control module is configured to delay acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers and to establish a direct connection between the client device and the server device without mediation by the middlebox upon a determination that the degree of mismatch between sequence numbers is zero.

Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

A method of reducing the bandwidth usage of a network comprises intercepting traffic between a TCP server and a TCP client using TCP protocols that use client acknowledgements; identifying client acknowledgements from the TCP protocols; identifying the sequence number of a last received client acknowledgements from the intercepted traffic; identifying the sequence number of a last sent client acknowledgement from the intercepted traffic; calculating an unacknowledged byte value based on the difference between the last received client acknowledgement sequence number and the last sent client acknowledgement sequence number; comparing the calculated unacknowledged byte value with a predetermined threshold value, to determine whether the calculated unacknowledged byte value is at least as great as the predetermined threshold value; and transmitting the identified client acknowledgements into the network when the compared unacknowledged byte value is at least as great as the predetermined threshold value.

A system includes a server; a plurality of wireless networks coupled to the server; and one or more mobile devices coupled to the wireless networks with intermittent access to the wireless networks, the plurality of wireless networks providing data communication between client and server applications over multiple available connections.