TREA

Methods and system for returning requests with javascript for clients before passing a request to a server

Follow

Information

  • Patent Grant
  • 11108815
  • Patent Number
    11,108,815
  • Date Filed
    Thursday, December 19, 2019
    4 years ago
  • Date Issued
    Tuesday, August 31, 2021
    3 years ago
Information
Abstract
Identifying potential network attacks on servers and protecting the servers from those potential attacks until the associated client requests can be confirmed as either legitimate or an actual attack is disclosed. Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associated server.
Description
TECHNOLOGICAL FIELD

The technology generally relates to network communication security, and more particularly, to identifying and thwarting network attacks, such as DoS and DDoS attacks.


BACKGROUND

With the widespread use of Web based applications and the Internet in general, concerns have been raised with the availability of servers in view of malicious attacks from client devices requesting access to servers. Such attacks may include brute force attempts to access the server or so-called denial of service attacks. A denial-of-service attack (DoS attack) and distributed denial-of-service attack (DDoS attack) are attempts to make a computer server unavailable to its intended users. A denial of service attack is generally a concerted, malevolent effort to prevent an Internet site or service from functioning.


DoS and DDoS attacks typically target sites or services hosted on high-profile Web servers such as banks, credit card payment gateways and root servers. One common method of attack involves saturating the target machine with external communication connection requests such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by forcing the targeted server computer to reset or consume its resources to the point of interrupting communications between the intended users and servers.


Denial of service attacks and brute force attacks depend on client devices mimicking legitimate requests to tie up server resources. In order to prevent such attacks, network firewalls may be used to intercept traffic to a networked server and attempt to filter out malicious packets. Unfortunately, many current firewalls typically cannot distinguish between legitimate requests that are originated by legitimate users and transactions that are originated by attackers.


SUMMARY

According to one example, a method for protecting a server from network based attacks from a client device requesting access to the server is disclosed. A request to access the server is received. The request is returned to the client device with a client side language script to be executed by the requesting client device. A returned request is received at the server indicating execution of the client side language script by the client device. The returned request is allowed to be processed by the server.


According to another example, a machine readable medium having stored thereon instructions for applying a client side language script to server requests for access to a server is disclosed. The machine readable medium includes machine executable code which when executed by at least one machine, causes the machine to receive a request from a client device to access a server based application. The code causes the machine to return the request to the client device with a client side language script to be executed by the client device. The code causes the machine to receive a returned request indicating execution of the client side language script by the client device. The code causes the machine to send the returned request to the server.


Another example disclosed is a network traffic device for protection against attacks from a client device requesting access to a server. The network traffic device includes a server interface coupled to the server. A network interface is coupled to the client device via a network. The network interface receives a request from the client device requesting access to the server. A controller is coupled to the server interface and the network interface. The controller is operative to return the request to the client device with a client side language script to be executed by the client device. The network interface receives a returned request indicating execution of the client side language script and the controller sends the returned request to the server.


Additional aspects will be apparent to those of ordinary skill in the art in view of the detailed description of various embodiments, which is made with reference to the drawings, a brief description of which is provided below.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a diagram of an example system environment that includes a network traffic management device configured to identify and diffuse network attacks;



FIG. 2 is a block diagram of the network traffic management device shown in FIG. 1; and



FIGS. 3-4 are examples of flow chart diagrams depicting portions of processes for identifying and diffusing network attacks.





While these examples are susceptible to illustration in many different forms, there is shown in the drawings and will herein be described in detail several examples with the understanding that the present disclosure is to be considered as an exemplification and is not intended to limit the broad aspect to the illustrated examples.


DETAILED DESCRIPTION

Currently, network attacks, such as denial of service (DoS) and distributed denial of service (DDoS) attacks, are levied against network resources, such as applications running on targeted servers, server machines themselves, or particular Web page resources targeted on servers. The attacks generally involve saturating servers with artificial or illegitimate requests for the targeted resource using automated applications, such as Botnets, to essentially tie up the server resources and render the target unavailable to its intended users, such as legitimate requesting clients. Thus, these types of attacks focus on placing a burden on the server rather than the client devices originating the attacks. Some network attack prevention solutions mitigate these attacks using techniques employed at Layer 4 of the OSI layer, but these solutions are not application aware and thus are not able to more precisely detect such attacks. Such solutions also require server resources to process requests to a server and therefore do not thwart large scale attacks, such as DoS attacks.


Referring now to FIG. 1, an example system environment 100 employs a network traffic management device 110 that is capable of identifying and thwarting or diffusing these types of network attacks in an effective manner. The example system environment 100 includes one or more Web application servers 102, one or more client devices 106 and the traffic management device 110, although the environment 100 could include other numbers and types of devices in other arrangements. The traffic management device 110 is coupled to the web application servers 102 via local area network (LAN) 104 and client devices 106 via network 108. Generally, requests sent over the network 108 from client devices 106 towards Web application servers 102 are received by traffic management device 110. Before the network traffic management device 110 forwards requests to the appropriate Web application servers 102, the device 110 identifies potential attacks and forwards legitimate requests to the servers 102, as will be described in further detail below in connection with FIGS. 3-4.


Client devices 106 comprise computing devices capable of connecting to other computing devices, such as network traffic management device 110 and Web application servers 102, over wired and/or wireless networks, such as network 108, to send and receive data, such as for Web-based requests, receiving responses to requests and/or for performing other tasks in accordance with the processes described below in connection with FIGS. 3-4, for example. Non-limiting and non-exhausting examples of such devices include personal computers (e.g., desktops, laptops), mobile and/or smart phones and the like. In this example, client devices 106 run Web browsers that may provide an interface for operators, such as human users, to interact with for making requests for resources to different web server-based applications or Web pages via the network 108, although other server resources may be requested by clients. One or more Web-based applications may run on the Web application server 102 that provide the requested data back to one or more exterior network devices, such as client devices 106.


Network 108 comprises a publicly accessible network, such as the Internet in this example, which includes client devices 106, although the network 108 may comprise other types of private and public networks that include other devices. Communications, such as requests from clients 106 and responses from servers 102, take place over the network 108 according to standard network protocols, such as the HTTP and TCP/IP protocols in this example, but the principles discussed herein are not limited to this example and can include other protocols. Further, it should be appreciated that network 108 may include local area networks (LANs), wide area networks (WANs), direct connections and any combination thereof, and other types and numbers of network types. On an interconnected set of LANs or other networks, including those based on differing architectures and protocols, routers, switches, hubs, gateways, bridges, and other intermediate network devices may act as links within and between LANs and other networks to enable messages and other data to be sent from and to network devices. Also, communication links within and between LANs and other networks typically include twisted wire pair (e.g., Ethernet), coaxial cable, analog telephone lines, full or fractional dedicated digital lines including T1, T2, T3, and T4, Integrated Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs), wireless links including satellite links and other communications links known to those skilled in the relevant arts. In essence, the network 108 includes any communication medium and method by which data may travel between client devices 106, Web application servers 102 and network traffic management device 110, and these examples are provided by way of example only.


LAN 104 comprises a private local area network that includes the network traffic management device 110 coupled to the one or more servers 102, although the LAN 104 may comprise other types of private and public networks with other devices. Networks, including local area networks, besides being understood by those skilled in the relevant arts, have already been generally described above in connection with network 108, and thus will not be described further here.


Web application server 102 comprises one or more server computing machines capable of operating one or more Web-based applications that may be accessed by network devices in the network 108, such as client devices 106, via the network traffic management device 110, and may provide other data representing requested resources, such as particular Web page(s), image(s) of physical objects, and any other objects, responsive to the requests, although the server 102 may perform other tasks and provide other types of resources. It should be noted that while only two Web application servers 102 are shown in the environment 100 depicted in FIG. 1, other numbers and types of servers may be coupled to the network traffic management device 110. It is also contemplated that one or more of the Web application servers 102 may be a cluster of servers managed by the network traffic management device 110.


As per the TCP/IP protocols, requests from the requesting client devices 106 may be sent as one or more streams of data packets over network 108 to the traffic management device 110 and/or the Web application servers 102 to establish connections, send and receive data for existing connections, and for other purposes. It is to be understood that the one or more Web application servers 102 may be hardware and/or software, and/or may represent a system with multiple servers that may include internal or external networks. In this example, the Web application servers 102 may be any version of Microsoft® IIS servers or Apache® servers, although other types of servers may be used. Further, additional servers may be coupled to the network 108 and many different types of applications may be available on servers coupled to the network 108.


Each of the Web application servers 102 and client devices 106 may include one or more central processing units (CPUs), one or more computer readable media (i.e., memory), and interface systems that are coupled together by internal buses or other links as are generally known to those of ordinary skill in the art; as such, they will not be described further here.


As shown in the example environment 100 depicted in FIG. 1, the network traffic management device 110 is interposed between client devices 106 in network 108 and Web application servers 102 in LAN 104. Again, the environment 100 could be arranged in other manners with other numbers and types of devices. Also, the network traffic management device 110 is coupled to network 108 by one or more network communication links and intermediate network devices, such as routers, switches, gateways, hubs and other devices (not shown). It should be understood that the devices and the particular configuration shown in FIG. 1 are provided for exemplary purposes only and thus are not limiting.


Generally, the network traffic management device 110 manages network communications, which may include one or more client requests and server responses, from/to the network 108 between the client devices 106 and one or more of the Web application servers 102 in LAN 104 in these examples. These requests may be destined for one or more servers 102, and, as alluded to earlier, may take the form of one or more TCP/IP data packets originating from the network 108, passing through one or more intermediate network devices and/or intermediate networks, until ultimately reaching the traffic management device 110, for example. In any case, the network traffic management device 110 may manage the network communications by performing several network traffic related functions involving the communications, such as load balancing, access control, and validating HTTP requests using JavaScript code sent back to requesting client devices 106 in accordance with the processes described further below in connection with FIGS. 3-4, for example.


Referring now to FIG. 2, an example network traffic management device 110 includes a device processor 200, device I/O interfaces 202, network interface 204 and device memory 218, which are coupled together by bus 208, although the device 110 could include other types and numbers of components.


Device processor 200 comprises one or more microprocessors configured to execute computer/machine readable and executable instructions stored in device memory 218 to implement network traffic management related functions of the network traffic management device 110 in addition to implementing security module 210 to perform one or more portions of the processes illustrated in FIGS. 3-4 for protecting servers against denial of service attacks, although processor 200 may comprise other types and/or combinations of processors, such as digital signal processors, micro-controllers, application specific integrated circuits (“ASICs”), programmable logic devices (“PLDs”), field programmable logic devices (“FPLDs”), field programmable gate arrays (“FPGAs”), and the like, programmed or configured according to the teachings as described and illustrated herein with respect to FIGS. 3-4.


Device I/O interfaces 202 comprise one or more user input and output device interface mechanisms, such as a computer keyboard, mouse, display device, and the corresponding physical ports and underlying supporting hardware and software to enable the network traffic management device 110 to communicate with the outside environment for accepting user data input and to provide user output, although other types and numbers of user input and output devices may be used. Alternatively or in addition, as will be described in connection with network interface 204 below, the network traffic management device 110 may communicate with the outside environment for certain types of operations (e.g., configuration) via a network management port, for example.


Network interface 204 comprises one or more mechanisms that enable network traffic management device 110 to engage in TCP/IP communications over LAN 104 and network 108, although the network interface 204 may be constructed for use with other communication protocols and types of networks. Network interface 204 is sometimes referred to as a transceiver, transceiving device, or network interface card (NIC), which transmits and receives network data packets to one or more networks, such as LAN 104 and network 108 in this example; and where the network traffic management device 110 includes more than one device processor 200 (or a processor 200 has more than one core), each processor 200 (and/or core) may use the same single network interface 204 or a plurality of network interfaces 204. Further, the network interface 204 may include one or more physical ports, such as Ethernet ports, to couple the network traffic management device 110 with other network devices, such as Web application servers 102. Moreover, the interface 204 may include certain physical ports dedicated to receiving and/or transmitting certain types of network data, such as device management related data for configuring the network traffic management device 110.


Bus 208 may comprise one or more internal device component communication buses, links, bridges and supporting components, such as bus controllers and/or arbiters, which enable the various components of the network traffic management device 110, such as the processor 200, device I/O interfaces 202, network interface 204, and device memory 218, to communicate, although the bus may enable one or more components of the network traffic management device 110 to communicate with components in other devices as well. By way of example only, example buses include HyperTransport, PCI, PCI Express, InfiniBand, USB, Firewire, Serial ATA (SATA), SCSI, IDE and AGP buses, although other types and numbers of buses may be used and the particular types and arrangement of buses will depend on the particular configuration of the network traffic management device 110.


Device memory 218 comprises computer readable media, namely computer readable or processor readable storage media, which are examples of machine-readable storage media. Computer readable storage/machine-readable storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable/machine-executable instructions, data structures, program modules, or other data, which may be obtained and/or executed by one or more processors, such as device processor 200, to perform actions, including implementing an operating system for controlling the general operation of network traffic management device 110 to manage network traffic and implementing security module 210 to perform one or more portions of the processes illustrated in FIGS. 3-4 for protecting servers against DoS attacks, for example, although some or all of the programmed instructions could be stored and/or executed elsewhere, for example.


Examples of computer readable storage media include RAM, BIOS, ROM, EEPROM, flash/firmware memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information, including data and/or computer/machine-executable instructions, and which can be accessed by a computing or specially programmed device, such as network traffic management device 110. When the instructions stored in device memory 218 are run by the device processor 200, the network traffic management device 110 implements the security module 210 and performs at least a portion of the processes in FIGS. 3-4 and the various network traffic management related functions, including firewall functions, server load balancing functions, device configuration functions (e.g., defining network security policies), and other functions.


Security module 210 is depicted in FIG. 2 as being within memory 218 for exemplary purposes only; it should be appreciated the module 210 may be alternatively located elsewhere. Generally, when instructions embodying the security module 210 are executed by the device processor 200, the network traffic management device 110 identifies and diffuses potential or suspected network attacks on the server 102 by placing additional burdens on the suspected attacking client devices 106. The security module 210 identifies network communications that may include network attacks, or at least suspected network attacks, using information obtained by the security module 210 to analyze collected data regarding particular clients, such as client devices 106, client requests destined for particular servers, such as the server 102, or particular resources made available by particular servers that have been requested, for example.


The security module 210 also uses additional information obtained by further analyzing collected data to identify latencies associated with particular servers, server applications or other server resources, page traversal rates, client device fingerprints and access statistics that the security module 210 may analyze to identify anomalies indicative to the module 210 that there may be an attack. The security module 210 also analyzes collected data to obtain information the security module 210 may use to identify particular servers and/or server applications and resources on particular servers, such as Web application server 102, being targeted in network attacks, so the module 210 can handle the attack in the manner described in greater detail herein below in connection with FIGS. 3-4.


Upon identifying suspected network attacks, the security module 210 may initially prevent the associated requests from reaching the server 102 so the security module 210 may determine whether a request is indeed a network attack or is a legitimate request. Instead of forwarding the request on to the potential target of an attack (e.g., server device 102), the security module 210 sends a “modified” response back to the potential attacker on behalf of the potential target. The response is “modified” because it does not embody the object or resource itself that is being requested, and that may be the object of the attack itself, but includes information representing instructions (e.g., JavaScript code) to be executed by the potential attacker to perform a challenge, which may or may not yield an expected result, to generate an HTTP cookie for storing any result(s) obtained by performing any such challenges or other information, and to recreate and resend its initial request including any cookies storing challenge results. Further, the challenge comprises Javascript code to be executed by the potential attacker, although other types of challenges could be employed and the code could be expressed in other programming, markup or script languages. Finally, the module 210 responds to the potential attacker with the modified response on behalf of the potentially targeted server (e.g., server device 102) unbeknownst to the attacker. The attacker, however, receives what it would otherwise understand to be a response to its initial request.


If the potential attacker is indeed an actual attacker conducting an automated attack, then the attacker may not execute the challenge (e.g., JavaScript code) included in the modified response received back from the security module 210, or the attacker may execute the challenge but not generate the correct result, and the security module 210 determines it is a confirmed attack and will prevent the target of the attack (e.g., server 102) from being subjected to the request and expending its resources in responding to it.


If the potential attacker is indeed a legitimate requestor and not mounting an attack, it will execute the challenge (e.g., JavaScript code) included in the modified request, which will cause it to resend its initial request and include any results obtained by executing the challenge in a cookie (hereinafter referred to as a “reconstituted request”), although other fingerprints or information that the module 210 will be able to analyze to determine that the associated requestor is legitimate may be used.


Once the security module 210 receives the reconstituted request, it confirms whether any included challenge results are correct and determines whether the potential attacker is indeed a legitimate requestor. It then forwards the request on to the destined server, such as the server 102 in this example. In this manner, legitimate requests are serviced properly without interruption. Additionally, the rate at which requests are forwarded to the server 102 is slowed when requesting client devices 106 process the challenges (e.g., JavaScript) included in the modified responses by the security module 210 prior to resending the modified requests, therefore thwarting denial of service attacks. The attacks may be further slowed if the challenges are signed, since this would force the requestors to calculate the signature. In such a case, the challenge cannot be copied or reverse engineered by the client device 106. The calculation of such a challenge allows a legitimate requestor to access server resources without any interference while attackers are either filtered out or slowed down significantly. The security module 210 therefore gains some control over the rate of requests to the server 102, which provides additional, unexpected utility beyond network security in that it is also useful for enhancing server load balancing.


An alternate procedure may involve the security module 210 returning the request with a string of client side code, such as JavaScript coding, requiring a computational task to be performed by the requesting client device. It is to be understood that other client side languages, such as FLASH, Silverlight, VB script, etc., may be returned with the request. In this example, the JavaScript code may include an onLoad function that would cause the executing client device to execute a test or challenge that authenticates the code in order to increase confidence that the code is proper. The client device 106 receiving the challenge then computes the challenge in the code. The client device 106 may then create a cookie with the results of the challenge and submit a response with the cookie. In this process, the JavaScript may hijack the client device using a command such as onLoad that accesses the client side symbol table. The request may be parsed by the security module 210 and the JavaScript code is injected, which will wrap string related functions/methods with closures such that when those will be called their string arguments will be logged to a data structure which be synchronized back to the server side by Ajax or using a request that serializes the data structure and adds it as a header to the next request made to the server 102.


On receiving the returned request from the network traffic management device 110, the client device 102 may perform the instructions in the embedded JavaScript code if the client device is a legitimate requestor that can execute JavaScript code. Many client devices that may perform attacks, such as denial of service or brute force attacks, may not be capable of processing the JavaScript in the request and therefore will not send a response to the network device 110. Thus, client devices that do not support JavaScript or have JavaScript disabled may have nefarious purposes or intentions, and may not be served by the application server 102. Other client devices that may be attackers will not process the script and therefore not return the correct answer to the challenge. Therefore, the client devices that cannot perform the client side code functionality sent by the security module 210 will not be served by the Web application server 102.


The computational task may include any type of challenge that when executed produces a result that may be checked and confirmed or validated against an expected result. Such computational challenges may include calculating the summation of a string of values, a reverse hash or any other calculations or operations. Further, the computational challenge may include calculations involving multiple iterations to calculate an expected result, although again, different types of challenges may be used. The length, complexity, and type of the challenged calculation is determined by the security module 210 based on one or more configuration settings applied to the network traffic management device 110, and may be adjusted for other enhancing or optimizing other network related functions, such as sever load balancing, for example.


Challenge insertion could be turned on and off for specific server resources, such as Virtual IPs or particular URIs, either manually or automatically according to load balancing policies the network traffic management device 110 may be configured to implement. In this example, the client device 106 is issued a cookie via the injected JavaScript that provides time-limited credentials and is redirected to their original destination.


Once the reconstituted response is returned back to the network traffic management device 110 by the client device 106, the security module 210 may receive the request with a result from the computational task. The security module 210 may then forward the request on to the server 102, effectively allowing the request to be processed by the server 102 upon receiving the request with the result. The security module 210 may also check the result to determine whether the execution of the JavaScript by the client device 106 was performed correctly therefore indicating a legitimate request. In this manner, attacks may be denied because the client device 106 requesting access to the server 102 is forced to perform other computational tasks without taking server computing resources. The delay in processing potential attacks allows the security module 210 to gain control over the rate of the requests from these clients that are processed by the server 102. Further, the computational challenge may obtain information about the user or the user agent of the client device that may be used for identification, validation or personalization. The process may be used to defend the firewall application itself from denial of service attacks directed toward the firewall application.


As noted above, the implementation of the challenge may be executed depending on the security module 210 identifying a potential attack on the server 102. The security module 210 may also measure the delay time of server responses (i.e., latency), and send different challenges in the form of the JavaScript depending on the delay time. For example, if there is a large amount of load on the server (e.g., based on some predefined metric, arbitrary threshold or some selected load value), the security module 210 may distribute the challenges in order to distribute the load of returned responses over non-peak times from server requests, for example.


The security module 210 may allow JavaScript analysis in constructing a security policy by avoiding the server 102 statically analyzing JavaScript. The security module 210 may hijack JavaScript execution events on the client side such as a client device 106 in FIG. 1 and traverse the symbol table so that all executions producing useful policy entities can log these potential policy entities for later sending these extracted policy entities back to the server 102 for security policy purposes. Alternatively, the injected JavaScript code added to the response from the client device 106 may cause the client device to send the absent but required context information from the JavaScript code back to the server 102. This may allow the server 102 to perform more exact JavaScript processing using existing tools. This may also allow processing of the JavaScript code on the server 102 which may reduce risk on exposing JavaScript processing knowledge/needs to curious client devices.


The JavaScript code injected on the request by the security module 210 will hijack events similarly to the client processing but will use them to serialize the client side context. Then this serialization is sent back to the server side where the processing on the JavaScript code (which is part of the client context) is performed by the client device. This solution facilitates not exposing how and what is done with the JavaScript code, which is something that will be exposed in the client side solution. Alternatively a JavaScript enabled browser may be used on the network device 110 that will execute the JavaScript code and extract the required policy entities (without actually sending anything anywhere).


Although an example of the Web application server 102, network traffic device 110, and client devices 106 are described and illustrated herein in connection with FIGS. 1 and 2, each of the computers of the system 100 could be implemented on any suitable computer system or computing device. It is to be understood that the example devices and systems of the system 100 are for exemplary purposes, as many variations of the specific hardware and software used to implement the system 100 are possible, as will be appreciated by those skilled in the relevant art(s).


In addition, two or more computing systems or devices may be substituted for any one of the devices in the example system environment 100. Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices in the example system environment 100. The example system environment 100 may also be implemented on a computer system or systems that extend across any network environment using any suitable interface mechanisms and communications technologies including, for example telecommunications in any suitable form (e.g., voice, modem, and the like), Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.


The operation of the example use of JavaScript for a security policy is shown in FIG. 3 which may be run on the example network traffic device 110, will now be described with reference to FIGS. 1-2 in conjunction with the flow diagram shown in FIG. 3. FIG. 3 is a flow diagram of the process that allows protection of the server 102 from attacks which may occupy server resources such as denial of service or brute force attacks from a networked client device such as the client device 106 in FIG. 1. The network traffic management device 110 may receive a request for access to the server 102 from a client device such as the client device 106 in FIG. 1 over the network 108 (300). The network traffic management device 110 determines whether there is unusually heavy traffic requesting the server or analyzes traffic using other metrics (302). The network traffic management device 110 then determines whether the analysis evidences a possible undergoing attack to tie up server resources such as a denial of service attack (304). If the traffic is within normal parameters, the network traffic management device 110 will not detect a mass attack and will allow the request access to the server (306).


If the traffic data indicates that there is a possible attack, the network traffic management device 110 returns the request to the sending client device embedded JavaScript code in the response (308). After the client device receives the response, it must execute the JavaScript code to resend the request. The network traffic appliance determines whether the resent request is received after the client device executing the JavaScript code (310). If the response is received, the network traffic management device 110 may send the request to the server 102 (306). If no response is received, the network traffic management device 110 ends the routine without requesting access to the server 102 (312). The delay of access to the server as well as the JavaScript slow down malicious requests to the server and therefore thwarts overload attacks such as a denial of server attack.


The operation of the example use of a JavaScript challenge in a request sent back to a client device is shown in FIG. 4, which may be run on the example network traffic device 110, will now be described with reference to FIGS. 1-2 in conjunction with the flow diagram shown in FIG. 4. FIG. 4 is a flow diagram of the process that allows protection of the server 102 from attacks which may occupy server resources such as denial of service or brute force attacks from a networked client device such as the client device 106 in FIG. 1. The network traffic management device 110 may receive a request for access to the server 102 from a client device such as the client device 106 in FIG. 1 over the network 108 (400). The network traffic management device 110 determines whether there is unusually heavy traffic requesting the server or analyzes traffic using other metrics (402). The network traffic management device 110 then determines whether the analysis evidences a possible undergoing attack to tie up server resources such as a denial of service attack (404). If the traffic is within normal parameters, the network traffic management device 110 will not detect a mass attack and will allow the request access to the server (406).


If the traffic data indicates that there is a possible attack, the network traffic management device 110 selects a JavaScript challenge code (408). The selection may be made by simply selecting a default challenge code. Alternatively, the challenge may be selected based on the variable length of the solution if it is desired to balance the load to the server 102. The network traffic management device 110 then returns the request to the sending client device with the embedded JavaScript code challenge in the response (410). In this example, the code challenge may include a command for client device to automatically execute the challenge. The execution of the challenge results in a cookie being included in a response to the network traffic management device 110. The response with the cookie is received by the network traffic management device 110 (412). As noted above, if no response is received, the request is never passed to the server 102 and therefore attacks may be thwarted if the client device is not Java enabled.


Once the response is received, the network traffic management device 110 may compare the data in the cookie (the result of the computational challenge) with the expected results of the computational challenge to determine if the result is correct (414). If the result is correct, the request is sent to the server 102. If the result of the executed challenge code is not correct, the network traffic management device 110 denies the request access to the server 102 (416). The delay of access to the server as well as the computational challenge slow down malicious requests to the server and therefore thwarts overload attacks such as a denial of server attack.


It should be appreciated that one or more of the above-described components of the example network traffic management device 110 could be implemented by software, hardware, firmware, and combinations thereof. Also, some or all of the machine/computer readable and executable instructions, example portions of which are represented by the security module 210 in FIG. 2 and the flowcharts in FIGS. 3-4, may be implemented in cooperation with one or more devices and/or processors in other devices. Further, although the example processes are described with reference to the security module 210 in FIG. 2 and the flowcharts in FIGS. 3-4, persons of ordinary skill in the computer, software and/or networking arts will readily appreciate that many other alternative methods of implementing the example machine readable and executable instructions may be used. For example, the order of execution of the process blocks may be changed, and/or some of the blocks described may be changed, eliminated and/or combined.


Having thus described the basic concepts, it will be rather apparent to those skilled in the art that the foregoing detailed disclosure is intended to be presented by way of example only, and is not limiting. Various alterations, improvements, and modifications will occur and are intended to those skilled in the art, though not expressly stated herein. These alterations, improvements, and modifications are intended to be suggested hereby, and are within the spirit and scope of the examples. Additionally, the recited order of processing elements or sequences, or the use of numbers, letters, or other designations therefore, is not intended to limit the claimed processes to any order except as may be specified in the claims. Accordingly, the disclosed technology is limited only by the following claims and equivalents thereto.

Claims
  • 1. A method for mitigating network-based attacks, implemented by a network traffic management system comprising one or more network traffic management apparatuses, client devices, or server devices, the method comprising: intercepting an initial request from a client for a resource hosted by a server before the initial request reaches the server;responding to the intercepted initial request by sending a client-side script to the client, the client-side script including a computational challenge that when executed by the client causes the client to generate a client-side execution result that is included with a subsequent request from the client for the resource, wherein the computational challenge includes automatically obtaining information about a user of the client from the client, the computational challenge selected from among a plurality of computational challenges based on a variable length of script execution time and a determined latency of a plurality of responses received from the server;intercepting the subsequent request from the client before the subsequent request reaches the server; andin response to determining the intercepted client-side execution result matches an answer to the computational challenge, forwarding the subsequent request to the server.
  • 2. The method of claim 1, further comprising: selecting the computational challenge from among a plurality of computational challenges based on a variable length of script execution time and an amount of loading of the server.
  • 3. The method of claim 1, wherein the client-side execution result is included in a Hypertext Transfer Protocol cookie included with the subsequent request from the client.
  • 4. The method of claim 1, further comprising: selecting the computational challenge from among a plurality of computational challenges having a distribution of execution times so that a plurality of subsequent requests are distributed in time.
  • 5. A network traffic management apparatus, comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: intercept an initial request from a client for a resource hosted by a server before the initial request reaches the server;respond to the intercepted initial request by sending a client-side script to the client, the client-side script including a computational challenge that when executed by the client causes the client to generate a client-side execution result that is included with a subsequent request from the client for the resource, wherein the computational challenge includes automatically obtaining information about a user of the client from the client, the computational challenge selected from among a plurality of computational challenges based on a variable length of script execution time and a determined latency of a plurality of responses received from the server;intercept the subsequent request from the client before the subsequent request reaches the server; andin response to determining the intercepted client-side execution result matches an answer to the computational challenge, forward the subsequent request to the server.
  • 6. The network traffic management apparatus of claim 5, wherein the one or more processors are further configured to be capable of executing the stored programmed instructions to: select the computational challenge from among a plurality of computational challenges based on a variable length of script execution time and an amount of loading of the server.
  • 7. The network traffic management apparatus of claim 5, wherein the client-side execution result is included in a Hypertext Transfer Protocol cookie included with the subsequent request from the client.
  • 8. The network traffic management apparatus of claim 5, wherein the one or more processors are further configured to be capable of executing the stored programmed instructions to: select the computational challenge from among a plurality of computational challenges having a distribution of execution times so that a plurality of subsequent requests are distributed in time.
  • 9. A non-transitory computer readable medium having stored thereon instructions for mitigating network-based attacks comprising executable code which when executed by one or more processors, causes the one or more processors to: intercept an initial request from a client for a resource hosted by a server before the initial request reaches the server;respond to the intercepted initial request by sending a client-side script to the client, the client-side script including a computational challenge that when executed by the client causes the client to generate a client-side execution result that is included with a subsequent request from the client for the resource, wherein the computational challenge includes automatically obtaining information about a user of the client from the client, the computational challenge selected from among a plurality of computational challenges based on a variable length of script execution time and a determined latency of a plurality of responses received from the server;intercept the subsequent request from the client before the subsequent request reaches the server; andin response to determining the intercepted client-side execution result matches an answer to the computational challenge, forward the subsequent request to the server.
  • 10. The computer readable medium of claim 9, further comprising instructions comprising executable code which when executed by one or more processors, causes the one or more processors to: select the computational challenge from among a plurality of computational challenges based on a variable length of script execution time and an amount of loading of the server.
  • 11. The computer readable medium of claim 9, wherein the client-side execution result is included in a Hypertext Transfer Protocol cookie included with the subsequent request from the client.
  • 12. The computer readable medium of claim 9, further comprising instructions comprising executable code which when executed by one or more processors, causes the one or more processors to: select the computational challenge from among a plurality of computational challenges having a distribution of execution times so that a plurality of subsequent requests are distributed in time.
  • 13. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: intercept an initial request from a client for a resource hosted by a server before the initial request reaches the server;respond to the intercepted initial request by sending a client-side script to the client, the client-side script including a computational challenge that when executed by the client causes the client to generate a client-side execution result that is included with a subsequent request from the client for the resource, wherein the computational challenge includes automatically obtaining information about a user of the client from the client, the computational challenge selected from among a plurality of computational challenges based on a variable length of script execution time and a determined latency of a plurality of responses received from the server;intercept the subsequent request from the client before the subsequent request reaches the server; andin response to determining the intercepted client-side execution result matches an answer to the computational challenge, forward the subsequent request to the server.
  • 14. The network traffic management system of claim 13, wherein the one or more processors are further configured to be capable of executing the stored programmed instructions to: select the computational challenge from among a plurality of computational challenges based on a variable length of script execution time and an amount of loading of the server.
  • 15. The network traffic management system of claim 13, wherein the client-side execution result is included in a Hypertext Transfer Protocol cookie included with the subsequent request from the client.
  • 16. The network traffic management system of claim 13, wherein the one or more processors are further configured to be capable of executing the stored programmed instructions to: select the computational challenge from among a plurality of computational challenges having a distribution of execution times so that a plurality of subsequent requests are distributed in time.
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 12/614,373, titled “METHODS AND SYSTEM FOR RETURNING REQUESTS WITH JAVASCRIPT FOR CLIENTS BEFORE PASSING A REQUEST TO A SERVER,” filed Nov. 6, 2009, which is incorporated herein by reference in its entirety. This application is related to commonly owned U.S. patent application Ser. No. 12/357,372, entitled “Thwarting Drone-Waged Denial of Service Attacks on a Network,” filed on Jan. 21, 2009 by Khanal; commonly owned U.S. patent application Ser. No. 12/018,031, entitled “DNS Flood Protection Platform For A Network,” filed on Jan. 22, 2008 by Thornewell et al.; and commonly owned U.S. patent application Ser. No. 10/444,279, entitled “System And Method For Managing Traffic To A Probe,” filed on May 23, 2003 by Masters et al., the entire disclosures of which are incorporated herein by reference in their entirety.

US Referenced Citations (1089)
Number Name Date Kind
3950735 Patel Apr 1976 A
4644532 George et al. Feb 1987 A
4897781 Chang et al. Jan 1990 A
4965772 Daniel et al. Oct 1990 A
4993030 Krakauer et al. Feb 1991 A
5023826 Patel Jun 1991 A
5053953 Patel Oct 1991 A
5167024 Smith et al. Nov 1992 A
5218695 Noveck et al. Jun 1993 A
5282201 Frank et al. Jan 1994 A
5299312 Rocco, Jr. Mar 1994 A
5303368 Kotaki Apr 1994 A
5327529 Fults et al. Jul 1994 A
5367635 Bauer et al. Nov 1994 A
5371852 Attanasio et al. Dec 1994 A
5406502 Haramaty et al. Apr 1995 A
5473362 Fitzgerald et al. Dec 1995 A
5475857 Dally Dec 1995 A
5511177 Kagimasa et al. Apr 1996 A
5515523 Kalkunte et al. May 1996 A
5517617 Sathaye et al. May 1996 A
5519694 Brewer et al. May 1996 A
5519778 Leighton et al. May 1996 A
5521591 Arora et al. May 1996 A
5528701 Aref Jun 1996 A
5537585 Blickenstaff et al. Jul 1996 A
5548724 Akizawa et al. Aug 1996 A
5550816 Hardwick et al. Aug 1996 A
5550965 Gabbe et al. Aug 1996 A
5557755 Krein et al. Sep 1996 A
5560016 Fiebrich et al. Sep 1996 A
5581764 Fitzgerald et al. Dec 1996 A
5583995 Gardner et al. Dec 1996 A
5586260 Hu Dec 1996 A
5590320 Maxey Dec 1996 A
5596742 Agarwal et al. Jan 1997 A
5606665 Yang et al. Feb 1997 A
5611049 Pitts Mar 1997 A
5617545 Ogata et al. Apr 1997 A
5623490 Richter et al. Apr 1997 A
5649194 Miller et al. Jul 1997 A
5649200 Leblang et al. Jul 1997 A
5663018 Cummings et al. Sep 1997 A
5668943 Attanasio et al. Sep 1997 A
5692180 Lee Nov 1997 A
5721779 Funk Feb 1998 A
5724512 Winterbottom Mar 1998 A
5752023 Choucri et al. May 1998 A
5754800 Lentz et al. May 1998 A
5761484 Agarwal et al. Jun 1998 A
5768423 Aref et al. Jun 1998 A
5774660 Brendel et al. Jun 1998 A
5790554 Pitcher et al. Aug 1998 A
5802052 Venkataraman Sep 1998 A
5806061 Chaudhuri et al. Sep 1998 A
5812550 Sohn et al. Sep 1998 A
5825772 Dobbins et al. Oct 1998 A
5832283 Chou et al. Nov 1998 A
5832496 Anand et al. Nov 1998 A
5832522 Blickenstaff et al. Nov 1998 A
5838970 Thomas Nov 1998 A
5862325 Reed et al. Jan 1999 A
5875296 Shi et al. Feb 1999 A
5884303 Brown Mar 1999 A
5892914 Pitts Apr 1999 A
5892932 Kim Apr 1999 A
5893086 Schmuck et al. Apr 1999 A
5897638 Lasser et al. Apr 1999 A
5905990 Inglett May 1999 A
5917998 Cabrera et al. Jun 1999 A
5919247 Van Hoff et al. Jul 1999 A
5920873 Van Huben et al. Jul 1999 A
5936939 Des Jardins et al. Aug 1999 A
5937406 Balabine et al. Aug 1999 A
5941988 Bhagwat et al. Aug 1999 A
5946690 Pitts Aug 1999 A
5949885 Leighton Sep 1999 A
5951694 Choquier et al. Sep 1999 A
5959990 Frantz et al. Sep 1999 A
5974460 Maddalozzo, Jr. et al. Oct 1999 A
5983281 Ogle et al. Nov 1999 A
5988847 McLaughlin et al. Nov 1999 A
5991302 Berl et al. Nov 1999 A
5995491 Richter et al. Nov 1999 A
5996037 Emnett Nov 1999 A
5999664 Mahoney et al. Dec 1999 A
6006260 Barrick, Jr. et al. Dec 1999 A
6006264 Colby et al. Dec 1999 A
6012083 Savitzky et al. Jan 2000 A
6026452 Pitts Feb 2000 A
6026459 Huppenthal Feb 2000 A
6026500 Topff et al. Feb 2000 A
6028857 Poor Feb 2000 A
6029168 Frey Feb 2000 A
6029175 Chow et al. Feb 2000 A
6038630 Foster et al. Mar 2000 A
6041365 Kleinerman Mar 2000 A
6044367 Wolff Mar 2000 A
6047129 Frye Apr 2000 A
6047356 Anderson et al. Apr 2000 A
6051169 Brown et al. Apr 2000 A
6067558 Wendt et al. May 2000 A
6072942 Stockwell et al. Jun 2000 A
6073199 Cohen et al. Jun 2000 A
6078929 Rao Jun 2000 A
6078956 Bryant et al. Jun 2000 A
6085234 Pitts et al. Jul 2000 A
6088694 Burns et al. Jul 2000 A
6092196 Reiche Jul 2000 A
6104706 Richter et al. Aug 2000 A
6108703 Leighton et al. Aug 2000 A
6111876 Frantz et al. Aug 2000 A
6128279 O'Neil et al. Oct 2000 A
6128627 Mattis et al. Oct 2000 A
6128657 Okanoya et al. Oct 2000 A
6128717 Harrison et al. Oct 2000 A
6154777 Ebrahim Nov 2000 A
6157950 Krishnan Dec 2000 A
6160874 Dickerman et al. Dec 2000 A
6161145 Bainbridge et al. Dec 2000 A
6161185 Guthrie et al. Dec 2000 A
6170022 Linville et al. Jan 2001 B1
6178423 Douceur et al. Jan 2001 B1
6181336 Chiu et al. Jan 2001 B1
6182139 Brendel Jan 2001 B1
6185647 Shibuya Feb 2001 B1
6192051 Lipman et al. Feb 2001 B1
6223206 Dan et al. Apr 2001 B1
6226702 Yakashiro May 2001 B1
6233612 Fruchtman et al. May 2001 B1
6233648 Tomita May 2001 B1
6237008 Beal et al. May 2001 B1
6246684 Chapman et al. Jun 2001 B1
6253226 Chidambaran et al. Jun 2001 B1
6253230 Couland et al. Jun 2001 B1
6256031 Meijer et al. Jul 2001 B1
6259405 Stewart et al. Jul 2001 B1
6260070 Shah Jul 2001 B1
6263368 Martin Jul 2001 B1
6282610 Bergsten Aug 2001 B1
6289012 Harrington et al. Sep 2001 B1
6289345 Yasue Sep 2001 B1
6292832 Shah et al. Sep 2001 B1
6298380 Coile et al. Oct 2001 B1
6304913 Rune Oct 2001 B1
6308162 Ouimet et al. Oct 2001 B1
6311278 Raanan et al. Oct 2001 B1
6324581 Xu et al. Nov 2001 B1
6324616 Chrysos et al. Nov 2001 B2
6327622 Jindal et al. Dec 2001 B1
6330574 Murashita Dec 2001 B1
6338082 Schneider Jan 2002 B1
6339785 Feigenbaum Jan 2002 B1
6343324 Hubis et al. Jan 2002 B1
6347339 Morris et al. Feb 2002 B1
6349343 Foody et al. Feb 2002 B1
6353848 Morris Mar 2002 B1
6360270 Cherkasova et al. Mar 2002 B1
6363056 Beigi et al. Mar 2002 B1
6363445 Jeddeloh Mar 2002 B1
6370527 Singhal Apr 2002 B1
6370543 Hoffert et al. Apr 2002 B2
6374263 Bunger et al. Apr 2002 B1
6374300 Masters Apr 2002 B2
6389433 Bolosky et al. May 2002 B1
6389462 Cohen et al. May 2002 B1
6393581 Friedman et al. May 2002 B1
6396833 Zhang et al. May 2002 B1
6397246 Wolfe May 2002 B1
6411986 Susai et al. Jun 2002 B1
6412004 Chen et al. Jun 2002 B1
6430562 Kardos et al. Aug 2002 B1
6434081 Johnson et al. Aug 2002 B1
6438595 Blumenau et al. Aug 2002 B1
6446108 Rosenberg et al. Sep 2002 B1
6466580 Leung Oct 2002 B1
6469983 Narayana et al. Oct 2002 B2
6477544 Bolosky et al. Nov 2002 B1
6480476 Willars Nov 2002 B1
6484261 Wiegel Nov 2002 B1
6487561 Ofek et al. Nov 2002 B1
6490624 Sampson et al. Dec 2002 B1
6493804 Soltis et al. Dec 2002 B1
6499090 Hill et al. Dec 2002 B1
6505242 Holland et al. Jan 2003 B2
6510135 Almulhem et al. Jan 2003 B1
6510458 Berstis et al. Jan 2003 B1
6513061 Ebata et al. Jan 2003 B1
6513082 Fischer et al. Jan 2003 B1
6514085 Slattery et al. Feb 2003 B2
6516350 Lumelsky et al. Feb 2003 B1
6516351 Borr Feb 2003 B2
6519643 Foulkes et al. Feb 2003 B1
6542936 Mayle et al. Apr 2003 B1
6549916 Sedlar Apr 2003 B1
6553352 Delurgio et al. Apr 2003 B2
6556997 Levy Apr 2003 B1
6556998 Mukherjee et al. Apr 2003 B1
6560230 Li et al. May 2003 B1
6578069 Hopmann et al. Jun 2003 B1
6601084 Bhaskaran et al. Jul 2003 B1
6601101 Lee et al. Jul 2003 B1
6612490 Herrendoerfer et al. Sep 2003 B1
6615267 Whalen et al. Sep 2003 B1
6631422 Althaus et al. Oct 2003 B1
6636503 Shiran et al. Oct 2003 B1
6636894 Short et al. Oct 2003 B1
6650640 Muller et al. Nov 2003 B1
6650641 Albert et al. Nov 2003 B1
6654346 Mahalingaiah et al. Nov 2003 B1
6654701 Hatley Nov 2003 B2
6661802 Homberg et al. Dec 2003 B1
6683873 Kwok et al. Jan 2004 B1
6691165 Bruck et al. Feb 2004 B1
6694517 James et al. Feb 2004 B1
6701415 Hendren, III Mar 2004 B1
6708187 Shanumgam et al. Mar 2004 B1
6708220 Olin Mar 2004 B1
6718380 Mohaban et al. Apr 2004 B1
6721794 Taylor et al. Apr 2004 B2
6728704 Mao et al. Apr 2004 B2
6738357 Richter et al. May 2004 B1
6738790 Klein et al. May 2004 B1
6742035 Zayas et al. May 2004 B1
6742045 Albert et al. May 2004 B1
6744776 Kalkunte et al. Jun 2004 B1
6748420 Quatrano et al. Jun 2004 B1
6751663 Farrell et al. Jun 2004 B1
6754215 Arikawa et al. Jun 2004 B1
6754228 Ludwig Jun 2004 B1
6754699 Swildens et al. Jun 2004 B2
6757706 Dong et al. Jun 2004 B1
6760337 Snyder, II et al. Jul 2004 B1
6760775 Anerousis et al. Jul 2004 B1
6772219 Shobatake Aug 2004 B1
6775672 Mahalingam et al. Aug 2004 B2
6775673 Mahalingam et al. Aug 2004 B2
6775679 Gupta Aug 2004 B2
6779039 Bommareddy et al. Aug 2004 B1
6781986 Sabaa et al. Aug 2004 B1
6782450 Arnott et al. Aug 2004 B2
6795860 Shah Sep 2004 B1
6798777 Ferguson et al. Sep 2004 B1
6801960 Ericson et al. Oct 2004 B1
6804542 Haartsen Oct 2004 B1
6816901 Sitaraman et al. Nov 2004 B1
6816977 Brakmo et al. Nov 2004 B2
6826613 Wang et al. Nov 2004 B1
6826698 Minkin et al. Nov 2004 B1
6829238 Tokuyo et al. Dec 2004 B2
6839761 Kadyk et al. Jan 2005 B2
6847959 Arrouye et al. Jan 2005 B1
6847970 Keller et al. Jan 2005 B2
6850997 Rooney et al. Feb 2005 B1
6857009 Ferreria Feb 2005 B1
6857046 Batcher Feb 2005 B1
6862282 Oden Mar 2005 B1
6865593 Reshef et al. Mar 2005 B1
6868082 Allen, Jr. et al. Mar 2005 B1
6868447 Slaughter et al. Mar 2005 B1
6871221 Styles Mar 2005 B1
6871245 Bradley Mar 2005 B2
6876629 Beshai et al. Apr 2005 B2
6876654 Hegde Apr 2005 B1
6880017 Marce et al. Apr 2005 B1
6883137 Girardot et al. Apr 2005 B1
6886132 Hall et al. Apr 2005 B1
6888836 Cherkasova May 2005 B1
6889249 Miloushev et al. May 2005 B2
6904040 Salapura et al. Jun 2005 B2
6914881 Mansfield et al. Jul 2005 B1
6922688 Frey, Jr. Jul 2005 B1
6928082 Liu et al. Aug 2005 B2
6928518 Talagala Aug 2005 B2
6934706 Mancuso et al. Aug 2005 B1
6938039 Bober et al. Aug 2005 B1
6938059 Tamer et al. Aug 2005 B2
6947985 Hegli et al. Sep 2005 B2
6950434 Viswanath et al. Sep 2005 B1
6954780 Susai et al. Oct 2005 B2
6957272 Tallegas et al. Oct 2005 B2
6959373 Testardi Oct 2005 B2
6959394 Brickell et al. Oct 2005 B1
6961815 Kistler et al. Nov 2005 B2
6970475 Fraser et al. Nov 2005 B1
6970924 Chu et al. Nov 2005 B1
6973455 Vahalia et al. Dec 2005 B1
6973490 Robertson et al. Dec 2005 B1
6973549 Testardi Dec 2005 B1
6975592 Seddigh et al. Dec 2005 B1
6985936 Agarwalla et al. Jan 2006 B2
6985956 Luke et al. Jan 2006 B2
6986015 Testardi Jan 2006 B2
6986040 Kramer et al. Jan 2006 B1
6987763 Rochberger et al. Jan 2006 B2
6990074 Wan et al. Jan 2006 B2
6990114 Erimli et al. Jan 2006 B1
6990547 Ulrich et al. Jan 2006 B2
6990667 Ulrich et al. Jan 2006 B2
6996841 Kadyk et al. Feb 2006 B2
6999912 Loisey et al. Feb 2006 B2
7003533 Noguchi et al. Feb 2006 B2
7003564 Greuel et al. Feb 2006 B2
7006502 Lin Feb 2006 B2
7006981 Rose et al. Feb 2006 B2
7007092 Peiffer Feb 2006 B2
7010553 Chen et al. Mar 2006 B2
7013379 Testardi Mar 2006 B1
7020644 Jameson Mar 2006 B2
7020669 McCann et al. Mar 2006 B2
7020713 Shah et al. Mar 2006 B1
7023974 Brannam et al. Apr 2006 B1
7024427 Bobbitt et al. Apr 2006 B2
7032002 Rezvani et al. Apr 2006 B1
7035212 Mitial et al. Apr 2006 B1
7039061 Connor et al. May 2006 B2
7051112 Dawson May 2006 B2
7054998 Arnott et al. May 2006 B2
7055010 Lin et al. May 2006 B2
7058633 Gnagy et al. Jun 2006 B1
7065482 Shorey et al. Jun 2006 B2
7072917 Wong et al. Jul 2006 B2
7075924 Richter et al. Jul 2006 B2
7076689 Atkinson Jul 2006 B2
7080314 Garofalakis et al. Jul 2006 B1
7089286 Malik Aug 2006 B1
7089491 Feinberg et al. Aug 2006 B2
7111115 Peters et al. Sep 2006 B2
7113962 Kee et al. Sep 2006 B1
7113993 Cappiello et al. Sep 2006 B1
7113996 Kronenberg Sep 2006 B2
7120728 Krakirian et al. Oct 2006 B2
7120746 Campbell et al. Oct 2006 B2
7127556 Blumenau et al. Oct 2006 B2
7133863 Teng et al. Nov 2006 B2
7133944 Song et al. Nov 2006 B2
7133967 Fujie et al. Nov 2006 B2
7139792 Mishra et al. Nov 2006 B1
7143146 Nakatani et al. Nov 2006 B2
7146524 Patel et al. Dec 2006 B2
7152184 Maeda et al. Dec 2006 B2
7155466 Rodriguez et al. Dec 2006 B2
7155722 Hilla et al. Dec 2006 B1
7161904 Hussain et al. Jan 2007 B2
7165095 Sim Jan 2007 B2
7167821 Hardwick et al. Jan 2007 B2
7171469 Ackaouy et al. Jan 2007 B2
7173929 Testardi Feb 2007 B1
7181523 Sim Feb 2007 B2
7185359 Schmidt et al. Feb 2007 B2
7191163 Herrera et al. Mar 2007 B2
7194579 Robinson et al. Mar 2007 B2
7197639 Juels et al. Mar 2007 B1
7228359 Monteiro Jun 2007 B1
7228422 Morioka et al. Jun 2007 B2
7234074 Cohn et al. Jun 2007 B2
7236491 Tsao et al. Jun 2007 B2
7240100 Wein et al. Jul 2007 B1
7243089 Becker-Szendy et al. Jul 2007 B2
7243094 Tabellion et al. Jul 2007 B2
7257633 Masputra et al. Aug 2007 B2
7263610 Parker et al. Aug 2007 B2
7269168 Roy et al. Sep 2007 B2
7269582 Winter et al. Sep 2007 B2
7272613 Sim et al. Sep 2007 B2
7280536 Testardi Oct 2007 B2
7284150 Ma et al. Oct 2007 B2
7287082 O'Toole, Jr. Oct 2007 B1
7292541 C S Nov 2007 B1
7293097 Borr Nov 2007 B2
7293099 Kalajan Nov 2007 B1
7293133 Colgrove et al. Nov 2007 B1
7293281 Moran Nov 2007 B1
7295827 Liu et al. Nov 2007 B2
7296061 Martinez et al. Nov 2007 B2
7296263 Jacob Nov 2007 B1
7299250 Douceur et al. Nov 2007 B2
7308475 Pruitt et al. Dec 2007 B1
7308648 Buchthal Dec 2007 B1
7308703 Wright et al. Dec 2007 B2
7308709 Brezak et al. Dec 2007 B1
7310339 Powers et al. Dec 2007 B1
7321926 Zhang et al. Jan 2008 B1
7324533 DeLiberato et al. Jan 2008 B1
7330486 Ko et al. Feb 2008 B2
7333999 Njemanze Feb 2008 B1
7340571 Saze Mar 2008 B2
7343413 Gilde et al. Mar 2008 B2
7346664 Wong et al. Mar 2008 B2
7349391 Ben-Dor et al. Mar 2008 B2
7373438 DeBergalis et al. May 2008 B1
7383288 Miloushev et al. Jun 2008 B2
7383570 Pinkas et al. Jun 2008 B2
7398552 Pardee et al. Jul 2008 B2
7401220 Bolosky et al. Jul 2008 B2
7406484 Srinivasan et al. Jul 2008 B1
7409440 Jacob Aug 2008 B1
7415488 Muth et al. Aug 2008 B1
7415608 Bolosky et al. Aug 2008 B2
7418439 Wong Aug 2008 B2
7433962 Janssen et al. Oct 2008 B2
7437358 Arrouye et al. Oct 2008 B2
7440982 Lu et al. Oct 2008 B2
7454480 Labio et al. Nov 2008 B2
7457982 Rajan Nov 2008 B2
7467158 Marinescu Dec 2008 B2
7468979 Ricciulli Dec 2008 B2
7475241 Patel et al. Jan 2009 B2
7477796 Sasaki et al. Jan 2009 B2
7490162 Masters Feb 2009 B1
7500243 Huetsch et al. Mar 2009 B2
7500269 Huotari et al. Mar 2009 B2
7505795 Lim et al. Mar 2009 B1
7509322 Miloushev et al. Mar 2009 B2
7512673 Miloushev et al. Mar 2009 B2
7516492 Nisbet et al. Apr 2009 B1
7519813 Cox et al. Apr 2009 B1
7522581 Acharya et al. Apr 2009 B2
7526541 Roese et al. Apr 2009 B2
7555608 Naik et al. Jun 2009 B2
7558197 Sindhu et al. Jul 2009 B1
7562110 Miloushev et al. Jul 2009 B2
7571168 Bahar et al. Aug 2009 B2
7574433 Engel Aug 2009 B2
7577723 Matsuda et al. Aug 2009 B2
7577758 Ricciulli Aug 2009 B2
7580971 Gollapudi et al. Aug 2009 B1
7584393 Kamada et al. Sep 2009 B2
7587471 Yasuda et al. Sep 2009 B2
7590747 Coates et al. Sep 2009 B2
7599941 Bahar et al. Oct 2009 B2
7610307 Havewala et al. Oct 2009 B2
7610390 Yared et al. Oct 2009 B2
7624109 Testardi Nov 2009 B2
7624424 Morita et al. Nov 2009 B2
7639883 Gill Dec 2009 B2
7640347 Sloat et al. Dec 2009 B1
7644109 Manley et al. Jan 2010 B2
7644137 Bozak et al. Jan 2010 B2
7653699 Colgrove et al. Jan 2010 B1
7668166 Rekhter et al. Feb 2010 B1
7680915 Still et al. Mar 2010 B2
7684423 Tripathi et al. Mar 2010 B2
7689596 Tsunoda Mar 2010 B2
7689710 Tang et al. Mar 2010 B2
7694082 Golding et al. Apr 2010 B2
7698458 Lui et al. Apr 2010 B1
7710867 Masters May 2010 B1
7711771 Kirnos May 2010 B2
7724657 Rao et al. May 2010 B2
7725093 Sengupta et al. May 2010 B2
7734603 McManis Jun 2010 B1
7739540 Akutsu et al. Jun 2010 B2
7743035 Chen et al. Jun 2010 B2
7752294 Meyer et al. Jul 2010 B2
7769711 Srinivasan et al. Aug 2010 B2
7774492 Raphel et al. Aug 2010 B2
7778187 Chaturvedi et al. Aug 2010 B2
7788335 Miloushev et al. Aug 2010 B2
7808913 Ansari et al. Oct 2010 B2
7822839 Pruitt et al. Oct 2010 B1
7822939 Veprinsky et al. Oct 2010 B1
7831639 Panchbudhe et al. Nov 2010 B1
7831662 Clark et al. Nov 2010 B2
7849112 Mane et al. Dec 2010 B2
7860815 Tangirala Dec 2010 B1
7861085 Case et al. Dec 2010 B1
7870154 Shitomi et al. Jan 2011 B2
7877511 Berger et al. Jan 2011 B1
7885970 Lacapra Feb 2011 B2
7886218 Watson Feb 2011 B2
7895653 Calo et al. Feb 2011 B2
7900002 Lyon Mar 2011 B2
7903554 Manur et al. Mar 2011 B1
7908245 Nakano et al. Mar 2011 B2
7908314 Yamaguchi et al. Mar 2011 B2
7913053 Newland Mar 2011 B1
7925908 Kim Apr 2011 B2
7930365 Dixit et al. Apr 2011 B2
7933946 Livshits et al. Apr 2011 B2
7945908 Waldspurger et al. May 2011 B1
7953701 Okitsu et al. May 2011 B2
7958222 Pruitt et al. Jun 2011 B1
7958347 Ferguson Jun 2011 B1
7984141 Gupta et al. Jul 2011 B2
7984500 Khanna et al. Jul 2011 B1
8001246 Lu et al. Aug 2011 B2
8005953 Miloushev et al. Aug 2011 B2
8015157 Kamei et al. Sep 2011 B2
8024443 Jacob Sep 2011 B1
8037528 Williams et al. Oct 2011 B2
8055724 Amegadzie et al. Nov 2011 B2
8064342 Badger Nov 2011 B2
8069225 McCanne et al. Nov 2011 B2
8099758 Schaefer et al. Jan 2012 B2
8103781 Wu et al. Jan 2012 B1
8112308 Ho et al. Feb 2012 B1
8117244 Marinov et al. Feb 2012 B2
8130650 Allen, Jr. et al. Mar 2012 B2
8149819 Kobayashi et al. Apr 2012 B2
8155128 Balyan et al. Apr 2012 B2
8171124 Kondamuru May 2012 B2
8189567 Kavanagh et al. May 2012 B2
8190769 Shukla et al. May 2012 B1
8199757 Pani et al. Jun 2012 B2
8205246 Shatzkamer et al. Jun 2012 B2
8239954 Vvobber et al. Aug 2012 B2
8261351 Thornewell et al. Sep 2012 B1
8271620 Witchey Sep 2012 B2
8274895 Rahman et al. Sep 2012 B2
8285808 Joel Oct 2012 B1
8321908 Gai et al. Nov 2012 B2
8351333 Rao et al. Jan 2013 B2
8380854 Szabo Feb 2013 B2
8396836 Ferguson et al. Mar 2013 B1
8400923 Kini Mar 2013 B2
8407576 Yin et al. Mar 2013 B1
8417817 Jacobs Apr 2013 B1
8447871 Szabo May 2013 B1
8447970 Klein et al. May 2013 B2
8452876 Williams et al. May 2013 B1
8463850 McCann Jun 2013 B1
8464265 Worley Jun 2013 B2
8468267 Yigang Jun 2013 B2
8484348 Subramanian et al. Jul 2013 B2
8359224 Henderson et al. Sep 2013 B2
8533308 Rothstein Sep 2013 B1
8566474 Kanode et al. Oct 2013 B2
8578050 Craig et al. Nov 2013 B2
8601000 Stefani et al. Dec 2013 B1
8606921 Vasquez et al. Dec 2013 B2
8615022 Harrison et al. Dec 2013 B2
8646067 Agarwal et al. Feb 2014 B2
8665969 Kay Mar 2014 B2
8682946 Hiriyannaiah Mar 2014 B1
8701179 Penno et al. Apr 2014 B1
8725836 Lowery et al. May 2014 B2
8726338 Narayanaswamy et al. May 2014 B2
8737304 Karuturi et al. May 2014 B2
8778665 Glide et al. Jul 2014 B2
8804504 Chen Aug 2014 B1
8819109 Krishnamurthy et al. Aug 2014 B1
8819419 Carlson et al. Aug 2014 B2
8824480 Hampel Sep 2014 B2
8830874 Cho et al. Sep 2014 B2
8838817 Biswas Sep 2014 B1
8873753 Parker Oct 2014 B2
8875274 Montemurro et al. Oct 2014 B2
8879431 Ridel et al. Nov 2014 B2
8886981 Baumann et al. Nov 2014 B1
8908545 Chen et al. Dec 2014 B1
8954080 Janakiraman et al. Feb 2015 B2
8954492 Lowell, Jr. Feb 2015 B1
8959215 Koponen et al. Feb 2015 B2
9036529 Erickson et al. May 2015 B2
9037166 de Wit et al. May 2015 B2
9083760 Hughes et al. Jul 2015 B1
9143451 Amdahl et al. Sep 2015 B2
9218267 Keller Dec 2015 B1
9244843 Michels et al. Jan 2016 B1
9294548 Cui et al. Mar 2016 B2
9456464 Biswas et al. Sep 2016 B2
9497614 Ridel et al. Nov 2016 B1
9503223 Wu et al. Nov 2016 B2
9578055 Khanal Feb 2017 B1
9674054 Scharf et al. Jun 2017 B2
9843646 Roeland et al. Dec 2017 B2
9930013 Ossipov Mar 2018 B2
20010000083 Crow et al. Mar 2001 A1
20010007560 Masuda et al. Jul 2001 A1
20010009554 Katseff et al. Jul 2001 A1
20010023442 Masters Sep 2001 A1
20010047293 Waller et al. Nov 2001 A1
20020010757 Granik et al. Jan 2002 A1
20020010783 Primak et al. Jan 2002 A1
20020012352 Hansson et al. Jan 2002 A1
20020032758 Yen et al. Mar 2002 A1
20020032777 Kawata et al. Mar 2002 A1
20020035537 Waller et al. Mar 2002 A1
20020038360 Andrews et al. Mar 2002 A1
20020046291 O'Callaghan et al. Apr 2002 A1
20020049842 Huetsch et al. Apr 2002 A1
20020059263 Shima et al. May 2002 A1
20020065848 Walker et al. May 2002 A1
20020072048 Slattery et al. Jun 2002 A1
20020083067 Tamayo et al. Jun 2002 A1
20020087571 Stapel et al. Jul 2002 A1
20020087744 Kitchin Jul 2002 A1
20020095498 Chanda et al. Jul 2002 A1
20020099829 Richards et al. Jul 2002 A1
20020099842 Jennings et al. Jul 2002 A1
20020103823 Jackson et al. Aug 2002 A1
20020112061 Shih et al. Aug 2002 A1
20020138615 Schmeling Sep 2002 A1
20020143819 Han et al. Oct 2002 A1
20020143852 Guo et al. Oct 2002 A1
20020150253 Brezak et al. Oct 2002 A1
20020161911 Pinckney, III et al. Oct 2002 A1
20020161913 Gonzalez et al. Oct 2002 A1
20020162118 Levy et al. Oct 2002 A1
20020174216 Shorey et al. Nov 2002 A1
20020188753 Tang et al. Dec 2002 A1
20020194112 dePinto et al. Dec 2002 A1
20020194342 Lu et al. Dec 2002 A1
20020198956 Dunshea et al. Dec 2002 A1
20020198993 Cudd et al. Dec 2002 A1
20030005172 Chessell Jan 2003 A1
20030009528 Sharif et al. Jan 2003 A1
20030018450 Carley Jan 2003 A1
20030018585 Butler et al. Jan 2003 A1
20030018927 Gadir et al. Jan 2003 A1
20030023743 Raphel et al. Jan 2003 A1
20030028514 Lord et al. Feb 2003 A1
20030033308 Patel et al. Feb 2003 A1
20030033369 Bernhard Feb 2003 A1
20030033535 Fisher et al. Feb 2003 A1
20030034905 Anton et al. Feb 2003 A1
20030037070 Marston Feb 2003 A1
20030046291 Fascenda Mar 2003 A1
20030046335 Doyle et al. Mar 2003 A1
20030051045 Connor Mar 2003 A1
20030055723 English Mar 2003 A1
20030065653 Overton et al. Apr 2003 A1
20030065951 Igeta et al. Apr 2003 A1
20030069918 Lu et al. Apr 2003 A1
20030069974 Lu et al. Apr 2003 A1
20030070069 Belapurkar et al. Apr 2003 A1
20030074301 Solomon Apr 2003 A1
20030086415 Bernhard et al. May 2003 A1
20030105807 Thompson et al. Jun 2003 A1
20030105846 Zhao et al. Jun 2003 A1
20030105983 Brakmo et al. Jun 2003 A1
20030108000 Chaney et al. Jun 2003 A1
20030108002 Chaney et al. Jun 2003 A1
20030108052 Inoue et al. Jun 2003 A1
20030120948 Schmidt et al. Jun 2003 A1
20030128708 Inoue et al. Jul 2003 A1
20030130945 Force et al. Jul 2003 A1
20030131052 Allan Jul 2003 A1
20030139934 Mandera Jul 2003 A1
20030145062 Sharma et al. Jul 2003 A1
20030145233 Poletto et al. Jul 2003 A1
20030156586 Lee et al. Aug 2003 A1
20030159072 Bellinger et al. Aug 2003 A1
20030163576 Janssen et al. Aug 2003 A1
20030171978 Jenkins et al. Sep 2003 A1
20030177388 Botz et al. Sep 2003 A1
20030179755 Fraser Sep 2003 A1
20030189936 Terrell et al. Oct 2003 A1
20030191803 Chinnici et al. Oct 2003 A1
20030191812 Agarwalla et al. Oct 2003 A1
20030195813 Pallister et al. Oct 2003 A1
20030195962 Kikuchi et al. Oct 2003 A1
20030200289 Kemp et al. Oct 2003 A1
20030208596 Carolan et al. Nov 2003 A1
20030212954 Patrudu Nov 2003 A1
20030220835 Barnes, Jr. Nov 2003 A1
20030225485 Fritz et al. Dec 2003 A1
20030229665 Ryman Dec 2003 A1
20030236995 Fretwell, Jr. Dec 2003 A1
20040003266 Moshir et al. Jan 2004 A1
20040003287 Zissimopoulos et al. Jan 2004 A1
20040006575 Visharam et al. Jan 2004 A1
20040006591 Matsui et al. Jan 2004 A1
20040006741 Radja et al. Jan 2004 A1
20040010654 Yasuda et al. Jan 2004 A1
20040015463 Herrera et al. Jan 2004 A1
20040015783 Lennon et al. Jan 2004 A1
20040017825 Stanwood et al. Jan 2004 A1
20040028043 Maveli et al. Feb 2004 A1
20040030627 Sedukhin Feb 2004 A1
20040030740 Stelting Feb 2004 A1
20040043758 Sorvari et al. Mar 2004 A1
20040059789 Shum Mar 2004 A1
20040064544 Barsness et al. Apr 2004 A1
20040064554 Kuno et al. Apr 2004 A1
20040072569 Omae et al. Apr 2004 A1
20040093361 Therrien et al. May 2004 A1
20040103206 Hsu et al. May 2004 A1
20040103283 Hornak May 2004 A1
20040111523 Hall et al. Jun 2004 A1
20040111621 Himberger et al. Jun 2004 A1
20040117493 Bazot et al. Jun 2004 A1
20040122926 Moore et al. Jun 2004 A1
20040123277 Schrader et al. Jun 2004 A1
20040133605 Chang et al. Jul 2004 A1
20040133606 Miloushev et al. Jul 2004 A1
20040138858 Carley Jul 2004 A1
20040139355 Axel et al. Jul 2004 A1
20040143670 Roychowdhury Jul 2004 A1
20040141185 Akama Aug 2004 A1
20040151186 Akama Aug 2004 A1
20040153479 Mikesell et al. Aug 2004 A1
20040167967 Bastian et al. Aug 2004 A1
20040177165 Masputra et al. Sep 2004 A1
20040192312 Li et al. Sep 2004 A1
20040199762 Carlson et al. Oct 2004 A1
20040210663 Phillips et al. Oct 2004 A1
20040213156 Smallwood et al. Oct 2004 A1
20040215665 Edgar et al. Oct 2004 A1
20040225656 Sarkar Nov 2004 A1
20040236798 Srinivasan et al. Nov 2004 A1
20040236826 Harville et al. Nov 2004 A1
20040255000 Simionescu et al. Dec 2004 A1
20040260745 Gage et al. Dec 2004 A1
20040264472 Oliver et al. Dec 2004 A1
20040264481 Darling et al. Dec 2004 A1
20040267920 Hydrie et al. Dec 2004 A1
20040267948 Oliver et al. Dec 2004 A1
20040268121 Shelest Dec 2004 A1
20040268358 Darling et al. Dec 2004 A1
20050004887 Igakura et al. Jan 2005 A1
20050008017 Datta et al. Jan 2005 A1
20050021703 Cherry et al. Jan 2005 A1
20050021736 Carusi et al. Jan 2005 A1
20050027841 Rolfe Feb 2005 A1
20050027869 Johnson Feb 2005 A1
20050028080 Challenger et al. Feb 2005 A1
20050044158 Malik Feb 2005 A1
20050044213 Kobayashi et al. Feb 2005 A1
20050052440 Kim et al. Mar 2005 A1
20050055435 Gbadegesin et al. Mar 2005 A1
20050071283 Randle et al. Mar 2005 A1
20050078604 Yim Apr 2005 A1
20050091214 Probert et al. Apr 2005 A1
20050108575 Yung May 2005 A1
20050117589 Douady et al. Jun 2005 A1
20050122977 Lieberman Jun 2005 A1
20050154837 Keohane et al. Jul 2005 A1
20050160153 Knutson et al. Jul 2005 A1
20050165656 Frederick et al. Jul 2005 A1
20050174944 Legault et al. Aug 2005 A1
20050175013 Le Pennec et al. Aug 2005 A1
20050187866 Lee Aug 2005 A1
20050188220 Nilsson et al. Aug 2005 A1
20050198234 Leib et al. Sep 2005 A1
20050198310 Kim et al. Sep 2005 A1
20050213587 Cho et al. Sep 2005 A1
20050234928 Shkvarchuk et al. Oct 2005 A1
20050240664 Chen et al. Oct 2005 A1
20050246393 Coates et al. Nov 2005 A1
20050246717 Poole et al. Nov 2005 A1
20050256806 Tien et al. Nov 2005 A1
20050262238 Reeves et al. Nov 2005 A1
20050273456 Revanuru et al. Dec 2005 A1
20050288939 Peled et al. Dec 2005 A1
20050289111 Tribble et al. Dec 2005 A1
20060010502 Mimatsu et al. Jan 2006 A1
20060015846 Fraleigh et al. Jan 2006 A1
20060031374 Lu et al. Feb 2006 A1
20060031520 Bedekar et al. Feb 2006 A1
20060031670 Price, II Feb 2006 A1
20060031778 Goodwin et al. Feb 2006 A1
20060036764 Yokota et al. Feb 2006 A1
20060045089 Bacher et al. Mar 2006 A1
20060045096 Farmer et al. Mar 2006 A1
20060047785 Wang et al. Mar 2006 A1
20060059267 Cugi et al. Mar 2006 A1
20060075475 Boulos et al. Apr 2006 A1
20060077902 Kannan et al. Apr 2006 A1
20060077986 Rune Apr 2006 A1
20060080353 Miloushev et al. Apr 2006 A1
20060083205 Buddhikot et al. Apr 2006 A1
20060095573 Carle et al. May 2006 A1
20060100752 Kim et al. May 2006 A1
20060106802 Giblin et al. May 2006 A1
20060112176 Liu et al. May 2006 A1
20060112272 Morioka et al. May 2006 A1
20060112367 Harris May 2006 A1
20060123062 Bobbitt et al. Jun 2006 A1
20060123210 Pritchett et al. Jun 2006 A1
20060129684 Datta Jun 2006 A1
20060130133 Andreev et al. Jun 2006 A1
20060133374 Sekiguchi Jun 2006 A1
20060135198 Lee Jun 2006 A1
20060140193 Kakani et al. Jun 2006 A1
20060153201 Hepper et al. Jul 2006 A1
20060156416 Huotari et al. Jul 2006 A1
20060161577 Kulkarni et al. Jul 2006 A1
20060167838 Lacapra Jul 2006 A1
20060168070 Thompson et al. Jul 2006 A1
20060171365 Borella Aug 2006 A1
20060179153 Lee et al. Aug 2006 A1
20060182103 Martini et al. Aug 2006 A1
20060184589 Lees et al. Aug 2006 A1
20060184647 Dixit et al. Aug 2006 A1
20060200470 Lacapra et al. Sep 2006 A1
20060206589 Lentini Sep 2006 A1
20060209669 Nishio Sep 2006 A1
20060209853 Hidaka et al. Sep 2006 A1
20060224687 Popkin et al. Oct 2006 A1
20060229861 Tatsuoka et al. Oct 2006 A1
20060230148 Forecast et al. Oct 2006 A1
20060230265 Krishna Oct 2006 A1
20060233106 Achlioptas et al. Oct 2006 A1
20060235976 Chen et al. Oct 2006 A1
20060235998 Stechler et al. Oct 2006 A1
20060242300 Yumoto et al. Oct 2006 A1
20060259320 LaSalle et al. Nov 2006 A1
20060268692 Wright et al. Nov 2006 A1
20060268704 Ansari et al. Nov 2006 A1
20060270341 Kim et al. Nov 2006 A1
20060271598 Wong et al. Nov 2006 A1
20060277225 Mark et al. Dec 2006 A1
20060277606 Yunus et al. Dec 2006 A1
20060282442 Lennon et al. Dec 2006 A1
20060282471 Mark et al. Dec 2006 A1
20060291388 Amdahl et al. Dec 2006 A1
20060291483 Bela Dec 2006 A1
20060294054 Kudo et al. Dec 2006 A1
20070005807 Wong Jan 2007 A1
20070006293 Balakrishnan et al. Jan 2007 A1
20070011605 Dumitru et al. Jan 2007 A1
20070016613 Foresti et al. Jan 2007 A1
20070016662 Desai et al. Jan 2007 A1
20070019636 Lau et al. Jan 2007 A1
20070019658 Park et al. Jan 2007 A1
20070024919 Wong et al. Feb 2007 A1
20070027929 Whelan Feb 2007 A1
20070027935 Haselton et al. Feb 2007 A1
20070038994 Davis et al. Feb 2007 A1
20070297410 Yoon et al. Feb 2007 A1
20070050843 Manville et al. Mar 2007 A1
20070058670 Konduru et al. Mar 2007 A1
20070064610 Khandani et al. Mar 2007 A1
20070064661 Sood et al. Mar 2007 A1
20070067373 Higgins et al. Mar 2007 A1
20070067771 Kulbak et al. Mar 2007 A1
20070067839 Hamada et al. Mar 2007 A1
20070067841 Yegneswaran et al. Mar 2007 A1
20070083646 Miller et al. Apr 2007 A1
20070088702 Fridella et al. Apr 2007 A1
20070088822 Coile et al. Apr 2007 A1
20070106796 Kudo et al. May 2007 A1
20070107048 Halls et al. May 2007 A1
20070112775 Ackerman May 2007 A1
20070118879 Yeun May 2007 A1
20070124415 Lev-Ran et al. May 2007 A1
20070124502 Li May 2007 A1
20070130255 Wolovitz et al. Jun 2007 A1
20070136308 Tsirigotis et al. Jun 2007 A1
20070147246 Hurley et al. Jun 2007 A1
20070150574 Mallal et al. Jun 2007 A1
20070162891 Burner et al. Jul 2007 A1
20070168320 Borthakur et al. Jul 2007 A1
20070168525 DeLeon et al. Jul 2007 A1
20070192543 Naik et al. Aug 2007 A1
20070206615 Plamondon Sep 2007 A1
20070208748 Li Sep 2007 A1
20070209075 Coffman Sep 2007 A1
20070220598 Salowey et al. Sep 2007 A1
20070233809 Brownell et al. Oct 2007 A1
20070233826 Tindal et al. Oct 2007 A1
20070250560 Wein et al. Oct 2007 A1
20070258451 Bouat Nov 2007 A1
20070297551 Choi Dec 2007 A1
20080004022 Johannesson et al. Jan 2008 A1
20080008202 Terrell et al. Jan 2008 A1
20080010372 Khedouri et al. Jan 2008 A1
20080022059 Zimmerer et al. Jan 2008 A1
20080025297 Kashyap Jan 2008 A1
20080031258 Acharya et al. Feb 2008 A1
20080034136 Ulenas Feb 2008 A1
20080046432 Anderson et al. Feb 2008 A1
20080065653 Shneur et al. Mar 2008 A1
20080070575 Claussen et al. Mar 2008 A1
20080072303 Syed Mar 2008 A1
20080120370 Chan et al. May 2008 A1
20080120592 Tanguay et al. May 2008 A1
20080133518 Kapoor et al. Jun 2008 A1
20080134311 Medvinsky et al. Jun 2008 A1
20080141246 Kuck et al. Jun 2008 A1
20080148340 Powell et al. Jun 2008 A1
20080159145 Muthukrishnan et al. Jul 2008 A1
20080165801 Sheppard Jul 2008 A1
20080168150 Chen et al. Jul 2008 A1
20080178278 Grinstein et al. Jul 2008 A1
20080201599 Ferraiolo et al. Aug 2008 A1
20080205613 Lopez Aug 2008 A1
20080208917 Smoot et al. Aug 2008 A1
20080209073 Tang Aug 2008 A1
20080209524 Almog et al. Aug 2008 A1
20080212499 Maes Sep 2008 A1
20080222223 Srinivasan et al. Sep 2008 A1
20080222646 Sigal et al. Sep 2008 A1
20080225710 Raja et al. Sep 2008 A1
20080228911 Mackey Sep 2008 A1
20080229025 Plamondon Sep 2008 A1
20080229415 Kapoor et al. Sep 2008 A1
20080239986 Ku et al. Oct 2008 A1
20080243769 Arbour et al. Oct 2008 A1
20080253395 Pandya Oct 2008 A1
20080256224 Kaji et al. Oct 2008 A1
20080263401 Stenzel Oct 2008 A1
20080270578 Zhang et al. Oct 2008 A1
20080271046 Lipton et al. Oct 2008 A1
20080279200 Shatzkamer et al. Nov 2008 A1
20080281908 McCanne et al. Nov 2008 A1
20080281944 Vome et al. Nov 2008 A1
20080282047 Arakawa et al. Nov 2008 A1
20080282354 Wobber et al. Nov 2008 A1
20080288661 Galles Nov 2008 A1
20080301760 Lim Dec 2008 A1
20080316922 Riddle et al. Dec 2008 A1
20090007162 Sheehan Jan 2009 A1
20090028337 Balabine et al. Jan 2009 A1
20090037975 Ishikawa et al. Feb 2009 A1
20090037998 Adhya et al. Feb 2009 A1
20090041230 Williams Feb 2009 A1
20090049230 Pandya Feb 2009 A1
20090055607 Schack et al. Feb 2009 A1
20090070617 Arimilli et al. Mar 2009 A1
20090077097 Lacapra et al. Mar 2009 A1
20090077619 Boyce Mar 2009 A1
20090080440 Balyan et al. Mar 2009 A1
20090089344 Brown et al. Apr 2009 A1
20090089487 Kwon et al. Apr 2009 A1
20090094252 Wong et al. Apr 2009 A1
20090094311 Awadallah et al. Apr 2009 A1
20090094377 Zahavi et al. Apr 2009 A1
20090094610 Sukirya Apr 2009 A1
20090097480 Curtis et al. Apr 2009 A1
20090106255 Lacapra et al. Apr 2009 A1
20090106263 Khalid et al. Apr 2009 A1
20090106413 Salo et al. Apr 2009 A1
20090119504 Van Os et al. May 2009 A1
20090125496 Wexler et al. May 2009 A1
20090125532 Wexler et al. May 2009 A1
20090125625 Shim et al. May 2009 A1
20090125955 DeLorme May 2009 A1
20090132616 Winter et al. May 2009 A1
20090138314 Bruce May 2009 A1
20090138749 Moll et al. May 2009 A1
20090141891 Boyen et al. Jun 2009 A1
20090144285 Chatley et al. Jun 2009 A1
20090144286 Parkinson et al. Jun 2009 A1
20090144806 Gal Jun 2009 A1
20090157678 Turk Jun 2009 A1
20090161542 Ho Jun 2009 A1
20090187915 Chew et al. Jul 2009 A1
20090193513 Agarwal et al. Jul 2009 A1
20090196282 Fellman et al. Aug 2009 A1
20090204649 Wong et al. Aug 2009 A1
20090204650 Wong et al. Aug 2009 A1
20090204705 Marinov et al. Aug 2009 A1
20090210431 Marinkovic et al. Aug 2009 A1
20090217163 Jaroker Aug 2009 A1
20090217386 Schneider Aug 2009 A1
20090228956 He et al. Sep 2009 A1
20090241176 Beletski et al. Sep 2009 A1
20090248870 Kamei et al. Oct 2009 A1
20090265396 Ram et al. Oct 2009 A1
20090265467 Peles Oct 2009 A1
20090271690 Iglesias Oct 2009 A1
20090276835 Jackson Nov 2009 A1
20090287935 Aull et al. Nov 2009 A1
20090289828 Hinchey Nov 2009 A1
20090292957 Bower et al. Nov 2009 A1
20090296624 Ryu et al. Dec 2009 A1
20090300161 Pruitt et al. Dec 2009 A1
20090300407 Kamath et al. Dec 2009 A1
20090316708 Yahyaoui et al. Dec 2009 A1
20090319600 Sedan et al. Dec 2009 A1
20090327858 Tsun Dec 2009 A1
20100011434 Kay Jan 2010 A1
20100017846 Huang et al. Jan 2010 A1
20100023582 Pedersen et al. Jan 2010 A1
20100031315 Feng Feb 2010 A1
20100042743 Jeon et al. Feb 2010 A1
20100061232 Zhou et al. Mar 2010 A1
20100064001 Daily Mar 2010 A1
20100070476 O'Keefe et al. Mar 2010 A1
20100071048 Novak et al. Mar 2010 A1
20100093318 Zhu et al. Apr 2010 A1
20100103820 Fuller et al. Apr 2010 A1
20100115236 Bataineh et al. May 2010 A1
20100122091 Huang et al. May 2010 A1
20100131654 Malakapalli et al. May 2010 A1
20100138809 Shenfield et al. Jun 2010 A1
20100150154 Viger et al. Jun 2010 A1
20100154031 Montemurro et al. Jun 2010 A1
20100165877 Shukla et al. Jul 2010 A1
20100179984 Sebastian Jul 2010 A1
20100188976 Rahman et al. Jul 2010 A1
20100189052 Kavanagh et al. Jul 2010 A1
20100218253 Sutton et al. Aug 2010 A1
20100228814 McKenna et al. Sep 2010 A1
20100228819 Wei Sep 2010 A1
20100242092 Harris et al. Sep 2010 A1
20100250497 Redlich et al. Sep 2010 A1
20100251329 Wei Sep 2010 A1
20100251330 Kroeselberg et al. Sep 2010 A1
20100261479 Hidaka Oct 2010 A1
20100274772 Samuels Oct 2010 A1
20100278733 Karsten et al. Nov 2010 A1
20100299451 Yigang et al. Nov 2010 A1
20100306169 Pishevar et al. Dec 2010 A1
20100306827 Esteve Balducci et al. Dec 2010 A1
20100322250 Shetty et al. Dec 2010 A1
20100325277 Muthiah et al. Dec 2010 A1
20110040889 Garrett et al. Feb 2011 A1
20110047620 Mahaffey et al. Feb 2011 A1
20110055921 Narayanaswamy et al. Mar 2011 A1
20110066718 Susai et al. Mar 2011 A1
20110066736 Mitchell et al. Mar 2011 A1
20110072321 Dhuse Mar 2011 A1
20110075667 Li et al. Mar 2011 A1
20110078303 Li et al. Mar 2011 A1
20110087696 Lacapra Apr 2011 A1
20110098087 Tseng Apr 2011 A1
20110099294 Kapur et al. Apr 2011 A1
20110106616 Bigby May 2011 A1
20110107077 Henderson et al. May 2011 A1
20110113095 Hatami-Hanza May 2011 A1
20110153822 Rajan et al. Jun 2011 A1
20110153985 Saha et al. Jun 2011 A1
20110154443 Thakur et al. Jun 2011 A1
20110173295 Bakke et al. Jul 2011 A1
20110173453 Parsell et al. Jul 2011 A1
20110184733 Yu et al. Jul 2011 A1
20110185082 Thompson Jul 2011 A1
20110188415 Graziano Aug 2011 A1
20110197059 Klein et al. Aug 2011 A1
20110202676 Craig et al. Aug 2011 A1
20110213911 Eldus et al. Sep 2011 A1
20110246634 Liu et al. Oct 2011 A1
20110246800 Accpadi et al. Oct 2011 A1
20110252475 Mui Oct 2011 A1
20110273984 Hsu et al. Nov 2011 A1
20110282997 Prince et al. Nov 2011 A1
20110314178 Kanode et al. Dec 2011 A1
20110321122 Mwangi et al. Dec 2011 A1
20120016994 Nakamura et al. Jan 2012 A1
20120030224 Cohen Feb 2012 A1
20120030341 Jensen et al. Feb 2012 A1
20120039341 Latif et al. Feb 2012 A1
20120041965 Vasquez et al. Feb 2012 A1
20120063314 Pignataro et al. Mar 2012 A1
20120066489 Ozaki et al. Mar 2012 A1
20120094631 Pattabiraman Apr 2012 A1
20120101952 Raleigh et al. Apr 2012 A1
20120102011 Matsuki et al. Apr 2012 A1
20120117028 Gold et al. May 2012 A1
20120150805 Pafumi et al. Jun 2012 A1
20120191847 Nas et al. Jul 2012 A1
20120195273 Iwamura et al. Aug 2012 A1
20120224531 Karuturi et al. Sep 2012 A1
20120226802 Wu et al. Sep 2012 A1
20120254293 Winter et al. Oct 2012 A1
20120257506 BazIamacci et al. Oct 2012 A1
20120258766 Cho et al. Oct 2012 A1
20120278445 Sagara Nov 2012 A1
20120278851 Dan Nov 2012 A1
20120311153 Morgan Dec 2012 A1
20120317266 Abbott Dec 2012 A1
20120331160 Tremblay et al. Dec 2012 A1
20130029726 Berionne et al. Jan 2013 A1
20130031060 Lowery et al. Jan 2013 A1
20130058229 Casado et al. Mar 2013 A1
20130073717 Collin et al. Mar 2013 A1
20130091002 Christie et al. Apr 2013 A1
20130114497 Zhang et al. May 2013 A1
20130182713 Giacomoni et al. Jul 2013 A1
20130205361 Narayanaswamy et al. Aug 2013 A1
20130238472 Fan et al. Sep 2013 A1
20130336122 Baruah et al. Dec 2013 A1
20140025823 Szabo et al. Jan 2014 A1
20140040478 Hsu et al. Feb 2014 A1
20140059678 Parker Feb 2014 A1
20140071895 Bane et al. Mar 2014 A1
20140095661 Knowles et al. Apr 2014 A1
20140099945 Singh et al. Apr 2014 A1
20140105069 Potnuru Apr 2014 A1
20140162705 de Wit et al. Jun 2014 A1
20140171089 Janakiraman et al. Jun 2014 A1
20140181787 Hristov Jun 2014 A1
20140187199 Yan et al. Jul 2014 A1
20140269484 Dankberg et al. Sep 2014 A1
20140280515 Wei Sep 2014 A1
20140282464 El-Gillani Sep 2014 A1
20140286316 Park et al. Sep 2014 A1
20140317404 Carlson et al. Oct 2014 A1
20140321462 Kancherla et al. Oct 2014 A1
20140365680 van Bemmel Dec 2014 A1
20150058595 Gura et al. Feb 2015 A1
20150095502 Le Bolzer et al. Apr 2015 A1
20150263959 Patwardhan et al. Sep 2015 A1
20150319270 Roeland et al. Nov 2015 A1
20160142373 Ossipov May 2016 A1
Foreign Referenced Citations (35)
Number Date Country
2003300350 Jul 2004 AU
2080530 Apr 1994 CA
2512312 Jul 2004 CA
0605088 Jul 1994 EP
0 738 970 Oct 1996 EP
0744850 Nov 1996 EP
1081918 Mar 2001 EP
63010250 Jan 1988 JP
06-205006 Jul 1994 JP
06-332782 Dec 1994 JP
8021924 Mar 1996 JP
08-328760 Dec 1996 JP
08-339355 Dec 1996 JP
9016510 Jan 1997 JP
11282741 Oct 1999 JP
2000183935 Jun 2000 JP
566291 Dec 2008 NZ
WO 9114326 Sep 1991 WO
WO 9505712 Feb 1995 WO
WO 9709805 Mar 1997 WO
WO 9745800 Dec 1997 WO
WO 9905829 Feb 1999 WO
WO 9906913 Feb 1999 WO
WO 9910858 Mar 1999 WO
WO 9939373 Aug 1999 WO
WO 9964967 Dec 1999 WO
WO 0004422 Jan 2000 WO
WO 0004458 Jan 2000 WO
WO 0058870 Oct 2000 WO
WO 0239696 May 2002 WO
WO 02056181 Jul 2002 WO
WO 2004061605 Jul 2004 WO
WO 2006091040 Aug 2006 WO
WO 2008130983 Oct 2008 WO
WO 2008147973 Dec 2008 WO
Non-Patent Literature Citations (154)
Entry
“A Storage Architecture Guide,” Second Edition, 2001, Auspex Systems, Inc., www.auspex.com, last accessed on Dec. 30, 2002.
“Canonical Name Record (CNAME),” CNAME Record: Chapter 8, Zy Trax, Inc., 3 pages, http://www.zytrax.com/books/dns/ch8/cname.html (2008).
“CSA Persistent File System Technology,” A White Paper, Jan. 1, 1999, pp. 1-3, http://www.cosoa.com/white_papers/pfs.php, Colorado Software Architecture, Inc.
“Denial-of-service attack,” Wikipedia, the free encyclopedia, 10 pages, http://en.wikipedia.org/w/index.php?title=Denial-of-service_attack&printable=yes (accessed Nov. 5, 2007).
“Diameter MBLB Support Phase 2: Generic Message Based Load Balancing (GMBLB),” last accessed Mar. 29, 2010, pp. 1-10, (http://peterpan.f5net.com/twiki/bin/view/TMOS/TMOSDiameterMBLB).
“Distributed File System: A Logical View of Physical Storage: White Paper,” 1999, Microsoft Corp., www.microsoft.com, <http://www.eu.microsoft.com/TechNet/prodtechnol/windows2000serv/maintain/DFSnt95>, pp. 1-26, last accessed on Dec. 20, 2002.
“editcap—Edit and/or translate the format of capture files”, 3 pages, www.ethereal.com/docs/man-pages/editcap.l.html (2004).
“ethereal Interactively browse network traffic”, www.ethereal.com/docs/man-pages/ethereal.l.html (2004).
“FAQ: Network Intrusion Detection Systems”, www.robertgraham.com/pubs/network-intrusion-detection.html (2000).
“Market Research & Releases, CMPP PoC documentation”, last accessed Mar. 29, 2010, (http://mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Universal).
“Market Research & Releases, Solstice Diameter Requirements”, last accessed Mar. 29, 2010, (http://mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Unisversal).
“Disk Striping,” Chapter 8, NERSC Tutorials: I/O on the Cray T3E, National Energy Research Scientific Computing Center (NERSC), http://hpcfnersc.gov, last accessed on Dec. 27, 2002, 9 pages.
“Network Sniffer”, www.linuxmigration.com/quickref/admin/ethereal.html; 4 pages, last accessed Apr. 15, 2004.
“Respond to server depending on TCP::client_port”, DevCentral Forums iRules, pp. 1-6, last accessed Mar. 26, 2010, (http://devcentral.f5.com/Default/aspx?tabid=53&forumid=5&tpage=l&v).
“Scaling Next Generation Web Infrastructure with Content-Intelligent Switching: White Paper,” Apr. 2000, pp. 1-9, Alteon Web Systems, Inc.
“Surviving DNS DDoS Attacks: Introducing self-protecting servers,” white paper, Secure64 Software Corporation, Mar. 19, 2007. (18 pages).
“tethereal—Dump and analyze network traffic”, www.ethereal.com/docs/man-pages/tethereal.l.html; 11 pages, last accessed Apr. 15, 2004.
“The AFS File System in Distributed Computing Environment,” www.transarc.ibm.com/Library/whitepapers/AFS/afsoverview.html, last accessed on Dec. 20, 2002, 6 pages.
“the-binary Advisory,” The Honeynet Project, Revision v1.0, May 31, 2002, 5 pages, http//www.honeynet.org/reverse/results/sol/sol-17/advisory.html.
“UDDI Overview”, Sep. 6, 2000, pp. 1-21, uddi.org, (http://www.uddi.org/).
“UDDI Technical White Paper,” Sep. 6, 2000, pp. 1-12, uddi-org, (http://www.uddi.org/).
“UDDI Version 3.0.1 UDDI”, Spec Technical Committee Specification, Oct. 14, 2003, pp. 1-383, uddi.org, (http://www.uddi.org/).
“Veritas SANPoint Foundation Suite(tm) and SANPoint Foundation Suite(tm) HA: New Veritas Volume Management and File System Technology for Cluster Environments,” Sep. 2001, 26 pages, Veritas Software Corp.
“Windows Clustering Technologies—An Overview,” Nov. 2001, 31 pages, Microsoft Corp., www.microsoft.com, last accessed on Dec. 30, 2002.
Abad, C., et al., “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, IEEE, Computer Society, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07), 2007, pp. 1-8.
Aguilera et al., “Improving recoverability in multi-tier storage systems,” International Conference on Dependable Systems and Networks (DSN—2007), Jun. 2007, 10 pages, Edinburgh, Scotland.
Amendment and Response to Office Action filed on Sep. 11, 2009 for U.S. Appl. No. 10/444,279.
Anderson et al., “Interposed Request Routing for Scalable Network Storage,” ACM Transactions on Computer Systems 20(1): (Feb. 2002), pp. 1-24.
Anderson et al., “Serverless Network File System,” in the 15th Symposium on Operating Systems Principles, Dec. 1995, 49 pages, Association for Computing Machinery, Inc.
Anonymous, “How DFS Works: Remote File Systems,” Distributed File System (DFS) Mar. 2003, 54 pages, Technical Reference retrieved from the Internet on Jan. 29, 2010, URL<http://technetmicrosoft.com/en-us/library/cc782417(WS.10,printer).aspx>.
Anton, Jesse, “Oracle9iAS Web Cache Technical White Paper”, Oracle, Jun. 2001, pp. 1-56.
Apple, Inc., “Mac OS X Tiger Keynote Intro. Part 2,” Jun. 2004, www.youtube.com <http://www.youtube.com/watch?v=zSBJwEmRJbY>, 1 page.
Apple, Inc., “Tiger Developer Overview Series: Working with Spotlight,” Nov. 23, 2004, www.apple.com using www.archive.org <http://web.archive.org/web/20041123005335/developer.apple.com/macosx/tiger/spotlight.html>, pp. 1-6.
Baer, T., et al., “The elements of Web services” ADTmag.com, Dec. 1, 2002, pp. 1-6, (http://www.adtmag.com).
Basney et al., “Credential Wallets: A Classification of Credential Repositories Highlighting MyProxy,” Sep. 19-21, 2003, pp. 1-20, 31st Research Conference on Communication, Information and Internet Policy (TPRC 2003), Arlington, Virginia.
Blue Coat, “Technology Primer: CIFS Protocol Optimization,” Blue Coat Systems Inc., 2007, pp. 1-3, (http://www.bluecoat.com).
Botzum, Keys, “Single Sign On—A Contrarian View,” Aug. 6, 2001, pp. 1-8, Open Group Website, http://www.opengroup.org/security/topics.htm.
Cabrera et al., “Swift: A Storage Architecture for Large Objects,” In Proceedings of the-Eleventh IEEE Symposium on Mass Storage Systems, Oct. 1991, pp. 123-128.
Cabrera et al., “Swift: Using Distributed Disk Striping to Provide High I/O Data Rates,” Fall 1991, pp. 405-436, vol. 4, No. 4, Computing Systems.
Cabrera et al., “Using Data Striping in a Local Area Network,” 1992, 22 pages, Technical report No. UCSC-CRL-92-09 of the Computer & Information Sciences Department of University of California at Santa Cruz.
Callaghan et al., “NFS Version 3 Protocol Specifications” (RFC 1813), Jun. 1995, 126 pages, The Internet Engineering Task Force (IETN), www.ietf.org, last accessed on Dec. 30, 2002.
Carlisle, David, “OpenMath, Math ML and XSL”, ACM SIGSAM Bulletin, Jun. 2000, vol. 34, Issue 2. pp. 6-11, retrieved from ACM Portal Feb. 21, 2006.
Carns et al., “PVFS: A Parallel File System for Linux Clusters,” in Proceedings of the Extreme Linux Track: 4th Annual Linux Showcase and Conference, Oct. 2000, pp. 317-327, Atlanta, Georgia, USENIX Association.
Cavale, M. R., “Introducing Microsoft Cluster Service (MSCS) in the Windows Server 2003”, Nov. 2002, 10 pages, Microsoft Corporation.
Citrix Systems, Inc., “Traffic Surges; Surge Queue; Netscaler Defense,” 2005, PowerPoint Presentation, slides 1-12.
Crescendo Networks, “Application Layer Processing (ALP),” 2003-2009, pp. 168-186, Chapter 9, CN-5000E/5500E, Foxit Software Company.
English Translation of Notification of Reason(s) for Refusal for JP 2002-556371 (Dispatch Date: Jan. 22, 2007).
F5 Networks Inc., “3-DNS® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 2-1-2-28, 3-1-3-12, 5-1-5-24, Seattle, Washington.
F5 Networks Inc., “Big-IP® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 11-1-11-32, Seattle, Washington.
F5 Networks Inc., “Case Information Log for ‘Issues with BoNY upgrade to 4.3’”, as early as Feb. 2008.
F5 Networks Inc., “Configuration Guide for Local Traffic Management,” F5 Networks Inc., Jan. 2006, version 9.2.2, 406 pgs.
F5 Networks Inc., “Deploying the BIG-IP LTM for Diameter Traffic Management,” F5® Deployment Guide, Publication date Sep. 2010, Version 1.2, pp. 1-19.
F5 Networks Inc., “F5 Diameter RM”, Powerpoint document, Jul. 16, 2009, pp. 1-7.
F5 Networks Inc., “F5 WANJet CIFS Acceleration”, White Paper, F5 Networks Inc., Mar. 2006, pp. 1-5, Seattle, Washington.
F5 Networks Inc., “Routing Global Internet Users to the Appropriate Data Center and Applications Using F5's 3-DNS Controller”, F5 Networks Inc., Aug. 2001, pp. 1-4, Seattle, Washington, (http://www.f5.com/f5producs/3dns/relatedMaterials/UsingF5.html).
F5 Networks Inc., “Using F5's 3-DNS Controller to Provide High Availability Between Two or More Data Centers”, F5 Networks Inc., Aug. 2001, pp. 1-3, Seattle, Washington, (http://www.f5.com/f5products/3dns/relatedMaterials/3DNSRouting.html).
F5 Networks, Inc., “BIG-IP Controller with Exclusive OneConnect Content Switching Feature Provides a Breakthrough System for Maximizing Server and Network Performance,” Press Release, May 8, 2001, 2 pAGES, Las Vegas, Nevada.
Fajardo V., “Open Diameter Software Architecture,” Jun. 25, 2004, pp. 1-6, Version 1.0.7, (http://diameter.sourceforge.net/diameter-architecture/indext.html).
Fan et al., “Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol”, Computer Communications Review, Association Machinery, New York, USA, Oct. 1998, pp. 254-265, vol. 28, Web Cache Sharing for Computing No. 4.
Farley, M., “Enterprise Storage Forum,” Aug. 6, 2002, 2 pages, Book Review—Building Storage Networks, 2nd Edition, http://www.enterprisestorageforum.com/sans/features/print/0,,10556_1441201.00.html, Enterprise Storage Forum Staff, last accessed Dec. 20, 2002.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2068, Jan. 1997, pp. 1-162.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2616, Jun. 1999, pp. 1-176, The Internet Society.
Floyd et al., “Random Early Detection Gateways for Congestion Avoidance,” Aug. 1993, pp. 1-22, IEEE/ACM Transactions on Networking, California.
Gibson et al., “File Server Scaling with Network-Attached Secure Disks,” in Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (Sigmetrics '97), Association for Computing Machinery, Inc., Jun. 15-18, 1997, 13 pages.
Gibson et al., “NASD Scalable Storage Systems,” Jun. 1999, 6 pages, USENIX99, Extreme Linux Workshop, Monterey, California.
Gupta et al., “Algorithms for Packet Classification”, Computer Systems Laboratory, Stanford University, CA, Mar./Apr. 2001, pp. 1-29.
Harrison, C., May 19, 2008 response to Communication pursuant to Article 96(2) EPC dated Nov. 9, 2007 in corresponding European patent application No. 02718824.2.
Hartman, J., “The Zebra Striped Network File System,” 1994, Ph.D. dissertation submitted in the Graduate Division of the University of California at Berkeley.
Haskin et al., “The Tiger Shark File System,” 1996, in proceedings of IEEE, Spring COMPCON, Santa Clara, CA, www.research.ibm.com, last accessed on Dec. 30, 2002.
Heinz G., “Priorities in Stream Transmission Control Protocol (SCTP) Multistreaming”, Thesis submitted to the Faculty of the University of Delaware, Spring 2003, pp. 1-35.
Hochmuth, Phil, “F5, CacheFlow pump up content-delivery lines,” Network World Fusion, May 4, 2001, 1 page, Las Vegas, Nevada.
Hu, J., Final Office action dated Sep. 21, 2007 for related U.S. Appl. No. 10/336,784.
Hu, J., Office action dated Feb. 6, 2007 for related U.S. Appl. No. 10/336,784.
Hwang et al., “Designing SSI Clusters with Hierarchical Checkpointing and Single I/O Space,” IEEE Concurrency, Jan.-Mar. 1999, pp. 60-69.
IBM Corporation, “A Process for Selective Routing of Servlet Content to Transcoding Modules,” Research Disclosure 422124, Jun. 1999, pp. 889-890.
IBM Corporation, “Servlet/Applet/HTML Authentication Process With Single Sign-On,” Research Disclosure 429128, Jan. 2000, pp. 163-164.
Ilvesmaki M., et al., “On the capabilities of application level traffic measurements to differentiate and classify Internet traffic”, Presented in SPIE's International Symposium ITcom, Aug. 19-21, 2001, pp. 1-11, Denver, Colorado.
Inoue et al, “Resource Allocation Schemes for Non-Real-Time Bursty Traffic in Wireless ATM Networks”, Global Telecommunications Conference 1996, Nov. 18-22, 1996, vol. 3, pp. 1984-1990.
International Search Report and Written Opinion, for International Patent Application No. PCT/US2011/058469, dated May 30, 2012.
International Search Report for International Patent Application No. PCT/US2008/083117 (dated Jun. 23, 2009).
International Search Report for International Patent Application No. PCT/US2008/060449 (dated Sep. 4, 2008).
International Search Report for International Patent Application No. PCT/US2008/064677 (dated Jun. 9, 2009).
International Search Report for International Patent Application No. PCT/US02/00720, dated Mar. 19, 2003.
International Search Report and Written Opinion for International Patent Application No. PCT/US2013/026615 (dated Jul. 4, 2013).
International Search Report from International Application No. PCT/US03/41202, dated Sep. 15, 2005.
Internet Protocol,“Darpa Internet Program Protocol Specification”, (RFC:791), Information Sciences Institute, University of Southern California, Sep. 1981, pp. 1-49.
Karamanolis, C. et al., “An Architecture for Scalable and Manageable File Services,” HPL-2001-173, Jul. 26, 2001. pp. 1-14.
Katsurashima, W. et al., “NAS Switch: A Novel CIFS Server Virtualization,” Proceedings 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies, 2003 (MSST 2003), Apr. 2003.
Kawamoto, D., “Amazon files for Web services patent”, CNET News.com, Jul. 28, 2005, pp. 1-2, (http://news.com).
Kimball, C.E. et al., “Automated Client-Side Integration of Distributed Application Servers,” 13th LISA Conf., 1999, pp. 275-282 of the Proceedings.
Klayman, J., Response filed by Japanese associate to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Nov. 13, 2008 e-mail to Japanese associate including instructions for response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Jul. 18, 2007 e-mail to Japanese associate including instructions for response to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Kohl et al., “The Kerberos Network Authentication Service (V5),” RFC 1510, Sep. 1993, 105 pages, http://www.ietf.org/ rfc/rfc1510.txt?number=1510.
Korkuzas, V., Communication pursuant to Article 96(2) EPC dated Nov. 9, 2007 in corresponding European patent application No. 02718824.2-2201, 3 pages.
LaMonica M., “Infravio spiffs up Web services registry idea”, CNET News.com, May 11, 2004, pp. 1-2, (http://www.news.com).
Lelil, S., “Storage Technology News: AutoVirt adds tool to help data migration projects,” Feb. 25, 2011, last accessed Mar. 17, 2011, 3 pages, <http://searchstorage.techtarget.com/news/article/0,289142,sid5_gci1527986,00.html>.
Long et al., “Swift/RAID: A distributed RAID System”, Computing Systems, Summer 1994, 20 pages, vol. 7.
Mac Vittie, L., “Message-Based Load Balancing: Using F5 solutions to address the challenges of scaling Diameter, Radius, and message-oriented protocols”, F5 Technical Brief, 2005, pp. 1-9, F5 Networks Inc., Seattle, Washington.
Microsoft Corporation, “Windows Server 2003 Kerberos Extensions,” Microsoft TechNet, 2003 (Updated Jul. 31, 2004), http://technet.microsoft.com/en-us/library/cc738207.
Modiano E., “Scheduling Algorithms for Message Transmission Over a Satellite Broadcast System”, MIT Lincoln Laboratory Advanced Networks Group, Nov. 1997, pp. 1-7.
Nichols K., et al., “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers”, (RFC:2474) Network Working Group, Dec. 1998, pp. 1-19, (http://www.ietf.org/rfc/rfc2474.txt).
Noghani et al., “A Novel Approach to Reduce Latency on the Internet: ‘Component-Based Download’,” Proceedings of the Computing, Las Vegas, NV, Jun. 2000, pp. 1-6 on the Internet: Intl Conf. on Internet.
Norton et al., “CIFS Protocol Version CIFS-Spec 0.9,” 2001, 125 pages, Storage Networking Industry Association (SNIA), www.snia.org, last accessed on Mar. 26, 2001.
Novotny et al., “An Online Credential Repository for the Grid: MyProxy,” 2001, pp. 1-8.
Ott D., et al., “A Mechanism for TCP-Friendly Transport-level Protocol Coordination”, USENIX Annual Technical Conference, 2002, University of North Carolina at Chapel Hill, pp. 1-12.
Owasp, “Testing for Cross site scripting”, Owasp Testing Guide v2, Table of Contents, Feb. 24, 2011, pp. 1-5, (www.owasp.org/index.php/Testing_for_Cross_site_scripting).
Padmanabhan V., et al., “Using Predictive Prefetching to Improve World Wide Web Latency”, SIGCOM, 1996, pp. 1-15.
Pashalidis et al., “A Taxonomy of Single Sign-On Systems,” 2003, pp. 1-16, Royal Holloway, University of London, Egham Surray, TW20, 0EX, United Kingdom.
Pashalidis et al., “Impostor: A Single Sign-On System for Use from Untrusted Devices,” Global Telecommunications Conference, 2004, GLOBECOM '04, IEEE, Issue Date: Nov. 29-Dec. 3, 2004, 5 pages, Royal Holloway, University of London.
Patterson et al., “A case for redundant arrays of inexpensive disks (RAID)”, Chicago, Illinois, Jun. 1-3, 1998, pp. 109-116, in Proceedings of ACM SIGMOD conference on the Management of Data, Association for Computing Machinery, Inc., www.acm.org, last accessed on Dec. 20, 2002.
Pearson, P.K., “Fast Hashing of Variable-Length Text Strings,” Comm. of the ACM, Jun. 1990, pp. 677-680, vol. 33, No. 6.
Peterson, M., “Introducing Storage Area Networks,” Feb. 1998, 6 pages, InfoStor, www.infostor.com, last accessed on Dec. 20, 2002.
Preslan et al., “Scalability and Failure Recovery in a Linux Cluster File System,” in Proceedings of the 4th Annual Linux Showcase & Conference, Atlanta, Georgia, Oct. 10-14, 2000, pp. 169-180 of the Proceedings, www.usenix.org/publications/library/proceedings/als2000/full_papers/preslan/presl, last accessed on Dec. 20, 2002.
Robot Wars —How Botnets Work, http://www.windowsecurity.com/articles/Robot-Wars-How-Botnets-Work.html, launched Oct. 20, 2005 (accessed Dec. 15, 2006), 10 pgs.
Rodriguez et al., “Parallel-access for mirror sites in the Internet,” InfoCom 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE Tel Aviv, Israel Mar. 26-30, 2000, Piscataway, NJ, USA, IEEE, US, Mar. 26, 2000 (Mar. 26, 2000), pp. 864-873, XP010376176 ISBN: 0-7803-5880-5 p. 867, col. 2, last paragraph—p. 868, col. 1, paragraph 1.
Rosen E., et al., “MPLS Label Stack Encoding”, (RFC:3032) Network Working Group, Jan. 2001, pp. 1-22,(http://www.ietf.org/rfc/rfc3032.txt).
Rsync, “Welcome to the RSYNC Web Pages,” Retrieved from the Internet URL: http://samba.anu.edu.ut.rsync/. (Retrieved on Dec. 18, 2009), 5 pages.
Savage, et al., “AFRAID—A Frequently Redundant Array of Independent Disks,” Jan. 22-26, 1996, pp. 1-13, USENIX Technical Conference, San Diego, California.
Schaefer, Ken, “IIS and Kerberos Part 5—Protocol Transition, Constrained Delegation, S4U2S and S4U2P,” Jul. 18, 2007, 21 pages, http://www.adopenstatic.com/cs/blogs/ken/archive/2007/07/19/8460.aspx.
Schilit B., “Bootstrapping Location-Enhanced Web Services”, University of Washington, Dec. 4, 2003, (http://www.cs.washington.edu/news/colloq.info.html).
Seeley R., “Can Infravio technology revive UDDI?”, ADTmag.com, Oct. 22, 2003, (http://www.adtmag.com).
Shohoud, Y., “Building XML Web Services with VB .NET and VB 6”, Addison Wesley, 2002, pp. 1-14.
Sleeper B., “The Evolution of UDDI”, UDDI.org White Paper, The Stencil Group, Inc., Jul. 19, 2002, pp. 1-15, San Francisco, California.
Sleeper B., “Why UDDI Will Succeed, Quietly: Two Factors Push Web Services Forward”, The Stencil Group, Inc., Apr. 2001, pp. 1-7, San Francisco, California.
Soltis et al., “The Design and Performance of a Shared Disk File System for IRIX,” Mar. 23-26, 1998, pp. 1-17, Sixth NASA Goddard Space Flight Center Conference on Mass Storage and Technologies in cooperation with the Fifteenth IEEE Symposium on Mass Storage Systems, University of Minnesota.
Soltis et al., “The Global File System,” Sep. 17-19, 1996, 24 pages, in Proceedings of the Fifth NASA Goddard Space Flight Center Conference on Mass Storage Systems and Technologies, College Park, Maryland.
Sommers F., “Whats New in UDDI 3.0—Part 1”, Web Services Papers, Jan. 27, 2003, pp. 1-4, (http://www.webservices.org/index.php/article/articleprint/871/-1/24/).
Sommers F., “Whats New in UDDI 3.0—Part 2”, Web Services Papers, Mar. 2, 2003, pp. 1-8, (http://www.web.archive.org/web/20040620131006/).
Sommers F., “Whats New in UDDI 3.0—Part 3”, Web Services Papers, Sep. 2, 2003, pp. 1-4, (http://www.webservices.org/index.php/article/articleprint/894/-1/24/).
Sorenson, K.M., “Installation and Administration: Kimberlite Cluster Version 1.1.0, Rev. Dec. 2000,” 137 pages, Mission Critical Linux, http://oss.missioncriticallinux.com/kimberlite/kimberlite.pdf.
Stakutis, C., “Benefits of SAN-based file system sharing,” Jul. 2000, pp. 1-4, InfoStor, www.infostor.com, last accessed on Dec. 30, 2002, Penn Well Corporation.
Suzuki et al, “Managing the Software Design Documents With XML”, Proceedings of the 16th Annual International Conference on Computer Docum, Sep. 1998, pp. 127-136, ACM Portal Feb. 21, 2006.
Thekkath et al., “Frangipani: A Scalable Distributed File System,” in Proceedings of the 16th ACM Symposium on Operating Systems Principles, Oct. 1997, pp. 1-14, Association for Computing Machinery, Inc.
Tulloch, Mitch, “Microsoft Encyclopedia of Security,” 2003, pp. 218, 300-301, Microsoft Press, Redmond, Washington.
Uesugi, H., Nov. 26, 2008 amendment filed by Japanese associate in response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371, 5 pages.
Uesugi, H., English translation of office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371, 2 pages.
Uesugi, H., Jul. 15, 2008 letter from Japanese associate reporting office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371, 2 pages.
Wang B., “Priority and realtime data transfer over the best-effort Internet”, Dissertation Abstract, 2005, ScholarWorks@UMASS.
Weiss, Aaron, “XML Gets Down to Business”, Mixed Media, Sep. 1999, vol. 3, Issue 3, pp. 36-43.
White Paper: Application Firewalls, F5 Networks, Inc. Copyrighted Oct. 2007, 7 pgs.
Wikipedia, “Diameter (protocol)”, pp. 1-11, last accessed Oct. 27, 2010, (http://en.wikipedia.org/wiki/Diameter_(protocol)).
Wilkes, J., et al., “The HP AutoRAID Hierarchical Storage System,” Feb. 1996, 29 pages, vol. 14, No. 1, ACM Transactions on Computer Systems.
Williams et al., “The Ultimate Windows Server 2003 System Administrator's Guide: Forwarding Authentication,” 2003, 2 pages, Figure 10.7, Addison-Wesley Professional, Boston, Massachusetts.
Woo T.Y.C., “A Modular Approach to Packet Classification: Algorithms and Results”, Bell Laboratories, Lucent Technologies, Mar. 2000, pp. 1-10.
Zayas, E., “AFS-3 Programmer's Reference: Architectural Overview,” Sep. 2, 1991, 37 pages, Version 1.0 (doc. No. FS-00-D160) Transarc Corporation.
Box et al., “Simple Object Access Protocol (SOAP) 1.1,” W3C Note, pp. 1-34, May 8, 2000.
Levy, Ken, “New XML Tools in Visual Studio 2005,” Ken Levy's Blog, MSDN Blogs, 1 page, Jul. 21, 2004.
F5 Networks, Inc., “Application Firewalls,” White Paper, pp. 1-7, Oct. 2007.
F5 Networks, Inc., “Optimize WAN and LAN Application Performance with TCP Express,” White Paper, pp. 1-7, Aug. 2007.
Big-IP Link Controller, “Take Control of Multiple ISP Connections,” Datasheet, F5 Networks, Inc., pp. 1-4, 2013.
Big-IP Local Traffic Manager, “Application Delivery with Programmable Infrastructure,” Datasheet, F5 Networks, Inc., pp. 1-8, 2014.
Big-IP® Local Traffic Manager™: Implementations, Version 12.1, MAN-0293-13, F5 Networks, Inc., pp. 1-228, May 4, 2018.
Big-IP® Local Traffic Manager™: Implementations, Version 12.1, MAN-0293-13, pp. 1-232, May 24, 2016.
Continuations (1)
Number Date Country
Parent 12614373 Nov 2009 US
Child 16720364 US