A plurality of computer nodes communicate using seemingly random Internet Protocol
source and destination addresses. Data packets matching criteria defined by a moving
window of valid addresses are accepted for further processing, while those that
do not meet the criteria are quickly rejected. Improvements to the basic design
include (1) a load balancer that distributes packets across different transmission
paths according to transmission path quality; (2) a DNS proxy server that transparently
creates a virtual private network in response to a domain name inquiry; (3) a large-to-small
link bandwidth management feature that prevents denial-of-service attacks at system
chokepoints; (4) a traffic limiter that regulates incoming packets by limiting
the rate at which a transmitter can be synchronized with a receiver; and (5) a
signaling synchronizer, that allows a large number of nodes to communicate with
a central node by partitioning the communication function between two separate entities.
