� Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 1 of 78
EXHIBIT 8 PART A
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 2 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 1 2 3 4 5 6 7 8 9 U.S. Patent No. 6,711,615: Network Surveillance U.S. Patent No. 6,321,338: Network Surveillance U.S. Patent No. 6,708,212: Network Surveillance U.S. Patent No. 6,484,203: Hierarchical Event Monitoring and Analysis U.S. Patent 6,321,338 File History U.S. Patent 6,484,203 File History U.S. Patent 6,711,615 File History U.S. Patent 6,708,212 File History A Method to Detect Intrusive Activity in a Networked Environment, Proc. 14th National Security Conference, pg. 362-371 Towards Detecting Intrusions in a Networked Environment, Technical report CSE-91-23, Division of Computer Science, UC Davis Towards Detecting Intrusions in a Networked Environment, Proc. 14th Department of Energy Computer Security Group Conference, pp. 17.47-17.65 Network Attacks and an Ethernet-based Network Security Monitor, Proc. 13th Department of Energy Computer Security Group Conference, pp. 14.1-14.13 Network Security Monitor Final report
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0071580 SRIE 0303725 SYM_P_0071535 SRIE 0303744 SYM_P_0071564 SRIE 030709 SYM_P_0071550 SRIE 0303760 SYM_P_0553648 SYM_P_0553806 SYM_P_0554113 SYM_P_0554839 SYM_P_0069355 ISS 23957 SYM_P_0069366 ISS 23866 SYM_P_0069335 ISS 23846 SYM_P_0069322 ISS 25306 END BATES NO. SYM_P 0071598 SRIE 0303743 SYM_P_0071549 SRIE 030759 SYM_P_0071579 SRIE 0303724 SYM_P_0071563 SRIE 0303774 SYM_P_0553805 SYM_P_0553961 SYM_P_0554838 SYM_P_0554931 SYM_P_0069365 ISS 23967 SYM_P_0069424 ISS 23924 SYM_P_0069354 ISS 23865 SYM_P_0069334 ISS 25318 SYM_P_0070839 SYM_P_0069279; SRI 058266; TL 2408 ISS 23557 SYM_P_0534116; SYM_P_0068986 ISS 3534 ISS 04157 SYM_P_0075282 ISS_00340933 602; 802
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
10
402; 403; 602; 802; 901
11
602; 802
801, 803, 807
12 13 14
602; 802 602; 802
801, 803, 807 801, 803, 807
15
16
SYM_P_0070787 SYM_P_0069263; Network Intrusion Detection, IEEE Network, Vol. 8 No. SRI 058251; 3 ("NIDES 1994") TL 2393 ISS 23541 SYM_P_0534104; A Network Security Monitor, Proc. 1990 Symposium on SYM_P_0068974 research in Security and Privacy, pp. 296-304 ISS 3532 ISS 04149 SYM_P_0074948 NetRanger User's Guide Version 1.3.1 ISS_00340599
106; 602; 802; ISS: Exhibit does 801, 803, 807 not match description 401, 402, 403, 801, 803, 807
402; 403; 602; 802
Page 1 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 3 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 17 Real Secure 1.1: User Guide and reference Manual Implementing a Generalized Tool for Network Monitoring, Proceedings of the Eleventh Systems Administration Conference (LISA '97), San Diego, CA Artificial Intelligence and Intrusion Detection: Current and Future Directions, Proc. Of the 17th National Computer Security Conference
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0078004; ISS_0025387 SYM_P_0070720 ISS 24542 END BATES NO. SYM_P_0078077; ISS_0025463 SYM_P_0070728 ISS 24550 602; 802; 901
FRE IN SUPPORT OF ADMISSION 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 801, 803, 807 801, 803, 807
DATE ADMITTED
18
402; 403; 602; 802
19 20 21
SYM_P_0073569
SYM_P_0073580 SYM_P_0077176 SYM_P_0077185; DD_0000034 ISS 04089 SYM_P_0069297 ISS 24917 SYM_P_0535428; SRI 135589 ISS 360050 SUN_0000856 SYM_P_0071261 ISS 24493 SYM_P_0526271 SYM_P_0074524 ISS 356578 SYM_P_0076781 ISS 360081 SYM_P_0069866 ISS 362825
402; 403; 602; 802 602; 802 602; 802
DIDS - Motivation, Architecture and an Early Prototype SYM_P_0077176 DIDS (Distributed Intrusion Detection System) Motivation, Architecture, and An Early Prototype SYM_P_0077175; DD_0000018 ISS 04080
22
23 24 25 26
Intrusion Detection Systems (IDS): A Survey of Existing SYM_P_0069280 Systems and A Proposed Distributed IDS Architecture, ISS 24900 CSE-91-7 Analysis of a Denial of a Service Attack on TCP, Proc. SYM_P_0535408; SRI Of the 1997 IEEE Symposium on Security and Privacy, 135574 Oakland, CA, 208-23 ISS 360035 SunScreen EFS Configuration and Management Guide, SUN_0000501 release 1.1 SYM_P_0071236 Revised CIDF Documents ISS 24468 Automated Information System (AIS) Alarm System, SYM_P_0526260 Proc. Of the 20th National Systems Security Conference Network Security Probe, Proc. Of the 2nd ACM Conference on Computer and Communications Security, 229-40 (ACM 1994) U.S. Patent 5,825,750 - Method and Apparatus for Maintaining Security in a Packetized Data Communications Network U.S. Patent 5,825,891 - Key Management for Network Communication SYM_P_0074513 ISS 356567 SYM_P_0076772 ISS 360072 SYM_P_0069852 ISS 362811
602; 802
801, 803, 807 401, 402, 403, 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
402; 403; 602; 802 602; 802 402; 403; 602; 802; 901
27
402; 403; 602; 802
401, 402, 403, 801, 803, 807
28 29
Page 2 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 4 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION A System for Distributed Intrusion Detection, 30 COMPCON Spring 1991, Digest of Papers, San Francisco, CA, An Architecture for a Distributed Intrusion Detection 31 System, Proc. Of the 14th Department of Energy Computer Security Group Conference Signature analysis and communication issues in a 32 distributed intrusion detection system, M.S. Thesis, Division of Computer Science, U.C. Davis The DIDS (Distributed Intrusion Detection System) 33 Prototype, Proceedings of the Summer 1992 USENIX Conference Intrusion Detection: the Application of Feature Selection, a Comparison of Algorithms, and the 34 Application of a Wide Area Network Analyzer, M.S. Thesis of Justin Edgar Doak, Division of Computer Science, U.C. Davis 35 Towards a Dynamic System for Accountability and Intrusion Detection in a Networked Environment, M.S. Thesis, Division of Computer Science, U.C. Davis Cooperating Security Managers: A Peer-Based Intrusion Detection System, IEEE Network Internetwork Security Monitor: An Intrusion-Detection System for Large-Scale Networks, Proc. 15th National Computer Security Conf., pp. 262-271 EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, published in the Proceedings of the 20th National Information Systems Security Conference ("Emerald 1997") GrIDS - A graph based intrusion detection system for large networks, 19th National Information Systems Security Conference (1996) GrIDS Webpage, Internet Archive, seclab.cs.ucdavis.edu/arpa/grids GrIDS requirements Document, webpage archive
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0069210 ISS 23817 SYM_P_0069217 ISS 23824 SYM_P_0069163 ISS 3336 SYM_P_0501723; TEA_0001782 END BATES NO. SYM_P_0069216 ISS 23823 SYM_P_0069238 ISS 23845 SYM_P_0069209 ISS 3378 SYM_P_0501736; TEA_0001789 602; 802
FRE IN SUPPORT OF ADMISSION 801, 803, 807
DATE ADMITTED
602; 802
801, 803, 807 401, 402, 403, 801, 803, 807 801, 803, 807
402; 403; 602; 802
602; 802
SYM_P_0598850
SYM_P_0599030
402; 403; 602; 802
401, 402, 403, 801, 803, 807
SYM_P_0598736 SYM_P_0069980 ISS 23646 SYM_P_0069244 ISS 23346 SYM_P_0068831 ISS 2892 SYM_P_0068883 STA00043 ISS 3423 SYM_P_0512090 SYM_P_0499508
SYM_P_0598795 SYM_P_0069983 ISS 23649 SYM_P_0069254 ISS 23356 SYM_P_0068843 ISS 2904 SYM_P_0068892 STA00052 ISS 3432 SYM_P_0512181 SYM_P_0499508
402; 403; 602; 802
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 801, 803, 807
36 37
402; 403; 602; 802 602; 802
38
Description inappropriate (in part)
39 40 41
602; 802 402; 403; 602; 802 402; 403; 602; 802; 901
801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
Page 3 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 5 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 42 GrIDS Outline Design Document, webpage archive 43 Graph-based Intrusion Detection Presentation Graph-Based Intrusion Detection System Presentation, 44 PI Meeting, Savannah, GA 45 46 47 48 49 Design of GRIDS: A Graph-Based Intrusion Detection System, Technical report, UC Davis Department of Computer Science, Davis California ("GRIDS 1997")
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0499504 SYM_P_0077843 SYM_P_0499496 END BATES NO. SYM_P_0499507 SYM_P_0077858 SYM_P_0499503 SYM_P_0080943; STA00101 ISS_00341017 ISS 23294 SRIE 0399295 SYM_P_0503709; SYM_P_0527709 ISS 27406 SYM_P_0076703 ISS 27422 SYM_P_0499601 ISS 00592356 SYM_P_0500585 ISS 27470 SYM_P_0070582 SYM_P_0527643 ISS_00357136 ISS_00357105 ISS 27374 SYM_P_0527552 SYM_P_0605651 SYM_P_0499440 ISS 348258 SRI 11026 SRI 011023 SRI 011048 602; 802 602; 802
FRE IN SUPPORT OF ADMISSION 801, 803, 807 801, 803, 807
DATE ADMITTED
SYM_P_0080878; STA00053 ISS_00340942 ISS 23219 Email from Frank Jou re: Technical report Available SRIE 0399295 SYM_P_0503679; Ji-Nao Slides from "Scalable Intrusion Detection for the SYM_P_0527644 Emerging Network Infrastructure, IDS Program review," ISS 27377 SYM_P_0076695 Intrusion Detection for Link-State Routing Protocols ISS 27417 MCNC Internet Archive pages, including Project Update SYM_P_0499511 Viewgraph slides at SRI ISS 00592355 Statistical Anomaly Detection for Link-State Routing SYM_P_0500577 Protocols, in Sixth International Conference on Network ISS 27462 Protocol (ICNP '98) Technical report (CDRL A005) Architecture Design of a Scalable Intrusion Detection System for the Emerging Network Infrastructure, DARPA Order Number: E296, issued by Rome Lab under Contract Number: F3060296-C0325 from Y. Frank Jou and Shyhtsun Felix Wu Gabriel Man Page http://web.archibe.org/web/19970109093153/www.lat.c om/gabman.htm Analysis and response for Intrusion Detection in Large Networks, EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Summary for CMAD Workshop, Monterey, November 12-14, 1996 Analysis and response for Intrusion Detection in Large Networks, Summary for Intrusion Detection Workshop, Santa Cruz SYM_P_0070541 SYM_P_0527602 ISS_00357064 ISS 27334 SYM_P_0527549 SYM_P_0605648 SYM_P_0499439 ISS 348257 SRI 011022
602; 802; 901
801, 803, 807, 901, 902
602; 802; 901; ISS: Illegible 602; 802 402; 403; 602; 802; 901; 1002; ISS: Description does not match exhibit (in part) 602; 802; 901; ISS: Description does not match exhibit (in part)
801, 803, 807, 901, 902 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902, 801, 803, 807, 901, 902
50
51
602; 802; ISS: ISS_00357106136 does not match description
801, 803, 807
52
402; 403; 602; 802
401, 402, 403, 801, 803, 807
53
54
SRI 011045
Page 4 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 6 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Conceptual Overview, http:///www.sdl.sri.com/papers/emerald-position1/ Conceptual Design and Planning for EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Version 1.2 ("Emerald - Conceptual Design 1997") Statistical Methods for Computer Usage Anomaly Detection Using NIDES, Proceedings of the Third International Workshop on Rough Sets and Soft Computing ("Statistical Methods")
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0503335 ISS 44439 ISS 538070 ISS_00590974 END BATES NO. SYM_P_0503345 SYM_P_0503337 ISS 44441 ISS 538071 ISS 00590975 SRI 012404 ISS: Exhibits do not match description and differ, clarification needed, SRI reserves all objections
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
55
56
SRI 012308
402; 403; 602; 802
401, 402, 403, 801, 803, 807
57
SYM_P_0068936 ISS 356736 ISS 03717
SYM_P_0068942 ISS 356742 ISS 03722
58
Conceptual Design and Planning for EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, published in the Proceedings of the 20th SRI 154894 National Information Systems Security Conference ("Emerald 1997"), Version 1.0 Quarterly Status report, report No. 2 (no date). Project Title: EMERALD EMERALD: EMERALD Event Monitoring Enabling responses to Anomalous Live Disturbances, DARPA Contract No. F30602-96-C-0294, February 05,1997 (document is dated October 5, 1997) Live Traffic Analysis of TCP/IP Gateways, http://www.sdl.sri.com/projects/emerald/livetraffic.html, Internet Society's Networks and Distributed Systems Security Symposium Live Traffic Analysis of TCP/IP Gateways, Networks and Distributed Systems Security Symposium IDES: A Progress report, in Proceedings of the 6th Annual Computer Security Applications Conference, 1990 SRI 154809
SRI 154932
Incorrect description; 403
403
59
SRI 154812
60
SRI 105589
SRI 105609
61
SYM_P_0068844 ISS 00359692 SYM_P_0503946 ISS 3738 ISS 28365 SYM_P_0080629 ISS 27834
SYM_P_0068865 ISS 00359712 SYM_P_0503965 ISS 3749 ISS 28384 SYM_P_0080641 ISS 27846
ISS: Exhibit does not match description - clarification needed ISS: Exhibits differ - clarification needed
62
63
Page 5 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 7 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 64
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. END BATES NO. SYM_P_0527513 ISS 355280 SYM_P_0079370 ISS 27833 SYM_P_0082329 ISS 359778 SRI 058598 SYM_P_0073101 ISS 354971 SYM_P_0077216 ISS 359367
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
A Real-Time Intrusion-Detection Expert System (IDES), SYM_P_0527388 Interim Progress report, Project 6784, SRI International ISS 355143 A Real-Time Intrusion Detection Expert Systems, Final SYM_P_0079206 Technical report, February 28, 1992 prepare for Robert ISS 27669 Kolacki, SPAWAR, Contract No. N00039-89-C-0050 Next-generation Intrusion Detection Expert System (NIDES) A Summary ("Network NIDES") A Case Study of Ethernet Anomalies in a Distributed Computing Environment, IEEE Transactions on reliability, Vol. 39, No. 4, SYM_P_0082283 ISS 359733 SRI 058552 SYM_P_0073090 ISS 354960
65
66
Inappropriate description 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
67
402; 403; 602; 802
68
Fault Detection in an Ethernet Network Using Anomaly SYM_P_0077201 Signature Matching, Computer Communication review, ISS 359352 SIGCOM '93 Conference Proceedings Fault Detection in an Ethernet network via anomaly detectors, Carnegie Mellon University ("Feather Thesis") RFC 1157, A SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) SYM_P_0501779 ISS 348259
402; 403; 602; 802
69
70
SYM_P_0502063 602; 802 SYM_P_0502035 ISS 348515 SYM_P_0501113; SYM_P_0501142; SYM_P_0527111; ISS SYM_P_0527111; ISS 602; 802; 901 348987 349019 SYM_P_0501031 ISS 348905 SYM_P_0501205 ISS 349082 ISS 348986 SYM_P_0501271 ISS 349249 SYM_P_0603837 SYM_P_0081098 ISS 26771 ISS 26885 602; 802; 901
801, 803, 807
801, 803, 807, 901, 902
71
RFC 1155, Structure and Identification of Management SYM_P_0501012 Information for TCP/IP - based Internets ISS 348886 SYM_P_0501143 RFC 1213, Management Information Base for Network ISS 349020 Management of TCP/IP - based Internets: MIB-II ISS 348906 RFC 1271, Remote Network Monitoring Management SYM_P_0501206 Information Base ISS 349177 RFC 2021, Remote Network Monitoring Management Information Base Version 2 using SMIv2 SYM_P_0603708
801, 803, 807, 901, 902
72 73 74
602; 802; 901 602; 802; 901 602; 802; 901; FRCP 37 (untimely produced) 602; 802; ISS26772-26885 does not match description
801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807, 901, 902 Disclosed no later than 4/24/06 801, 803, 807
75
HP OpenView for Windows User Guide for Transcend SYM_P_0080944 Management Software, Version 6.1 for Windows and '97 ISS 26617 ISS 26772 for Windows NT, 3Com
Page 6 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 8 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION HP OpenView for Windows Workgroup Node Manager 76 User Guide, Transcend Management Software version 6.0 for Windows, 3Com Hierarchical Network Management - A Concept and its 77 Prototype in SNMPv2 HP SNMP/XL User's Guide, HP 3000 MPE/iX 78 Computer Systems Edition 5, Hewlett Packard RFC 1441, Introduction to version 2 of the Internet79 standard Network Management Framework RFC 1757, Remote Network Management Information 80 Base RFC 1451, Manager-to-Manager Management 81 Information Base MANAGING INTERNETWORKS WITH SNMP, 2nd 82 Ed. Data Privacy Facility Administrator's Guide, DPF 83 Version 1.2, Network Systems Corporation 84 85 86 NetStalker Installation and User's Guide, Version 1.0.2 ("NetStalker Manual") Archived pages from the Haystack website Detecting Network Intruders, Network Magazine
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0081099 ISS 26886 SYM_P_0500982 ISS 348739 SYM_P_0076931 ISS 348749 SYM_P_0501272 ISS 349083 SYM_P_0501319 ISS 349096 SYM_P_0501285 ISS 349250 SYM_P_0503966 ISS 358409 SYM_P_0072419 ISS 30066 SYM_P_0079550 ISS 30989 SYM_P_0504942 ISS 359730 SYM_P_0078627 ISS 28271 ISS 341748 END BATES NO. SYM_P_0081212 ISS 27071 SYM_P_0500991 ISS 348748 SYM_P_0077019 ISS 348837 SYM_P_0501284 ISS 349095 SYM_P_0501399 ISS 349176 SYM_P_0501318 ISS 349284 SYM_P_0504693 ISS 359136 SYM_P_0072641 ISS 30305 SYM_P_0079629 ISS 31068 SYM_P_0504946 ISS 359732 SYM_P_0078630 ISS 28274 ISS 341751 SYM_P_0074481 ISS 44950 SYM_P_0526735 ISS 31239 SYM_P_0512377 SYM_P_0531139 ISS 23711 602; 802; ISS: Description does not match exhibit (in part) 402; 403; 602; 802; 901 402; 403; 602; 802 602; 802; 901 602; 802; 901 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802; 901 402; 403; 602; 802
FRE IN SUPPORT OF ADMISSION 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
DATE ADMITTED
87 88
89
NetRanger real-Time Network Intrusion Detection SYM_P_0074255 Performance and Security Test, DoD/SPOCK, including ISS 44725 Appendices A, B and C SYM_P_0526566 NetRanger User's Guide, WheelGroup Corporation ISS 31069 SYM_P_0071183; reproduced as NetRanger High-Level Overview, Version 1.1, SYM_P_0512208 WheelGroup Corporation SYM_P_0531123 ISS 23695
402; 403; 602; 802; 901 402; 403; 602; 802; 901
602; 802; 901
801, 803, 807, 901, 902
Page 7 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 9 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 90 91 92 NetRanger User's Guide Version 1.2.2, WheelGroup Corporation
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0075283 ISS 340599 ISS 00341260 SYM_P_0071736 ISS 31240 END BATES NO. SYM_P_0075535 ISS 340933 ISS 00341512 SYM_P_0071953 ISS 31469 SYM_P_0074566 ISS 341552 SYM_P_0074947 ISS 359351 SYM_P_0077416 ISS 354724 SYM_P_0077931 ISS 28280 SYM_P_0074723 ISS 44717 SYM_P_0074648 ISS 44719 SYM_P_0074526 ISS 44715 SYM_P_0601752 602; 802; ISS: ISS_340599-933 does not match description 602; 802 402; 403; 602; 802; 901
FRE IN SUPPORT OF ADMISSION 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06
DATE ADMITTED
93 94 95 96 97 98
NetRanger User's Guide Version 1.2, WheelGroup Corporation Product Security Assessment of the NetRanger Intrusion SYM_P_0074527 Detection Management System Version 1.1, AF ISS 341513 Information Warfare Center SYM_P_0074926 NetRanger SQL queries ISS 359330 NetRanger Installation & Configuration Training, Slide SYM_P_0077338 Presentation ISS 354607 SYM_P_0077928 NetRanger keeps watch over security leaks ISS 28277 SYM_P_0074722 WheelGroup releases NetRanger Versions 2.0, ISS 44716 WheelGroup Press release Summary of DoD/SPOCK Evaluation of WheelGroup's SYM_P_0074647 NetRanger Intrusion Detection System, WheelGroup ISS 44718 Press release SYM_P_0074525 WheelGroup Press release Summary ISS 44714 The Security Router Getting Started Guide release 2.0, NSC SYM_P_0601013
402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901; FRCP 37 (untimely produced)
99
100
BorderGuard 1000 reference Manual release 4.0, NSC
SYM_P_0601940
SYM_P_0602441
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
101
BorderGuard Troubleshooting Guide release 4.0, NSC
SYM_P_0602656
SYM_P_0602761
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
Page 8 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 10 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 102 BorderGuard 1000 release Notes releases 4.01, NSC
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0601753 END BATES NO. SYM_P_0601939 402; 403; 602; 802; 901; FRCP 37 (untimely produced)
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/5/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/7/06 801, 803, 807 Disclosed no later than 4/20/06
DATE ADMITTED
103
NetSentry User Guide release 4.0, NSC
SYM_P_0602442
SYM_P_0602655
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
104
BorderGuard, ZD Internet Magazine, http://www.govisionmaster.com/dir_technology/firewall SYM_P_0599031 s/15Firewall.htm
SYM_P_0599031
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
105
BorderGuard Internet Archive documentation
SYM_P_0600799
SYM_P_0600839 SYM_P_0603984 ISS 02126244 ISS_02127444 SYM_P_0078786 ISS 312076, ISS 312128, ISS 312157 SYM_P_0078677; ISS_00357178 SYM_P_0079457; ISS 357193 ISS 357217 ISS 341052 SYM_P_0074581; ISS 357259 ISS 44418 SYM_P_0078649 ISS 357193 ISS_0212875 ISS_02125875
402; 403; 602; 802; 901; FRCP 37 (untimely produced) 602; 802; FRCP 37 (untimely produced)
106
107
RealSecure release 1.0 for Windows NT 4.0: A User SYM_P_0603857 Guide and reference Manual, Internet Security Systems, ISS 02126117 Inc. ISS_02127316 SYM_P_0078707; ISS 312059, RealSecure 1.2.2: User Guide and reference Manual ISS 312114, ISS 312134 More About RealSecure: General Description and Comparison to Existing Systems SYM_P_0078668; ISS_00357169 SYM_P_0079443; ISS 357179 RealSecure Sales FAQ ISS 357217 Frequently-Asked Questions About RealSecure ISS 341037 SYM_P_0074567; Real-Time Attack recognition and response: A Solution ISS 357242 for Tightening Network Security ISS 44404 SYM_P_0078631 Frequently-Asked Questions About Real-Secure ISS 357179 ISS_02125871
602; 802; 901
801, 803, 807, 901, 902
108
602; 802; 901
801, 803, 807, 901, 902
109
Exhibits differ; 602; 802; 901
801, 803, 807, 901, 902
110 111 112
Exhibits differ; 602; 802; 901 602; 802; 901 602; 802
801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807
Influential Products '97, Windows NT Magazine
Page 9 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 11 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 113 114 RealSecure release Dates Table RealSecure Press release
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0504850 ISS 358384 SYM_P_0504802 SYM_P_0503752 ISS 357164 ISS 357262 SYM_P_0504810 ISS_02125865 END BATES NO. 402; 403; 602; 802; 901 SYM_P_0504803 SYM_P_0503753 ISS 357165 ISS 357263 SYM_P_0504812 402; 602; 802 ISS_02125899 ISS_02125868 402; 602; 802 Incomplete; 402; 602; 802
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902
DATE ADMITTED
115
RealSecure Press release
602; 802; 901
801, 803, 807, 901, 902
116 117 118 119
RealSecure Press release Hack Yourself, Windows Magazine
401, 402, 801, 803, 807 401, 402, 801, 803, 807 Incomplete, 401, 402, 801, 803, 807 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 801, 803, 807
SafeSuite Spots Net Holes, PC Week/Netweek Magazine ISS_02125898 1996: An Enterprising Year, PC Week/Netweek Magazine Banking with Confidence" RealSecure Keeps Bank's Web Site Safe From Would-Be Hackers, PC Today Magazine Project Centaur - RealSecure v1.5 (NT & UNIX) OPSEC - Advertising Supplement to Network Magazine, Network Magazine ISS_02125867
120
ISS_02125870
403; 602; 802
121 122
ISS_02125892 ISS_02125876
ISS_02125896 ISS_02125891 SYM_P_0500603 ISS 354436 SYM_P_0504939 ISS 00358240 SYM_P_0503748 SYM_P_0078994 ISS 3851
402; 403; 602; 802; 901 602; 802
123
The Architecture of a Network Level Intrusion Detection SYM_P_0500586 System, Technical report CS90-20, University of New ISS 354419 Mexico, Department of Computer Science Stake Out Network Surveillance White Paper Archived copies of Harris Corporation Web Site from http://archive.org The NIDES Statistical Component Description and Justification, Annual report A010, SRI Project 3131, Contract N00039-92-C-0015, ("NIDES 1994") An Expert System for Detecting Attacks on Distributed Computer Systems, M.S. Thesis, Division of Computer Science, University of California, Davis SYM_P_0504929 ISS 00358230 SYM_P_0503721 SYM_P_0078943 ISS 3804
602; 802; 901
801, 803, 807, 901, 902
124 125 126
602; 802 403; 602; 802
801, 803, 807 403, 801, 803, 807
127
FRCP 37 (not produced); SRI reserves all other objections
Disclosed no later than Heberlein Report 4/21/06
Page 10 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 12 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION An Intrusion-Detection Model, IEEE Trans. On 128 Software Engg., vol. SE-13, pp. 222-232 129 The SRI IDES Statistical Anomaly Detector http://www.sdl.sri.com/papers/stats91 Security Problems in the TCP/IP Protocol Suite, ACM Computer Commun. review, vol. 19, No. 2, pp. 32-48
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0074006 ISS 25069 ISS 3793 SYM_P_0605652 END BATES NO. SYM_P_0074022 ISS 25080 ISS 3803 SYM_P_0605652 402; 403; 602; 802
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807 Disclosed no later than 10/13/05 response to SRI's First Request for Production Disclosed 10/26/05
DATE ADMITTED
FRCP 37 (untimely produced)
130
SRI 111732
SRI 111748
FRCP 37 (not produced); SRI reserves all other objections
131
132 133 134 135 136
137
138
139
Analysis of an Algorithm for Distributed recognition SYM_P_0069996 and Accountability, PROC/. First ACM Conf. on Computer and Communications Security, Fairfax, VA., ISS 23368 pp. 154-164 Detecting Intrusions Through Attack Signature Analysis, Proc., 3rd Workshop on Computer Security Incident Handling, Herndon, VA Email from Porras to Neumann re: recent SRIE 0400373 Accomplishments Oki Electric Industry Co., Ltd Software Distribution SRI 045376 Agreement Amended Deposition Notice Letter to Macchia from Abramson re: Abramson's April SRI 017515 2, 2004 letter wherein SRI notified ISS of ISS infringement of a number of patents owned by SRI. Email from Abramson to Scott Petty at King & Spalding with a copy to Stringer-Calvert re: SRI Network SRI 0338197 Security Patents and ISS due diligence re "continued SRIE 0338197 agreement between SRI and ISS on the potential benefits of a business solution." Email from Abramson to Robin Roof at SRI re: SRI 009465 Conference Call with ISS Letter from Scott Petty at King & Spalding to Abramson in response to request that ISS produce prior art in SRI 009530 support of its invalidity position for certain patents owned by SRI.
SYM_P_0070006 ISS 23378
402; 403; 602; 802
401, 402, 403, 801, 803, 807 Disclosed no later than Heberlein Report 4/21/06
FRCP 37 (not produced); SRI reserves all other objections SRIE 0400374 SRI 045397 402; 403; 602; 802
401, 402, 403, 801, 803, 807
SRI 017516
SRI 0338197 SRIE 0338197
SRI 009466
SRI 009539
Page 11 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 13 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION Email from Stringer-Calvert to Scott Petty at King and Spalding with a copy to Abramson, Bowen, and Burks 140 re: Prior Art Products Relevant to Patentability of SRI Patents.
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SRI 009548 END BATES NO. SRI 009550
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
141
Letter from Abramson to Petty at King & Spalding in response to Petty's July 19, 2004 letter in which Petty purports to identify various papers and software systems SRI 284144 alleged to constitute "prior art" to the SRI patents previously brought by SRI to the atte Email from Abramson to Robin Roof at SRI re: discussion with ISS/Sean Bowen Email from Abramson to Scott Petty at King and Spalding re: conference call Email from Abramson to Victoria Stavridou-Coleman re: Emerald License to USG Email from Bercow to Abramson with copy to Peter Marcotullio re: SRI patents Email from Stavridou-Coleman to Jaynarayan Lala with copy to Riley, Orr, Winarsky, Porras, Abramson and Mark re: Emerald transition. Email from Winarsky to Goding with copy to Porras, Brooks, Lindqvist, Zobrist, Blaser, Stefanski and Abramson re: Emerald Technology Commercialization Email from Abramson to Bercow re: SRI follow-up Email from Abramson to William Mark re:Impostor's Stock Trade Roils Korea Market. "Maybe the timing's right to sell Emerald into Korea?!" SunScreen SPF-100 SPF-100G Administrator's Handbook, Revision A BUILDING INTERNET FIREWALLS (O'Reilly & Assoc., 1995). SRI 284170 SRI 009557 SRI 274981 SRI 275787 SRIE 0302873
SRI 284147
142 143 144 145 146
SRI 284171 SRI 009558 SRI 274992 SRI 275787 SRIE 0302874 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807
147
SRIE 0303829
SRIE 0303830
402; 403; 602; 802; 901
148 149 150 151
SRIE 0001150 SRIE 0001805 SUN_0002175 SYM_P_0068789 SYM_P_0498347
SRIE 0001152 SRIE 0001805 SUN_0002478 SYM_P_0068830 SYM_P_0498742
402; 403; 501; 602; 802; 901 402; 403; 602; 802 602; 802 402; 403; 602; 802
Page 12 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 14 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 152 The BSD Packet Filter: A New Architecture for Userlevel Packet Capture
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0070068 SYM_P_0499456 ISS 23357 END BATES NO. SYM_P_0070078 SYM_P_0499466 ISS 23367 SYM_P_0498951 SYM_P_0503248 SYM_P_0535341 SYM_P_0535512 SYM_P_0548884 SYM_P_0548989 SYM_P_0549944
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
Illegible (in part); 402; 403; 602; 401, 402, 403, 801, 803, 802 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report dated 4/20/06) Disclosed no later than 4/12/06 (Disclosed in Avolio Report)
153 154 155 156 157 158 159
FIREWALLS AND INTERNET SECURITY REPELLING THE WILY HACKER (Addison-Wesley SYM_P_0498743 Pub. Co. 1994). Firewall Toolkit Source Code COMPUTER SECURITY POLICIES AND SUNSCREEN FIREWALLS, Sun Microsystems Press "Fortifying Your Firewall," Network Computing Magazine ICSA 3rd Annual Firewall Buyer's Guide 1998 ICSA 2nd Annual Firewall Buyer's Guide 1996 "Buyer's Guide: Keeping the Huns at Bay," Network Computing Magazine Application Level Gateways, INTERNETWORKING WITH TCP/IP, VOL. III, Chap. 18, (Prentice-Hall 1993) SYM_P_0502521 SYM_P_0535194 SYM_P_0535498 SYM_P_0548792 SYM_P_0548919 SYM_P_0549937 SYM_P_0600682 SYM_P_0600882
402; 403; 602; 802 402; 403; 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802; FRCP 37 (untimely produced)
160
SYM_P_0600915
161
Intranet and Internet Firewall Strategies
SYM_P_0600847
SYM_P_0600859
402; 403; 602; 802; FRCP 37 (untimely produced)
162
Web Security Sourcebook
SYM_P_0600860
SYM_P_0600865
402; 403; 602; 802; FRCP 37 (untimely produced)
163
Firewalls and Internet Security, the Second Hundred (Internet) Years, Internet Protocol Journal, Cisco Systems
SYM_P_0600866
SYM_P_0600875
FRCP 37 (untimely produced)
Page 13 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 15 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 164 Internetworking with TCP/IP, Vol. III, Chap. 8 "Application Level Gateways"
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0600882 END BATES NO. SYM_P_0600915 402; 403; 602; 802; FRCP 37 (untimely produced)
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report dated 4/20/06) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, 901, 902, Disclosed no later than 4/18/06 (Disclosed in Avolio Report dated 4/20/06)
DATE ADMITTED
165
COMPUTER DICTIONARY, Microsoft Press 3rd ed. (1997)
SYM_P_0601002
SYM_P_0601012
402; 403; 602; 802; FRCP 37 (untimely produced)
166
Computer Security Policies and SunScreen Firewalls, SUN Microsystems Press
SYM_P_0602762
SYM_P_0602909
402; 403; 602; 802; FRCP 37 (untimely produced) 402; 403; 602; 802; FRCP 37 (untimely produced); ISS: Exhibit does not match description clarification needed - SRI reserves all objections
167
SYM_P_0602955 TIS Firewall Toolkit Configuration and Administration ISS_00364547
SYM_P_0602968 ISS _00364550
168
TIS Firewall Toolkit Overview
SYM_P_0602978
SYM_P_0602991
402; 403; 602; 802; FRCP 37 (untimely produced)
169
Presentation: Trusted Information Systems Internet Firewall Toolkit - An Overview
SYM_P_0602992 ISS 364547
SYM_P_0603048 ISS 364550
402; 403; 602; 802; FRCP 37 (untimely produced); ISS: Exhibit does not match description clarification needed, SRI reserves all objections
170
"Sample Report" From Firewall Toolkit
SYM_P_0603049
SYM_P_0603049
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
Page 14 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 16 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 171 TIS Firewall User's Overview
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0603055 END BATES NO. SYM_P_0603059 402; 403; 602; 802; FRCP 37 (untimely produced)
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report)
DATE ADMITTED
172
A Toolkit and Methods for Internet Firewalls, presented at the USENIX Summer 1994 Technical Conference, SYM_P_0603060 Boston EMERALD: Event Monitoring Enabling Responses to SYM_P_0554949 Anomalous Live Disturbances SUN_0000501 SUN_0000524 SunScreen EFS Configuration and Management Guide SUN_0000699 SUN 0000702 Invoice dated 10/18/2005 for $7,800.00 AVO_0000007 AlertSoft Board Meeting Agenda and presentation materials, November 2000 Email from Platon to Herzig, Mark and Kruth re: Review of today's meeting and next steps Email from Herzig to Carlson, Mark, Kruth and Bercow re: AlertSoft Email from Bercow to Lincoln with copy to Porras re: Telecon with IOS Email from Bercow to Stavridou et al. re: Conrens on the Evaluation of Emerald Email from Bercow to Porras re: Symantec and AlertSoft/SRI Email from Staudenraus to Bercow re: Symantec and AlertSoft/SRI Board of Directors Meeting; July 12, 2000 AlertSoft Email from Moran to Tyson, Perrault re: references for due diligence for Recourse's second round of funding SRI 016602 SRI 016692 SRI 128378 SRI 128738 SRI 128731 SRIE 0023756 SRIE 0043275
SYM_P_0603068
402; 403; 602; 802; (FRCP 37 (untimely produced)
173
SYM_P_0554961 SUN_0000501 SUN_0000524 SUN_0000699 SUN 0000702 AVO_0000007 SRI 016609 SRI 016698 SRI 128378 SRI 128738 SRI 128731 SRIE 0023757 SRIE 0043277
174 175 176
602; 802
801, 803, 807
177 178 179 180
402; 403; 602; 802; Document description doesn't match Bates Range 402; 403; 602; 802; Document description doesn't match Bates Range 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
181
SRIE 0087812
SRIE 0087812
402; 403; 602; 802; 901 Incorrect Bates number; based on description - 402; 403; 602; 802; 901 Incorrect Bates number; based on description - 402; 403; 602; 802; 901
182
SRIE 0213239 SRIE 0123239 SRIE 0299504 SRIE 0229504
SRIE 0213239 SRIE 0123249 SRIE 0299504 SRIE 0229504
183
Page 15 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 17 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION SRI Cash Receipts List for Client OKI ELECTRIC 184 4/27/01 to 4/25/05 SRI Introduction to SRI International and its 185 Information Security Technologies Briefing to John Dutra, Sun Microsystems 186 187 Email from Porras to Winarsky et al. re: Accel Email from Neumann to Beers re: NSA Proposal and attached proposal Emerald Business Strategy Framework
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SRI 277977 SRI 079587 SRIE 0001776 SRI 044064 SRIE 088192 SRI 088192 END BATES NO. SRI 277982 SRI 079615 SRIE 0001776 SRI 044129 SRIE 088203 SRI 088203 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
DATE ADMITTED
188
Incorrect Bates number; based on 401, 402, 403, 801, 803, description - 401; 402; 403; 602; 807, 901, 902 802; 901 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
189
Leveraging Our Clients: The Year of Business SRIE 0356770 Development, Curt Carlson, Management Team Meeting Amended and Restated Software License and Distribution Agreement between SRI and Oki Electric Industry Co., Ltd. SRI 018454
SRIE 0356797
190 191 192 193 194 195 196 197 198 199
SRI 018477 SRI 017028 SRI 079085 SRI 079142 SRI 006459 SRI 147609 SRIE 0010438 SRIE 0010749 SRIE 0010826 SRIE 0014460
402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802
License Agreement between SRI and Atomic Tangerine SRI 016999 Briefing to Severein Ouali Afripa Telecom (SRI) Briefing to Jeff Planton EDS SRI Invention Disclosure - Bayes Approach for Prioritized Ranking of Computer Network Attacks Integrated Multi-Algorithm Network Intrusion Detection and Alert Correlation Email from Fong to Porras re: Books on Project Email from Fong to Porras, Skinner re: ETCPGEN Update Email from Fong to Porras, Skinner re: ETCPGEN Status Email from Valdes to Porras et al re: Bayes Methods Proposed for Eflowgen SRI 079060 SRI 079117 SRI 006456 SRI 147591 SRIE 0010438 SRIE 0010747 SRIE 0010826 SRIE 0014460
Page 16 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 18 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 200 201 202 203 204 205 206 207 208 209 210 211 212 213 Email from Porras to Truitt re: Martin Fong Evaluation
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SRIE 0030920 END BATES NO. SRIE 0030920 SRIE 0162750 SRIE 0164395 SRIE 0269102 SRIE 0285780 SRIE 0331139 SRIE 0333663 SRIE 0345766 SRIE 0345901 SRIE 0451317 SRIE 0357724 SRIE 0010802 SRIE 0010873 SRIE 0333479 402; 403 402; 403; 602; 802; 901 402; 403 402; 403; 602; 802; 901
FRE IN SUPPORT OF ADMISSION 401, 402, 403 401, 402, 403, 801, 803, 807, 901, 902
DATE ADMITTED
Email from Porras to EMERALD Development Team et SRIE 0162746 al re: Alertsoft Glossary of Terms Email from Fong to Nitz re: CS Dossiers SRIE 0164394 Modeling Multistep Cyber Attacks for Scenario SRIE 0269094 Recognition SRI Invention Disclosure - Integrated Multi-Algorithm Network Intrusion Detection and Alert Correlation Martin Fong Performance Review and Plan SDL Business Development Offsite A Mission-Impact-Based Approach to INFOSEC Alarm Correlation - Final Technical Report A Mission-Impact-Based Approach to INFOSEC Alarm Correlation SRI Invention Disclosure - Modified Markov Decision Process for Prioritized Ranking of Computer Network Attacks EMERALD Assessing Strategic Intrusions Email from Fong to Porras re: subnet filter Email from Fong to Porras with copy to Skinner, Valdes, Lunt, Neumann and Porras re: LL test status meeting. Email from Fong to Fong (body indicates the email is to Skinner and Porras) re: ftpgen design summary. Heterogeneous Sensor Correlations: A Case Study of Live Traffic Analysis, by Dan Anderson, Martin Fong and Alfonso Valdes, Proceedings of the 2002 IEEE, Workshop on Information Assurance, United States Military Academy, West Point, NY, June 2002 SRIE 0285777 SRIE 0331135 SRIE 0333642 SRIE 0345729 SRIE 0345883 SRIE 0451315 SRIE 0357690 SRIE 0010802 SRIE 0010873 SRIE 0333476
401, 402, 403 401, 402, 403, 801, 803, 807, 901, 902
214
SRIE 0127887
SRIE 0127894
215
Email from Stavridou to Gibson with copy to Porras and SRIE 0061991 Denz re: commercializing Emerald - meeting with Gibson.
SRIE 0061992
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 804, 807, 901, 902
Page 17 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 19 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. END BATES NO.
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
216
Email from Valdes to Gibson, Walczak, Drake, Stavridou, Lincoln and Mark re: a "read ahead copy" of SRI presentation for tomorrow's brief with SRI staff, SRI 035865 attached presentation "Technology Transfer Proposal for Emerald" presented to Tim Gibson, Decem Email from Gibson to Stavridou-Coleman, Porras, Stringer-Calvert, Winarsky, Herz and Mark with copy to Witten, Taylor, Walczak, Roark, Drake, Bailey and SRIE 0302907 Honey re: Four items on Cyber Panel's EMERALD - re: Emerald license to the U.S. Government Email from Gibson to Porras, Lincoln, Mark and Linne with copy to Honey and Stotts re: SRI Emerald - NIAP SRIE 0000032 Statement of Work Email from Stavridou-Coleman to Gibson and Porras with copy to Mark, Winarksy and Lincoln re: Emerald SRIE 0302798 and productive meeting with Raytheon. Intrusion Detection for Link-State Routing Protocols Email from Porras to SRI Information Systems re: Project Data Project Brief SRI Financial Performance Analysis ISS_27408 SRI 0030654 SRIE 0030654 SRI 006125 SRI 080676
SRI 035883
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807, 901, 902
217
SRIE 0302908
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 804, 807, 901, 902
218
SRIE 0000034
402; 403; 602; 802
401, 402, 403, 801, 803, 804, 807 401, 402, 403, 801, 803, 807, 901, 902 801, 803, 807
219 220 221 222 223 224 225
SRIE 0302798 ISS_27416 SRI 0030655 SRIE 0030655 SRI 006127 SRI 080676 SRIE 0018242 SRIE 0020751 ISS_00279824 ISS_00299824 ISS_00148114 ISS_00237430
402; 403; 602; 802; 901 602; 802
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807, 901, 902
Email from Lentz to Emerald re: Repeat of a Previous SRIE 0018242 Message Email from Neumann to Lentz with copy to Emerald re: SRIE 0020751 Repeat of a Previous Message Email re: Antara.net's FlameThrower Firewall Stressor ISS_00279823 ISS_00299823 Reates/meeting Email re: nachi woes for rsns Email re: synflood ISS_00148113 ISS_00237430
226
Exhibit does not match description - SRI reserves all objections 402; 403; 602; 802 402; 403; 602; 802 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
227 228
Page 18 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 20 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION 229 230 231 Emal re: Proventia-M-Forum - SYN Flood Email re: Synflood libpcap files (revised) Email re: "URGENT" IP Fragmentation Vulnerability on REALSECURE NETWORK SENSOR 6.x - BNP Paribas Tests Results Symantec Advanced Manager for Security Gateways (group 1), Symantec Event Manager for Security Gateways (group1) Administrator's Guide IPS Selection Criteria & SNS
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. ISS_00177365 ISS_00240421 ISS_00235586 ISS_00255586 SYM_P_0012121 SYM_P_0341091 END BATES NO. ISS_00177365 ISS_00240423 ISS_00235590 ISS_00255590 SYM_P_0012574 SYM_P_0341121 SYM_P_0366501 SYM_P_0373313 SYM_P_0381191 SYM_P_0383848 SYM_P_0388681 402; 403; 602; 802 402; 403; 602; 802 Exhibit does not match description - SRI reserves all objections 402; 403 403 403 403 403 402; 403; 602; 802 402; 403 FRCP 37 (not produced); SRI reserves all other objections HAN_0001075 DD_0000015 SRI 005524 SRI 277983 SRIE 0020286 SRIE 0400354 SYM_P_ 0553072 ISS 29805 HAN_0001090 DD_0000017 SRI 005525 SRI 278002 SRIE 0020288 SRIE 0400355 SYM_P_0553217 ISS 29819 Exhibit does not match description (in part); 402; 403
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
DATE ADMITTED
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
401, 402, 403 403 403 403 403 401, 402, 403, 801, 803, 807 401, 402, 403 Disclosed no later than Hansen Report 5/16/06
Symantec Gateway Security 5400 Series Sales Overview SYM_P_0366436 Symantec Gateway Security 5400 Series Administrator's SYM_P_0372848 Guide SYM_P_0381128 The Complete ManHunt Unit 18 SESA Collection Symantec ManHunt 3.0.1 and Event Manager for Intrusion Protection 1.0 Integrations Trend Analysis and Fault Prediction, Carnegie Mellon University, Department of Electrical and Computer engineering, PhD. Thesis Invoices for consulting services rendered with related check stubs and receipts Internet Besieged. Countering Cyberspace Sofflaws, 1st Ed. At Ch. 10 Contract F30602-99-C-0149, Adaptive Model-Based Monitoring and Threat Detection EMERALD eXpert/estat - TCP/UDP/ICMP Analysis Summary Email from Neumann to Schott re: FY99 Incremental Funding Email from Porras to Skinner, Lindqvist re: emerald-ftp delivery Probabilistic Alert Correlation, Application No. 09/944,788 SYM_P_0383815 SYM_P_0388625
401, 402, 403
Page 19 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 21 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION Probabilistic Alert Correlation, Application No. 247 09/944,788 Attack Class: Address Spoofing, 19th National 248 Information Systems Security Conference, Baltimore MD Holding Intruders Accountable on the Internet, Proc. Of 249 the 1995 IEEE Symposium on Security and Privacy, Oakland, CA "STAT - A State Transition Analysis Tool for Intrusion 250 Detection" Thesis Computer Security Threat Monitoring and Surveillance, 251 Washington, PA Common Intrusion Detection Framework "APIs" 252 Presentation System Design Document: Next-Generation Intrusion 253 Detection Expert System (NIDES) 254 255 256 257 258 259 260 261 Detecting Intruders in Computer Systems, 1993 Conference on Auditing and Computer Technology INTRUSION DETECTION at 103-107
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_ 0553079 SYM_P_0069255 ISS 23687 SYM_P_0069298 ISS 27909 SYM_P_0070172 ISS 24006 SYM_P_0070459 ISS 30776 SYM_P_0071471 ISS 27534 SYM_P_0079398 ISS 356743 SYM_P_0080009 ISS 29345 SYM_P_0082132 END BATES NO. SYM_P_ 0553122 SYM_P_0069262 ISS 23694 SYM_P_0069309 ISS 27919 SYM_P_0070360 ISS 24194 SYM_P_0070514 ISS 30831 SYM_P_0071481 ISS 27538 SYM_P_0079442 ISS 356813 SYM_P_0080025 ISS 29361 SYM_P_0082148 SYM_P_0504912 SYM_P_0526565 SYM_P_0535342 SYM_P_0548725 SYM_P_0548734; SYM_P_0526280 SYM_P_0553545 402; 403; 602; 802 402; 403; 602; 802; 901
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
DATE ADMITTED
402; 403; 602; 802; 1002 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901
Exhibit does not match description (in part); 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403 402; 403; 602; 802 402; 403; 602; 802 402; 403
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403
W. Richard Stevens, TCP/IP Illustrated Volume 1 - The SYM_P_0504894 Protocols" (Addison-Wesley 1994) Network Radar Presentation SYM_P_0526540
LIBROS Collection Index/webpage: The Architecture of SYM_P_0535342 a Network-Level Intrusion Detection System CERT Advisory CA-1996-26 "Denial-of-Service Attack via ping CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks Methods for Detecting and Diagnosing Abnormalities Using Real-Time Bayes Networks, Application No. 09/653,066 SYM_P_0548718 SYM_P_0548726; SYM_P_0526272 SYM_P_0553388
Page 20 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 22 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION Methods for Detecting and Diagnosing Abnormalities 262 Using Real-Time Bayes Networks, Application No. 09/653,066 263 Inventor Declaration for 09/653,066 Prioritizing Bayes Network Alerts, Application No. 264 09/952,080 Prioritizing Bayes Network Alerts, Application No. 265 09/952,080 266 CIDF Mailing List The Simple Book, An Introduction to Internet Management, 2nd Ed.
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0553395 SYM_P_0553424 SYM_P_0553546 SYM_P_0553551 SYM_P_0603086 SYM_P_0512090 SYM_P_0603985 END BATES NO. SYM_P_0553422 SYM_P_0553427 SYM_P_0553626 SYM_P_0553584 SYM_P_0603086 SYM_P_0512191 SYM_P_0604009 106 402; 403 106 402; 403; 602; 802 402; 403; 602; 802; FRCP 37 (untimely produced)
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
401, 402, 403
267
268
UNDERSTANDING SNMP MIBs
SYM_P_0604010
SYM_P_0604024
402; 403; 602; 802; FRCP 37 (untimely produced)
269
SNMP, SNMPv2 and CMIP, The Practical Guide to Network-Management Standards Email from Porras to Lindqvist re: 1999 IEEE Symposium on Security and Privacy Paper Submission Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset: DRAFT (PBEST) Email from Porras re: A Common Intrusion Detection Interface Specification Invoices including #175 dated 05/03/2006 for $19,972.80; #180 dated 08/22/2005 for $28,665.20; #185 dated 10/10/2005 for $27,864.00; #186 dated 12/05/05 for $37,850.40; #188 dated 01/03/2006 for #23,575.20; #190 dated 02/01/2006 fro $25,548.00; #192 dated
SYM_P_0604045 SYM_P_0604025
SYM_P_0604059 SYM_P_0604044
402; 403; 602; 802; FRCP 37 (untimely produced)
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report)
270
SRIE 0275123 SRI 151720 ISS 3537 SYM_P_0500624 ISS _00348839
SRIE 0275123 SRI 151740 ISS 3557 SYM_P_0500639 ISS_00348854 Exhibit does not match description (in part) 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807, 901, 902
271 272
273
HEB_0000042
HEB_0000048
Page 21 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 23 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION A Network Security Monitor, Proceedings, 1990 IEEE 274 Computer Soceity Symposium on Research in Security and Privacy, May 7-9, 1990 THESIS: Signature Analysis and Communicatoin 275 Issues in a Distributed Intrusion Detection System 276 277 278 279 280 281 282 283 The NetStalker Installation and User's Guide, page 6-5; Figure 6-2 Email from Neumann to Lunt with copy to Moriconi and Neumann re: Intrusion Detection; Survivability Email from Porras to Valdes with copy to Porras, Neumann and Porras re: Frank Jou meeting Email from Linne to Valdes with copy to Linne re: P10872 Chart Available Presentations current downloads as of 10/01/1997 re Emerald papers Web page of Available Presentations current downloads as of 10/01/1997 re Emerald papers Email from Hogsett to All Staff re: FTP Servers Email from Hogsett re: NIDES, EMERALD and Intrusion Email re: purpose of Emerald IP Mailing List. The mailing list and web archive facility has been established to discuss the progress of EMERALD IP and business development. Statement of Work for Analysis and Response for Intrusion Detection in Large Networks, PR No. N-66013 Letter to Alice Colasanti, Contract Specialist at Rome Laboratory from Donna Linne, Sr. Contract Administrator at SRI re: DARPA BAA 96-03, SRI Proposal ECU 95-445 dated 2/28/96 and updated 8/2/96 Confirmation of Telephone Negotiations Department of the Air Force Memorandum for Donna Linne (SRI) from Rome Laboratory re: AA #96-03. Proposal dated 02/28/1996 has been selected for negotiation
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0068974 ISS 3532 SYM_P_0069163 END BATES NO. SYM_P_0068986 ISS 3534 SYM_P_0068892 SYM_P_0069209 SYM_P_0079597 SRI 010974 SRIE 0053627 SRIE 0326543 SRIE 0147578 SRI 112350 ISS 00538072 SRIE 0253700 SRIE 0010808 Document description doesn't match Bates Range
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
Exhibit does not match description (in part); incomplete; 801, 803, 807 602; 802 402; 403; 602; 802 106 401, 402, 403, 801, 803, 807
SYM_P_0079597 SRI 010974 SRIE 0053627 SRIE 0326543 SRIE 0147578 SRI 112350 ISS 00538072 SRIE 0253700 SRIE 0010808
284
SRIE 0050164
SRIE 0050164
285
SRI 030137
SRI 030154 SRI 030144
286
SRI 030156
SRI 030157
287
SRI 030166
SRI 030243
Page 22 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 24 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. END BATES NO.
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
288
Letter to Alice Colasanti, Rome Laboratory/AFMC from Donna Linne, Sr. Contract Administrator, SRI with SRI 030244 attached cost estimates and supporting schedules, labor rate verification, subcontracting plans, etc. Section I: Administrative Proposal, Analysis and Response for Intrusion Detection in Large Networks SRI International Final Technical Report: The EMERALD Mission-Based Correlation System and Experimental Data Analysis of AFRL/AFED INFOSEC Alarms SRI Contract No. F30602-96-C-0294 Letter to Mr. Terrance Champion from Donna Linne re: Contract No. F30602-96-C-0294 with enclosure: Contracts Funds Status Report "EMERALDeXpert/estat/TCP/UDP/ICMP ANALYSIS SUMMARY" by Phillip Porras, Draft 0.1 Invention Disclosure for EMERALD Email from Phillip Porras to Teresa Lundt re. Anomaly Detection SRI 030424
SRI 030294
289
SRI 030453
290 291 292 293 294 295 296
SRI 098639 SRI 030109 SRI 029999 SRI 0277983 SRI 287656 SRIE 0037570
SRI 098678 SRI 030136 SRI 030001 SRI 0278002 SRI 287659 SRIE 0037571 SRIE 0399397
Email from Daniero to Valdes, et al. re: tentative agenda SRIE 0399394 for Intrusion Detection Meeting in Savannah Intrusion Detection PI Meeting Presentation Slides, Scalable Intrusion Detection for the Emerging Network SRI 013488 Infrastructure Email from Jou to Porras re: Statistical Analysis Engine SRIE 0018851 Email from Jou to Porras re: Statistical Analysis Engine SRIE 0018819 Email from Jou to Porras re: Collaboration Email from Jou to Porras, Wu and Staniford re: API proposal Web archive: MCNC Advanced Networking Research (ANR) Web archive: MCNC Project Highlights page SRIE 0052499 SRIE 0399190 SYM_P_0527593 SYM_P_0527594
297 298 299 300 301 302 303
SRI 013512 SRIE 0018851 SRIE 0018819 SRIE 0052499 SRIE 0399190 SYM_P_0527593 SYM_P_0527594 402; 403; 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
Page 23 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 25 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION Web archive: MCNC ANR Projects - Ji-Nao, Scalable 304 Intrusion Detection for the Emerging Network Infrastructure 305 306 307 308 309 310 311 312 Web archive: PP Presentation ANR MCNC Web archive: Scalable Intrusion Detection for the Emerging Network Infrastructure ANR MCNC - slides Email from Lunt re: Tentative Agenda for DARPAIntrusion Detection Conference Email from Jou to Porras with copy to Wu re: EMERALD/Ji Nao Email from Jou to Porras with copy to Wu re: gated.log file Email from Jou to Porras re: OSPF Analysis Email from Zissman to Distribution, including Jou re: Intrusion Detection Evaluation Web Site
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. SYM_P_0527595 SYM_P_0527597 SYM_P_0527644 SRIE 0399156 SRIE 0018218 SRIE 0018215 SRIE 0018026 SRIE 0392666 END BATES NO. SYM_P_0527596 SYM_P_0527601 SYM_P_0527709 SRIE 0399159 SRIE 0018218 SRIE 0018215 SRIE 0018026 SRIE 0392667 SRI 014304 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802
FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
DATE ADMITTED
Scalable Intrusion Detection for the Emerging Network SRI 014293 Infrastructure presentation slides by Y. Frank Jou Web Archive: MCNC ANR Projects - Ji-Nao, Scalable Intrusion Detection for the Emerging Network Infrastructure The DARPA Common Intrusion Detection Framework, The CIDF Working Group Email from Porras to Staniford, et al. re: CIDF Interface Spec RE: Revised CIDF Document - A Common Intrusion Detection Framework (Working Draft) dated October 5, 1997 is in the body of the document Email from Wu to Jou, Jzao, Mazum, Meeson, Meyer, Musman, Porras, Maraya, Iddon, Staniford re: CIDF/SNMP subgroup message #1 JiNao: Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Protocol SYM_P_0499567 SYM_P_0071467 ISS 24442 SYM_P_0076916 SYM_P_0071210 ISS 24594 SRIE 0017985
313 314 315 316
SYM_P_0499568 SYM_P_0071470 ISS 24445 SYM_P_0076930 SYM_P_0071235 ISS 24519 SRIE 0017987
402; 403; 602; 802 402; 403; 602; 802
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807, 901, 902
317
318
RTI 0381
RTI 0404
602; 802
801, 803, 807
Page 24 of 154
434077_1
Case 1:04-cv-01199-SLR
Document 465-8
Filed 10/06/2006
Page 26 of 78
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR
TRIAL EXH. NO. DESCRIPTION IDS Program Review, 2/4/98, Annapolis, MD: Scalable 319 Intrusion Detection for the Emerging Network Infrastructure (slides) Final Report: Scalable Intrusion Detection System for the Emerging Network Infrastructure, DARPA Order No. E296, Issued by Rome Lab under Contract No. 320 F30602-96-C0325, submitted December 1999, MCNC Information Technologies, Advanced Networking Research Email from Neumann to Porras with copy to Jou re: 321 NIDES statistical module Email from Porras to Jou with copy to Valdes, Porras, 322 Neumann re: visit and CMAD 323 Email from Porras to Jou re: revision estimate 324
ISS's and Symantec's Joint Trial List
OBJECTION BASIS BEG. BATES NO. RTI 0644 END BATES NO. RTI 0660
FRE IN SUPPORT OF ADMISSION
DATE ADMITTED
RTI 0140
RTI 0256
602; 802
801, 803, 807
SRIE 0053920 SRIE 0053899 SRIE 0053740
SRIE 0053920 SRIE 0053899 SRIE 0053740 ISS 00354606
Proceedings of the Fourth Workshop on Future ISS 00354559 Directions in Computer Misuse and Anomaly Detection Email from Lipson to Jou and distribution re: ISW '97 Final Agenda - Infor
Free Proposed Pretrial Order - District Court of Delaware - Delaware
| File Size: | 269.3 kB |
| Pages: | 78 |
| Date: | October 6, 2006 |
| File Format: | |
| State: | Delaware |
| Category: | District Court of Delaware |
| Author: | unknown |
| Word Count: | 11,617 Words, 65,541 Characters |
| Page Size: | Letter (8 1/2" x 11") |
| URL |
https://www.findforms.com/pdf_files/ded/8551/465-8.pdf |
| Download Proposed Pretrial Order - District Court of Delaware ( 269.3 kB) |
Preview Proposed Pretrial Order - District Court of Delaware
Popular Searches
United States Free Forms
Canada Free Forms
United Kingdom Free Forms
Australia Free Forms