� Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 1 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 1 2 3 4 5 6 7 8 9 U.S. Patent No. 6,711,615: Network Surveillance U.S. Patent No. 6,321,338: Network Surveillance U.S. Patent No. 6,708,212: Network Surveillance U.S. Patent No. 6,484,203: Hierarchical Event Monitoring and Analysis U.S. Patent 6,321,338 File History U.S. Patent 6,484,203 File History U.S. Patent 6,711,615 File History U.S. Patent 6,708,212 File History A Method to Detect Intrusive Activity in a Networked Environment, Proc. 14th National Security Conference, pg. 362-371 Towards Detecting Intrusions in a Networked Environment, Technical report CSE-91-23, Division of Computer Science, UC Davis BEG. BATES NO. SYM_P_0071580 SRIE 0303725 SYM_P_0071535 SRIE 0303744 SYM_P_0071564 SRIE 030709 SYM_P_0071550 SRIE 0303760 SYM_P_0553648 SYM_P_0553806 SYM_P_0554113 SYM_P_0554839 SYM_P_0069355 ISS 23957 SYM_P_0069366 ISS 23866 END BATES NO. SYM_P 0071598 SRIE 0303743 SYM_P_0071549 SRIE 030759 SYM_P_0071579 SRIE 0303724 SYM_P_0071563 SRIE 0303774 SYM_P_0553805 SYM_P_0553961 SYM_P_0554838 SYM_P_0554931 SYM_P_0069365 ISS 23967 SYM_P_0069424 ISS 23924 SYM_P_0069354 ISS 23865 SYM_P_0069334 ISS 25318 SYM_P_0070839 SYM_P_0069279; SRI 058266; TL 2408 ISS 23557 SYM_P_0534116; SYM_P_0068986 ISS 04157 SYM_P_0075282 ISS_00340933 801, 803, 807 602; 802 401, 402, 403, 801, 803, 807, 901, 902 801, 803, 807 602; 802 801, 803, 807 602; 802 602; 802 801, 803, 807 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
10
402; 403; 602; 802; 901
11
Towards Detecting Intrusions in a Networked SYM_P_0069335 Environment, Proc. 14th Department of Energy ISS 23846 Computer Security Group Conference, pp. 17.47-17.65 Network Attacks and an Ethernet-based Network Security Monitor, Proc. 13th Department of Energy Computer Security Group Conference, pp. 14.1-14.13 Network Security Monitor Final report SYM_P_0069322 ISS 25306
12 13 14
15
16
SYM_P_0070787 SYM_P_0069263; Network Intrusion Detection, IEEE Network, Vol. 8 No. SRI 058251; 3 ("NIDES 1994") TL 2393 ISS 23541 A Network Security Monitor, Proc. 1990 Symposium on SYM_P_0534104; SYM_P_0068974 research in Security and Privacy, pp. 296-304, ISS 04149 incomplete version SYM_P_0074948 NetRanger User's Guide Version 1.3.1 ISS_00340599
106; 602; 802; ISS: Exhibit does not match description 402; 403; 602; 802
801, 803, 807
401, 402, 403, 801, 803, 807
Page 1 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 2 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 17 Real Secure 1.1: User Guide and reference Manual BEG. BATES NO. SYM_P_0078004; ISS_0025387 END BATES NO. SYM_P_0078077; ISS_0025463 SYM_P_0070728 ISS 24550 OBJECTION BASIS 602; 802; 901 FRE IN SUPPORT OF ADMISSION 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 DATE ADMITTED
18
Implementing a Generalized Tool for Network SYM_P_0070720 Monitoring, Proceedings of the Eleventh Systems ISS 24542 Administration Conference (LISA '97), San Diego, CA Artificial Intelligence and Intrusion Detection: Current and Future Directions, Proc. Of the 17th National Computer Security Conference SYM_P_0073569
402; 403; 602; 802
19 20 21
SYM_P_0073580 SYM_P_0077176 SYM_P_0077185; DD_0000034 ISS 04089 SYM_P_0069297 ISS 24917
402; 403; 602; 802 602; 802 602; 802
401, 402, 403, 801, 803, 807 801, 803, 807 801, 803, 807
DIDS - Motivation, Architecture and an Early Prototype SYM_P_0077176 DIDS (Distributed Intrusion Detection System) Motivation, Architecture, and An Early Prototype Intrusion Detection Systems (IDS): A Survey of Existing Systems and A Proposed Distributed IDS Architecture, CSE-91-7 Analysis of a Denial of a Service Attack on TCP, Proc. Of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 208-23 SunScreen EFS Configuration and Management Guide, release 1.1 Revised CIDF Documents SYM_P_0077175; DD_0000018 ISS 04080 SYM_P_0069280 ISS 24900
801, 803, 807 602; 802 401, 402, 403, 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
22
23 24 25 26
SYM_P_0535408; SRI SYM_P_0535428; 135574 SRI 135589 ISS 360035 ISS 360050 SUN_0000501 SYM_P_0071236 ISS 24468 SUN_0000856 SYM_P_0071261 ISS 24493 SYM_P_0526271 SYM_P_0074524 ISS 356578 SYM_P_0076781 ISS 360081 SYM_P_0069866 ISS 362825
402; 403; 602; 802 602; 802 402; 403; 602; 802; 901
Automated Information System (AIS) Alarm System, SYM_P_0526260 Proc. Of the 20th National Systems Security Conference Network Security Probe, Proc. Of the 2nd ACM SYM_P_0074513 Conference on Computer and Communications Security, ISS 356567 229-40 (ACM 1994) U.S. Patent 5,825,750 - Method and Apparatus for SYM_P_0076772 Maintaining Security in a Packetized Data ISS 360072 Communications Network U.S. Patent 5,825,891 - Key Management for Network SYM_P_0069852 ISS 362811 Communication
27
402; 403; 602; 802
401, 402, 403, 801, 803, 807
28 29
Page 2 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 3 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. A System for Distributed Intrusion Detection, 30 COMPCON Spring 1991, Digest of Papers, San Francisco, CA, An Architecture for a Distributed Intrusion Detection 31 System, Proc. Of the 14th Department of Energy Computer Security Group Conference Signature analysis and communication issues in a 32 distributed intrusion detection system, M.S. Thesis, Division of Computer Science, U.C. Davis The DIDS (Distributed Intrusion Detection System) 33 Prototype, Proceedings of the Summer 1992 USENIX Conference Intrusion Detection: the Application of Feature Selection, a Comparison of Algorithms, and the 34 Application of a Wide Area Network Analyzer, M.S. Thesis, Division of Computer Science, U.C. Davis 35 BEG. BATES NO. SYM_P_0069210 ISS 23817 SYM_P_0069217 ISS 23824 SYM_P_0069163 ISS 3336 SYM_P_0501723; TEA_0001782 END BATES NO. SYM_P_0069216 ISS 23823 SYM_P_0069238 ISS 23845 SYM_P_0069209 ISS 3378 SYM_P_0501736; TEA_0001789 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 801, 803, 807 602; 802 801, 803, 807 602; 802 401, 402, 403, 801, 803, 807 801, 803, 807 602; 802 401, 402, 403, 801, 803, 807 DATE ADMITTED
402; 403; 602; 802
SYM_P_0598850
SYM_P_0599030
402; 403; 602; 802
Towards a Dynamic System for Accountability and Intrusion Detection in a Networked Environment, M.S. SYM_P_0598736 Thesis, Division of Computer Science, U.C. Davis Cooperating Security Managers: A Peer-Based Intrusion SYM_P_0069980 Detection System, IEEE Network ISS 23646 Internetwork Security Monitor: An Intrusion-Detection SYM_P_0069244 System for Large-Scale Networks, Proc. 15th National ISS 23346 Computer Security Conf., pp. 262-271 EMERALD: Event Monitoring Enabling responses to SYM_P_0068831 Anomalous Live Disturbances, published in the Proceedings of the 20th National Information Systems ISS 2892 Security Conference ("Emerald 1997") GrIDS - A graph based intrusion detection system for SYM_P_0068883 STA00043 large networks, 19th National Information Systems ISS 3423 Security Conference (1996) GrIDS Webpage, Internet Archive, SYM_P_0512090 seclab.cs.ucdavis.edu/arpa/grids GrIDS requirements Document, webpage archive SYM_P_0499508
SYM_P_0598795 SYM_P_0069983 ISS 23649 SYM_P_0069254 ISS 23356 SYM_P_0068843 ISS 2904 SYM_P_0068892 STA00052 ISS 3432 SYM_P_0512181 SYM_P_0499508
402; 403; 602; 802
401, 402, 403, 801, 803, 807
36 37
402; 403; 602; 802 602; 802
401, 402, 403, 801, 803, 807 801, 803, 807
38
Description inappropriate (in part) 801, 803, 807 602; 802 402; 403; 602; 802 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
39 40 41
Page 3 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 4 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 42 GrIDS Outline Design Document, webpage archive 43 Graph-based Intrusion Detection Presentation Graph-Based Intrusion Detection System Presentation, 44 PI Meeting, Savannah, GA 45 46 47 48 49 BEG. BATES NO. SYM_P_0499504 SYM_P_0077843 SYM_P_0499496 END BATES NO. SYM_P_0499507 SYM_P_0077858 SYM_P_0499503 SYM_P_0080943; STA00101 ISS_00341017 ISS 23294 SRIE 0399295 SYM_P_0503709; SYM_P_0527709 ISS 27406 SYM_P_0076703 ISS 27422 SYM_P_0499601 801, 803, 807, 901, 902 602; 802; 901 OBJECTION BASIS 602; 802 602; 802 FRE IN SUPPORT OF ADMISSION 801, 803, 807 801, 803, 807 DATE ADMITTED
SYM_P_0080878; Design of GRIDS: A Graph-Based Intrusion Detection STA00053 System, Technical report, UC Davis Department of ISS_00340942 Computer Science, Davis California ("GRIDS 1997") ISS 23219 Email from Frank Jou re: Technical report Available SRIE 0399295 Ji-Nao Slides from "Scalable Intrusion Detection for the SYM_P_0503679; Emerging Network Infrastructure, IDS Program SYM_P_0527644 review," ISS 27377 SYM_P_0076695 Intrusion Detection for Link-State Routing Protocols ISS 27417 MCNC Internet Archive pages, including Project Update Viewgraph slides at SRI SYM_P_0499511
801, 803, 807, 901, 902 602; 802; 901; ISS: Illegible 602; 802 801, 803, 807
50
Statistical Anomaly Detection for Link-State Routing Protocols, in Sixth International Conference on Network SYM_P_0500577 Protocol (ICNP '98) Technical report (CDRL A005) Architecture Design of a Scalable Intrusion Detection System for the Emerging Network Infrastructure, DARPA Order Number: E296, issued by Rome Lab under Contract Number: F3060296-C0325 from Y. Frank Jou and Shyhtsun Felix Wu Gabriel Man Page http://web.archibe.org/web/19970109093153/www.lat.c om/gabman.htm Analysis and response for Intrusion Detection in Large Networks, EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Summary for CMAD Workshop, Monterey, November 12-14, 1996 SYM_P_0070541 SYM_P_0527602 ISS_00357064 ISS 27334 SYM_P_0527549 SYM_P_0605648 SYM_P_0499439 ISS 348257 SRI 011022
SYM_P_0500585
402; 403; 602; 802; 901; 1002; 401, 402, 403, 801, 803, ISS: Description does not match 807, 901, 902, exhibit (in part) 801, 803, 807, 901, 902 602; 802; 901; ISS: Description does not match exhibit (in part) 801, 803, 807
51
SYM_P_0070582 SYM_P_0527643 ISS_00357105 ISS 27374 SYM_P_0527552 SYM_P_0605651 SYM_P_0499440 ISS 348258 SRI 011023
602; 802; ISS: ISS_00357106136 does not match description
52
402; 403; 602; 802
401, 402, 403, 801, 803, 807
53
Page 4 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 5 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION BEG. BATES NO. NO. Analysis and response for Intrusion Detection in Large 54 Networks, Summary for Intrusion Detection Workshop, SRI 011045 Santa Cruz 55 EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Conceptual Overview, http:///www.sdl.sri.com/papers/emerald-position1/ Conceptual Design and Planning for EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, Version 1.2 ("Emerald - Conceptual Design 1997") Statistical Methods for Computer Usage Anomaly Detection Using NIDES, Proceedings of the Third International Workshop on Rough Sets and Soft Computing ("Statistical Methods") SYM_P_0503335 END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
SRI 011048 ISS: Exhibits do not match description and differ, clarification needed, SRI reserves all objections 402; 403; 602; 802 401, 402, 403, 801, 803, 807
SYM_P_0503337
56
SRI 012308
SRI 012404
57
SYM_P_0068936 ISS 356736 ISS 03717
SYM_P_0068942 ISS 356742 ISS 03722 403 SRI 154932 Incorrect description; 403
58
Conceptual Design and Planning for EMERALD: Event Monitoring Enabling responses to Anomalous Live Disturbances, published in the Proceedings of the 20th SRI 154894 National Information Systems Security Conference ("Emerald 1997"), Version 1.0 Quarterly Status report, report No. 2 (no date). Project SRI 154809 Title: EMERALD EMERALD: EMERALD Event Monitoring Enabling responses to Anomalous Live Disturbances, DARPA SRI 105589 Contract No. F30602-96-C-0294, February 05,1997 (document is dated October 5, 1997) Live Traffic Analysis of TCP/IP Gateways, SYM_P_0068844 http://www.sdl.sri.com/projects/emerald/livetraffic.html, Internet Society's Networks and Distributed Systems Security Symposium Live Traffic Analysis of TCP/IP Gateways, Networks and Distributed Systems Security Symposium SYM_P_0503946
59
SRI 154812
60
SRI 105609
61
SYM_P_0068865
ISS: Exhibit does not match description - clarification needed ISS: Exhibits differ - clarification needed
62
SYM_P_0503965
Page 5 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 6 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. IDES: A Progress report, in Proceedings of the 6th 63 Annual Computer Security Applications Conference, 1990 A Real-Time Intrusion-Detection Expert System 64 (IDES), Interim Progress report, Project 6784, SRI International 65 BEG. BATES NO. SYM_P_0080629 ISS 27834 SYM_P_0527388 ISS 355143 END BATES NO. SYM_P_0080641 ISS 27846 SYM_P_0527513 ISS 355280 SYM_P_0079370 ISS 27833 SYM_P_0082329 ISS 359778 SRI 058598 SYM_P_0073101 ISS 354971 SYM_P_0077216 ISS 359367 SYM_P_0502036 ISS 348515 SYM_P_0501142; SYM_P_0527111; ISS 349019 SYM_P_0501031 ISS 348905 SYM_P_0501205 ISS 349082 ISS 348986 SYM_P_0501271 ISS 349249 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
A Real-Time Intrusion Detection Expert Systems, Final SYM_P_0079206 Technical report, February 28, 1992 prepare for Robert ISS 27669 Kolacki, SPAWAR, Contract No. N00039-89-C-0050 Next-generation Intrusion Detection Expert System (NIDES) A Summary ("Network NIDES") A Case Study of Ethernet Anomalies in a Distributed Computing Environment, IEEE Transactions on reliability, Vol. 39, No. 4, SYM_P_0082283 ISS 359733 SRI 058552 SYM_P_0073090 ISS 354960
66
Inappropriate description 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
67
402; 403; 602; 802
68
Fault Detection in an Ethernet Network Using Anomaly SYM_P_0077201 Signature Matching, Computer Communication review, ISS 359352 SIGCOM '93 Conference Proceedings Fault Detection in an Ethernet network via anomaly detectors, Carnegie Mellon University ("Feather Thesis") RFC 1157, A SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) SYM_P_0501779 ISS 348259 SYM_P_0501113; SYM_P_0527111; ISS 348987
402; 403; 602; 802
801, 803, 807 602; 802 801, 803, 807, 901, 902 602; 802; 901 801, 803, 807, 901, 902 602; 802; 901 801, 803, 807, 901, 902 602; 802; 901 602; 802; 901 801, 803, 807, 901, 902
69
70
71
RFC 1155, Structure and Identification of Management SYM_P_0501012 Information for TCP/IP - based Internets ISS 348886 SYM_P_0501143 RFC 1213, Management Information Base for Network ISS 349020 Management of TCP/IP - based Internets: MIB-II ISS 348906 RFC 1271, Remote Network Monitoring Management SYM_P_0501206 Information Base ISS 349177
72 73
Page 6 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 7 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 74 RFC 2021, Remote Network Monitoring Management Information Base Version 2 using SMIv2 HP OpenView for Windows User Guide for Transcend Management Software, Version 6.1 for Windows and '97 for Windows NT, 3Com HP OpenView for Windows Workgroup Node Manager User Guide, Transcend Management Software version 6.0 for Windows, 3Com Hierarchical Network Management - A Concept and its Prototype in SNMPv2 HP SNMP/XL User's Guide, HP 3000 MPE/iX Computer Systems Edition 5, Hewlett Packard RFC 1441, Introduction to version 2 of the Internetstandard Network Management Framework RFC 1757, Remote Network Management Information Base RFC 1451, Manager-to-Manager Management Information Base MANAGING INTERNETWORKS WITH SNMP, 2nd Ed. Data Privacy Facility Administrator's Guide, DPF Version 1.2, Network Systems Corporation BEG. BATES NO. END BATES NO. OBJECTION BASIS 602; 802; 901; FRCP 37 (untimely produced) 602; 802; ISS26772-26885 does not match description 602; 802; ISS: Description does not match exhibit (in part) 402; 403; 602; 802; 901 402; 403; 602; 802 602; 802; 901 602; 802; 901 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802; 901 402; 403; 602; 802 FRE IN SUPPORT OF ADMISSION 801, 803, 807, 901, 902 Disclosed no later than 4/24/06 801, 803, 807 DATE ADMITTED
SYM_P_0603708 SYM_P_0080944 ISS 26617 SYM_P_0081099
SYM_P_0603837 SYM_P_0081098 ISS 26771 SYM_P_0081212 SYM_P_0500991 ISS 348748 SYM_P_0077019 ISS 348837 SYM_P_0501284 ISS 349095 SYM_P_0501399 ISS 349176 SYM_P_0501318 ISS 349284 SYM_P_0504693 ISS 359136 SYM_P_0072641 ISS 30305 SYM_P_0079629 ISS 31068 SYM_P_0504946 ISS 359732 SYM_P_0078630 ISS 28274 ISS 341751 SYM_P_0074481 ISS 44950 SYM_P_0526735 ISS 31239
75
801, 803, 807
76 77 78 79 80 81 82 83 84 85 86
SYM_P_0500982 ISS 348739 SYM_P_0076931 ISS 348749 SYM_P_0501272 ISS 349083 SYM_P_0501319 ISS 349096 SYM_P_0501285 ISS 349250 SYM_P_0503966 ISS 358409 SYM_P_0072419 ISS 30066 SYM_P_0079550 NetStalker Installation and User's Guide, Version 1.0.2 ISS 30989 ("NetStalker Manual") Archived pages from the Haystack website Detecting Network Intruders, Network Magazine SYM_P_0504942 ISS 359730 SYM_P_0078627 ISS 28271 ISS 341748
401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
87 88
NetRanger real-Time Network Intrusion Detection SYM_P_0074255 Performance and Security Test, DoD/SPOCK, including ISS 44725 Appendices A, B and C SYM_P_0526566 NetRanger User's Guide, WheelGroup Corporation ISS 31069
402; 403; 602; 802; 901 402; 403; 602; 802; 901
Page 7 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 8 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 89 90 91 92 NetRanger High-Level Overview, Version 1.1, WheelGroup Corporation BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 801, 803, 807, 901, 902 SYM_P_0531123 ISS 23695 SYM_P_0075283 ISS 00341260 SYM_P_0071736 ISS 31240 SYM_P_0531139 ISS 23711 SYM_P_0075535 ISS 00341512 SYM_P_0071953 ISS 31469 SYM_P_0074566 ISS 341552 SYM_P_0074947 ISS 359351 SYM_P_0077416 ISS 354724 SYM_P_0077931 ISS 28280 SYM_P_0074723 ISS 44717 SYM_P_0074648 ISS 44719 SYM_P_0074526 ISS 44715 SYM_P_0601752 602; 802; 901 602; 802; ISS: ISS_340599-933 does not match description 602; 802 402; 403; 602; 802; 901 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 DATE ADMITTED
93 94 95 96 97 98
NetRanger User's Guide Version 1.2.2, WheelGroup Corporation NetRanger User's Guide Version 1.2, WheelGroup Corporation Product Security Assessment of the NetRanger Intrusion SYM_P_0074527 Detection Management System Version 1.1, AF ISS 341513 Information Warfare Center SYM_P_0074926 NetRanger SQL queries ISS 359330 NetRanger Installation & Configuration Training, Slide SYM_P_0077338 Presentation ISS 354607 SYM_P_0077928 NetRanger keeps watch over security leaks ISS 28277 SYM_P_0074722 WheelGroup releases NetRanger Versions 2.0, ISS 44716 WheelGroup Press release Summary of DoD/SPOCK Evaluation of WheelGroup's SYM_P_0074647 NetRanger Intrusion Detection System, WheelGroup ISS 44718 Press release SYM_P_0074525 WheelGroup Press release Summary ISS 44714 The Security Router Getting Started Guide release 2.0, NSC SYM_P_0601013
402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901; FRCP 37 (untimely produced)
99
100
BorderGuard 1000 reference Manual release 4.0, NSC
SYM_P_0601940
SYM_P_0602441
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
101
BorderGuard Troubleshooting Guide release 4.0, NSC
SYM_P_0602656
SYM_P_0602761
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
Page 8 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 9 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 102 BorderGuard 1000 release Notes releases 4.01, NSC BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/13/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/5/06 401, 402, 403, 801, 803, 807, 901, 902 Disclosed no later than 4/7/06 801, 803, 807 Disclosed no later than 4/20/06 801, 803, 807, 901, 902 DATE ADMITTED
SYM_P_0601753
SYM_P_0601939
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
103
NetSentry User Guide release 4.0, NSC
SYM_P_0602442
SYM_P_0602655
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
104
BorderGuard, ZD Internet Magazine, http://www.govisionmaster.com/dir_technology/firewall SYM_P_0599031 s/15Firewall.htm
SYM_P_0599031
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
105
BorderGuard Internet Archive documentation
SYM_P_0600799
SYM_P_0600839 SYM_P_0603984 ISS 02126244A ISS_02127444 SYM_P_0078786 ISS 312076, ISS 312128, ISS 312157 SYM_P_0078677; ISS_00357178 SYM_P_0079457; SYM_P_0074581; SYM_P_0078649 ISS 357193 ISS_02125875
402; 403; 602; 802; 901; FRCP 37 (untimely produced) 602; 802; FRCP 37 (untimely produced)
106
107
RealSecure release 1.0 for Windows NT 4.0: A User SYM_P_0603857 Guide and reference Manual, Internet Security Systems, ISS 02126117A Inc. ISS_02127316 SYM_P_0078707; ISS 312059, RealSecure 1.2.2: User Guide and reference Manual ISS 312114, ISS 312134 More About RealSecure: General Description and Comparison to Existing Systems RealSecure Sales FAQ SYM_P_0078668; ISS_00357169 SYM_P_0079443;
602; 802; 901
108 109 110 111 112 113 114
602; 802; 901 Exhibits differ; 602; 802; 901 Exhibits differ; 602; 802; 901 602; 802; 901 602; 802 402; 403; 602; 802; 901
801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807, 901, 902 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
Real-Time Attack recognition and response: A Solution SYM_P_0074567; for Tightening Network Security SYM_P_0078631 Frequently-Asked Questions About Real-Secure ISS 357179 Influential Products '97, Windows NT Magazine ISS_02125871 SYM_P_0504850 RealSecure release Dates Table ISS 358384 RealSecure Press release SYM_P_0504802
SYM_P_0504803
Page 9 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 10 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 801, 803, 807, 901, 902 115 RealSecure Press release SYM_P_0503752 ISS 357164 ISS 357262 SYM_P_0504810 ISS_02125865 ISS_02125898 ISS_02125867 SYM_P_0503753 ISS 357165 ISS 357263 SYM_P_0504812 402; 602; 802 ISS_02125899 ISS_02125868 402; 602; 802 Incomplete; 402; 602; 802 401, 402, 801, 803, 807 401, 402, 801, 803, 807 Incomplete, 401, 402, 801, 803, 807 403, 801, 803, 807 602; 802; 901 DATE ADMITTED
116 117 118 119
120
RealSecure Press release Hack Yourself, Windows Magazine SafeSuite Spots Net Holes, PC Week/Netweek Magazine 1996: An Enterprising Year, PC Week/Netweek Magazine Banking with Confidence" RealSecure Keeps Bank's Web Site Safe From Would-Be Hackers, PC Today Magazine Project Centaur - RealSecure v1.5 (NT & UNIX) OPSEC - Advertising Supplement to Network Magazine, Network Magazine The Architecture of a Network Level Intrusion Detection System, University of New Mexico, Department of Computer Science Stake Out Network Surveillance White Paper Archived copies of Harris Corporation Web Site from http://archive.org The NIDES Statistical Component Description and Justification, Annual report A010, SRI Project 3131, Contract N00039-92-C-0015, ("NIDES 1994") An Expert System for Detecting Attacks on Distributed Computer Systems, M.S. Thesis, Division of Computer Science, University of California, Davis An Intrusion-Detection Model, IEEE Trans. On Software Engg., vol. SE-13, pp. 222-232
ISS_02125870
403; 602; 802 401, 402, 403, 801, 803, 807, 901, 902 801, 803, 807 801, 803, 807, 901, 902 602; 802; 901 602; 802 403; 602; 802 801, 803, 807 403, 801, 803, 807
121 122 123 124 125 126
ISS_02125892 ISS_02125876 SYM_P_0500586 ISS 354419 SYM_P_0504929 ISS 00358230 SYM_P_0503721 SYM_P_0078943 ISS 3804
ISS_02125896 ISS_02125891 SYM_P_0500603 ISS 354436 SYM_P_0504939 ISS 00358240 SYM_P_0503748 SYM_P_0078994 ISS 3851
402; 403; 602; 802; 901 602; 802
127
FRCP 37 (not produced); SRI reserves all other objections SYM_P_0074006 ISS 25069 SYM_P_0074022 ISS 25080 402; 403; 602; 802
Disclosed no later than Heberlein Report 4/21/06
128
401, 402, 403, 801, 803, 807
Page 10 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 11 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 129 The SRI IDES Statistical Anomaly Detector http://www.sdl.sri.com/papers/stats91 Security Problems in the TCP/IP Protocol Suite, ACM Computer Commun. review, vol. 19, No. 2, pp. 32-48 Analysis of an Algorithm for Distributed recognition and Accountability, PROC/. First ACM Conf. on Computer and Communications Security, Fairfax, VA., pp. 154-164 Detecting Intrusions Through Attack Signature Analysis, Proc., 3rd Workshop on Computer Security Incident Handling, Herndon, VA Email from Porras to Neumann re: recent Accomplishments Oki Electric Industry Co., Ltd Software Distribution Agreement Amended Deposition Notice Letter to Macchia from Abramson re: Abramson's April 2, 2004 letter wherein SRI notified ISS of ISS infringement of a number of patents owned by SRI. Email from Abramson to Scott Petty at King & Spalding with a copy to Stringer-Calvert re: SRI Network Security Patents and ISS due diligence re "continued agreement between SRI and ISS on the potential benefits of a business solution." Email from Abramson to Robin Roof at SRI re: Conference Call with ISS Letter from Scott Petty at King & Spalding to Abramson in response to request that ISS produce prior art in support of its invalidity position for certain patents owned by SRI. BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION Disclosed no later than 10/13/05 response to SRI's First Request for Production Disclosed 10/26/05 DATE ADMITTED
ISS 3793 SYM_P_0605652
ISS 3803 SYM_P_0605652
FRCP 37 (untimely produced)
130
SRI 111732
SRI 111748
FRCP 37 (not produced); SRI reserves all other objections
131
SYM_P_0069996 ISS 23368
SYM_P_0070006 ISS 23378
402; 403; 602; 802
401, 402, 403, 801, 803, 807
132 133 134 135 136
FRCP 37 (not produced); SRI reserves all other objections SRIE 0400373 SRI 045376 SRIE 0400374 SRI 045397 402; 403; 602; 802
Disclosed no later than Heberlein Report 4/21/06
401, 402, 403, 801, 803, 807
SRI 017515
SRI 017516
137
SRIE 0338197
SRIE 0338197
138
SRI 009465
SRI 009466
139
SRI 009530
SRI 009539
Page 11 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 12 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. Email from Stringer-Calvert to Scott Petty at King and Spalding with a copy to Abramson, Bowen, and Burks 140 re: Prior Art Products Relevant to Patentability of SRI Patents. BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
SRI 009548
SRI 009550
141
Letter from Abramson to Petty at King & Spalding in response to Petty's July 19, 2004 letter in which Petty purports to identify various papers and software systems SRI 284144 alleged to constitute "prior art" to the SRI patents previously brought by SRI to the atte Email from Abramson to Robin Roof at SRI re: discussion with ISS/Sean Bowen Email from Abramson to Scott Petty at King and Spalding re: conference call Email from Abramson to Victoria Stavridou-Coleman re: Emerald License to USG Email from Bercow to Abramson with copy to Peter Marcotullio re: SRI patents Email from Stavridou-Coleman to Jaynarayan Lala with copy to Riley, Orr, Winarsky, Porras, Abramson and Mark re: Emerald transition. SRI 284170 SRI 009557 SRI 274981 SRI 275787 SRIE 0302873
SRI 284147
142 143 144 145 146
SRI 284171 SRI 009558 SRI 274992 SRI 275787 SRIE 0302874 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902
147
Email from Winarsky to Goding with copy to Porras, Brooks, Lindqvist, Zobrist, Blaser, Stefanski and SRIE 0303829 Abramson re: Emerald Technology Commercialization Email from Abramson to Bercow re: SRI follow-up Email from Abramson to William Mark re:Impostor's Stock Trade Roils Korea Market. "Maybe the timing's right to sell Emerald into Korea?!" SunScreen SPF-100 SPF-100G Administrator's Handbook, Revision A BUILDING INTERNET FIREWALLS (O'Reilly & Assoc., 1995). SRIE 0001150 SRIE 0001805 SUN_0002175 SYM_P_0498347
SRIE 0303830
402; 403; 602; 802; 901
148 149 150 151
SRIE 0001152 SRIE 0001805 SUN_0002478 SYM_P_0498742
402; 403; 501; 602; 802; 901 402; 403; 602; 802 602; 802 402; 403; 602; 802
401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 801, 803, 807 401, 402, 403, 801, 803, 807
Page 12 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 13 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 152 The BSD Packet Filter: A New Architecture for Userlevel Packet Capture BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
SYM_P_0499456 ISS 23357
SYM_P_0499466 ISS 23367 SYM_P_0498951 SYM_P_0503248 SYM_P_0535341 SYM_P_0535512 SYM_P_0548884 SYM_P_0548989 SYM_P_0549944
401, 402, 403, 801, 803, Illegible (in part); 402; 403; 602; 807 802 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report dated 4/20/06) Disclosed no later than 4/12/06 (Disclosed in Avolio Report)
153 154 155 156 157 158 159
FIREWALLS AND INTERNET SECURITY REPELLING THE WILY HACKER (Addison-Wesley SYM_P_0498743 Pub. Co. 1994). Firewall Toolkit Source Code SYM_P_0502521
402; 403; 602; 802 402; 403; 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802; FRCP 37 (untimely produced)
COMPUTER SECURITY POLICIES AND SYM_P_0535194 SUNSCREEN FIREWALLS, Sun Microsystems Press "Fortifying Your Firewall," Network Computing Magazine ICSA 3rd Annual Firewall Buyer's Guide 1998 ICSA 2nd Annual Firewall Buyer's Guide 1996 "Buyer's Guide: Keeping the Huns at Bay," Network Computing Magazine Application Level Gateways, INTERNETWORKING WITH TCP/IP, VOL. III, Chap. 18, (Prentice-Hall 1993) SYM_P_0535498 SYM_P_0548792 SYM_P_0548919 SYM_P_0549937
160
SYM_P_0600882
SYM_P_0600915
161
Intranet and Internet Firewall Strategies
SYM_P_0600847
SYM_P_0600859
402; 403; 602; 802; FRCP 37 (untimely produced)
162
Web Security Sourcebook
SYM_P_0600860
SYM_P_0600865
402; 403; 602; 802; FRCP 37 (untimely produced)
163
Firewalls and Internet Security, the Second Hundred (Internet) Years, Internet Protocol Journal, Cisco Systems
SYM_P_0600866
SYM_P_0600875
FRCP 37 (untimely produced)
Page 13 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 14 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 164 Internetworking with TCP/IP, Vol. III, Chap. 8 "Application Level Gateways" BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
SYM_P_0600882
SYM_P_0600915
165
COMPUTER DICTIONARY, Microsoft Press 3rd ed. (1997)
SYM_P_0601002
SYM_P_0601012
166
Computer Security Policies and SunScreen Firewalls, SUN Microsystems Press
SYM_P_0602762
SYM_P_0602909
167
TIS Firewall Toolkit Configuration and Administration
SYM_P_0602955
SYM_P_0602968
401, 402, 403, 801, 803, 807, Disclosed no later than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 402; 403; 602; 802; FRCP 37 807, Disclosed no later (untimely produced) than 4/12/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 402; 403; 602; 802; FRCP 37 807, Disclosed no later (untimely produced) than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 402; 403; 602; 802; FRCP 37 807, Disclosed no later (untimely produced); ISS: Exhibit than 4/18/06 (Disclosed does not match description in Avolio Report) clarification needed - SRI reserves all objections 402; 403; 602; 802; FRCP 37 (untimely produced) 401, 402, 403, 801, 803, 807, Disclosed no later 402; 403; 602; 802; FRCP 37 than 4/18/06 (Disclosed (untimely produced) in Avolio Report dated 4/20/06) 401, 402, 403, 801, 803, 402; 403; 602; 802; FRCP 37 807, Disclosed no later (untimely produced); ISS: Exhibit than 4/18/06 (Disclosed does not match description in Avolio Report) clarification needed, SRI reserves all objections 401, 402, 403, 801, 803, 807, 901, 902, Disclosed no later than 4/18/06 (Disclosed in Avolio Report dated 4/20/06)
168
TIS Firewall Toolkit Overview
SYM_P_0602978
SYM_P_0602991
169
Presentation: Trusted Information Systems Internet Firewall Toolkit - An Overview
SYM_P_0602992
SYM_P_0603048
170
"Sample Report" From Firewall Toolkit
SYM_P_0603049
SYM_P_0603049
402; 403; 602; 802; 901; FRCP 37 (untimely produced)
Page 14 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 15 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 171 TIS Firewall User's Overview BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/18/06 (Disclosed in Avolio Report) DATE ADMITTED
SYM_P_0603055
SYM_P_0603059
402; 403; 602; 802; FRCP 37 (untimely produced)
172
A Toolkit and Methods for Internet Firewalls, presented at the USENIX Summer 1994 Technical Conference, SYM_P_0603060 Boston EMERALD: Event Monitoring Enabling Responses to SYM_P_0554949 Anomalous Live Disturbances SUN_0000501 SUN_0000524 SunScreen EFS Configuration and Management Guide SUN_0000699 SUN_0000702 Invoice dated 10/18/2005 for $7,800.00 AVO_0000007 AlertSoft Board Meeting Agenda and presentation materials, November 2000 Email from Platon to Herzig, Mark and Kruth re: Review of today's meeting and next steps SRI 016692
SYM_P_0603068
402; 403; 602; 802; (FRCP 37 (untimely produced)
173
SYM_P_0554961 SUN_0000501 SUN_0000524 SUN_0000699 SUN_0000702 AVO_0000007 SRI 016698 801, 803, 807 602; 802
174 175 176
177 178 179 180 181
SRI 128738
SRI 128738 SRI 128731 SRIE 0023757 SRIE 0043277 SRIE 0087812
402; 403; 602; 802; Document description doesn't match Bates Range 402; 403; 602; 802; Document description doesn't match Bates Range 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 Incorrect Bates number; based on description - 402; 403; 602; 802; 901 Incorrect Bates number; based on description - 402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902
Email from Herzig to Carlson, Mark, Kruth and Bercow SRI 128731 re: AlertSoft Email from Bercow to Lincoln with copy to Porras re: SRIE 0023756 Telecon with IOS Email from Bercow to Stavridou et al. re: Conrens on SRIE 0043275 the Evaluation of Emerald Email from Staudenraus to Bercow re: Symantec and AlertSoft/SRI Board of Directors Meeting; July 12, 2000 AlertSoft SRIE 0087812
182
SRIE 0123239
SRIE 0123249
183
Email from Moran to Tyson, Perrault re: references for due diligence for Recourse's second round of funding SRIE 0229504
SRIE 0229504
Page 15 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 16 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. SRI Cash Receipts List for Client OKI ELECTRIC 184 4/27/01 to 4/25/05 SRI Introduction to SRI International and its 185 Information Security Technologies Briefing to John Dutra, Sun Microsystems 186 187 Email from Porras to Winarsky et al. re: Accel Email from Neumann to Beers re: NSA Proposal and attached proposal Emerald Business Strategy Framework Leveraging Our Clients: The Year of Business Development, Curt Carlson, Management Team Meeting Amended and Restated Software License and Distribution Agreement between SRI and Oki Electric Industry Co., Ltd. BEG. BATES NO. SRI 277977 SRI 079587 SRIE 0001776 SRI 044064 END BATES NO. SRI 277982 SRI 079615 SRIE 0001776 SRI 044129 OBJECTION BASIS 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901 FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 DATE ADMITTED
188
SRI 088192
SRI 088203
401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 402; 403; 602; 802; 901 807, 901, 902 401, 402, 403, 801, 803, Incorrect Bates number; based on 807, 901, 902 description - 401; 402; 403; 602; 802; 901 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
189
SRIE 0356770
SRIE 0356797
190 191 192 193 194 195 196 197 198 199
SRI 018454
SRI 018477 SRI 017028 SRI 079085 SRI 079142 SRI 006459 SRI 147609 SRIE 0010438 SRIE 0010749 SRIE 0010826 SRIE 0014460
402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802
License Agreement between SRI and Atomic Tangerine SRI 016999 Briefing to Severein Ouali Afripa Telecom (SRI) Briefing to Jeff Planton EDS SRI Invention Disclosure - Bayes Approach for Prioritized Ranking of Computer Network Attacks Integrated Multi-Algorithm Network Intrusion Detection and Alert Correlation Email from Fong to Porras re: Books on Project Email from Fong to Porras, Skinner re: ETCPGEN Update Email from Fong to Porras, Skinner re: ETCPGEN Status Email from Valdes to Porras et al re: Bayes Methods Proposed for Eflowgen SRI 079060 SRI 079117 SRI 006456 SRI 147591 SRIE 0010438 SRIE 0010747 SRIE 0010826 SRIE 0014460
Page 16 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 17 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 200 201 202 203 204 205 206 207 208 209 210 211 212 213 BEG. BATES NO. END BATES NO. SRIE 0030920 SRIE 0162750 SRIE 0164395 SRIE 0269102 SRIE 0285780 SRIE 0331139 SRIE 0333663 SRIE 0345766 SRIE 0345901 SRIE 0451317 SRIE 0357724 SRIE 0010802 SRIE 0010873 SRIE 0333479 402; 403 402; 403; 602; 802; 901 401, 402, 403 401, 402, 403, 801, 803, 807, 901, 902 OBJECTION BASIS 402; 403 402; 403; 602; 802; 901 FRE IN SUPPORT OF ADMISSION 401, 402, 403 401, 402, 403, 801, 803, 807, 901, 902 DATE ADMITTED
Email from Porras to Truitt re: Martin Fong Evaluation SRIE 0030920 Email from Porras to EMERALD Development Team et SRIE 0162746 al re: Alertsoft Glossary of Terms Email from Fong to Nitz re: CS Dossiers SRIE 0164394 Modeling Multistep Cyber Attacks for Scenario SRIE 0269094 Recognition SRI Invention Disclosure - Integrated Multi-Algorithm SRIE 0285777 Network Intrusion Detection and Alert Correlation Martin Fong Performance Review and Plan SDL Business Development Offsite A Mission-Impact-Based Approach to INFOSEC Alarm Correlation - Final Technical Report A Mission-Impact-Based Approach to INFOSEC Alarm Correlation SRI Invention Disclosure - Modified Markov Decision Process for Prioritized Ranking of Computer Network Attacks EMERALD Assessing Strategic Intrusions Email from Fong to Porras re: subnet filter Email from Fong to Porras with copy to Skinner, Valdes, Lunt, Neumann and Porras re: LL test status meeting. Email from Fong to Fong (body indicates the email is to Skinner and Porras) re: ftpgen design summary. Heterogeneous Sensor Correlations: A Case Study of Live Traffic Analysis, by Dan Anderson, Martin Fong and Alfonso Valdes, Proceedings of the 2002 IEEE, Workshop on Information Assurance, United States Military Academy, West Point, NY, June 2002 SRIE 0331135 SRIE 0333642 SRIE 0345729 SRIE 0345883 SRIE 0451315 SRIE 0357690 SRIE 0010802 SRIE 0010873 SRIE 0333476
214
SRIE 0127887
SRIE 0127894
215
Email from Stavridou to Gibson with copy to Porras and Denz re: commercializing Emerald - meeting with SRIE 0061991 Gibson.
SRIE 0061992
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 804, 807, 901, 902
Page 17 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 18 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807, 901, 902 SRI 035883 402; 403; 602; 802; 901 DATE ADMITTED
216
Email from Valdes to Gibson, Walczak, Drake, Stavridou, Lincoln and Mark re: a "read ahead copy" of SRI presentation for tomorrow's brief with SRI staff, SRI 035865 attached presentation "Technology Transfer Proposal for Emerald" presented to Tim Gibson, Decem Email from Gibson to Stavridou-Coleman, Porras, Stringer-Calvert, Winarsky, Herz and Mark with copy to Witten, Taylor, Walczak, Roark, Drake, Bailey and SRIE 0302907 Honey re: Four items on Cyber Panel's EMERALD - re: Emerald license to the U.S. Government Email from Gibson to Porras, Lincoln, Mark and Linne with copy to Honey and Stotts re: SRI Emerald - NIAP SRIE 0000032 Statement of Work Email from Stavridou-Coleman to Gibson and Porras with copy to Mark, Winarksy and Lincoln re: Emerald SRIE 0302798 and productive meeting with Raytheon. Intrusion Detection for Link-State Routing Protocols Email from Porras to SRI Information Systems re: Project Data Project Brief SRI Financial Performance Analysis ISS_27408 SRIE 0030654 SRI 006125 SRI 080676
401, 402, 403, 801, 803, 804, 807, 901, 902 SRIE 0302908 402; 403; 602; 802; 901
217
218
SRIE 0000034
402; 403; 602; 802
401, 402, 403, 801, 803, 804, 807 401, 402, 403, 801, 803, 807, 901, 902 801, 803, 807
219 220 221 222 223 224 225
SRIE 0302798 ISS_27416 SRIE 0030655 SRI 006127 SRI 080676 SRIE 0018242 SRIE 0020751
402; 403; 602; 802; 901 602; 802
402; 403; 602; 802; 901
401, 402, 403, 801, 803, 807, 901, 902
Email from Lentz to Emerald re: Repeat of a Previous SRIE 0018242 Message Email from Neumann to Lentz with copy to Emerald re: SRIE 0020751 Repeat of a Previous Message Email re: Antara.net's FlameThrower Firewall Stressor Reates/meeting ISS_00299823 Email re: nachi woes for rsns ISS_00148113
226
ISS_00299824 ISS_00148114
Exhibit does not match description - SRI reserves all objections 402; 403; 602; 802 401, 402, 403, 801, 803, 807
227
Page 18 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 19 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 228 229 230 231 Email re: synflood Emal re: Proventia-M-Forum - SYN Flood Email re: Synflood libpcap files (revised) Email re: "URGENT" IP Fragmentation Vulnerability on REALSECURE NETWORK SENSOR 6.x - BNP Paribas Tests Results Symantec Advanced Manager for Security Gateways (group 1), Symantec Event Manager for Security Gateways (group1) Administrator's Guide IPS Selection Criteria & SNS Symantec Gateway Security 5400 Series Sales Overview Symantec Gateway Security 5400 Series Administrator's Guide The Complete ManHunt Unit 18 SESA Collection Symantec ManHunt 3.0.1 and Event Manager for Intrusion Protection 1.0 Integrations Trend Analysis and Fault Prediction, Carnegie Mellon University, Department of Electrical and Computer engineering, PhD. Thesis Invoices for consulting services rendered with related check stubs and receipts Internet Besieged. Countering Cyberspace Sofflaws, 1st Ed. At Ch. 10 Contract F30602-99-C-0149, Adaptive Model-Based Monitoring and Threat Detection EMERALD eXpert/estat - TCP/UDP/ICMP Analysis Summary Email from Neumann to Schott re: FY99 Incremental Funding BEG. BATES NO. ISS_00237430 ISS_00177365 ISS_00240421 END BATES NO. ISS_00237430 ISS_00177365 ISS_00240423 OBJECTION BASIS 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 Exhibit does not match description - SRI reserves all objections 401, 402, 403 SYM_P_0012121 SYM_P_0341091 SYM_P_0366436 SYM_P_0372848 SYM_P_0381128 SYM_P_0383815 SYM_P_0388625 SYM_P_0012574 SYM_P_0341121 SYM_P_0366501 SYM_P_0373313 SYM_P_0381191 SYM_P_0383848 SYM_P_0388681 402; 403 403 403 403 403 402; 403; 602; 802 402; 403 FRCP 37 (not produced); SRI reserves all other objections HAN_0001075 DD_0000015 SRI 005524 SRI 277983 SRIE 0020286 HAN_0001090 DD_0000017 SRI 005525 SRI 278002 SRIE 0020288 403 403 403 403 401, 402, 403, 801, 803, 807 401, 402, 403 Disclosed no later than Hansen Report 5/16/06 FRE IN SUPPORT OF ADMISSION 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 DATE ADMITTED
ISS_00225586
ISS_00225590
232 233 234 235 236 237 238 239 240 241 242 243 244
Page 19 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 20 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. Email from Porras to Skinner, Lindqvist re: emerald-ftp 245 delivery Probabilistic Alert Correlation, Application No. 246 09/944,788 Probabilistic Alert Correlation, Application No. 247 09/944,788 Attack Class: Address Spoofing, 19th National 248 Information Systems Security Conference, Baltimore MD Holding Intruders Accountable on the Internet, Proc. Of 249 the 1995 IEEE Symposium on Security and Privacy, Oakland, CA "STAT - A State Transition Analysis Tool for Intrusion 250 Detection" Thesis Computer Security Threat Monitoring and Surveillance, 251 Washington, PA Common Intrusion Detection Framework "APIs" 252 Presentation System Design Document: Next-Generation Intrusion 253 Detection Expert System (NIDES) 254 255 256 257 258 259 260 Detecting Intruders in Computer Systems, 1993 Conference on Auditing and Computer Technology INTRUSION DETECTION at 103-107 BEG. BATES NO. SRIE 0400354 SYM_P_ 0553072 SYM_P_ 0553079 SYM_P_0069255 ISS 23687 SYM_P_0069298 ISS 27909 SYM_P_0070172 ISS 24006 SYM_P_0070459 ISS 30776 SYM_P_0071471 ISS 27534 SYM_P_0079398 ISS 356743 SYM_P_0080009 END BATES NO. SRIE 0400355 SYM_P_0553217 SYM_P_ 0553122 SYM_P_0069262 ISS 23694 SYM_P_0069309 ISS 27919 SYM_P_0070360 ISS 24194 SYM_P_0070514 ISS 30831 SYM_P_0071481 ISS 27538 SYM_P_0079442 ISS 356813 SYM_P_0080025 Exhibit does not match description (in part); 402; 403 402; 403; 602; 802 402; 403; 602; 802; 901 401, 402, 403 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807, 901, 902 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
402; 403; 602; 802; 1002 402; 403; 602; 802; 901 402; 403; 602; 802; 901 402; 403; 602; 802; 901
Exhibit does not match description (in part); 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403 402; 403; 602; 802 402; 403; 602; 802
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403
SYM_P_0082132
SYM_P_0082148 SYM_P_0504912 SYM_P_0526565 SYM_P_0535342 SYM_P_0548725 SYM_P_0548734; SYM_P_0526280
W. Richard Stevens, TCP/IP Illustrated Volume 1 - The SYM_P_0504894 Protocols" (Addison-Wesley 1994) Network Radar Presentation LIBROS Collection Index/webpage: The Architecture of a Network-Level Intrusion Detection System SYM_P_0526540 SYM_P_0535342
CERT Advisory CA-1996-26 "Denial-of-Service Attack SYM_P_0548718 via ping CERT Advisory CA-1996-21 TCP SYN Flooding and SYM_P_0548726; SYM_P_0526272 IP Spoofing Attacks
401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807
Page 20 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 21 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. Methods for Detecting and Diagnosing Abnormalities 261 Using Real-Time Bayes Networks, Application No. 09/653,066 Methods for Detecting and Diagnosing Abnormalities 262 Using Real-Time Bayes Networks, Application No. 09/653,066 263 Inventor Declaration for 09/653,066 Prioritizing Bayes Network Alerts, Application No. 264 09/952,080 Prioritizing Bayes Network Alerts, Application No. 265 09/952,080 266 CIDF Mailing List The Simple Book, An Introduction to Internet Management, 2nd Ed. BEG. BATES NO. END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION 401, 402, 403 SYM_P_0553388 SYM_P_0553545 402; 403 DATE ADMITTED
SYM_P_0553395 SYM_P_0553424 SYM_P_0553546 SYM_P_0553551 SYM_P_0603086
SYM_P_0553422 SYM_P_0553427 SYM_P_0553626 SYM_P_0553584 SYM_P_0603086 106 402; 403 106 402; 403; 602; 802 402; 403; 602; 802; FRCP 37 (untimely produced) 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report) 401, 402, 403, 801, 803, 807, Disclosed no later than 4/24/06 (Disclosed in Heberlein Report) 401, 402, 403
267
SYM_P_0603985
SYM_P_0604009
268
UNDERSTANDING SNMP MIBs
SYM_P_0604010
SYM_P_0604024
402; 403; 602; 802; FRCP 37 (untimely produced)
269
SNMP, SNMPv2 and CMIP, The Practical Guide to Network-Management Standards
SYM_P_0604025
SYM_P_0604044
402; 403; 602; 802; FRCP 37 (untimely produced)
270
Email from Porras to Lindqvist re: 1999 IEEE SRIE 0275123 Symposium on Security and Privacy Paper Submission Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset: DRAFT (PBEST) Email from Porras re: A Common Intrusion Detection Interface Specification SRI 151720 SYM_P_0500624 ISS _00348839
SRIE 0275123 SRI 151740 SYM_P_0500639 ISS_00348854 Exhibit does not match description (in part) 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807, 901, 902
271 272
Page 21 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 22 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION BEG. BATES NO. NO. Invoices including #175 dated 05/03/2006 for $19,972.80; #180 dated 08/22/2005 for $28,665.20; #185 dated 10/10/2005 for $27,864.00; #186 dated 273 HEB_0000040 12/05/05 for $37,850.40; #188 dated 01/03/2006 for #23,575.20; #190 dated 02/01/2006 fro $25,548.00; #192 dated A Network Security Monitor, Proceedings, 1990 IEEE SYM_P_0068974 274 Computer Soceity Symposium on Research in Security and Privacy, May 7-9, 1990 THESIS: Signature Analysis and Communicatoin SYM_P_0069163 275 Issues in a Distributed Intrusion Detection System 276 277 278 279 280 281 282 283 The NetStalker Installation and User's Guide, page 6-5; Figure 6-2 Email from Neumann to Lunt with copy to Moriconi and Neumann re: Intrusion Detection; Survivability Email from Porras to Valdes with copy to Porras, Neumann and Porras re: Frank Jou meeting Email from Linne to Valdes with copy to Linne re: P10872 Chart Available Presentations current downloads as of 10/01/1997 re Emerald papers Web page of Available Presentations current downloads as of 10/01/1997 re Emerald papers Email from Hogsett to All Staff re: FTP Servers Email from Hogsett re: NIDES, EMERALD and Intrusion Email re: purpose of Emerald IP Mailing List. The mailing list and web archive facility has been established to discuss the progress of EMERALD IP and business development. Statement of Work for Analysis and Response for Intrusion Detection in Large Networks, PR No. N-66013 SYM_P_0079597 SRI 010974 SRIE 0053627 SRIE 0147578 SRI 112350 ISS 00538072 SRIE 0253700 SRIE 0010808 END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
HEB_0000048
SYM_P_0068986
SYM_P_0069209
Exhibit does not match 801, 803, 807 description (in part); incomplete; 602; 802 401, 402, 403, 801, 803, 402; 403; 602; 802 807 106
SYM_P_0079597 SRI 010974 SRIE 0053627 SRIE 0147578 SRI 112350 ISS 00538072 SRIE 0253700 SRIE 0010808
Document description doesn't match Bates Range
284
SRIE 0050164
SRIE 0050164
285
SRI 030137
SRI 030144
Page 22 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 23 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION BEG. BATES NO. NO. Letter to Alice Colasanti, Contract Specialist at Rome Laboratory from Donna Linne, Sr. Contract 286 Administrator at SRI re: DARPA BAA 96-03, SRI SRI 030156 Proposal ECU 95-445 dated 2/28/96 and updated 8/2/96 Confirmation of Telephone Negotiations Department of the Air Force Memorandum for Donna Linne (SRI) from Rome Laboratory re: AA #96-03. 287 SRI 030166 Proposal dated 02/28/1996 has been selected for negotiation Letter to Alice Colasanti, Rome Laboratory/AFMC from Donna Linne, Sr. Contract Administrator, SRI with attached cost estimates and supporting schedules, labor rate verification, subcontracting plans, etc. Section I: Administrative Proposal, Analysis and Response for Intrusion Detection in Large Networks SRI International Final Technical Report: The EMERALD Mission-Based Correlation System and Experimental Data Analysis of AFRL/AFED INFOSEC Alarms SRI Contract No. F30602-96-C-0294 Letter to Mr. Terrance Champion from Donna Linne re: Contract No. F30602-96-C-0294 with enclosure: Contracts Funds Status Report "EMERALDeXpert/estat/TCP/UDP/ICMP ANALYSIS SUMMARY" by Phillip Porras, Draft 0.1 Invention Disclosure for EMERALD Email from Phillip Porras to Teresa Lundt re. Anomaly Detection END BATES NO. OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
SRI 030157
SRI 030243
288
SRI 030244
SRI 030294
289
SRI 030424
SRI 030453
290 291 292 293 294 295 296
SRI 098639 SRI 030109 SRI 029999 SRI 0277983 SRI 287656 SRIE 0037570
SRI 098678 SRI 030136 SRI 030001 SRI 0278002 SRI 287659 SRIE 0037571 SRIE 0399397
Email from Daniero to Valdes, et al. re: tentative agenda SRIE 0399394 for Intrusion Detection Meeting in Savannah Intrusion Detection PI Meeting Presentation Slides, Scalable Intrusion Detection for the Emerging Network SRI 013488 Infrastructure
297
SRI 013512
Page 23 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 24 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 BEG. BATES NO. END BATES NO. SRIE 0018851 SRIE 0018819 SRIE 0052499 SRIE 0399190 SYM_P_0527593 SYM_P_0527594 SYM_P_0527596 SYM_P_0527601 SYM_P_0527709 SRIE 0399159 SRIE 0018218 SRIE 0018215 SRIE 0018026 SRIE 0392667 SRI 014304 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 402; 403; 602; 802; 901 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 402; 403; 602; 802 401, 402, 403, 801, 803, 807, 901, 902 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 401, 402, 403, 801, 803, 807 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
Email from Jou to Porras re: Statistical Analysis Engine SRIE 0018851 Email from Jou to Porras re: Statistical Analysis Engine SRIE 0018819 Email from Jou to Porras re: Collaboration SRIE 0052499 Email from Jou to Porras, Wu and Staniford re: API SRIE 0399190 proposal Web archive: MCNC Advanced Networking Research SYM_P_0527593 (ANR) Web archive: MCNC Project Highlights page SYM_P_0527594
Web archive: MCNC ANR Projects - Ji-Nao, Scalable Intrusion Detection for the Emerging Network SYM_P_0527595 Infrastructure Web archive: PP Presentation ANR MCNC SYM_P_0527597
Web archive: Scalable Intrusion Detection for the SYM_P_0527644 Emerging Network Infrastructure ANR MCNC - slides Email from Lunt re: Tentative Agenda for DARPAIntrusion Detection Conference Email from Jou to Porras with copy to Wu re: EMERALD/Ji Nao Email from Jou to Porras with copy to Wu re: gated.log file Email from Jou to Porras re: OSPF Analysis Email from Zissman to Distribution, including Jou re: Intrusion Detection Evaluation Web Site SRIE 0399156 SRIE 0018218 SRIE 0018215 SRIE 0018026 SRIE 0392666
Scalable Intrusion Detection for the Emerging Network SRI 014293 Infrastructure presentation slides by Y. Frank Jou Web Archive: MCNC ANR Projects - Ji-Nao, Scalable Intrusion Detection for the Emerging Network SYM_P_0499567 Infrastructure The DARPA Common Intrusion Detection Framework, SYM_P_0071467 ISS 24442 The CIDF Working Group
313 314
SYM_P_0499568 SYM_P_0071470 ISS 24445
402; 403; 602; 802 402; 403; 602; 802
Page 24 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 25 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION NO. Email from Porras to Staniford, et al. re: CIDF Interface 315 Spec RE: Revised CIDF Document - A Common Intrusion 316 Detection Framework (Working Draft) dated October 5, 1997 is in the body of the document Email from Wu to Jou, Jzao, Mazum, Meeson, Meyer, 317 Musman, Porras, Maraya, Iddon, Staniford re: CIDF/SNMP subgroup message #1 JiNao: Design and Implementation of a Scalable 318 Intrusion Detection System for the OSPF Routing Protocol IDS Program Review, 2/4/98, Annapolis, MD: Scalable 319 Intrusion Detection for the Emerging Network Infrastructure (slides) Final Report: Scalable Intrusion Detection System for the Emerging Network Infrastructure, DARPA Order No. E296, Issued by Rome Lab under Contract No. 320 F30602-96-C0325, submitted December 1999, MCNC Information Technologies, Advanced Networking Research Email from Neumann to Porras with copy to Jou re: 321 NIDES statistical module Email from Porras to Jou with copy to Valdes, Porras, 322 Neumann re: visit and CMAD 323 Email from Porras to Jou re: revision estimate 324 BEG. BATES NO. SYM_P_0076916 SYM_P_0071210 ISS 24594 SRIE 0017985 END BATES NO. SYM_P_0076930 SYM_P_0071235 ISS 24519 SRIE 0017987 801, 803, 807 RTI 0381 RTI 0404 602; 802 402; 403; 602; 802; 901 401, 402, 403, 801, 803, 807, 901, 902 OBJECTION BASIS FRE IN SUPPORT OF ADMISSION DATE ADMITTED
RTI 0644
RTI 0660 801, 803, 807
RTI 0140
RTI 0256
602; 802
SRIE 0053920 SRIE 0053899 SRIE 0053740
SRIE 0053920 SRIE 0053899 SRIE 0053740 ISS 00354606
Proceedings of the Fourth Workshop on Future ISS 00354559 Directions in Computer Misuse and Anomaly Detection Email from Lipson to Jou and distribution re: ISW '97 Final Agenda - Information Survivability Workshop, SRIE 0052902 February 12-13, 1997 Email from Porras to Neumann re: Transmitting Second SRI 044907 Draft of SunScreen Target Memorandum from Kean to Col. Meinke re: Use of TEA_0001800 Network Security Monitor
325 326 327
SRIE 0052903 SRI 044913 TEA_0001819 FRCP 37; 901 901, 902
Page 25 of 163
1010084_3
Case 1:04-cv-01199-SLR
Document 524-9
Filed 08/18/2008
Page 26 of 163
INTERNET SECURITY SYSTEMS, INC., a Delaware Corporation, INTERNET SECURITY SYSTEMS, INC., a Georgia Corporation, and SYMANTEC CORPORATION, a Delaware Corporation C.A. No. 04-1199-SLR ISS's and Symantec's Joint Trial List
TRIAL EXH. DESCRIPTION BEG. BATES NO. NO. Proposed NSPW-04 Discussion Topic: Lack of Science 328 for Testing the Effectiveness of Large-Scale Cyber SRI 058945 Defenses Invoice from George Kesidis for services rendered from 329 KES 1088 1/06/2006 to 2/21/2006 Invoice from George Kesidis fro services rendered 330 KES 1079 March 2006 Invoice from George Kesidis for services rendered from 331 KES 1094 6/15/2005 to 6/29/2005 Continuation Application for United States Letters 332 Patent - Title: Hierarchical Event Monitoring and SYM_P_0554136 Analysis, Docket No. 10454-002003 / 10254457 333 Notice re: Change of Power of Attorney SYM_P_055418
Free Proposed Pretrial Order - District Court of Delaware - Delaware
| File Size: | 502.1 kB |
| Pages: | 163 |
| Date: | August 18, 2008 |
| File Format: | |
| State: | Delaware |
| Category: | District Court of Delaware |
| Author: | unknown |
| Word Count: | 11,609 Words, 65,540 Characters |
| Page Size: | Letter (8 1/2" x 11") |
| URL |
https://www.findforms.com/pdf_files/ded/8551/524-9.pdf |
| Download Proposed Pretrial Order - District Court of Delaware ( 502.1 kB) |
Preview Proposed Pretrial Order - District Court of Delaware
Popular Searches
United States Free Forms
Canada Free Forms
United Kingdom Free Forms
Australia Free Forms