DNS tunneling prevention
First Claim
Patent Images
1. A method, by a processor, for domain name service (DNS) tunneling prevention, comprising:
- requesting a domain name service (DNS) tunneling detection operation upon receiving a DNS query;
generating a response based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity;
assigning a value to each one of a plurality of factors, wherein the plurality of factors include an age of a domain name, a set of resource records, reputation data of the domain name, and detection of DNS tunneling activity using DNS tunneling;
calculating a DNS response score according to the assigned values for generating the response;
comparing the DNS response score to a first level threshold; and
providing a non-existing domain in the DNS response to prevent the DNS tunneling activity upon the DNS response score being greater than the first level threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments for domain name service (DNS) tunneling prevention by a processor. A DNS tunneling detection operation is requested to be performed upon receiving a DNS query. A response is generated based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity.
-
Citations
12 Claims
-
1. A method, by a processor, for domain name service (DNS) tunneling prevention, comprising:
-
requesting a domain name service (DNS) tunneling detection operation upon receiving a DNS query; generating a response based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity; assigning a value to each one of a plurality of factors, wherein the plurality of factors include an age of a domain name, a set of resource records, reputation data of the domain name, and detection of DNS tunneling activity using DNS tunneling; calculating a DNS response score according to the assigned values for generating the response; comparing the DNS response score to a first level threshold; and providing a non-existing domain in the DNS response to prevent the DNS tunneling activity upon the DNS response score being greater than the first level threshold. - View Dependent Claims (2, 3, 4)
-
-
5. A system for domain name service (DNS) tunneling prevention, comprising:
-
one or more computers with executable instructions that when executed cause the system to; request a domain name service (DNS) tunneling detection operation upon receiving a DNS query; generate a response based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity; assign a value to each one of a plurality of factors, wherein the plurality of factors include an age of a domain name, a set of resource records, reputation data of the domain name, and detection of DNS tunneling activity using DNS tunneling; calculate a DNS response score according to the assigned values for generating the response; compare the DNS response score to a first level threshold; and provide a non-existing domain in the DNS response to prevent the DNS tunneling activity upon the DNS response score being greater than the first level threshold. - View Dependent Claims (6, 7, 8)
-
-
9. A computer program product for, by a processor, domain name service (DNS) tunneling prevention, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
-
an executable portion that requests a domain name service (DNS) tunneling detection operation upon receiving a DNS query; an executable portion that generates a response based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity; an executable portion that assigns a value to each one of a plurality of factors, wherein the plurality of factors include an age of a domain name, a set of resource records, reputation data of the domain name, and detection of DNS tunneling activity using DNS tunneling; an executable portion that calculates a DNS response score according to the assigned values for generating the response; an executable portion that compares the DNS response score to a first level threshold; and an executable portion that provides a non-existing domain in the DNS response to prevent the DNS tunneling activity upon the DNS response score being greater than the first level threshold. - View Dependent Claims (10, 11, 12)
-
Specification