Origin server protection notification

US 10,178,195 B2
Filed: 12/05/2016
Issued: 01/08/2019
Est. Priority Date: 12/04/2015
Status: Active Grant

First Claim

Patent Images

1. A method in a service server, comprising:

analyzing Domain Name System (DNS) records of a single site, wherein at least one DNS record points to a first IP address of a proxy server of a service;

determining that at least one of the DNS records of the single site that is not pointed to a second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service; and

responsive to the determining, displaying a notification that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing a third IP address of an origin server of the single site.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An origin server has been registered, or is in the process of being registered, for a proxied service that includes changing Domain Name System (DNS) configurations such that certain network traffic is proxied at a proxy server instead of that traffic being received directly at the origin server. The service checks the configuration and determines if there is any flaw in the configuration that may cause information about the origin server (e.g., the IP address of the origin server) to be leaked. Upon finding a flaw in the configuration, the service may notify the origin server and/or the operator of the origin server that the information may be leaked.

Citations

21 Claims

1. A method in a service server, comprising:
- analyzing Domain Name System (DNS) records of a single site, wherein at least one DNS record points to a first IP address of a proxy server of a service;
  
  determining that at least one of the DNS records of the single site that is not pointed to a second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service; and
  
  responsive to the determining, displaying a notification that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing a third IP address of an origin server of the single site.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first IP address and the second IP address are equivalent.
  - 3. The method of claim 1, wherein a DNS request for a domain of the at least one DNS record that points to the first IP address of the proxy server of the service returns the first IP address of the proxy server of the service.
  - 4. The method of claim 1, wherein a DNS request for a domain of the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service returns a fourth IP address not of the proxy server of the service.
  - 5. The method of claim 1, wherein the displayed notification further includes an instruction to resolve that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing the third IP address of the origin server of the single site.
  - 6. The method of claim 5, wherein the instruction includes an instruction to remove that at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service.
  - 7. The method of claim 5, wherein the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service is an MX record that is running on the third IP address of the origin server of the single site, and wherein the instruction includes an instruction to use an email service that is running on a fourth IP address that is different than the third IP address of the origin server of the single site.

8. A non-transitory computer-readable medium storing instructions, which when executed by a set of one or more processors, cause the set of processors to perform operations comprising:
- analyzing Domain Name System (DNS) records of a single site, wherein at least one DNS record points to a first IP address of a proxy server of a service;
  
  determining that at least one of the DNS records of the single site that is not pointed to a second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service; and
  
  responsive to the determining, displaying a notification that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing a third IP address of an origin server of the single site.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the first IP address and the second IP address are equivalent.
  - 10. The non-transitory computer-readable medium of claim 8, wherein a DNS request for a domain of the at least one DNS record that points to the first IP address of the proxy server of the service returns the first IP address of the proxy server of the service.
  - 11. The non-transitory computer-readable medium of claim 8, wherein a DNS request for a domain of the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service returns a fourth IP address not of the proxy server of the service.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the displayed notification further includes an instruction to resolve that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing the third IP address of the origin server of the single site.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the instruction includes an instruction to remove that at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service is an MX record that is running on the third IP address of the origin server of the single site, and wherein the instruction includes an instruction to use an email service that is running on a fourth IP address that is different than the third IP address of the origin server of the single site.

15. An apparatus, comprising:
- a set of one or more processors;
  
  a set of one or more non-transitory computer-readable mediums that store instructions, that when executed by the set of processors, cause the set of processors to perform the following;
  
  analyze Domain Name System (DNS) records of a single site, wherein at least one DNS record points to a first IP address of a proxy server of a service;
  
  determine that at least one of the DNS records of the single site that is not pointed to a second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service; and
  
  responsive to the determination, display a notification that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing a third IP address of an origin server of the single site.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15, wherein the first IP address and the second IP address are equivalent.
  - 17. The apparatus of claim 15, wherein a DNS request for a domain of the at least one DNS record that points to the first IP address of the proxy server of the service returns the first IP address of the proxy server of the service.
  - 18. The apparatus of claim 15, wherein a DNS request for a domain of the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service returns a fourth IP address not of the proxy server of the service.
  - 19. The apparatus of claim 15, wherein the displayed notification further includes an instruction to resolve that the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service thereby exposing the third IP address of the origin server of the single site.
  - 20. The apparatus of claim 19, wherein the instruction includes an instruction to remove that at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service.
  - 21. The apparatus of claim 19, wherein the at least one of the DNS records of the single site that is not pointed to the second IP address of the proxy server of the service is referencing the at least one DNS record that points to the first IP address of the proxy server of the service is an MX record that is running on the third IP address of the origin server of the single site, and wherein the instruction includes an instruction to use an email service that is running on a fourth IP address that is different than the third IP address of the origin server of the single site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CloudFlare Incorporated
Original Assignee
CloudFlare Incorporated
Inventors
Johnson, Evan
Primary Examiner(s)
Baturay, Alicia

Application Number

US15/369,711
Publication Number

US 20170163754A1
Time in Patent Office

764 Days
Field of Search

709220
US Class Current
CPC Class Codes

H04L 43/065   related to network devices

H04L 61/4511   using domain name system [DNS]

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1036   Load balancing of requests ...

H04L 67/55   Push-based network services

Origin server protection notification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Origin server protection notification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links