Protecting against spoofed DNS messages
First Claim
Patent Images
1. A method for authenticating communication traffic, comprising:
- receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving a first request, such as a DNS request, sent over a network from a source address, to provide network information regarding a given domain name. A response is sent to the source address in reply to the first request. When a second request is from the source address in reply to the response, the authenticity of the first request is assessed based on the second request.
118 Citations
62 Claims
-
1. A method for authenticating communication traffic, comprising:
-
receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11-12. -12. (Canceled)
-
13. A method for authenticating communication traffic, comprising:
-
receiving a data packet sent over a network from a source address to a destination address;
sending an outgoing Domain Name System (DNS) message to the source address;
receiving an incoming DNS message in response to the outgoing DNS message; and
processing the incoming DNS message so as to assess authenticity of the received data packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
- 22. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request.
-
32-33. -33. (Canceled)
- 34. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet.
- 42. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request.
-
52-53. -53. (Canceled)
- 54. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet.
-
62-82. -82. (Canceled)
Specification