System and Method for Detecting and Mitigating Dns Spoofing Trojans
First Claim
Patent Images
1. A method for detecting spoofing, the method comprising:
- receiving notification of an IP request, said IP request being associated with a requested IP address and a desired hostname; and
detecting whether the requested IP address matches the desired hostname.
14 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention relate to a method and system for detecting and/or mitigating domain name system (DNS) spoofing Trojan horse (or Trojan) code. Trojan code (sometimes called malware or malicious software) is a common computer security problem. Some Trojans modify the DNS resolution mechanism employed by the infected computer, such that the computer traffic, when browsing the Internet, is routed to a location not intended by the rightful owner of the computer. The present invention can detect this phenomenon from a remote device or location and may take action to mitigate its effects.
-
Citations
52 Claims
-
1. A method for detecting spoofing, the method comprising:
-
receiving notification of an IP request, said IP request being associated with a requested IP address and a desired hostname; and detecting whether the requested IP address matches the desired hostname. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
13. A method comprising:
-
receiving a notification of a request sent to a network address, said request being associated with a requested network address and a desired hostname; and detecting whether the requested network address matches the desired hostname. - View Dependent Claims (14)
-
-
15. A system comprising:
an analyzer to receive notification of an IP request, said IP request being associated with a requested IP address and a desired hostname, and to detect whether the requested IP address matches the desired hostname. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
28. A method comprising:
-
receiving at a computing device a notification including a physical address of a computing element being associated with a requested physical address and logical address; and determining whether said requested physical address matches the logical address. - View Dependent Claims (29, 30, 31, 32, 33)
-
Specification