Distributed frequency data collection via DNS
First Claim
1. A method of monitoring data traffic comprising:
- detecting occurrence of a transfer of a block of data with respect to a network node;
generating an indicator that is specifically related to contents of said block of data; and
reporting said transfer, including utilizing said indicator in a Domain Name Service (DNS) request.
3 Assignments
0 Petitions
Accused Products
Abstract
Domain Name Service (DNS) requests are used as the reporting vehicle for ensuring that security-related information can be transferred from a network. As one possibility, a central facility for a security provider may maintain a data collection capability that is based upon receiving the DNS requests containing the information being reported. In an email application, if a data block is embedded within or attached to an email message, an algorithm is applied to the data block to generate an indicator that is specifically related to the contents of the data block. As one possibility, the algorithm may generate a hash that provides a “digital fingerprint” having a reasonable likelihood that the hash is unique to the data block. By embedding the hash within a DNS request, the request becomes a report that the data block has been accessed.
79 Citations
29 Claims
-
1. A method of monitoring data traffic comprising:
-
detecting occurrence of a transfer of a block of data with respect to a network node; generating an indicator that is specifically related to contents of said block of data; and reporting said transfer, including utilizing said indicator in a Domain Name Service (DNS) request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of providing security for a plurality of networks comprising:
-
receiving Domain Name Service (DNS) requests originating from said networks, including DNS requests that include hashes determined at said networks by applications of an algorithm to transferred data blocks; determining frequencies of transfers of different data blocks based on receiving said DNS requests that include different said hashes; and forwarding security updates to said networks at least partially on a basis of determinations of said frequencies. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A network comprising:
-
a plurality of user devices; a network email server configured to enable email exchanges to and from said user devices; a network email security device configured to filter said email exchanges, said network email security device including an algorithm component specific to generating digital signatures for components of email messages, said network email security device having a reporting component specific to forming and transmitting domain names that include said digital signatures; and a network firewall connected along a path from the Internet and each of said user devices and said network email security devices. - View Dependent Claims (23, 24, 25)
-
-
26. A method of collecting data from a plurality of nodes comprising:
-
at each of said nodes, determining information that is to be reported in order to enable data collection; utilizing DNS requests as reporting vehicles for transmitting said information via the Internet, including embedding said information within said DNS requests in a format consistent with a protocol for transmissions via said Internet and further including forwarding said DNS requests for purposes of enabling said data collection; and collecting said information as a consequence of said DNS requests. - View Dependent Claims (27, 28, 29)
-
Specification