SYSTEM AND METHOD FOR IDENTIFICATION AND BLOCKING OF MALICIOUS USE OF SERVERS
First Claim
Patent Images
1. A computer system comprising:
- a central processing unit; and
first program instructions to identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit,wherein the first program instructions are stored on the computer system for execution by the central processing unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method to protect web applications from malicious attacks and, in particular, a system and method for identification and blocking of malicious DNS servers. The system includes a central processing unit and first program instructions. The first program instructions identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit. The first program instructions are stored on the computer system for execution by the central processing unit.
34 Citations
20 Claims
-
1. A computer system comprising:
-
a central processing unit; and first program instructions to identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit, wherein the first program instructions are stored on the computer system for execution by the central processing unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
- 13. A method for preventing use of a rogue DNS server comprising providing a computer infrastructure being operable to identify the rogue DNS server by detecting a DNS metric comprising at least one of number of redirects by the DNS server and a response time to a request for an IP address is outside of a set limit.
-
19. A computer program product for protecting web applications from malicious attacks, the computer program product comprising:
-
a computer readable medium; a first program instructions to determine that a current DNS server is a historical DNS server; a second program instructions to determine a response time of a connected to DNS server; a third program instructions to determine a redirection of a response to another DNS server; fourth program instructions to calculate a difference between historical and current ping times and historical and response times and the response time of the connected to DNS server; and fifth program instructions to take action when at least one of; the first program instructions finds the current DNS server to be different than the historical DNS server; the third program determines that there is a redirection to the another DNS server and the redirection is outside a set limit of redirections; and the fourth program instructions calculate a difference between the historical and current ping times and the historical and response times and the response time of the connected to DNS server is greater than a set limit, wherein the first, second, third, fourth and fifth program instructions are stored on the computer readable media. - View Dependent Claims (20)
-
Specification