DISTRIBUTED FREQUENCY DATA COLLECTION VIA INDICATOR EMBEDDED WITH DNS REQUEST

US 20100049848A1
Filed: 11/02/2009
Published: 02/25/2010
Est. Priority Date: 09/24/2007
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring data traffic comprising:

detecting occurrence of a transfer of a block of data with respect to a network node;

generating an indicator that is specifically related to contents of said block of data; and

reporting said transfer, including utilizing said indicator in a Domain Name Service (DNS) request.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Domain Name Service (DNS) requests are used as the reporting vehicle for ensuring that security-related information can be transferred from a network. As one possibility, a central facility for a security provider may maintain a data collection capability that is based upon receiving the DNS requests containing the information being reported. In an email application, if a data block is embedded within or attached to an email message, an algorithm is applied to the data block to generate an indicator that is specifically related to the contents of the data block. As one possibility, the algorithm may generate a hash that provides a “digital fingerprint” having a reasonable likelihood that the hash is unique to the data block. By embedding the hash within a DNS request, the request becomes a report that the data block has been accessed.

12 Citations

View as Search Results

20 Claims

1. A method of monitoring data traffic comprising:
- detecting occurrence of a transfer of a block of data with respect to a network node;
  
  generating an indicator that is specifically related to contents of said block of data; and
  
  reporting said transfer, including utilizing said indicator in a Domain Name Service (DNS) request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein generating said indicator includesapplying a particular algorithm to said block of data to define said indicator as a digital fingerprint that is a function of said algorithm.
  - 3. The method of claim 2 wherein generating said indicator includesoutputting a hash as a consequence of applying said algorithm, said reporting including forming said DNS request to include said hash.
  - 4. The method of claim 1 wherein said reporting includestransmitting said DNS request to a remote site via a global communications network, thereby enabling said remote site to determine a count of occurrences of transfers of said block of data.
  - 5. The method of claim 4 further comprisingreceiving instructions from said remote site as a response to said DNS request, said instructions being relevant to processing of said data traffic being monitored.
  - 6. The method of claim 4 wherein said remote site is maintained by a central security provider enabled to select and implement corrective action on a basis of said count of occurrences of transfers.
  - 7. The method of claim 6 wherein generating said indication is executed at one of a plurality of independent networks that are enabled to exchange data with said central security provider, said networks using a same algorithm to generate hashes upon said occurrences of transfers of blocks of data.
  - 8. The method of claim 7 further comprisingenabling said central security provider to receive DNS requests from each said network, wherein at least some of said DNS requests include said hashes.
  - 9. The method of claim 1 further comprisingcombining a plurality of different said indications to form an aggregated said DNS request.
  - 10. The method of claim 1 wherein detecting said transfer is specific to monitoring email transmissions.
  - 11. The method of claim 10 wherein said block of data is an attachment of an email message.
  - 12. The method of claim 10 wherein said block of data is an image which is a component of an email message.
  - 13. The method of claim 10 wherein said indicator is generated to identify Uniform Resource Locators (URLs) detected within said email transmissions.
  - 14. The method of claim 10 wherein said indicator is generated to identify IP addresses relevant to said email transmissions.
  - 15. The method of claim 1 wherein said indicator is generated to identify an IP address of a source of said block of data.

16. An apparatus for monitoring data traffic comprising:
- a detection circuit coupled to a network to detect occurrence of a transfer of a block of data with respect to a network node;
  
  coupled to an indicator generation circuit to generate an indicator that is specifically related to contents of said block of data;
  
  coupled to a communication circuit to report said transfer, by incorporation of said indicator in a Domain Name Service (DNS) request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16 wherein the indicator generation circuit comprises instructions for adapting a processor to apply a particular algorithm to said block of data to define said indicator as a digital fingerprint that is a function of said algorithm.
  - 18. The apparatus of claim 17 wherein said indicator includes a hash as a consequence of applying said algorithm, said incorporation comprising configuring said DNS request to include said hash.
  - 19. The apparatus of claim 18 wherein said communication circuit comprises a processor adapted to transmit said DNS request to a remote site via a global communications network, thereby enabling said remote site to determine a count of occurrences of transfers of said block of data.
  - 20. The apparatus of claim 19 further comprisinga receiver circuit for to receive instructions from said remote site as a response to said DNS request, said instructions being relevant to processing of said data traffic being monitored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Barracuda Networks Incorporated
Inventors
LEVOW, ZACHARY S., EVANS, JOSEPH WILSON

Granted Patent

US 8,775,604 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 61/4511   using domain name system [DNS]

H04L 63/1416   Event detection, e.g. attac...

DISTRIBUTED FREQUENCY DATA COLLECTION VIA INDICATOR EMBEDDED WITH DNS REQUEST

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED FREQUENCY DATA COLLECTION VIA INDICATOR EMBEDDED WITH DNS REQUEST

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links