Apparatus and Method for Domain Name Resolution

US 20130179969A1
Filed: 02/26/2013
Published: 07/11/2013
Est. Priority Date: 06/23/2000
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for facilitating communications between a client and a server over a network, said apparatus comprising:

a processor coupled with said network, said network operative to transmit a plurality of translation requests including a translation request generated by said client, said translation request comprising an address identifying said server, said translation request being directed, by said client, to an address translator separate from said processor, said address translator being coupled with said network;

said processor being operative to selectively intercept said translation request from among said plurality of translation requests prior to receipt by said address translator, said selective interception being determined based on a criteria other than only that said translation request is one of said plurality of translation requests;

wherein said address translator is operative to translate said address into a translated address when said translation request is not selectively intercepted, and return said translated address to said client via said network thereby facilitating said communications between said client and said server; and

said processor being operative to analyze said selectively intercepted translation request and delete said selectively intercepted translation request based on said analysis.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. Multiple edge servers and edge caches are provided at the edge of the network so as to cover and monitor all points of presence. The edge servers selectively intercept domain name translation requests generated by downstream clients, coupled to the monitored points of presence, to subscribing Web servers and provide translations which either enhance content delivery services or redirect the requesting client to the edge cache to make its content requests. Further, network traffic monitoring is provided in order to detect malicious or otherwise unauthorized data transmissions.

Citations

31 Claims

1. An apparatus for facilitating communications between a client and a server over a network, said apparatus comprising:
- a processor coupled with said network, said network operative to transmit a plurality of translation requests including a translation request generated by said client, said translation request comprising an address identifying said server, said translation request being directed, by said client, to an address translator separate from said processor, said address translator being coupled with said network;
  
  said processor being operative to selectively intercept said translation request from among said plurality of translation requests prior to receipt by said address translator, said selective interception being determined based on a criteria other than only that said translation request is one of said plurality of translation requests;
  
  wherein said address translator is operative to translate said address into a translated address when said translation request is not selectively intercepted, and return said translated address to said client via said network thereby facilitating said communications between said client and said server; and
  
  said processor being operative to analyze said selectively intercepted translation request and delete said selectively intercepted translation request based on said analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The apparatus of claim 1, wherein said processor is operative to detect a security attack based on said intercepted translation request and absorb said detected security attack.
  - 3. The apparatus of claim 1, wherein said analysis comprises determining that said intercepted translation request is one of a plurality of translation requests directed to said server, and determining whether a capacity of said address translator is exceeded by a quantity of translation requests of said plurality of translation requests.
  - 4. The apparatus of claim 1, wherein said processor is operative to analyze said selectively intercepted translation request to determine whether said translation request is malicious, and delete said selectively intercepted translation request when said translation request is malicious.
  - 5. The apparatus of claim 4, wherein said processor is further operative to determine an origin of said selectively intercepted translation request, said determination of whether said selectively intercepted translation request is malicious being based on said determined origin of said selectively intercepted translation request.
  - 6. The apparatus of claim 4, wherein said analysis comprises a comparison of said selectively intercepted translation request to previously identified malicious data, and wherein said processor is further operative to receive said previously identified malicious data from said server, a separate server, or a combination thereof.
  - 7. The apparatus of claim 6, wherein said previously identified malicious data comprises unauthorized data or forged data.
  - 8. The apparatus of claim 1, wherein said translated address is a first translated address, andwherein said processor is further operative to modify said address of said translation request to a modified address when selectively intercepted, wherein said processor is further operative to forward said selectively intercepted translation request having said modified address to said address translator, wherein said address translator, upon receipt of said translation request having said modified address, being operative to translate said modified address into a second translated address and to return said second translated address to said client via said network, wherein said first translated address returnable to said client by said address translator is different from said second translated address returnable to said client by said address translator.
  - 9. The apparatus of claim 1, wherein said network comprises the Internet.
  - 10. The apparatus of claim 1, wherein said client comprises a computer.
  - 11. The apparatus of claim 1, wherein said client comprises a private network.
  - 12. The apparatus of claim 11, wherein said private network further comprises a private address translator operative to generate said translation request.
  - 13. The apparatus of claim 1, wherein said processor is coupled with a network router.
  - 14. The apparatus of claim 1, further comprising a traffic monitor coupled with said network, wherein said network is further operative to transmit data between said client and said server, said traffic monitor operative to monitor said transmitted data.
  - 15. The apparatus of claim 14, wherein said traffic monitor is further operative to detect malicious program code within said transmitted data.
  - 16. The apparatus of claim 14, wherein said traffic monitor is further operative to detect unauthorized data within said transmitted data.
  - 17. The apparatus of claim 16, wherein said traffic monitor is further operative to detect forged communications within said transmitted data.

18. A method of facilitating communications over a network, said network comprising a server and at least one sub-network coupled with said server, said at least one sub-network coupled with an address translator and a client, said method comprising:
- monitoring said at least one sub-network for a translation request of a plurality of translation requests, said translation request being generated by said client and directed by said client to said address translator, said translation request comprising an address intended to be translated into a translated address by said address translator;
  
  intercepting, selectively by a device separate from said address translator, said translation request from among said plurality of translation requests prior to receipt by said address translator and prior to translation of said address thereby, said selective interception being based on a criteria other than only that said translation request is one of said plurality of translation requests; and
  
  detecting a security attack based on said intercepted translation request and absorbing said detected security attack.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 19. The method of claim 18, wherein said detecting comprises determining that said intercepted translation request is one of a plurality of translation requests directed to said server, and determining whether a capacity of said address translator is exceeded by a quantity of translation requests of said plurality of translation requests.
  - 20. The method of claim 18, wherein said detecting comprises analyzing said selectively intercepted translation request to determine whether said translation request is malicious, andwherein said absorbing comprises deleting said selectively intercepted translation request when said selectively intercepted translation request is determined to be malicious.
  - 21. The method of claim 18, wherein said absorbing comprises responding to said intercepted translation request or deleting said intercepted translation request.
  - 22. The method of claim 20, further comprising determining an origin of said selectively intercepted translation request, said determination of whether said selectively intercepted translation request is malicious being based on said determined origin of said selectively intercepted translation request.
  - 23. The method of claim 20, wherein said analyzing comprises comparing said selectively intercepted translation request to previously identified malicious data, and wherein the method further comprises receiving said previously identified malicious data from said server, a separate server, or a combination thereof.
  - 24. The method of claim 23, wherein said previously identified malicious data comprises unauthorized data or forged data.
  - 25. The method of claim 18, wherein said translated address is a first translated address, andwherein the method further comprises modifying said address of said selectively intercepted translation request to a modified address and forwarding said translation request having said modified address to said address translator, said modified address intended to be translated by said address translator into a second translated address different from said first translated address, wherein said second translated address is generated when said translation request is selectively intercepted and said first translated address is generated when said translation request is not selectively intercepted.
  - 26. The method of claim 25, wherein said address is a domain name, said first translated address is a first internet protocol address and said second translated address is a second internet protocol address different from said first internet protocol address.
  - 27. The method of claim 25, wherein said second translated address is associated with a cache affiliated with said server.
  - 28. The method of claim 25, wherein said modifying further comprises determining said second translated address to be an address associated with a proximately optimal cache affiliated with said server relative to said client.
  - 29. The method of claim 28, wherein said cache is geographically optimal.
  - 30. The method of claim 28, wherein said cache is proximately optimal based on a topology of said network.

31. An apparatus for facilitating communications between a client and a server over a network, said apparatus comprising:
- a processor coupled with said network, said network operative to transmit a plurality of translation requests including a translation request generated by said client, said translation request comprising an address identifying said server, said translation request being directed, by said client, to an address translator separate from said processor, said address translator being coupled with said network;
  
  said processor being operative to selectively intercept said translation request from among said plurality of translation requests prior to receipt by said address translator, said selective interception being determined based on a criteria other than only that said translation request is one of said plurality of translation requests;
  
  wherein said address translator is operative to translate said address into a translated address when said translation request is not selectively intercepted, and return said translated address to said client via said network thereby facilitating said communications between said client and said server; and
  
  said processor being operative to analyze said selectively intercepted translation request and absorb said selectively intercepted translation request based on said analysis, said analysis comprising a determination that said intercepted translation request is one of a plurality of translation requests directed to said server, and a determination of whether a capacity of said address translator is exceeded by a quantity of translation requests of said plurality of translation requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookingglass Cyber Solutions, LLC
Original Assignee
Lookingglass Cyber Solutions, LLC
Inventors
Jungck, Peder J.

Application Number

US13/778,043
Publication Number

US 20130179969A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 63/0236   Filtering by address, proto...

H04L 63/1441   Countermeasures against mal...

H04L 67/1001   for accessing one among a p...

H04L 67/1017   based on a round robin mech...

H04L 67/1021   based on client or server l...

H04L 67/1038   Load balancing arrangements...

H04L 67/563   Data redirection of data ne...

Apparatus and Method for Domain Name Resolution

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and Method for Domain Name Resolution

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links