Protecting against spoofed DNS messages
First Claim
Patent Images
1. A method for authenticating communication traffic, comprising:
- receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request, wherein first and second requests and the response comprises data packets, and wherein the source address comprises an Internet Protocol (IP) address, and wherein receiving the first request comprises receiving a Domain Name System (DNS) request in a User Datagram Protocol (UDP) packet, and wherein sending the response comprises configuring the response so as to require that the first request be resent in a Transmission Control Protocol (TCP) packet, and wherein receiving the second request comprises receiving a TCP SYN packet.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving a first request, such as a DNS request, sent over a network from a source address, to provide network information regarding a given domain name. A response is sent to the source address in reply to the first request. When a second request is from the source address in reply to the response, the authenticity of the first request is assessed based on the second request.
-
Citations
27 Claims
-
1. A method for authenticating communication traffic, comprising:
-
receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request, wherein first and second requests and the response comprises data packets, and wherein the source address comprises an Internet Protocol (IP) address, and wherein receiving the first request comprises receiving a Domain Name System (DNS) request in a User Datagram Protocol (UDP) packet, and wherein sending the response comprises configuring the response so as to require that the first request be resent in a Transmission Control Protocol (TCP) packet, and wherein receiving the second request comprises receiving a TCP SYN packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request,
wherein the first and second requests and the response comprises data packets, and wherein the source address comprises an Internet Protocol (IP) address and wherein the first request comprises a Domain Name System (DNS) request contained in a User Datagram Protocol (UDP) packet and wherein the guard device is adapted to send the response so as to require that the first request be resent in a Transmission Control Protocol (TCP) packet, so that the second request comprises a TCP SYN packet.
-
19. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request,
wherein the first and second requests and the response comprises data packets, and wherein the source address comprises an Internet Protocol (IP) address, and wherein the first request comprises a Domain Name System (DNS) request contained in a User Datagram Protocol (UDP) packet, and wherein the instructions cause the computer to send the response so as to require that the first request be resent in a Transmission Control Protocol (TCP) packet, so that the second request comprises a TCP SYN packet.
Specification