Protecting against spoofed DNS messages
First Claim
Patent Images
1. A method for authenticating communication traffic, comprising:
- receiving a first request, sent over a network from a source address, to provide first network information regarding a first domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address, in reply to the response, to provide second network information regarding a second domain name; and
assessing authenticity of the first request based on the second request.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving a first request, such as a DNS request, sent over a network from a source address, to provide network information regarding a given domain name. A response is sent to the source address in reply to the first request. When a second request is from the source address in reply to the response, the authenticity of the first request is assessed based on the second request.
56 Citations
49 Claims
-
1. A method for authenticating communication traffic, comprising:
-
receiving a first request, sent over a network from a source address, to provide first network information regarding a first domain name; sending a response to the source address in reply to the first request; receiving a second request from the source address, in reply to the response, to provide second network information regarding a second domain name; and assessing authenticity of the first request based on the second request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating communication traffic, comprising:
-
receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name; sending a response to the source address in reply to the first request; receiving a second request from the source address in reply to the response; and assessing authenticity of the first request based on the second request, wherein sending the response comprises encoding information in the response, and wherein assessing the authenticity comprises checking the second request for the encoded information, and wherein encoding the information comprises encoding the information in an artificial domain name, and wherein receiving the second request comprises receiving a query for the network information corresponding to the artificial domain name.
-
-
11. A method for authenticating communication traffic, comprising:
-
receiving a data packet sent over a network from a source address to a destination address; sending an outgoing Domain Name System (DNS) message to the source address; receiving an incoming DNS message in response to the outgoing DNS message; and processing the incoming DNS message so as to assess authenticity of the received data packet, wherein receiving the data packet comprises receiving a first DNS request directed to a DNS server, and wherein sending the outgoing DNS message comprises sending a DNS response, and wherein receiving the incoming DNS message comprises receiving a second DNS request, and wherein receiving the first DNS request comprises receiving a request from a client for network information regarding a first domain name, and wherein sending the DNS response comprises sending a first DNS response redirecting the client to submit the second DNS request with regard to a second domain name. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
- 18. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a first request, sent over a network from a source address, to provide first network information regarding a first domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address, in reply to the response, to provide second network information regarding a second domain name, and to assess authenticity of the first request based on the second request.
-
27. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request,
wherein the guard device is adapted to encode information in the response, and to assess the authenticity of the first request by checking the second request for the encoded information, and wherein the guard device is adapted to encode the information in an artificial domain name, and to generate the response so as to cause a client at the source address to submit in the second request a query for the network information corresponding to the artificial domain name.
-
28. An apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet,
wherein the data packet comprises a first DNS request directed to a DNS server, and wherein the outgoing DNS message comprises a DNS response, and the incoming DNS message comprises a second DNS request, and wherein the first DNS request comprises a request from a client for network information regarding a first domain name, and wherein the DNS response comprises a first DNS response redirecting the client to submit the second DNS request with regard to a second domain name.
- 34. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a first request, sent over a network from a source address, to provide first network information regarding a first domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address, in reply to the response, to provide second network information regarding a second domain name, and to assess authenticity of the first request based on the second request.
-
43. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request,
wherein the instructions cause the computer to encode information in the response, and to assess the authenticity of the first request by checking the second request for the encoded information, and wherein the instructions cause the computer to encode the information in an artificial domain name, and to generate the response so as to cause a client at the source address to submit in the second request a query for the network information corresponding to the artificial domain name.
-
44. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, wherein the instructions, when read by a computer, cause the computer to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet,
wherein the data packet comprises a first DNS request directed to a DNS server, and wherein the outgoing DNS message comprises a DNS response, and the incoming DNS message comprises a second DNS request, and wherein the first DNS request comprises a request from a client for network information regarding a first domain name, and wherein the DNS response comprises a first DNS response redirecting the client to submit the second DNS request with regard to a second domain name.
Specification