Defeating cache resistant domain name systems

US 7,865,618 B2
Filed: 02/22/2008
Issued: 01/04/2011
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A domain name caching system, comprising:

a processor;

and a memory component communicatively coupled to the processor, the memory component having stored therein computer-executable instructions that when executed by the processor cause the processor to implement;

a receiver component configured to receive a domain name lookup request, wherein the domain lookup request includes a nonce;

a nonce removal component configured to remove the nonce from the domain name lookup request;

a resolver component configured to return information from a cache in response to the domain name lookup request without the nonce; and

an inference component configured to facilitate ascertaining a location of the nonce based on characteristics of a nonce protocol.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Domain name caching mechanisms are provided to address cache-defeating approaches. Domain name lookup requests are processed and cached information associated with a non-identical domain name returned in response. Cache-defeating behavior including nonce injection can be detected or inferred and employed to map domain name requests to previously cached information thereby exposing the benefits of caching.

63 Citations

View as Search Results

19 Claims

1. A domain name caching system, comprising:
- a processor;
  
  and a memory component communicatively coupled to the processor, the memory component having stored therein computer-executable instructions that when executed by the processor cause the processor to implement;
  
  a receiver component configured to receive a domain name lookup request, wherein the domain lookup request includes a nonce;
  
  a nonce removal component configured to remove the nonce from the domain name lookup request;
  
  a resolver component configured to return information from a cache in response to the domain name lookup request without the nonce; and
  
  an inference component configured to facilitate ascertaining a location of the nonce based on characteristics of a nonce protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the domain name lookup request includes a nonce pattern.
  - 3. The system of claim 2, wherein the nonce removal component is configured to remove the nonce pattern from the domain name lookup request.
  - 4. The system of claim 1, wherein the inference component is configured to infer at least one of a presence or a position of the nonce.
  - 5. The system of claim 4, further comprising a request component configured to facilitate ascertaining a location of the nonce as a function of characteristics of a request stream.
  - 6. The system of claim 5, wherein the request component is configured to analyze a similarity of results of a variety of requests.
  - 7. The system of claim 4, wherein the inference component is configured to facilitate ascertaining a location of the nonce as a function of characteristics of a domain name server software.
  - 8. The system of claim 1, further comprising a verification component configured to verify that requests with new nonces return results consistent with prior requests to validate nonce inferences.

9. A domain name caching method, comprising:
- employing a processor to execute computer executable instructions stored on a computer readable storage medium to implement the following acts;
  
  receiving a domain name, wherein the domain name includes a nonce;
  
  removing the nonce from the domain name;
  
  returning a cached IP address associated with the domain name without the nonce; and
  
  ascertaining a location of the nonce based on characteristics of a nonce protocol.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, further comprising detecting a domain name pattern including the nonce.
  - 11. The method of claim 10, comprising detecting the domain name pattern as a function of characteristics of a nonce-protocol.
  - 12. The method of claim 10, comprising detecting the domain name pattern as a function of known name patterns.
  - 13. The method of claim 10, comprising detecting the domain name pattern as a function of characteristics of a request stream.
  - 14. The method of claim 10, comprising detecting the domain name pattern as a function of common nonce characteristics.
  - 15. The method of claim 10, comprising detecting the domain name pattern based on identical or similar replies to a variety of requests.
  - 16. The method of claim 10, comprising detecting the domain name pattern as a function of characteristics of a known software implementation.
  - 17. The method of claim 10, further comprising verifying the domain name pattern by synthesizing requests with new nonces, and verifying that the replies are consistent with results of prior client requests.

18. A domain name caching system, comprising:
- means for caching a result of an initial domain name lookup;
  
  means for receiving a subsequent domain name lookup, wherein the subsequent domain name lookup includes a nonce;
  
  means for removing the nonce from the subsequent domain name lookup;
  
  means for serving the result in response to associating the subsequent domain name lookup with the initial domain name; and
  
  means for ascertaining a location of the nonce based on characteristics of a nonce protocol.
- View Dependent Claims (19)
- - 19. The system of claim 18, further comprising a means for detecting a domain name pattern to facilitate an identification of equivalent domain names.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Elson, Jeremy Eric, Howell, Jonathan Ryan, Douceur, John R.
Primary Examiner(s)
Patel; Haresh N

Application Number

US12/035,652
Publication Number

US 20090216903A1
Time in Patent Office

1,047 Days
Field of Search

709/245, 709/246, 709217-228
US Class Current

709/245
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 61/5076   Update or notification mech...

H04L 61/58   Caching of addresses or names

Defeating cache resistant domain name systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Defeating cache resistant domain name systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links