Methods and systems for addressing DNS rebinding

US 7,970,939 B1
Filed: 12/31/2007
Issued: 06/28/2011
Est. Priority Date: 12/31/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain;

storing a domain-name record, the domain-name record associating the internet address with the first computing-device address;

using the domain-name record to bind the first domain to the first computing-device address;

preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address;

wherein;

using the domain-name record to bind the first domain to the first computing-device address comprises providing the domain-name record in response to a subsequent domain-name-service query for the first domain;

preventing the first domain from being rebound comprises;

prohibiting, until the request to leave the first domain is detected, modification of the domain-name record;

the request to leave the first domain comprises at least one of;

a request to navigate to a second domain;

a request to terminate a browser window;

a request to terminate a browser tab.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method comprising detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain. The method may also comprise storing a domain-name record, the domain-name record associating the internet address with the first computing-device address. The method may comprise using the domain-name record to bind the first domain to the first computing-device address and preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address. Systems and computer-readable media for addressing DNS rebinding are also disclosed.

57 Citations

View as Search Results

16 Claims

1. A computer-implemented method comprising:
- detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain;
  
  storing a domain-name record, the domain-name record associating the internet address with the first computing-device address;
  
  using the domain-name record to bind the first domain to the first computing-device address;
  
  preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address;
  
  wherein;
  
  using the domain-name record to bind the first domain to the first computing-device address comprises providing the domain-name record in response to a subsequent domain-name-service query for the first domain;
  
  preventing the first domain from being rebound comprises;
  
  prohibiting, until the request to leave the first domain is detected, modification of the domain-name record;
  
  the request to leave the first domain comprises at least one of;
  
  a request to navigate to a second domain;
  
  a request to terminate a browser window;
  
  a request to terminate a browser tab.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, further comprising:
    - detecting a request to navigate to the first domain, the request comprising the internet address;
      
      permitting a domain-name-service query for the internet address to be sent to a domain-name-service server.
  - 3. The computer-implemented method of claim 1, wherein modification of the domain-name record comprises at least one of:
    - deleting the domain-name record;
      
      overwriting the domain-name record;
      
      editing the domain-name record.
  - 4. The computer-implemented method of claim 1, further comprising detecting the request to leave the first domain.
  - 5. The computer-implemented method of claim 1, wherein detecting the request to leave the first domain comprises:
    - detecting a request to navigate to a second domain;
      
      comparing the first domain with the second domain;
      
      determining that the first domain does not comprise the second domain.
  - 6. The computer-implemented method of claim 5, wherein:
    - a request to navigate to the first domain comprises a first uniform resource locator;
      
      the request to navigate to the second domain comprises a second uniform resource locator;
      
      comparing the first domain with the second domain comprises comparing the first uniform resource locator with the second uniform resource locator.
  - 7. The computer-implemented method of claim 1, wherein preventing the first domain from being rebound to a second computing-device address is performed by a browser plug-in.
  - 8. The computer-implemented method of claim 1, wherein preventing the first domain from being rebound to a second computing-device is performed by a domain-name-system proxy installed at a kernel level.
  - 9. The computer-implemented method of claim 1, further comprising:
    - receiving a request to access a non-existing port at the first domain;
      
      preventing the domain-name record from being modified in response to the request to access the non-existing port.
  - 10. The computer-implemented method of claim 1, wherein preventing the first domain from being rebound to a second computing-device address comprises ignoring a time-to-live value for the domain-name record.
  - 11. The method of claim 1, further comprising:
    - hooking a domain-name-system query application-programming interface.

12. A system comprising:
- a browser plug-in for a network browser, the browser plug-in comprising;
  
  a detection module configured to detect a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain;
  
  a domain-name record cache configured to store a domain-name record, the domain-name record associating the internet address with the first computing-device address;
  
  a domain-name-system response module configured to use the domain-name record to bind the first domain to the first computing-device address by providing the domain-name record in response to a domain-name-service query for the first domain;
  
  a security module configured to prevent, until the browser leaves the first domain, the first domain from being rebound to a second computing-device address;
  
  at least one processor configured to execute the browser plug-in;
  
  wherein the browser plug-in comprises a browser-helper object;
  
  the Internet address comprises at least one of a uniform resource identifier and a uniform resource locator; and
  
  the first computing-device address comprises an internet protocol address.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the security module is configured to clear the cache after the browser leaves the first domain.
  - 14. The system of claim 12, further comprising a reporting module configured to report an attempt to rebind the first domain to the second computing-device address.

15. A system comprising:
- a domain-name-system proxy installed at a kernel level, the domain-name-system proxy comprising;
  
  a detection module configured to detect a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain;
  
  a domain-name record cache configured to store a domain-name record, the domain-name record associating the internet address with the first computing-device address;
  
  a domain-name-system response module configured to use the domain-name record to bind the first domain to the first computing-device address by providing the domain-name record in response to a domain-name-service query for the first domain;
  
  a security module configured to prevent, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address;
  
  at least one processor configured to execute the domain-name-system proxy;
  
  wherein a browser plug-in comprises the domain-name-system response module and the security module; and
  
  wherein the browser plug-in is configured to communicate with the domain-name-system proxy.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the domain-name-system proxy comprises the domain-name-system response module and the security module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Gabriel, Basil, Satish, Sourabh
Primary Examiner(s)
Dalencourt; Yves

Application Number

US11/967,954
Time in Patent Office

1,275 Days
Field of Search

709/245, 709/224
US Class Current

709/245
CPC Class Codes

H04L 61/10   of different types

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Methods and systems for addressing DNS rebinding

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for addressing DNS rebinding

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links