Apparatus for filtering server responses
First Claim
1. A data processing apparatus, comprising:
- at least one processor;
a traffic monitor comprising logic which, when executed by the at least one processor, causes the at least one processor to perform;
creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses;
wherein the mapping identifies only those domain names that are associated with malware;
determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action;
based on the mapping, determining one or more IP addresses that are associated with the particular domain;
generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a request that specifies one or more IP addresses that are associated with the particular domain;
upon receiving a particular request comprising a particular IP address, using the policy and the mapping to determine whether the particular IP address is one of the one or more IP addresses associated with the particular domain to indicate that the particular action should be performed.
0 Assignments
0 Petitions
Accused Products
Abstract
A data processing apparatus, comprising at least one processor and a traffic monitor comprising logic which, when executed by the processor, causes the processor to perform: creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a particular request; wherein the particular request specifies a particular IP address that is within the particular domain.
-
Citations
18 Claims
-
1. A data processing apparatus, comprising:
-
at least one processor; a traffic monitor comprising logic which, when executed by the at least one processor, causes the at least one processor to perform; creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; wherein the mapping identifies only those domain names that are associated with malware; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a request that specifies one or more IP addresses that are associated with the particular domain; upon receiving a particular request comprising a particular IP address, using the policy and the mapping to determine whether the particular IP address is one of the one or more IP addresses associated with the particular domain to indicate that the particular action should be performed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; wherein the mapping identifies only those domain names that are associated with malware; determining whether a particular domain in the mapping requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a request that specifies one or more IP addresses that are associated with the particular domain; upon receiving a particular request comprising a particular IP address, using the policy and the mapping to determine whether the particular IP address is one of the one or more IP addresses associated with the particular domain to indicate that the particular action should be performed. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
creating, using forward Domain Name System (DNS) lookups, a mapping of domain names to Internet Protocol (IP) addresses; wherein the mapping identifies only those domain names that are associated with malware; determining whether a particular domain, listed on the mapping, requires handling data traffic to or from the particular domain by performing a particular action; based on the mapping, determining one or more IP addresses that are associated with the particular domain; generating policy for a firewall that instructs the firewall to perform the particular action upon receiving a request that specifies one or more IP addresses that are associated with the particular domain; upon receiving a particular request comprising a particular IP address, using the policy and the mapping to determine whether the particular IP address is one of the one or more IP addresses associated with the particular domain to indicate that the particular action should be performed; wherein the method is performed by one or more processors. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification