System and method for identification and blocking of malicious use of servers
First Claim
Patent Images
1. A computer system for detecting a fraudulent domain name service (DNS) server, the computer system comprising:
- a central processing unit;
a computer-readable tangible storage device; and
program instructions to detect a frequency at which requests sent by the computer system to a first DNS server are redirected to another DNS server; and
program instructions to compare the frequency to a predetermined threshold, and determine that the first DNS server is fraudulent based in part on the frequency exceeding the predetermined threshold; and
wherein the program instructions to detect and the program instructions to determine are stored on the computer-readable tangible storage device for execution by the central processing unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method to protect web applications from malicious attacks and, in particular, a system and method for identification and blocking of malicious DNS servers. The system includes a central processing unit and first program instructions. The first program instructions identify a rogue Domain Name Service (DNS) by identifying that a DNS metric is outside a historical limit. The first program instructions are stored on the computer system for execution by the central processing unit.
9 Citations
7 Claims
-
1. A computer system for detecting a fraudulent domain name service (DNS) server, the computer system comprising:
-
a central processing unit; a computer-readable tangible storage device; and program instructions to detect a frequency at which requests sent by the computer system to a first DNS server are redirected to another DNS server; and program instructions to compare the frequency to a predetermined threshold, and determine that the first DNS server is fraudulent based in part on the frequency exceeding the predetermined threshold; and wherein the program instructions to detect and the program instructions to determine are stored on the computer-readable tangible storage device for execution by the central processing unit. - View Dependent Claims (2)
-
-
3. A computer system comprising:
-
a central processing unit; one or more computer-readable tangible storage devices; program instructions to identify a rogue Domain Name Service (DNS) server in part by determining that a response time metric is outside a historical range by; sending requests to peer nodes of the DNS server and measuring response times to the requests to the peer nodes, sending data to and receiving data from network devices on a same network as the DNS server and measuring response times to the data which was sent to the network devices, and comparing current instances of the response times to the requests to the peer nodes and to the data which was sent to the network devices to respective historical ranges of the response times to the requests to the peer nodes and the data which was sent to the network devices; and wherein the program instructions are stored on the one or more computer-readable tangible storage devices for execution by the central processing unit. - View Dependent Claims (4, 5)
-
-
6. A computer program product for detecting a fraudulent domain name service (DNS) server, the computer program product comprising:
-
one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising; program instructions to detect a frequency at which requests sent by the computer system to a first DNS server are redirected to another DNS server; and program instructions to compare the frequency to a predetermined threshold, and determine that the first DNS server is fraudulent based in part on the frequency exceeding the predetermined threshold. - View Dependent Claims (7)
-
Specification