Systems and methods for detecting the insertion of poisoned DNS server addresses into DHCP servers
First Claim
1. A computer-implemented method for detecting the insertion of poisoned Domain Name System (“
- DNS”
) server addresses into Dynamic Host Configuration Protocol (“
DHCP”
) servers, at least a portion of the method being performed by a client computing device comprising at least one processor, the method comprising;
monitoring, at the client computing device, a DHCP server that provides DHCP services to the client computing device;
identifying, by monitoring the DHCP server at the client computing device, a DNS server address provided by the DHCP server to the client computing device;
determining, at the client computing device, that the DNS server address provided by the DHCP server differs from a prior DNS server address that was previously provided to the client computing device by the same DHCP server;
determining, at the client computing device due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk;
performing, at the client computing device, a security operation in an attempt to remedy the potential security risk.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting the insertion of poisoned DNS server addresses into DHCP servers may include: 1) identifying a DNS server address provided by a DHCP server, 2) determining that the DNS server address provided by the DHCP server differs from a prior DNS server address provided by the DHCP server, 3) determining, due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk, and then 4) performing a security operation in an attempt to remedy the potential security risk.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting the insertion of poisoned Domain Name System (“
- DNS”
) server addresses into Dynamic Host Configuration Protocol (“
DHCP”
) servers, at least a portion of the method being performed by a client computing device comprising at least one processor, the method comprising;monitoring, at the client computing device, a DHCP server that provides DHCP services to the client computing device; identifying, by monitoring the DHCP server at the client computing device, a DNS server address provided by the DHCP server to the client computing device; determining, at the client computing device, that the DNS server address provided by the DHCP server differs from a prior DNS server address that was previously provided to the client computing device by the same DHCP server; determining, at the client computing device due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk; performing, at the client computing device, a security operation in an attempt to remedy the potential security risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- DNS”
-
10. A system for detecting the insertion of poisoned Domain Name System (“
- DNS”
) server addresses into Dynamic Host Configuration Protocol (“
DHCP”
) servers, the system comprising;an address-identification module programmed to cause a client computing device to; monitor a DHCP server that provides DHCP services to the client computing device; identify, by monitoring the DHCP server, a DNS server address provided by the DHCP server to the client computing device; an address-comparison module programmed to cause the client computing device to determine that the DNS server address provided by the DHCP server differs from a prior DNS server address that was previously provided to the client computing device by the same DHCP server; a security module programmed to cause the client computing device to; determine, due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk; perform a security operation in an attempt to remedy the potential security risk; at least one processor and a memory device configured to execute the address-identification module, the address-comparison module, and the security module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- DNS”
-
19. A non-transitory computer-readable medium comprising computer-executable instructions that, when executed by at least one processor of a client computing device, cause the client computing device to:
-
monitor, at the client computing device, a Dynamic Host Configuration Protocol (“
DHCP”
) server that provides DHCP services to the client computing device;identify, by monitoring the DHCP server at the client computing device, a Domain Name System (“
DNS”
) server address provided by the DHCP server to the client computing device;determine, at the client computing device, that the DNS server address provided by the DHCP server differs from a prior DNS server address that was previously provided to the client computing device by the same DHCP server; determine, at the client computing device due at least in part to the DNS server address differing from the prior DNS server address, that a DNS server located at the DNS server address provided by the DHCP server represents a potential security risk; perform, at the client computing device, a security operation in an attempt to remedy the potential security risk. - View Dependent Claims (20)
-
Specification