System, method, and computer program product for preventing a modification to a domain name system setting
First Claim
Patent Images
1. At least one non-transitory tangible computer readable storage medium having instructions stored thereon, the instructions when executed on a machine cause the machine to:
- detect an attempt for modification of a domain name system setting;
identify an attribute of the modification;
verify a source of the attempt by executing a hash in order to compare the source against a whitelist that includes predetermined non-malicious sources;
verify the attribute of the modification by comparing the attribute of the modification against at least one of a whitelist containing known good attributes and a blacklist containing known at least potentially malicious attributes;
prevent the modification to the domain name system setting when the verifying of the source of the attempt is indicative that the source is a potentially malicious source and the verifying of the attribute of the modification is indicative that the attribute of the modification is a potentially malicious attribute.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for preventing a modification to a domain name system setting. In use, an attempt to modify a domain name system setting is detected. Additionally, a source of the attempt and an attribute of the modification are verified. Further, the modification to the domain name system setting is prevented, based on the verification.
24 Citations
15 Claims
-
1. At least one non-transitory tangible computer readable storage medium having instructions stored thereon, the instructions when executed on a machine cause the machine to:
-
detect an attempt for modification of a domain name system setting; identify an attribute of the modification; verify a source of the attempt by executing a hash in order to compare the source against a whitelist that includes predetermined non-malicious sources; verify the attribute of the modification by comparing the attribute of the modification against at least one of a whitelist containing known good attributes and a blacklist containing known at least potentially malicious attributes; prevent the modification to the domain name system setting when the verifying of the source of the attempt is indicative that the source is a potentially malicious source and the verifying of the attribute of the modification is indicative that the attribute of the modification is a potentially malicious attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method to be performed by a computer that includes a processor and a memory, comprising:
-
detecting an attempt for modification of a domain name system setting; identifying an attribute of the modification; verifying a source of the attempt by executing a hash in order to compare the source against a whitelist that includes predetermined non-malicious sources; verifying the attribute of the modification by comparing the attribute of the modification against at least one of a whitelist containing known good attributes and a blacklist containing known at least potentially malicious attributes; preventing the modification to the domain name system setting when the verifying of the source of the attempt is indicative that the source is a potentially malicious source and the verifying of the attribute of the modification is indicative that the attribute of the modification is a potentially malicious attribute.
-
-
14. A system, comprising:
-
a processor; and a memory, wherein the system is configured for; detecting an attempt for modification of a domain name system setting; identifying an attribute of the modification; verifying a source of the attempt by executing a hash in order to compare the source against a whitelist that includes predetermined non-malicious sources; verifying the attribute of the modification by comparing the attribute of the modification against at least one of a whitelist containing known good attributes and a blacklist containing known at least potentially malicious attributes; preventing the modification to the domain name system setting when the verifying of the source of the attempt is indicative that the source is a potentially malicious source and the verifying of the attribute of the modification is indicative that the attribute of the modification is a potentially malicious attribute. - View Dependent Claims (15)
-
Specification