DNS snooping to create IP address-based trust database used to select deep packet inspection and storage of IP packets
First Claim
1. A method comprising:
- at a network device through which client devices communicate with a network;
creating an Internet Protocol (IP) address-based trust database that maps IP addresses each to a respective trust metric for a domain name associated with each said IP address wherein the respective trust metric for the domain name includes a respective domain name category represented as a number;
intercepting an IP packet sent from a client device to the network and that indicates a destination IP address for a network-accessible resource associated with a domain name;
using the destination IP address in the intercepted IP packet, retrieving from the IP address-based trust database the domain name trust metric, including the respective domain name category, mapped to the destination IP address; and
processing IP packets received from the destination IP address based on the retrieved domain name trust metric and a predetermined trust metric criterion, the processing including;
comparing the retrieved domain name category to a predetermined number range representative of the predetermined trust metric criterion to determine whether the retrieved domain name category is in the predetermined number range and, based on results of the comparing;
depending on whether the retrieved domain name category is in the predetermined number range or is not in the predetermined number range, respectively sending or not sending header information in each of the IP packets to a data store.
1 Assignment
0 Petitions
Accused Products
Abstract
At a network device through which client devices communicate with a network, a database is created that maps Internet Protocol (IP) addresses each to a respective trust metric for a domain name associated with the IP address. An IP packet sent from a client device to the network and that indicates a destination IP address for a network-accessible resource associated with a domain name is intercepted. Using the destination IP address in the intercepted IP packet, the domain name trust metric mapped to the destination IP address is retrieved from the database. IP packets received from the destination IP address are processed based on the retrieved domain name trust metric and a predetermined trust metric criterion.
18 Citations
20 Claims
-
1. A method comprising:
-
at a network device through which client devices communicate with a network; creating an Internet Protocol (IP) address-based trust database that maps IP addresses each to a respective trust metric for a domain name associated with each said IP address wherein the respective trust metric for the domain name includes a respective domain name category represented as a number; intercepting an IP packet sent from a client device to the network and that indicates a destination IP address for a network-accessible resource associated with a domain name; using the destination IP address in the intercepted IP packet, retrieving from the IP address-based trust database the domain name trust metric, including the respective domain name category, mapped to the destination IP address; and processing IP packets received from the destination IP address based on the retrieved domain name trust metric and a predetermined trust metric criterion, the processing including; comparing the retrieved domain name category to a predetermined number range representative of the predetermined trust metric criterion to determine whether the retrieved domain name category is in the predetermined number range and, based on results of the comparing; depending on whether the retrieved domain name category is in the predetermined number range or is not in the predetermined number range, respectively sending or not sending header information in each of the IP packets to a data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a network interface unit configured to communicate with client devices over a network; and a processor coupled to the network interface unit and configured to; create an Internet Protocol (IP) address-based trust database that maps IP addresses each to a respective trust metric for a domain name associated with the each said IP address, wherein the respective trust metric for the domain name includes a respective domain name category represented as a number; intercept an IP packet sent from a client device to the network and that indicates a destination IP address for a network-accessible resource associated with a domain name; using the destination IP address in the intercepted IP packet, retrieve from the IP address-based trust database the domain name trust metric, including the respective domain name category, mapped to the destination IP address; and process IP packets received from the destination IP address based on the retrieved domain name trust metric and a predetermined trust metric criterion, wherein the processor is further configured to; compare the retrieved domain name category to a predetermined number range representative of the predetermined trust metric criterion to determine whether the retrieved domain name category is in the predetermined number range and, based on results of the compare; depending on whether the retrieved domain name category is in the predetermined number range or is not in the predetermined number range, respectively send or not send header information in each of the IP packets to a data store. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a network device through which client devices communicate with a network, cause the processor to:
-
create an Internet Protocol (IP) address-based trust database that maps IP addresses each to a respective trust metric for a domain name associated with the each said IP address, wherein the respective trust metric for the domain name includes a respective domain name category represented as a number; intercept an IP packet sent from a client device to the network and that indicates a destination IP address for a network-accessible resource associated with a domain name; using the destination IP address in the intercepted IP packet, retrieve from the IP address-based trust database the domain name trust metric, including the respective domain name category, mapped to the destination IP address; and process IP packets received from the destination IP address based on the retrieved domain name trust metric and a predetermined trust metric criterion, wherein the instructions to cause the processor to process include instructions to cause the processor to; compare the retrieved domain name category to a predetermined number range representative of the predetermined trust metric criterion to determine whether the retrieved domain name category is in the predetermined number range and, based on results of the compare; depending on whether the retrieved domain name category is in the predetermined number range or is not in the predetermined number range, respectively send or not sending header information in each of the IP packets to a data store. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification