Protecting against spoofed DNS messages
First Claim
Patent Images
1. A method for authenticating communication traffic, comprising:
- receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating communication traffic includes receiving a first request, such as a DNS request, sent over a network from a source address, to provide network information regarding a given domain name. A response is sent to the source address in reply to the first request. When a second request is from the source address in reply to the response, the authenticity of the first request is assessed based on the second request.
215 Citations
82 Claims
-
1. A method for authenticating communication traffic, comprising:
-
receiving a first request, sent over a network from a source address, to provide network information regarding a given domain name;
sending a response to the source address in reply to the first request;
receiving a second request from the source address in reply to the response; and
assessing authenticity of the first request based on the second request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for authenticating communication traffic, comprising:
-
receiving a data packet sent over a network from a source address to a destination address;
sending an outgoing Domain Name System (DNS) message to the source address;
receiving an incoming DNS message in response to the outgoing DNS message; and
processing the incoming DNS message so as to assess authenticity of the received data packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
- 22. Apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request.
- 34. Apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet.
- 42. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive a first request, sent over a network from a source address, to provide network information regarding a given domain name, to send a response to the source address in reply to the first request, to receive a second request from the source address in reply to the response, and to assess authenticity of the first request based on the second request.
- 54. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive a data packet sent over a network from a source address to a destination address, to send an outgoing Domain Name System (DNS) message to the source address, to receive an incoming DNS message in response to the outgoing DNS message, and to process the incoming DNS message so as to assess authenticity of the received data packet.
-
62. A method for authenticating communication traffic, comprising:
-
receiving a message, sent over a network from a source entity to a first destination entity;
sending a response to the source address, in answer to the message, redirecting the source address to communicate with a second destination entity; and
communicating with the source entity using the second destination entity in order to assess authenticity of the message. - View Dependent Claims (63, 64, 65, 66, 67)
-
-
68. A method for providing information from a database maintained by a server, comprising:
-
holding a cache of entries from the database on a proxy device separate from the server;
intercepting at the proxy device a request conveyed by a requester over a communication network to the server to receive information from the database; and
if the information is present in the cache, conveying the information from the proxy device to the requester, without submitting the request to the server.
-
- 69. Apparatus for authenticating communication traffic, comprising a guard device, which is adapted to receive a message, sent over a network from a source entity to a first destination entity, and to send a response to the source address, in answer to the message, redirecting the source address to communicate with a second destination entity, and to communicate with the source entity using the second destination entity in order to assess authenticity of the message.
-
75. Apparatus for providing information from a database maintained by a server, comprising a proxy device, separate from the server, wherein the proxy device is adapted to hold a cache of entries from the database, and to intercept a request conveyed by a requester over a communication network to the server to receive information from the database, and if the information is present in the cache, to convey the information from the proxy device to the requester, without submitting the request to the server.
- 76. A computer software product for authenticating communication traffic, comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive a message, sent over a network from a source entity to a first destination entity, and to send a response to the source address, in answer to the message, redirecting the source address to communicate with a second destination entity, and to communicate with the source entity using the second destination entity in order to assess authenticity of the message.
-
82. A computer software product for providing information from a database maintained by a server, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer separate from the server, cause the computer to hold a cache of entries from the database, and to intercept a request conveyed by a requester over a communication network to the server to receive information from the database, and if the information is present in the cache, to convey the information from the proxy device to the requester, without submitting the request to the server.
Specification