METHOD AND SYSTEM FOR DETECTING AND RESPONDING TO ATTACKING NETWORKS
First Claim
Patent Images
1. A method of detecting a first network of compromised computers in a second network of computers, comprising:
- collecting Domain Name System (DNS) data for the second network;
examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and
determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting a first network of compromised computers in a second network of computers, comprising: collecting Domain Name System (DNS) data for the second network; examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination.
571 Citations
56 Claims
-
1. A method of detecting a first network of compromised computers in a second network of computers, comprising:
-
collecting Domain Name System (DNS) data for the second network; examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 27, 28, 29, 30, 31, 32, 33, 34, 43, 44, 45, 46, 47, 48, 49)
-
-
14. A system for detecting a first network of compromised computers in a second network of computers, comprising:
-
a computer, adapted to be connected to the second network and receive Domain Name System (DNS) data for the second network, the computer capable of; collecting DNS data for the second network; examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 35, 36, 37, 38, 39, 40, 41, 42, 50, 51, 52, 53, 54, 55, 56)
-
Specification