Firewall based on domain names

US 20080184357A1
Filed: 01/25/2007
Published: 07/31/2008
Est. Priority Date: 01/25/2007
Status: Active Grant

First Claim

Patent Images

1. A method for selectively allowing access to a node exterior of a network using a network firewall comprising:

monitoring a request to a Domain Name Service (DNS) server, said request including a domain name for said node, said monitoring occurring at said network firewall;

receiving an IP address identified in a response to said request, said receiving occurring at said network firewall;

associating said IP address with said domain name, thereby providing an association of said IP address with said domain name;

recording said association;

utilizing said association to provide a determination of whether said access to said node is allowable; and

selectively granting said access to content from said node based on said determination, said selective granting being via automated operations of said network firewall.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a firewall capable of blocking access to a website or other Internet node based on a domain name. A DNS request is monitored and a domain name is decoded from the DNS request. An IP address is received in a response to the DNS request. The IP address and domain name are associated with each other. The steps are executed non-intrusively with respect to traffic flow through the firewall. Afterward, a determination is made if the IP address is associated with a domain name for which access is restricted. If the domain name is a restricted domain name, access to content of the website is denied by blocking traffic flow on the basis of identifying the source IP address of data packets.

74 Citations

View as Search Results

14 Claims

1. A method for selectively allowing access to a node exterior of a network using a network firewall comprising:
- monitoring a request to a Domain Name Service (DNS) server, said request including a domain name for said node, said monitoring occurring at said network firewall;
  
  receiving an IP address identified in a response to said request, said receiving occurring at said network firewall;
  
  associating said IP address with said domain name, thereby providing an association of said IP address with said domain name;
  
  recording said association;
  
  utilizing said association to provide a determination of whether said access to said node is allowable; and
  
  selectively granting said access to content from said node based on said determination, said selective granting being via automated operations of said network firewall.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising inputting rules to a rules base for allowing access to said node, said rules base identifying a plurality of domain names.
  - 3. The method of claim 1 wherein said monitoring includes decoding said domain name from said request.
  - 4. The method of claim 3 wherein said granting said access includes granting said access based on said association of said IP address and said domain name.
  - 5. The method of claim 1 wherein said storing includes automatically updating a rules base.
  - 6. The method of claim 5 wherein said rules base includes a lookup table having a plurality of said associations.
  - 7. The method of claim 1 wherein said granting includes receiving said content from said node at a port separate from a port from which said response to said request was received.

8. Computer-executable code stored on a computer-readable medium for enabling a method comprising:
- generating a rules base that includes rules restricting access to particular said websites, said rules including identifications of domain names;
  
  detecting a Domain Name Service (DNS) request, said DNS request including a domain name for a specific website, said detecting occurring at a network firewall;
  
  receiving an IP address for said website as a response to said DNS request, said receiving occurring at said network firewall;
  
  enabling enforcement of said rules base, including providing an association of said IP address and said domain name;
  
  enforcing said rules base to selectively grant access to said website, thereby providing an enforcement of said rules base; and
  
  dynamically updating said rules base for subsequent said enforcements.
- View Dependent Claims (9, 10, 11)
- - 9. The computer-executable code of claim 8 wherein said enforcement includes an enforcement based on said association of said IP address and said domain name.
  - 10. The computer-executable code of claim 8 wherein said granting includes receiving content at a port separate from a port from which said response to said DNS request was received.
  - 11. The computer-executable code of claim 8 wherein said rules base includes a lookup table having a plurality of said associations.

12. A network firewall for enforcement of a rules base to selectively restrict access to a website exterior of a network comprising:
- a Domain Name Service (DNS) request monitor for decoding domain names embedded within DNS requests;
  
  a receiver configured to accept an IP address as a response to each said DNS request;
  
  a domain name rules base having identifications of restricted domain names;
  
  an automatic update component for recording current associations between IP addresses and said restricted domain names, said automatic update component being responsive to said receiver; and
  
  a controller configured to selectively deny access to said websites based on said rules base and said associations.
- View Dependent Claims (13, 14)
- - 13. The network firewall of claim 12 wherein said controller is configured to receive content from said website at a port separate from said port from which said response to said DNS request was received.
  - 14. The network firewall of claim 12 wherein said automatic update component updates a lookup table having a plurality of said associations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Barracuda Networks Incorporated
Inventors
Drako, Dean M., Shi, Fleming M., Levow, Zachary S.

Granted Patent

US 8,122,493 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

Firewall based on domain names

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall based on domain names

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links