| 发明名称 | System for detecting the presence of rogue domain name service providers through passive monitoring | ||
| 摘要 | A method, system, and computer program product embodied in a computer readable storage medium are disclosed for identifying a rogue domain name service (DNS) server. Embodiments include passively monitoring traffic on a target network; and identifying a DNS resolution response in the traffic on the network. The DNS resolution response includes a mapping of a domain to an internet protocol (IP) address. The DNS resolution response is compared with a preconfigured list of known mappings of domains to IP addresses. Based on the results of the comparison, it can be determined whether the DNS resolution response is correct. In cases where the DNS resolution response is incorrect, the provider of the DNS resolution response is a rogue DNS server. | ||
| 申请公布号 | US9225731(B2) | 申请公布日期 | 2015.12.29 |
| 申请号 | US201213479412 | 申请日期 | 2012.05.24 |
| 申请人 | International Business Machines Corporation | 发明人 | Crume Jeffery L. |
| 分类号 | H04L29/12;H04L29/06;H04L12/26 | 主分类号 | H04L29/12 |
| 代理机构 | Hoffman Warnick LLC | 代理人 | Lashmit Douglas A.;Hoffman Warnick LLC |
| 主权项 | 1. A method for identifying a rogue domain name service (DNS) server, the method comprising: passively monitoring traffic on a network; identifying a DNS resolution response in the traffic on the network, wherein the DNS resolution response includes a mapping of a domain to an internet protocol (IP) address; comparing the DNS resolution response with a preconfigured list of known mappings of domains to IP addresses, wherein each IP address in the preconfigured list of known mappings of domains to IP addresses is a range of IP addresses expressed using at least one wild card; and determining whether the DNS resolution response is correct based on the comparing. | ||
| 地址 | Armonk NY US | ||