Invention Grant
- Patent Title: Selective sinkholing of malware domains by a security device via DNS poisoning
-
Application No.: US15075003Application Date: 2016-03-18
-
Publication No.: US10257221B2Publication Date: 2019-04-09
- Inventor: Huagang Xie , Taylor Ettema
- Applicant: Palo Alto Networks, Inc.
- Applicant Address: US CA Santa Clara
- Assignee: Palo Alto Networks, Inc.
- Current Assignee: Palo Alto Networks, Inc.
- Current Assignee Address: US CA Santa Clara
- Agency: Van Pelt, Yi & James LLP
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00 ; H04L29/06 ; H04L29/12
Abstract:
Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.
Public/Granted literature
- US20160277438A1 SELECTIVE SINKHOLING OF MALWARE DOMAINS BY A SECURITY DEVICE VIA DNS POISONING Public/Granted day:2016-09-22
Information query
