首页> 外国专利> SELECTIVE SINKHOLING OF MALWARE DOMAINS BY A SECURITY DEVICE VIA DNS POISONING

SELECTIVE SINKHOLING OF MALWARE DOMAINS BY A SECURITY DEVICE VIA DNS POISONING

机译：通过DNS中毒通过安全设备对恶意软件域进行选择性加密

页面导航

摘要
著录项
相似文献

摘要

Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.

机译：提供了一种技术，该技术用于通过DNS中毒使安全设备选择性地恶意软件域沉没。在一些实施例中，安全设备经由DNS中毒对恶意软件域的选择性沉陷包括从安全设备处的本地DNS服务器拦截对网络域的DNS查询，其中网络域被确定为不良网络域，并且确定不良网络域与恶意软件相关联（例如，恶意软件域）;生成针对该DNS查询的DNS查询响应，以发送给本地DNS服务器，其中，该DNS查询响应中包含针对该不良网络域的指定宿IP地址，以利于安全设备识别受感染主机。

著录项

公开/公告号US2019190948A1

专利类型
公开/公告日2019-06-20

原文格式PDF
申请/专利权人 PALO ALTO NETWORKS INC.;
展开▼

申请/专利号US201916283545
发明设计人 HUAGANG XIE;TAYLOR ETTEMA;
展开▼

申请日2019-02-22
分类号H04L29/06;H04L29/12;
国家 US
入库时间 2022-08-21 12:09:19

相似文献

专利
外文文献
中文文献