首页>
外国专利>
System for detecting the presence of rogue domain name service providers through passive monitoring
System for detecting the presence of rogue domain name service providers through passive monitoring
展开▼
机译:通过被动监视检测恶意域名服务提供商的存在的系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method, system, and computer program product embodied in a computer readable storage medium are disclosed for identifying a rogue domain name service (DNS) server. Embodiments include passively monitoring traffic on a target network; and identifying a DNS resolution response in the traffic on the network. The DNS resolution response includes a mapping of a domain to an internet protocol (IP) address. The DNS resolution response is compared with a preconfigured list of known mappings of domains to IP addresses. Based on the results of the comparison, it can be determined whether the DNS resolution response is correct. In cases where the DNS resolution response is incorrect, the provider of the DNS resolution response is a rogue DNS server.
展开▼