SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS
The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Patent |
| Sprache: | eng ; fre ; ger |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | MUTHIAH, Manikam |
| description | The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_EP2997718B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EP2997718B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_EP2997718B13</originalsourceid><addsrcrecordid>eNqNjDEOgkAQAGksjPqH_YAFWiDlurfARdgzd4uRihBzFsYoCf4_UvgAq2lmZpk8QheUG0Ax0LBWzkDhPHg2LVkpwbBYrMEVENhfLDGgKtIpAJZoJSiYTrCxhHXdQcnCHpUNCF91Tqj1PM_IeRPWyeI-PKe4-XGVQMFK1TaO7z5O43CLr_jp-bzL8yxLD8d0_4fyBQymNcU</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS</title><source>esp@cenet</source><creator>MUTHIAH, Manikam</creator><creatorcontrib>MUTHIAH, Manikam</creatorcontrib><description>The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP.</description><language>eng ; fre ; ger</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20180801&DB=EPODOC&CC=EP&NR=2997718B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20180801&DB=EPODOC&CC=EP&NR=2997718B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>MUTHIAH, Manikam</creatorcontrib><title>SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS</title><description>The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNjDEOgkAQAGksjPqH_YAFWiDlurfARdgzd4uRihBzFsYoCf4_UvgAq2lmZpk8QheUG0Ax0LBWzkDhPHg2LVkpwbBYrMEVENhfLDGgKtIpAJZoJSiYTrCxhHXdQcnCHpUNCF91Tqj1PM_IeRPWyeI-PKe4-XGVQMFK1TaO7z5O43CLr_jp-bzL8yxLD8d0_4fyBQymNcU</recordid><startdate>20180801</startdate><enddate>20180801</enddate><creator>MUTHIAH, Manikam</creator><scope>EVB</scope></search><sort><creationdate>20180801</creationdate><title>SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS</title><author>MUTHIAH, Manikam</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_EP2997718B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng ; fre ; ger</language><creationdate>2018</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>MUTHIAH, Manikam</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>MUTHIAH, Manikam</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS</title><date>2018-08-01</date><risdate>2018</risdate><abstract>The present solution reduces denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng ; fre ; ger |
| recordid | cdi_epo_espacenet_EP2997718B1 |
| source | esp@cenet |
| subjects | ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | SYSTEM AND METHOD FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-30T12%3A01%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=MUTHIAH,%20Manikam&rft.date=2018-08-01&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EEP2997718B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |