DNS Response Spoofing
A method of analysing traffic between a first network device 10 and a second device, which may be a DNS server having a recursive resolver 11, comprises: receiving 906 at a third device, which may be a packet sniffer 16, a query data packet such as a DNS query from the first device; analysing 910 th...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A method of analysing traffic between a first network device 10 and a second device, which may be a DNS server having a recursive resolver 11, comprises: receiving 906 at a third device, which may be a packet sniffer 16, a query data packet such as a DNS query from the first device; analysing 910 the contents thereof; and transmitting 914 to the first device dependent on the analysis a response data packet with a header having an identifier such as an IP address related to the second device. This may be a spoofed response which appears to have originated from resolver 11. Prior to analysis, the packet may be forwarded 908 to resolver 11. Analysing the query data packet may involve analysing a DNS request within the packet, and it may be determined whether the first device is permitted access to an address related to the request. For example, the service provided by the website server may be categorised by flagging requested names which are obscene, related to gambling or alcohol, or unacceptable to the government. The query data packet may include a transaction ID in its header to enable matching a returned response to a previously transmitted query. |
|---|