Systems and Methods of DNS Grey Listing

Systems and Methods of DNS Grey Listing

To circumvent being blacklisted by an ISP, some viruses use a domain name generator algorithm or a domain generator algorithm (DGA). In an example, the DGA may use the current date and time to generate a random domain name based on the date. So for a given date, the botnet registers a particular dom...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: CAROTHERS MATTHEW EDWIN
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:To circumvent being blacklisted by an ISP, some viruses use a domain name generator algorithm or a domain generator algorithm (DGA). In an example, the DGA may use the current date and time to generate a random domain name based on the date. So for a given date, the botnet registers a particular domain in order to control the Trojan horse virus. The domain name that the botnet uses typically changes every day, which helps circumvent blacklisting. To counteract that, the disclosed systems and methods of DNS greylisting place a domain name in a grey list for a time period, for example a day, that the domain is resolved by the ISP. The first time the ISP experiences a customer trying to contact a particular domain, the ISP prevents the domain from resolving. After the time period (for example, 24 hours) expires, the domain is allowed to resolve normally.