Abstract: In an embodiment, a computer-implemented method prevents use of a network protocol over an encrypted channel. In the method, a packet is received on an encrypted channel addressed to a network address. It is determined whether a network host at the network address is able to service a request formatted according to the network protocol over the encrypted channel. When the network host is determined to be able to resolve to a domain name over the encrypted channel, the network packet is blocked.

Abstract: In an embodiment, a computer-implemented method prevents use of a network protocol over an encrypted channel. In the method, a packet is received on an encrypted channel addressed to a network address. It is determined whether a network host at the network address is able to service a request formatted according to the network protocol over the encrypted channel. When the network host is determined to be able to resolve to a domain name over the encrypted channel, the network packet is blocked.

Abstract: Systems and methods are described for detecting domain name impersonation in the domain name system (DNS). A nefarious party may register a domain name in the DNS that impersonates a domain name associated with a company in an attempt to lure users to malicious destination network addresses based on their trust of that company. This may lead to the dilution of the company's online presence as its domains come to be associated with malicious activity. In embodiments, a system is described which receives inputs from a subscriber including the domain names the subscriber wishes to protect, ignore, or give special scrutiny to. The system receives instances of domain names registered in the DNS and performs methods to determine if the domain name is attempting to impersonate the domain names of the subscriber. Alerts are generated so that the subscriber may take corrective action.

Abstract: Systems and methods are described for detecting domain name impersonation in the domain name system (DNS). A nefarious party may register a domain name in the DNS that impersonates a domain name associated with a company in an attempt to lure users to malicious destination network addresses based on their trust of that company. This may lead to the dilution of the company's online presence as its domains come to be associated with malicious activity. In embodiments, a system is described which receives inputs from a subscriber including the domain names the subscriber wishes to protect, ignore, or give special scrutiny to. The system receives instances of domain names registered in the DNS and performs methods to determine if the domain name is attempting to impersonate the domain names of the subscriber. Alerts are generated so that the subscriber may take corrective action.

Abstract: Systems and methods are described for detecting domain name impersonation in the domain name system (DNS). A nefarious party may register a domain name in the DNS that impersonates a domain name associated with a company in an attempt to lure users to malicious destination network addresses based on their trust of that company. This may lead to the dilution of the company's online presence as its domains come to be associated with malicious activity. In embodiments, a system is described which receives inputs from a subscriber including the domain names the subscriber wishes to protect, ignore, or give special scrutiny to. The system receives instances of domain names registered in the DNS and performs methods to determine if the domain name is attempting to impersonate the domain names of the subscriber. Alerts are generated so that the subscriber may take corrective action.

Abstract: In an embodiment, a computer-implemented method detects updates to a domain name system record system. In the method, a stream of data points is received with each data point describing a record of a domain name system. For respective data points, a processor is selected from a plurality of processors. The processors are each configured to apply a data point against a common filter that assesses whether the data point is in a set. At the selected processor, the respective data point is applied to the common filter to determine whether the record is included in the set. When the record is determined not to be included in the set, a message is provided to indicate that the domain name system includes a new record, and the common filter is updated to include the data point in the set.

Abstract: A computer-implemented method updates a domain name system blacklist in a lock-free manner is disclosed. In the method, an entry of the domain name blacklist is read at a DNS resolver in a plurality of DNS resolvers. The entry specifies a policy for the DNS resolver to execute when the DNS resolver receives a request to resolve a domain name. Before the reading is complete, an updated entry of the domain name blacklist is received, a new record to the domain name blacklist is added, and the entry being read is placed into a garbage pool having a current version number. Independently from the reading of the entry, the current version number is incremented and a new garbage pool is created for the incremented version number. When the reading is complete, the current version number is assigned to the DNS resolver.

Abstract: In an embodiment, a computer-implemented method detects updates to a domain name system record system. In the method, a stream of data points is received with each data point describing a record of a domain name system. For respective data points, a processor is selected from a plurality of processors. The processors are each configured to apply a data point against a common filter that assesses whether the data point is in a set. At the selected processor, the respective data point is applied to the common filter to determine whether the record is included in the set. When the record is determined not to be included in the set, a message is provided to indicate that the domain name system includes a new record, and the common filter is updated to include the data point in the set.

Abstract: A computer-implemented method updates a domain name system blacklist in a lock-free manner is disclosed. In the method, an entry of the domain name blacklist is read at a DNS resolver in a plurality of DNS resolvers. The entry specifies a policy for the DNS resolver to execute when the DNS resolver receives a request to resolve a domain name. Before the reading is complete, an updated entry of the domain name blacklist is received, a new record to the domain name blacklist is added, and the entry being read is placed into a garbage pool having a current version number. Independently from the reading of the entry, the current version number is incremented and a new garbage pool is created for the incremented version number. When the reading is complete, the current version number is assigned to the DNS resolver.