Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine it's desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: This present disclosure relates to systems and methods for providing a data plane processing tool chain for processing packets that can use OSI layers 4 and above in the data plane without using a hypervisor. The disclosure has multiple processing capabilities, including: packet filtering, resolving DNS packets, generating packets, packet forwarding, performing DNS look up, time-stamping DNS packets, writing packets to disk, load-balancing, and protecting against DDOS attacks.

Abstract: A method for adding a blacklisted site to a whitelist. At least one whitelisting query may be generated for an encoded domain in the tag format: a nonce, a hash, a blocked-domain, and a static domain, each separated by a delimiter. The nonce is a unique identifier for the at least one query. The hash is a cryptographic hash of an IP address of the user, a normalized timestamp, and the blocked domain. The static domain is a constant domain representing the at least one query. The at least one query may be sent to a first recursive DNS server. The first recursive DNS server may create a message including whitelist information. The first recursive DNS server may send the message to a second recursive DNS server.

Abstract: In one embodiment, a response policy zone (RPZ) application generates an RPZ that includes contexts for the on-line threats that are associated with domain names. For a domain name that is associated with an on-line threat, the RPZ application determines a threat specification that describes a characteristic of the on-line threat. The RPZ application then generates an alias based on the domain name and the threat specification. Subsequently, the RPZ application generates a domain name system (DNS) resource record that maps the domain name to the alias, includes the resource record in the RPZ, and transmits the RPZ to a DNS name server that implements the RPZ. Upon receiving a DNS query associated with the domain name, the DNS name server generates a DNS response based on the alias. Because the domain name and the threat specification is reflected in the alias, the DNS response automatically provides a relevant context.

Abstract: In one embodiment, a DNS service provider determines that a domain name being configured by a user is a lame delegated domain name and manages the configuration of the domain name accordingly. In operation, when a user of the DNS service provider attempts to provide configuration information for a domain name, the DNS service provider determines whether the domain name is lame delegated to the DNS service provider. If the domain name is lame delegated, then, to avoid passing control of the domain name to a nefarious entity, the DNS service provider performs a verification process to determine whether the user is the rightful owner of the domain name. The user is allowed to configure the domain name within the DNS service provider when the user is the rightful owner of the domain name.

Abstract: A system, method, and computer-readable medium, is described that implements a resource navigation links tool that receives one or more inputs, extracts information from the inputs into a submission string, submits the submission string to a resource navigation links tool, and receives resource navigation links based on the submission string. Inputs types may include images, audio clips, and metadata. The inputs sources may be processed to extract information related to the image source to build the submission string.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, where the encoding domain name includes an indication of a temporal event and of a pool of domain names. The technique can also include registering the encoding domain name to a registrant, thereby conferring to the registrant a right to register a target domain name of the registrant's selection from the pool of domain names upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name. The technique can also include registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: Systems and methods are provided for malware scanning and detection. In one exemplary embodiment, the method includes a hub computing device that receives, from a controller computing device, a scan request, and identifies spoke computing devices for performing the scan request. The method performed by the hub computing device also includes sending to the identified spoke computing devices, the scan request, receiving, from the spoke computing devices, results associated with the scan request, and sending, to the controller computing device, the results associated with the scan request.

Abstract: Systems and method for detecting domain name system (DNS) registrar collusion include a collusion detector at a registry. The collusion detector obtains information related to name acquisition requests submitted by DNS registrars attempting to acquire domain names in a drop pool of expired domain names and provides attempt sets containing the domain names targeted by the DNS registrars for acquisition. Each attempt set contains at least one targeted domain name that a respective DNS registrar attempted to acquire via at least one name acquisition request. The collusion detector determines a degree of similarity between two or more attempt sets corresponding to a pair of the DNS registrars, estimates a likelihood of collusion between the pair of DNS registrars based on the degree of similarity, and performs any mitigation action warranted by the likelihood of collusion.

Abstract: A parallelized method for authenticating and/or signing a DNS query using DNSSEC is disclosed. The method provides for obtaining, at a validating DNSSEC-aware DNS client, a DNS query for a resource record for a fully qualified domain name (FQDN); segmenting the FQDN into more than one specific sub-FQDN; providing, in parallel, a DNS query for a DNSSEC-related resource record for each of the more than one specific sub-FQDN to a respective authoritative name server or recursive resolver; obtaining, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; validating, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; combining each of the DNSSEC-related resource record for each of the more than one specific sub-FQDN; and verifying a chain-of-trust of the DNSSEC-related resource records.

Abstract: Systems and methods are disclosed for providing distributed denial-of-service (DDoS) mitigation service. The systems and methods may receive a request to access a web server from a user host, generate an integrated user challenge page including a user challenge test and a web page image of the web server, and transmits the integrated user challenge page to the user host. The systems and methods may further receive an answer to the user challenge test from the user host, determine whether the answer to the user challenge test is correct or not. When the answer to the user challenge test is correct, the systems and methods may establish a connection between the user host and the web server.

Abstract: A method, system, and computer-readable memory containing instructions include employing a tokenizing authority to obtain a tokenized query term that represents a query term, using the tokenized query term to perform a lookup against a tokenized term database, determining whether the tokenized query term exists in the database. The method, system, and computer-readable memory may further include returning an encryption or decryption key corresponding to an encrypted record of information associated with the query term and corresponding to the tokenized query term.

Abstract: A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.

Abstract: Systems and methods for detecting spoofed traffic include determining a first hop count of a first data query from a first transmitting device to a first server, determining a second hop count of a second data query from the first transmitting device to a second server, determining a third hop count of a third data query appearing to be from the first transmitting device to the first server, and determining a fourth hop count of a fourth data query appearing to be from the first transmitting device to the second server. The third and fourth hop counts are compared to the first and second hop counts, respectively. It is determined whether the third hop count differs from the first hop count by more than a predetermined amount.

Abstract: Embodiments relate to systems, devices, and computing-implemented methods for dynamically allocating domain name acquisition resources by receiving indications of available domain name acquisition resources and available time windows from registrars, receiving, from devices, requests for available domain name acquisition resources during requested time windows, determining lists of domain name acquisition resources available during the requested time window, transmitting, to the devices, the lists of available domain name acquisition resources, receiving, from the devices, selections of the available domain name acquisition resources, specified time windows, and indications of domain names to request during the specified time windows, generating and transmitting communications to the registrars, where the communications result in the registrars sending a plurality of requests for the domain names to a domain name registry during the specified time windows.

Abstract: Various embodiments of the invention disclosed herein provide techniques for associating a firewall policy with a dynamic domain name system (DNS) hostname. A policy configuration portal associates a first hostname with a first network address. The policy configuration portal sets firewall policy configuration associated with the first hostname to include the first network address. The policy configuration portal receives a first message that associates a DNS hostname with a second network address. The policy configuration portal, in response to receiving the first message, associates the second network address with the first hostname. The policy configuration portal modifies a firewall policy configuration associated with the first hostname to include the second network address. At least one advantage of the disclosed techniques is that a firewall policy can be implemented for a residential home or small business that employs dynamic IP addressing.

Abstract: Provided a method for creating a searchable registry based on a ontology for IoT devices and associated data feeds. The method can include registering a IoT device and its associated data feed in a record with a searchable registry; creating relationships between IoT devices and associated data feeds; associating the records with one or more ontology terms of a hierarchical ontology describing a characteristic of the IoT device, the associated data, the relationships or all of them; and providing a response to a request of an IoT device based on the mapping.

Abstract: A method, system, and computer-readable memory containing instructions include receiving a DNS request containing authentication information, validating the authentication information, determining an appropriate action to take based on the validating status, and taking the appropriate action. Actions may include responding with an individualized network layer address or service location address, delaying sending a response message, sending a network layer address or service location address corresponding to a site containing authentication information, and sending a response with a network layer address or service location address with a web address configured to mimic the website related to the requested resource.

Abstract: Methods and systems analyze historical NXD traffic to predict future DNS traffic. In one embodiment, a system may count NXD responses generated by an Authoritative DNS server during a particular time period and calculate the variance in NXD traffic for domains over time. The system may then generate a coefficient of variance (CoV) value for each domain observed. Finally, the system may predict positive domain traffic based upon the calculated CoV data. In other embodiments, the system may also base the prediction on the classification of domains as “original” domains or “re-registered” domains. In another embodiment, the system may also base the prediction on the “size” of name servers. Additionally, or alternatively, the system may determine the number of unique name servers for a domain and base the prediction on the number of unique name servers for a particular domain name.