Patents by Inventor Anestis Karasaridis
Anestis Karasaridis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8910280Abstract: Concepts and technologies for detecting and blocking Domain Name System (“DNS”) cache poisoning attacks are provided. An inline detector and blocker apparatus implements a detection algorithm to monitor DNS response packets and detects a DNS cache poisoning attack utilizing the detection algorithm. The inline detector and blocker apparatus detects the DNS cache poisoning attack by receiving a DNS response packet and determining that the response packet includes poison data. The poison data may be included within an additional section of the response packet and/or an answer section of the response packet. As appropriate, the inline detector and blocker apparatus removes the additional section and/or the answer section of the response packet to effectively block the poison data from being cached by a DNS caching resolver.Type: GrantFiled: April 30, 2012Date of Patent: December 9, 2014Assignee: AT&T Intellectual Property I, L.P.Inventor: Anestis Karasaridis
-
Patent number: 8904530Abstract: A system for detecting a remotely controlled e-mail spam host. The system includes an E-mail spammer detection unit and a host traffic profiling unit. The E-mail spammer detection unit identifies E-mail Spammers based on SMTP traffic characteristics. The host profiling unit extracts traffic components from the plurality of Internet traffic associated with an E-mail Spammer; interprets the extracted traffic components and determines whether the E-mail Spammer is a compromised host. The system may also include a botnet controller detection unit that analyzes traffic associated with compromised E-mail Spammers and identifies the botnet Controller remotely controlling the compromised E-mail Spammer.Type: GrantFiled: December 22, 2008Date of Patent: December 2, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Danielle Liu, Willa Ehrlich, David Hoeflin, Anestis Karasaridis, Daniel Hurley
-
Patent number: 8832245Abstract: An authoritative domain name system server includes a memory configured to store a set of instructions, and a processor configured to execute the set of instructions. The processor obtains a first Internet Protocol address of a client system associated with a request for a domain name, and assigns a location of the authoritative domain name system server as an ingress region. The processor assigns the egress override as an egress region when the first Internet Protocol address matches the prefix of the egress override, otherwise obtains an egress table, determines a longest prefix match of the first Internet Protocol address, obtains a distance matrix for distances from the ingress location to a plurality of egress regions, and selects the egress region based on the distance matrix and the longest prefix match in the egress table.Type: GrantFiled: May 13, 2011Date of Patent: September 9, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Anestis Karasaridis, Ashley Flavel, James Miros
-
Publication number: 20140156740Abstract: A system includes an analyzer module, a content request data collection module, and a domain name server. The content request data collection module is configured to receive a content request sent to a tracking address, collect content request information about the content request, and provide the content request information to the analyzer module. The domain name server is configured to receive an address request from a local domain name server for a cache server address, provide a tracking address to the local domain name server, collect address request information about the address request, and provide the address request information to the analyzer module. The analyzer module is configured to receive the address request information and the content request information, and determine properties of clients served by the local domain name server based on the address request information and the content request information.Type: ApplicationFiled: February 10, 2014Publication date: June 5, 2014Applicant: AT&T Intellectual Property I, L.P.Inventors: Vishwa M. Prasad, Anestis Karasaridis
-
Patent number: 8650282Abstract: A system includes an analyzer module, a content request data collection module, and a domain name server. The content request data collection module is configured to receive a content request sent to a tracking address, collect content request information about the content request, and provide the content request information to the analyzer module. The domain name server is configured to receive an address request from a local domain name server for a cache server address, provide a tracking address to the local domain name server, collect address request information about the address request, and provide the address request information to the analyzer module. The analyzer module is configured to receive the address request information and the content request information, and determine properties of clients served by the local domain name server based on the address request information and the content request information.Type: GrantFiled: November 30, 2012Date of Patent: February 11, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Vishwa M. Prasad, Anestis Karasaridis
-
Publication number: 20130291101Abstract: Concepts and technologies for detecting and blocking Domain Name System (“DNS”) cache poisoning attacks are provided. An inline detector and blocker apparatus implements a detection algorithm to monitor DNS response packets and detects a DNS cache poisoning attack utilizing the detection algorithm. The inline detector and blocker apparatus detects the DNS cache poisoning attack by receiving a DNS response packet and determining that the response packet includes poison data. The poison data may be included within an additional section of the response packet and/or an answer section of the response packet. As appropriate, the inline detector and blocker apparatus removes the additional section and/or the answer section of the response packet to effectively block the poison data from being cached by a DNS caching resolver.Type: ApplicationFiled: April 30, 2012Publication date: October 31, 2013Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventor: Anestis Karasaridis
-
Publication number: 20130262697Abstract: A method includes receiving at a cache server a content request from a client system, determining that the cache server is overloaded in response to receiving the content request, and in response to determining that the cache server is overloaded, returning to the client system a domain redirection response including a load status of the cache server.Type: ApplicationFiled: March 28, 2012Publication date: October 3, 2013Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Anestis Karasaridis, David A. Hoeflin
-
Patent number: 8533819Abstract: A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.Type: GrantFiled: September 29, 2006Date of Patent: September 10, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: David A. Hoeflin, Anestis Karasaridis, Carl Brian Rexroad
-
Patent number: 8499034Abstract: Disclosed example methods include receiving in a gateway a request to connect to a domain name from a client coupled to the gateway, selecting a first domain name system server corresponding to the domain name based on a rule linking the first domain name system server to the domain name, adding location information to the request in the gateway, the location information to be used by the first domain name system server to select a second domain name system server associated with the domain name, and transmitting the request including the location information to the selected first domain name system server.Type: GrantFiled: July 21, 2010Date of Patent: July 30, 2013Assignee: AT&T Intellectual Property I, L.P.Inventor: Anestis Karasaridis
-
Patent number: 8392550Abstract: A content delivery system includes an analyzer module, a content request data collection module, and a domain name server. The collection module receives request sent to a tracking address, collects information about the request, and provides the information to the analyzer. The server receives an address request from a local domain name server associated with an autonomous system for the cache server address, provides the tracking address to the local server because the local server is associated with the second autonomous system, collects address request information about the address, and provides the address request information to the analyzer module. The analyzer module receives the address request and content request information, and determines information about clients served by the autonomous system based on the address request and content request information.Type: GrantFiled: March 8, 2012Date of Patent: March 5, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Vishwa M. Prasad, Anestis Karasaridis
-
Publication number: 20120290693Abstract: An authoritative domain name system server includes a memory configured to store a set of instructions, and a processor configured to execute the set of instructions. The processor obtains a first Internet Protocol address of a client system associated with a request for a domain name, and assigns a location of the authoritative domain name system server as an ingress region. The processor assigns the egress override as an egress region when the first Internet Protocol address matches the prefix of the egress override, otherwise obtains an egress table, determines a longest prefix match of the first Internet Protocol address, obtains a distance matrix for distances from the ingress location to a plurality of egress regions, and selects the egress region based on the distance matrix and the longest prefix match in the egress table.Type: ApplicationFiled: May 13, 2011Publication date: November 15, 2012Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Anestis Karasaridis, Ashley Flavel, James Miros
-
Publication number: 20120173696Abstract: A content delivery system includes an analyzer module, a content request data collection module, and a domain name server. The collection module receives request sent to a tracking address, collects information about the request, and provides the information to the analyzer. The server receives an address request from a local domain name server associated with an autonomous system for the cache server address, provides the tracking address to the local server because the local server is associated with the second autonomous system, collects address request information about the address, and provides the address request information to the analyzer module. The analyzer module receives the address request and content request information, and determines information about clients served by the autonomous system based on the address request and content request information.Type: ApplicationFiled: March 8, 2012Publication date: July 5, 2012Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Vishwa M. Prasad, Anestis Karasaridis
-
Patent number: 8156214Abstract: A system includes an analyzer module, a content request data collection module, and a domain name server. The content request data collection module is configured to receive a content request sent to a tracking address, collect content request information about the content request, and provide the content request information to the analyzer module. The domain name server is configured to receive an address request from a local domain name server for a cache server address, provide a tracking address to the local domain name server, collect address request information about the address request, and provide the address request information to the analyzer module. The analyzer module is configured to receive the address request information and the content request information, and determine properties of clients served by the local domain name server based on the address request information and the content request information.Type: GrantFiled: December 22, 2009Date of Patent: April 10, 2012Assignee: AT&T Intellectual Property I, LPInventors: Vishwa M. Prasad, Anestis Karasaridis
-
Publication number: 20120023153Abstract: Methods and apparatus to transmit a request to a server via domain name system forwarding are disclosed. A disclosed example method includes receiving in a gateway a request to connect to a domain name from a client coupled to the gateway, selecting a first domain name system server corresponding to the domain name based on a rule linking the first domain name system server to the domain name, adding location information to the request in the gateway, the location information to be used by the first domain name system server to select a second domain name system server associated with the domain name, and transmitting the request including the location information to the selected first domain name system server.Type: ApplicationFiled: July 21, 2010Publication date: January 26, 2012Inventor: Anestis Karasaridis
-
Publication number: 20110153864Abstract: A system includes an analyzer module, a content request data collection module, and a domain name server. The content request data collection module is configured to receive a content request sent to a tracking address, collect content request information about the content request, and provide the content request information to the analyzer module. The domain name server is configured to receive an address request from a local domain name server for a cache server address, provide a tracking address to the local domain name server, collect address request information about the address request, and provide the address request information to the analyzer module. The analyzer module is configured to receive the address request information and the content request information, and determine properties of clients served by the local domain name server based on the address request information and the content request information.Type: ApplicationFiled: December 22, 2009Publication date: June 23, 2011Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Vishwa M. Prasad, Anestis Karasaridis
-
Patent number: 7962613Abstract: A system includes a monitoring module, a request allocation module, and a request distribution module. The monitoring module is configured to determine a resource utilization of a preferred server and a non-preferred server. The request allocation module is configured to modify an allocation scheme in response to the resource utilization of the preferred server and the non-preferred server. The request distribution module is configured to distribute a plurality of requests from a plurality of users according to the allocation scheme.Type: GrantFiled: November 14, 2008Date of Patent: June 14, 2011Assignee: AT&T Intellectual Property I, LPInventors: Anestis Karasaridis, David Hoeflin, Yonatan A. Levy
-
Publication number: 20100162396Abstract: A system for detecting a remotely controlled e-mail spam host. The system includes an E-mail spammer detection unit and a host traffic profiling unit. The E-mail spammer detection unit identifies E-mail Spammers based on SMTP traffic characteristics. The host profiling unit extracts traffic components from the plurality of Internet traffic associated with an E-mail Spammer; interprets the extracted traffic components and determines whether the E-mail Spammer is a compromised host. The system may also include a botnet controller detection unit that analyzes traffic associated with compromised E-mail Spammers and identifies the botnet Controller remotely controlling the compromised E-mail Spammer.Type: ApplicationFiled: December 22, 2008Publication date: June 24, 2010Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Danielle Liu, Willa Ehrlich, David Hoeflin, Anestis Karasaridis, Daniel Hurley
-
Publication number: 20100161537Abstract: A system and method for detecting Email spammers from unknown SMTP Clients using the unknown SMTP Client's SMTP traffic information e.g. byte size and variability data. The system and method includes a byte size and variability traffic flow model and a classification system. The traffic flow model may be based upon a standard deviation of byte size and variability of traffic flows for a plurality of legitimate SMTP Clients and for a plurality of Spammer SMTP Clients. The classification system then classifies an Unknown SMTP Client as an Email Spammer based on a comparison between the byte size and the variability of the Unknown SMTP Client's traffic flows with the byte size and variability traffic flow model.Type: ApplicationFiled: April 6, 2009Publication date: June 24, 2010Applicant: AT&T Intellectual Property I, L.P.Inventors: Danielle Liu, Willa Ehrlich, David Hoeflin, Anestis Karasaridis
-
Publication number: 20100125656Abstract: A system includes a monitoring module, a request allocation module, and a request distribution module. The monitoring module is configured to determine a resource utilization of a preferred server and a non-preferred server. The request allocation module is configured to modify an allocation scheme in response to the resource utilization of the preferred server and the non-preferred server. The request distribution module is configured to distribute a plurality of requests from a plurality of users according to the allocation scheme.Type: ApplicationFiled: November 14, 2008Publication date: May 20, 2010Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Anestis Karasaridis, David Hoeflin, Yonatan A. Levy
-
Publication number: 20080080518Abstract: A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.Type: ApplicationFiled: September 29, 2006Publication date: April 3, 2008Inventors: David A. Hoeflin, Anestis Karasaridis, Carl Brian Rexroad