Real time management of botnet attacks

Assignee

• NetScout Systems, Inc. · US

Inventors

• Sean O'Hara · Ypsilanti, US
• Andrew Mortensen · Ann Arbor, US
• Brian St. Pierre · Acworth, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/144
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and computer-implemented method of managing botnet attacks to a computer network is provided. The system and method includes receiving a DNS request included in network traffic, each DNS request included in the network traffic and including a domain name of a target host and identifying a source address of a source host, wherein the translation of the domain name, if translated, provides an IP address to the source host that requested the translation. The domain name of the DNS request is compared to a botnet domain repository, wherein the botnet domain repository includes one or more entries, each entry having a confirmation indicator that indicates whether the entry corresponds to a confirmed botnet. If determined by the comparison that the domain name of the DNS request is included in the botnet domain repository, then the source address of the DNS request is stored or updated in an infected host repository and a control signal is output to cause any future network traffic from the source address to be diverted to an administrator configured address. Each source address stored in the infected host repository identifies a host known to be infected.