BLOCKING AND ALERTING WITH DOMAIN FRONTING INTELLIGENCE

This disclosure describes techniques and mechanisms for improving blocking and alerting with domain fronting intelligence. The techniques may identify Internet infrastructure that supports domain fronting through passive data collection and active scanning of the data. The results of the active scan...

Full description

Saved in:
Bibliographic Details
Main Authors Anderson, Blake Harrell, McGrew, David Arthur
Format Patent
LanguageEnglish
Published 11.07.2024
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:This disclosure describes techniques and mechanisms for improving blocking and alerting with domain fronting intelligence. The techniques may identify Internet infrastructure that supports domain fronting through passive data collection and active scanning of the data. The results of the active scanning are then used to generate enhanced threat intelligence feeds that associate indicators of compromise with their support of domain fronting. The new feeds are then used to perform more aggressive blocking, raise weak alerts that can be correlated to other alerts, and to create a more secure DNS system by de-prioritizing infrastructure that supports domain fronting for DNS responses.
Bibliography:Application Number: US202318152542