VeriSign, Inc.
Techniques for impeding and detecting network threats

Abstract:

In various embodiments, a name server transmits a canonical name as resolution to another canonical name. In operation, when a resource name is requested for resolution, a determination is made that the resource name corresponds to a trap resource name. A first canonical name is transmitted as resolution to the trap resource name. The first canonical name is requested for resolution, and a second canonical name is transmitted as resolution. By providing trap canonical names as resolutions to trap canonical names, unauthorized software making the resolution requests is kept occupied with requesting resolution of canonical name after canonical name, impeding the ability of the unauthorized software from traversing a network.