Search International and National Patent Collections
Some content of this application is unavailable at the moment.
If this situation persists, please contact us atFeedback&Contact
1. (WO2007007960) A MALIGNANT BOT CONFRONTATION METHOD AND ITS SYSTEM
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

What is Claimed is:
1. A malicious BOT measures method comprising the steps of:
detecting the excessive DNS queries generated by compromised PC through malicious BOT;
analyzing these queries to classify into normal or abnormal management target; and
redirecting the abnormal DNS query registered as a management target to a redirection processing & response system.

2. The malicious BOT measures method according to claim 1 , wherein the detecting step includes collecting DNS query packets to detect whether the amount of the queries about specific domain name exceeds a preset threshold value.

3. The malicious BOT measures method according to claim 1, wherein the redirecting step includes the steps of:
changing a destination address of the abnormal DNS query into the redirection processing & response system;
generating a response to the abnormal DNS query in the redirection processing & response system; and
transmitting the response to the compromised PC by malicious BOT.

4. The malicious BOT measures method according to claim 3, wherein the response generated from the generating step has the same source IP address as that of a response to the normal DNS query.

5. The malicious BOT measures method according to claim 3, wherein the response generated from the generating step has one of a loop-back address preset by a network administrator and an address of honey pot system for the intrusion temptation and the analysis of malicious BOT characteristics.
6. A malicious BOT measures system comprising:
a redirection processing system for analyzing a domain name to receive excessive DNS queries, registering the domain name as normal or abnormal management target and redirecting the abnormal DNS query for a domain name registered as the abnormal management target to a redirection processing & response system; and
the redirection processing & response system for generating a response to the abnormal DNS query.

7. The malicious BOT measures system according to claim 6, wherein the redirection processing system changes the destination address of an abnormal DNS query into the address of the redirection processing & response system to redirect the abnormal DNS query.

8. The malicious BOT measures system according to claim 6, wherein the redirection processing & response system generates the response to the abnormal DNS query which has the same IP address as that of a response to a normal DNS query.

9. The malicious BOT measures system according to claim 6, wherein the redirection processing & response system generates the response to the abnormal DNS query which has a loop-back address or an address of honey pot system for the intrusion temptation and the analysis of malicious BOT characteristics depending on the configuration set by an administrator.