| CPC H04L 63/0236 (2013.01) [H04L 63/0272 (2013.01); H04L 63/10 (2013.01); H04L 63/20 (2013.01)] | 18 Claims |
|
1. A client device, comprising:
a processor with an operating system running on the client device; and
a memory coupled to the processor and configured to provide the processor with instructions,
wherein the processor is configured to:
install a security application as an operating system extension on the client device, wherein the security application accesses network traffic of a system while executing in a non-privileged sandboxed process controlled by the operating system;
wherein an application running on the client device initiates a Domain Name System (DNS) packet request for a remote computer external to the client device,
wherein the security application running on the client device is configured to:
intercept the DNS packet request;
create a first internet protocol (IP) stack between the application running on the client device and the security application;
create a second IP stack between the security application and the remote computer;
analyze a plurality of packets of the network traffic and determine whether at least one or more packets of the plurality of packets pose a security threat; and
responsive to determining that the at least one or more packets of the plurality of packets pose a security threat, prevent the at least one or more packets of the plurality of packets from being transmitted.
|