Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and apparatus for preventing DNS request message from flooding attack

A technology for requesting packets and flooding attacks, applied in the field of network security, it can solve problems such as UDP protocol attacks, legitimate user denial of service, and legitimate user requests cannot be processed, so as to avoid attacks.

Inactive Publication Date: 2008-10-08
NEW H3C TECH CO LTD
View PDF0 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0025] (2) Attacks based on UDP protocol
[0028] UDP-based DNS attacks, the current prevention method cannot achieve accurate filtering: when the device detects the presence of an attack, it directly discards all subsequent UDP packets received, which will result in the legitimate user requests flooded by attack packets cannot be obtained processing, ultimately denying service to all legitimate users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for preventing DNS request message from flooding attack
  • Method and apparatus for preventing DNS request message from flooding attack
  • Method and apparatus for preventing DNS request message from flooding attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The key of the present invention is to transform the flood attack defense of the DNS request message carried by UDP into the flood attack defense of the TCP SYN message. Specifically, after the DNS server receives the DNS request message carried by UDP, it sends a DNS response message with the TC and AA flag bits set to 1 to the DNS client; after the DNS client receives such a DNS response message, it restarts Initiate a DNS request using the TCP protocol. Since those DNS requests with forged source IPs will not re-initiate DNS requests in TCP mode, this can filter most attack packets with forged source IPs. Then, the DNS server device detects the legitimacy of the DNS client through the TCP cookie method, and responds to the DNS requests of all legitimate clients.

[0061] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a method for avoiding the DNS query message flood attack and a device thereof. The method comprises the following steps: receiving a DNS query message borne by UDP transmitted from a DNS client by a DNS server; transmitting a DNS response message by the DNS server to the DNS client, and marking the TC and AA in the DNS response message to a position 1; and when the DNS server receives the TCP SYN message transmitted by the DNS client in a prearranged time, detecting the validity of the DNS client through a TCP cookie mode. According to the invention, the flood attack of the DNS query message borne by the UDP can be effectively avoided.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and equipment for preventing DNS Query Flood attacks. Background technique [0002] The Domain Name System (DNS) is a distributed database for TCP / IP applications that provides translation between domain names and IP addresses. Through the domain name system, users can directly use easy-to-remember and meaningful domain names when performing certain applications, and the DNS server in the network will resolve the domain name to the correct IP address. [0003] figure 1 It is a schematic diagram of the interaction process between the DNS client and the DNS server. Such as figure 1 As shown, the DNS client obtains the IP address corresponding to the domain name by sending a DNS query message (DNS Query) to the DNS server. After receiving the DNS request message, the DNS server searches according to the requested domain name, and sometimes needs to request to t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/00H04L29/06
Inventor 张仲虎
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com