A method and device for preventing dns cache attack

A DNS server and cache technology, applied in the field of network security, can solve the problems of successful attacks and no solutions, and achieve the effect of preventing DNS cache attacks and shortening the effective time.

Active Publication Date: 2015-09-09
杭州迪普信息技术有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In the second category, the attacker deliberately uses a second-level domain name of a domain name that does not exist to send a request, so that the DNS server will naturally send a domain name resolution request to the upper-level DNS server because it cannot resolve it; at this time, the attacker sends a domain name resolution request to the DNS server. A well-constructed DNS reply message may successfully attack
For the current two DNS cache attacks, the industry has no simple and effective solutions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for preventing dns cache attack
  • A method and device for preventing dns cache attack
  • A method and device for preventing dns cache attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The invention aims to greatly increase the difficulty for attackers to attack the DNS cache, and correspondingly make the DNS service in a more secure situation in the network. Generally speaking, after receiving the response message (DNS reply) message returned by the upper-level DNS server, the local DNS server will process the message as follows:

[0021] i. Check the destination port of the reply message. The domain name request (DNS Request) initiated by the DNS server contains its own UDP port number. After receiving the DNS reply message from the upper-level DNS server, it will check the port number. If they are not equal, it means that it is not a response to the request initiated by the DNS server, and the protocol stack will discard the data message.

[0022] ii. Check the problem domain of the reply message

[0023] When the DNS server receives the DNS reply message from the upper-level DNS server, it will extract the problem field in the DNS reply message,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for prevention of DNS cathe attack. The device comprises an attack detection unit used for detecting whether a behavior about giving an attack according to the DNS server cathe exists, and adding the attacked domain into a protected list if the behavior exists; a cathe protection unit used for checking whether the domain in a DNS response message is in the protected list when the attack behavior happens, changing the survival time corresponding to the domain into a shorter survival time and sending out the changed response message if the domain is in the protected list. The method and the device for prevention of DNS cathe attack have a very remarkable effect of preventing the attack given to DNS cathe in an exhaustion manner.

Description

technical field [0001] The invention relates to network security technology, in particular to a method and device for preventing DNS cache attacks. Background technique [0002] DNS is the abbreviation of Domain Name System (Domain Name System), which is composed of a resolver and a domain name server. A domain name server (DNS Server) refers to a server that saves the domain names and corresponding IP addresses of all hosts in the network and has the function of converting domain names to IP addresses. Please refer to figure 1 , a normal domain name resolution process generally includes the following processing: first, the client initiates a domain name resolution request, and the local DNS server will search for its own domain name after receiving the domain name request from the client. Then return the result to the client; if it is not in the domain under its own jurisdiction, it will search in the cache, if not found, it will initiate a request to the upper-level DNS ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 汪庆权
Owner 杭州迪普信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products