Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Device, system and method for reducing attacks on DNS

A detection device and unified technology, applied in the field of network security, can solve problems such as no suitable response strategy, and achieve the effect of low cost, simple implementation, and suppression of attacks

Inactive Publication Date: 2014-03-26
SIEMENS AG
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, there are currently no suitable countermeasures against such attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device, system and method for reducing attacks on DNS
  • Device, system and method for reducing attacks on DNS
  • Device, system and method for reducing attacks on DNS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] image 3 It is a structural diagram of a device for reducing attacks on DNS according to Embodiment 1 of the present invention. This means sits on the local recursive name server side of the DNS system. from image 3 It can be seen that the device includes a request receiving unit 301 , a credential generating unit 302 and a request processing unit 303 . The request receiving unit 301 receives the request sent by the parser of the client, forwards the request carrying the certificate to the request processing unit 303, and forwards the request not carrying the certificate to the certificate generating unit 302; the certificate generating unit 302 generates a request for not carrying the certificate Voucher, send the credential to the source IP address of the request, and store the generated credential; the request processing unit 303 judges whether the credential carried in the received request is correct according to the locally stored credential, and then forwards t...

Embodiment 2

[0047] Figure 4 It is a structural diagram of a device for reducing attacks on DNS according to Embodiment 2 of the present invention, and the device is located at the client side of the DNS system. from Figure 4 It can be seen that the device includes a request sending unit 401 , a credential receiving unit 402 and a request retransmitting unit 403 . Wherein, the request sending unit 401 is used to send a request to the local recursive name server side; the credential receiving unit 402 is used to receive the credential generated by the local recursive name server side; the request retransmission unit 403 is used to carry the credential in the request, and resend the request carrying the credential to the local recursive name server side.

Embodiment 3

[0049] Figure 5 It is a structural diagram of a system for reducing attacks on DNS in Embodiment 3 of the present invention. The system for reducing attacks against DNS in this embodiment includes a resolver 501 , a server-side detection device 502 and a local recursive name server 503 . The detection device 502 on the server side may adopt the device in Embodiment 1.

[0050] In the system of this embodiment, the server-side detection device 502 receives the first request sent by the parser 501, and if it is judged that the first request does not carry a certificate, it generates a certificate for the first request, stores the certificate, and sends the first request to the The resolver 501 of the source IP address of the request sends the certificate; after the resolver 501 receives the certificate, it generates the first request carrying the certificate, and resends the first request carrying the certificate to the local recursive name server 503; the server-side detectio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for reducing attacks on a DNS. The method includes the following steps that: after receiving a first request which does not carry a credential and is transmitted by a parser, a local recursive name server generates a credential for the first request and transmits the credential to the parser of the source IP address of the first request; and the local recursive name server receives a first request which carries a credential and is re-transmitted by the parser, and continues to process the first request if the local recursive name server judges that the first request carries a correct credential, and discards the first request if the first request carries a false credential. In addition, the invention also discloses a device for reducing the attacks on the DNS and a system for reducing the attacks on the DNS. With the method, device and system of the invention adopted, the attacks on the DNS can be effectively decreased at a local recursive name server side, and therefore, a large number of attacks can be prevented from entering the other local recursive name servers, even authoritative name servers, and at the same time, existing standards of the DNS are not modified or slightly modified. Thus, the device, system and method for reducing the attacks on the DNS are advantageous in simplicity in implementation, low cost and the like.

Description

technical field [0001] The invention relates to network security technology, in particular to a device, system and method for reducing DNS attacks. Background technique [0002] The Domain Name System (DNS, Domain Name System) is a key element of the Internet infrastructure, which performs mapping between domain names and IP addresses. The unavailability of even a small portion of DNS functionality for an extremely short period of time can affect the use of the entire Internet and is therefore completely unacceptable. However, since DNS queries and responses are mostly based on User Datagram Protocol (UDP, UserDataProtocol), and UDP is connectionless, it is easy to be counterfeited by datagrams, and denial of service (DoS, denial of service) attacks based on counterfeit datagrams are difficult. block, and inevitably cause significant damage to DNS services. [0003] There are two main attack strategies based on fake packets against DNS. One attack strategy is to send a la...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1466H04L63/1458H04L61/1511H04L61/4511
Inventor 隋爱芬郭代飞
Owner SIEMENS AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com