DNS system and defense method and device for DNS attack

A DNS query and IP address technology, applied in transmission systems, electrical components, etc., can solve problems such as poor real-time performance, wrong blocking, and inability to configure, and achieve precise attack defense and good real-time performance

Active Publication Date: 2014-07-30
BEIJING QIHOO TECH CO LTD +2
View PDF4 Cites 66 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, it is impossible to configure all IPs in the world one by one
[0008] Of course, you can also set the IP segment to a larger address segment to limit, that is, limit the total number of requests for this segment, which will cause a large number of false blocks, and it is impossible to accurately defend against DNS attacks
[0009] Another defense method in the prior art is: when there is an attack, find the IP address of the attack source, and then set the speed limit policy of the IP address to the firewall configuration. This method has poor real-time performance and cannot realize real-time defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS system and defense method and device for DNS attack
  • DNS system and defense method and device for DNS attack
  • DNS system and defense method and device for DNS attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages ​​can be used to implement the content of the present invention described herein, and the above description of specific languages ​​is for disclosing the best mode of the present invention.

[0043] figure 1 is a schematic block diagram of a DNS attack defense device according to an embodiment of the present invention. The DNS attack defense device 100 may generally include: a request acquisition module 110 , a request record information query module 120 , an attack judging module 130 , and a defense module 140 . In some optio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DNS system and a defense method and device for a DNS attack. The defense method includes the steps that a DNS inquiry request and an IP address of a request source of the DNS inquiry request are obtained; according to the IP address, request record information where the request source is located is inquired in an access record database; whether the number of times of requests within a predetermined cycle in the request record information exceeds a preset threshold value or not is judged; if yes, the request source is judged to perform the DNS attack, and accordingly defense is performed. Because IP addresses of all the request sources are judged without affecting normal access of other request sources, precise attack defense is achieved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a DNS system and a DNS attack defense method and defense device. Background technique [0002] The Domain Name System (DNS for short) is a core service of the Internet and plays an extremely important role. As a distributed database that can map domain names and IP addresses to each other, it can make it easier for people to access Internet, without having to remember the IP number string that can be read directly by the machine. [0003] Domain Name System is a basic Internet protocol. Compared with various WEB services with relatively complete prevention measures at present, the defense based on DNS is still weak, and it is easy to be exploited by hackers. DNS attack is a new type of denial of service attack (Denial of Service, Dos attack for short). [0004] The characteristics of DNS itself determine that it can be used as an "attack amplifier" to carry out distri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 濮灿
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap