Method for identifying DNS spoofing attack packet and detecting DNS spoofing attack

A technology for DNS spoofing and attack packets, applied in the field of identifying DNS spoofing attack packets and detecting DNS spoofing attacks, can solve problems such as spoofing attacks, and achieve the effect of improving attack resistance and high practical value

Inactive Publication Date: 2015-05-13
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF1 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, if a DNS request receives two or more response packets within a period of time, it may have been attacked by DNS spoofing. If there is a spoofing packet in the response packet, it indicates that it must have been spoofing.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for identifying DNS spoofing attack packet and detecting DNS spoofing attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0021] Normally, after receiving the response message returned by the upper-level DNS server, the local DNS server will process the message as follows:

[0022] Check whether the destination port of the response message is equal to the source port of the DNS request message. If not, it means that it is not a response to the request, and the protocol stack will discard the data message;

[0023] Check the problem domain of the response message, that is, make sure that the domain name of the request in the response packet is consistent with the domain name in the request packet;

[0024] Check the transaction ID (TID) of the response message. A TID will be included in the query request sent by the DNS server to identify a certain query. The TID w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for identifying DNS spoofing attack packet and detecting DNS spoofing attack. For a plurality of DSN response packets with identical quintuple (business identifier, source IP address, destination IP address, source port number, destination port number), the one which concurrently accords to the following four characteristics is a DNS spoofing packet: having only one acknowledge field, one IP address is inside the acknowledge field; the acknowledge field does not contain Cname type records; the TTL values corresponding to class A records in acknowledge packets are not reasonable; the acknowledge packets do not contain authorized fields or additional fields. When detecting the DNS spoofing attack, firstly all DNS packets between a client terminal and a domain name server are captured; and then each acknowledge packet is judged whether to be the DNS spoofing packet based on the method above. The method for identifying DNS spoofing attack packet and detecting DNS spoofing attack is able to effectively identify DNS spoofing packets and timely detect DNS spoofing attack, thus the method has a high practical value in increasing the anti-attack ability of DNS system as well as protecting DNS service system.

Description

technical field [0001] The invention belongs to the field of communication technology and DNS technology, and in particular relates to a method for identifying DNS spoofing attack packets and a method for detecting DNS spoofing attacks by using the method. Background technique [0002] DNS is a distributed database system used to manage the mapping of host names and address information. It associates names that are easy to remember and understand with boring IP addresses, which greatly facilitates people's use. DNS is the basis of most network applications, but due to the design flaws of the protocol itself, it does not provide appropriate information protection and authentication mechanisms, making DNS vulnerable to attacks. [0003] DNS spoofing (DNS Spoofing) is the use of design flaws - only one serial number (transaction identifier) ​​is used as the basis for identifying the validity of DNS response messages, causing attackers to forge a large number of DNS responses af...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0218H04L63/1416H04L63/1466H04L61/4511
Inventor 郑超赵静芬孙永刘庆云郭莉杨嵘杨威
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap