Method for detecting DNS (Domain Name-implementation and Specification) tunnel data based on DNS protocol standard

A technology of DNS tunneling and protocol data, which is applied in the field of computer networks and can solve the problems of being unable to cope with DNS tunnel penetration, users being unable to resolve domain names, and threatening internal network security.

Inactive Publication Date: 2015-07-01
金琥
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Both DNS protocol data and DNS tunnel data use the same port, so the DNS tunnel data cannot be controlled simply by closing the port, otherwise users will not be able to resolve domain names
Traditional port control methods have been unable to cope with DNS tunnel penetration technology, and unauthorized access to the external network seriously threatens the security of the internal network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting DNS (Domain Name-implementation and Specification) tunnel data based on DNS protocol standard
  • Method for detecting DNS (Domain Name-implementation and Specification) tunnel data based on DNS protocol standard
  • Method for detecting DNS (Domain Name-implementation and Specification) tunnel data based on DNS protocol standard

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0017] System network deployment method:

[0018] see figure 1 , the system of the present invention is usually deployed at the egress gateway where the local area network is connected to the Internet, and captures the data packets of the specified port from the network. The port is generally UDP53, and other ports can be specified or added if necessary.

[0019] Packet detection method:

[0020] The detection standard is to determine whether the data packets passing through the port conform to the DNS protocol. As long as the data packets do not conform to the RFC1035 document description, they can be judged as DNS tunnel data packets, otherwise they are DNS protocol data packets.

[0021] RFC1035 stipulates that the content length of DNS data packets shall not exceed 512 bytes. If the content length of the data packet is greater than 512 bytes, the data...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of computer networks, and discloses a method for distinguishing standard DNS (Domain Name-implementation and Specification) protocol data and DNS tunnel data. The system acquires a data packet of a DNS port. When the data packet reaches a detection system, 1, the system examines the length of data packet content and considers that the data is the DNS tunnel data if the length is greater than 512 bits; 2, the system examines the content of the data packet and judges whether the standard DNS protocol is met (for example, a client transmits DNS Query, and a server responds DNS Response). If the standard DNS protocol is met, the system considers that the data is the DNS protocol data, and otherwise considers that the data is the DNS tunnel data. By using the method, the DNS tunnel data can be recognized and differentiated service is performed, or the non-DNS protocol data is stopped from penetrating through the DNS port.

Description

technical field [0001] The invention belongs to the technical field of computer networks, and relates to a method for distinguishing standard DNS protocol data and DNS tunnel data. Background technique [0002] With the development of Internet technology, how to control intranet users' access to the Internet has become the focus of network management. Traditional network management uses ports to distinguish various network services, and controls external network access by opening or closing certain ports. As the most basic Internet service, DNS domain name resolution usually needs to be open to users. It uses the DNS protocol, and the default port is UDP53. Given that DNS ports are generally open, many software have used DNS tunneling technology to establish connections with the outside world. Both DNS protocol data and DNS tunnel data use the same port, so the DNS tunnel data cannot be controlled simply by closing the port, otherwise users will not be able to resolve dom...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L29/06
CPCH04L63/10H04L61/4511
Inventor 金琥
Owner 金琥
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products