Solution for coping with reflection amplification attacks of domain name system (DNS) server

A DNS server and solution technology, applied in the field of response to DNS server reflection amplification attacks, can solve problems such as inability to accept DNS resolution services

Active Publication Date: 2016-04-13
BEIJING INTERNET INST +1
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If you do not answer, users who do not support co...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Solution for coping with reflection amplification attacks of domain name system (DNS) server
  • Solution for coping with reflection amplification attacks of domain name system (DNS) server
  • Solution for coping with reflection amplification attacks of domain name system (DNS) server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The embodiments will be described in detail below in conjunction with the accompanying drawings.

[0022] This method can effectively prevent attackers from using the recursive server adopted by this method to become an amplifier of amplifying attacks, and when using it, the user who does not support cookies can be guaranteed to access the DNS service through TCP fallback. Regarding the technical details of implementing this method, here is an explanation of DDOS attacks, amplification attacks, DNScookies and TCP fallbacks, etc.

[0023] DDOS (Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch an attack on one or more targets, making the target's limited resources (including disk, CPU, network bandwidth, etc.) etc.) are exhausted and normal users cannot access the service.

[0024] Amplification attack refers to using the disequilibrium of the DNS protocol, that is, the natur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of domain name system (DNS) security protection, and particularly relates to a solution for coping with reflection amplification attacks of a DNS server. The solution comprises the following steps that: a field of cookie is added into a pseudo resource record of EDNS0; a user generates random cookie while sending a request, and a recursive server checks whether the cookie exists or not after reception of the request, and returns truncate to require the user to perform retransmission by using a transmission control protocol (TCP) if the cookie does not exist; if the cookie exists, the recursive server checks whether the request carries Server Cookie or not, returns the Server Cookie together with Client Cookie if the request does not carry the Server Cookie, checks whether Server Cookie of the user is consistent with the Server Cookie generated by the recursive server if the request carries the Server Cookie, returns the Server Cookie and the Client Cookie to the user if the Server Cookie of the user is consistent with the Server Cookie, and returns the truncate to require the user to perform retransmission by using the TCP if the Server Cookie of the user is not consistent with the Server Cookie; and the user checks whether the Client Cookie is the same as the random cookie or not, receives the data if the Client Cookie is the same as the random cookie, and discards the data if the Client Cookie is not the same as the random cookie.

Description

technical field [0001] The invention belongs to the technical field of DNS security protection, and in particular relates to a solution to the DNS server reflection amplification attack. Background technique [0002] DNS provides an important service on the Internet. Its essence is to establish a bridge between the world of human names and the world of underlying binary protocol addresses. Every time, before we start any transaction over the Internet, a DNS query process must be done first. So a lightweight, fast-response DNS protocol is very necessary, so that the DNS query process can be done transparently to users. The DNS resolution framework uses UDP as the transport protocol, and is implemented through geographically distributed recursive resolvers with caching capabilities. [0003] At the same time, during the development of the Internet, the traditional DNS protocol has also highlighted some problems. With the development of the Internet, the types and numbers o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/12H04L29/06
CPCH04L63/1466H04L61/4511
Inventor 万润夏宋林健刘东余冬王爱民李凤民李震潘居臣龚道彪
Owner BEIJING INTERNET INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products