Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Defense method and system for domain name request attack

A defense system and domain name technology, applied in the field of communication, can solve problems such as server downtime, domain name server performance exhaustion, failure to respond to normal user domain name resolution requests, etc., to achieve the effect of defending against attacks and overcoming attack problems

Pending Publication Date: 2017-05-31
OPZOON TECH
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

His principle is that hackers control the botnet to send a large number of non-existent domain name resolution requests to the domain name resolution server, causing the performance of the domain name server to be exhausted, unable to respond to normal user domain name resolution requests, and even server paralysis and downtime

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Defense method and system for domain name request attack
  • Defense method and system for domain name request attack
  • Defense method and system for domain name request attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] figure 1 is a schematic diagram of the application environment of the present invention;

[0025] figure 2 It is a flowchart of a method for defending domain name request attacks provided by the first embodiment of the present invention.

[0026] Such as figure 1 As shown, the present invention provides a defense method for domain name request attacks, which is applied to firewalls, including:

[0027] Step S11: intercepting the first domain name resolution query message requesting the original domain name exceeding the predetermined number of messages, and extracting the source IP address of the first domain name resolution query message.

[0028] Specifically, the original domain name in this step S11 refers to the domain name that needs to be queried input by the user in the client. If the user needs to query the www.test.com website, input it in the domain name query input column of the client, then "www.test .com" is the original domain name of the user's quer...

Embodiment 2

[0043] On the basis of Embodiment 1, the present invention also includes such as figure 2 The flow shown in step S11 before the firewall detects the number of first domain name resolution query packets.

[0044] figure 2 It is a flow chart of the firewall detecting the number of first domain name resolution query packets before step S11.

[0045] Such as figure 2 as shown,

[0046] S111. Detect the number of received first domain name resolution query messages;

[0047] S112, judging that the number of the first domain name resolution query messages exceeds the predetermined number of messages

[0048] S113, if the number of the first domain name resolution query messages exceeds the predetermined number of messages, enable the domain name resolution request flood defense service to intercept the first domain name resolution query messages exceeding the message threshold

[0049] Specifically, before the step of intercepting the first domain name resolution query messa...

Embodiment 3

[0052] image 3 It is a schematic diagram of module relationship of a defense system against domain name request attack in Embodiment 3 of the present invention.

[0053] Such as image 3 As shown, the embodiment of the present invention provides a defense system for domain name request attacks, which is applied to firewalls, including:

[0054] The extracting module 100 is used to intercept the first domain name resolution query message requesting the original domain name and exceeding the predetermined number of messages, and extract the source IP address of the first domain name resolution query message;

[0055] Specifically, the original domain name refers to the domain name that needs to be queried entered by the user in the client. If the user needs to query the www.test.com website, enter it in the domain name query input field of the client, then "www.test.com" is It is the original domain name of the user's query. After the user enters the domain name, the domain ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a defense method and system for a domain name request attack, and belongs to the technical field of communication. The method comprises the steps: carrying out the interception of a first DNS query message, the number of original domain name requesting times of which exceeds a preset message number, and extracting a source IP address of the first DNS query message; judging whether the source IP address is in a whitelist or not; carrying out the first redirection of the first DNS query message based on the randomly generated first character string and the first DNS query message if the IP address is not in the whitelist, and generating a redirection domain name; carrying out the second redirection of a second DNS query message if the second DNS query message returned based on the redirection domain name can be received, carrying out the redirection to the original domain name, and adding the source IP address to the whitelist, wherein the original domain name is corresponding to a domain name queried by the first DNS query message. According to the embodiment of the invention, the method achieves the effective defense of the attack behaviors in a domain name request, and cannot intercept a normal domain name request.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a defense method and system for domain name request attacks. Background technique [0002] Domain name resolution queries in the prior art are usually based on the UDP protocol, so there is no verification mechanism in the domain name resolution query process, which is easily exploited by hackers. Among them, domain name resolution request flood is a relatively common domain name resolution attack behavior in the industry. His principle is mainly that hackers control the botnet to send a large number of non-existent domain name resolution requests to the domain name resolution server, causing the performance of the domain name server to run out, unable to respond to normal users' domain name resolution requests, and even server paralysis and downtime. [0003] In the process of realizing the present invention, the inventor found that the existing defense method, because i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0236H04L63/1466H04L61/4511
Inventor 张辉
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com