DNS tunnel detection method and DNS tunnel detection device

A technology of DNS tunnel and detection device, applied in the Internet field, can solve the problem of not being a DNS tunnel defense method, etc.
CN107547488AActive Publication Date: 2018-01-05HUAWEI TECH CO LTD
6 Cites 21 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Publication Date
2018-01-05

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
Patent Text Reader

Abstract

The embodiment of the invention discloses a DNS tunnel detection method and a DNS tunnel detection device. The method comprises the steps of recognizing a plurality of main domain names included by passive DNS data; building at least one detection domain corresponding to the main domain names, wherein the number of the domain names included by the detection domain is less than or equal to a firstthreshold; if the detection domain comprises a DNS wildcard character domain name, discarding the DNS wildcard character domain name in the detection domain; and recognizing the detection domain applied to a DNS tunnel. According to the method and the device provided by the invention, user information of a client is not involved during a detection process, so that invasion of privacy is avoided, alot of insignificant sub-domain name records Wildcard can be discarded, records generated by Wildcard are filtered out, and the situation that lots of abnormal sub-domain names exist under one domainby lots of the insignificant records can be eliminated; if the detection domain applied to the DNS tunnel is determined, defense can be performed on the detection domain applied to the DNS tunnel, and thus the situation that a malicious client builds the DNS tunnel with an external DNS is avoided, and security during a data transmission process is ensured.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of the Internet, in particular to a DNS tunnel detection method and a DNS tunnel detection device. Background technique

[0002] Domain Name System (English full name: Domain Name System, English abbreviation: DNS) is one of the most critical basic services of the Internet. It maps domain names and IP addresses to each other, so that people can easily access the Internet without having to memorize complicated IP addresses. The DNS protocol will basically not be intercepted by firewall policies. Even in an enterprise internal network, a DNS server is required for domain name resolution. Moreover, in order to be able to resolve domain names on the Internet, the DNS server within the enterprise needs to communicate with other DNS servers on the Internet. Communication, which creates conditions for the construction of covert channels based on the DNS protocol. Since the DNS tunnel client only needs to request t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More