DNS attack defense method, device and system

A technology of feature value and identification information, applied in the field of DNS attack defense, which can solve the problems of attack, reduction of discrimination efficiency, and discarding.

Active Publication Date: 2018-06-26
TENCENT TECH (SHENZHEN) CO LTD
View PDF6 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The method adopted in the prior art to deal with DNS attacks is to use firewalls to limit the amount of requests for IP addresses. For example, the number of DNS request packets passing through a certain IP segment is limited to 300 per second. Requests larger than this may be regarded as attacks and discarded directly.
To take such restriction measures, it is necessary to set corresponding restriction rules for the IP address segment. When judging whether it is a DNS attack, it is necessary to match the rules one by one until the matching is successful. When there are many restriction rules, the identification efficiency will be reduced.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS attack defense method, device and system
  • DNS attack defense method, device and system
  • DNS attack defense method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0193] This embodiment provides a method for defending against DNS attacks. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although the steps shown in the flow chart A logical order is shown, but in some cases the steps shown or described may be performed in an order different from that presented here.

[0194] figure 1 It is a flowchart of the method for defending against DNS attacks disclosed in Embodiment 1 of the present invention; as shown in the figure, the method for defending against DNS attacks includes the following steps:

[0195] Step S101: Receive the DNS request sent by the request source, and obtain the request source IP address of the DNS request;

[0196] Step S102: Determine the characteristic value of the IP address;

[0197] Step S103: Find the identification information corresponding to the characteristic value in the memory...

Embodiment 2

[0231] This embodiment provides a method for defending against DNS attacks. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although the steps shown in the flow chart A logical order is shown, but in some cases the steps shown or described may be performed in an order different from that presented here.

[0232] Figure 4 It is a flowchart of a method for defending against DNS attacks disclosed in an embodiment of the present invention; as shown in the figure, the method for defending against DNS attacks includes the following steps:

[0233] Step S401: receiving the DNS request, and obtaining the domain name to be resolved included in the DNS request;

[0234] Step S402: Determine the characteristic value of the domain name;

[0235] Step S403: judging whether the feature value is contained in the memory;

[0236] Step S404: If yes, acquire the...

Embodiment 3

[0276] Figure 10 It is a schematic block diagram of the device for defending against DNS attacks disclosed in Embodiment 3 of the present invention. Figure 10 The shown device for defending against DNS attacks can be used to implement the method for defending against DNS attacks described in Embodiment 1. see Figure 10 The device 100 for defending against DNS attacks may generally include: a request acquisition unit 102, a characteristic value determination unit 104, a first query unit 106, a second query unit 108, a request times judgment unit 120, an attack judgment unit 122 and a defense unit 124. In some optional embodiments of the present invention, according to the functional requirements and further optimization of the DNS attack defense device 100, it may be selectively configured with: a first processing unit 126, a second processing unit 128, an information acquisition unit 130, an identification An information judging unit 132 , an identification information a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the computer safety technology field and particularly relates to a DNS attack defense method, device and system. The method comprises steps that after DNS requests are received, the corresponding identifier information is searched in a memory according to association data of the DNS requests, the whitelisted or unpacked identifier DNS requests are responded to, the blacklisted or banned identifier DNS requests are defended, for the DNS requests with detection identifiers, the request frequency within the predetermined period is determined, the DNS requests surpassing the request threshold are defended, for the DNS requests not surpassing the request threshold, unpacking time determination is carried out, the DNS requests reaching the unpacking time are responded to, and the DNS requests not reaching the unpacking time are defended. The method is advantaged in that the identifier information is preset, determined request sources or domain names a re directly responded or defended, for the undetermined request sources or domain names, further determination and detection are carried out, the DNS attack determination flow is simplified, and DNS attack determination efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method, device and system for defending against DNS attacks. Background technique [0002] DNS (Domain Name System, Domain Name System), consists of a resolver and a domain name server. The domain name server stores the domain names and corresponding IP addresses of all hosts in the network, and has the function of converting domain names into IP addresses. The domain name must correspond to an IP address, but the IP address does not necessarily have a domain name. Domain names correspond to IP addresses one-to-one on the Internet. Although domain names are easy for people to remember, only IP addresses are recognized between machines. The conversion between the two is called domain name resolution. Domain name resolution needs to be completed by a specialized domain name resolution system. , DNS is a system for domain name resolution. [0003] In the prior art, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L61/4511H04L9/32H04L63/1458H04L63/1466H04L9/40H04L61/00
Inventor 陈方舟姜凤波
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap