Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

System and method for implementing DNS attack resistance based on network processor

A network processor and attack packet technology, applied in the field of network security, can solve problems such as failure to work properly, secondary servers cannot obtain valid traffic, etc., and achieve the effect of ensuring normal work and line bandwidth.

Inactive Publication Date: 2018-09-28
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Considering that if such an attack occurs, the secondary server will not be able to obtain effective traffic and cannot work normally

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for implementing DNS attack resistance based on network processor

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] This embodiment provides a network processor-based anti-DNS attack system, including:

[0040] The configuration management module is used to configure the filter field mask that needs attention, including source IP address, destination IP address and transport layer payload length; at the same time, it is used to configure the forwarding threshold for DNS special traffic and the selection of cycle aging time;

[0041] The message analysis module is used to analyze the DNS message to obtain the source IP address, the destination IP address and the length of the transport layer load, and then perform an 'AND' operation with the filter field mask to obtain the final filter field that needs attention;

[0042] Decision-making module, used to determine whether the DNS message is an attack message, use the final filter field to search the DNS flow table, if a certain entry is matched, then obtain the total number of statistics in the entry, if it exceeds the forwarding thres...

Embodiment 2

[0045] Corresponding to the above-mentioned embodiment of the system for realizing anti-DNS attack based on the network processor, the second embodiment provides a method for realizing anti-DNS attack based on the network processor, including the following steps:

[0046](1) Configure the filter field mask that needs attention, including source IP address, destination IP address and transport layer payload length; at the same time, it is used to configure the forwarding threshold for DNS special traffic and the selection of cycle aging time;

[0047] (2), flow analysis DNS message, to obtain source IP address, destination IP address and transport layer load length, then carry out 'AND' operation with filter field mask, obtain the final filter field that needs attention;

[0048] (3), judge whether the DNS message is an attack message, use the final filter field to search the DNS flow table, if a certain entry is matched, then obtain the total number of statistics in the entry, ...

Embodiment 3

[0051] Please combine figure 1 As shown, this embodiment provides a specific method for implementing anti-DNS attack based on a network processor, including the following steps:

[0052] Step S1, various traffic of the live network enters the first-level distribution device;

[0053] Step S2, through the management configuration interface, configure the mask of the special field that needs to be filtered, and then send it to the first-level distribution device. At the same time, it can be modified according to the feedback information from the second-level server. The filter field includes source ID address and destination IP address. , IP length field, and cycle aging time;

[0054] Step S3, the first-level device parses the message, and extracts the corresponding field in the message whose UDP destination port is 53 according to the mask of the configured filter field, including the source IP address, the destination IP address and the length of the transport layer payload;...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system and method for implementing DNS attack resistance based on a network processor. The method includes the following steps: before data enters a secondary server, detecting the number of attack packets of DNS messages with a specific IP and load length within a certain time; and if the number of the messages exceeds a threshold, taking the messages as attack messages,and discarding the attack messages to ensure that the bandwidth is sufficient and the secondary server can receive normal messages. According to the scheme provided by the invention, the surging DNSattack messages are discarded on primary shunting equipment based on the network processor, the line bandwidth can be effectively guaranteed, and the normal operation of networks and the secondary server can be guaranteed.

Description

technical field [0001] The invention relates to the field of network security, in particular to a system for realizing anti-DNS attack based on a network processor. [0002] The present invention also relates to a method for realizing anti-DNS attack based on a network processor, Background technique [0003] In the current Internet, there are often cases where the bandwidth of the network transmission line is insufficient due to the sudden increase of some special traffic (such as malicious DNS attack messages), causing a large number of packet loss phenomena, resulting in the inability to transmit normal messages, and finally causing the network to be paralyzed. . The aggressive behavior against DNS packets is a typical attack method. Considering that if such an attack occurs, the secondary server will not be able to obtain effective traffic and cannot work normally. [0004] Therefore, a new technical solution is needed to solve the above problems. Contents of the in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/0236H04L63/1416H04L61/4511
Inventor 张家琦邹昕董文超仝国利孙浩李高超颜靖华何清林
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products