DNS hijack defending method, device and system based on firewall system

A firewall and domain name server technology, applied in transmission systems, electrical components, etc., can solve problems such as hazards, DNS hijacking defense methods are too passive, and low defense capabilities, to achieve the effect of avoiding hazards and reasonable and effective detection and interception

Inactive Publication Date: 2019-02-19
天津睿邦安通技术有限公司
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a DNS hijacking defense method, device and system based on a firewall system to solve the technical problem that the DNS hijacking defense method in the prior art is too passive, the defense capability is too low, and may still cause harm

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS hijack defending method, device and system based on firewall system
  • DNS hijack defending method, device and system based on firewall system
  • DNS hijack defending method, device and system based on firewall system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] refer to figure 1 , a flowchart of a DNS hijacking defense method based on a firewall system provided by an embodiment of the present application, the method includes:

[0067] S100. Configure the address of the first trusted domain name server and the address of the second trusted domain name server in the firewall system.

[0068] Specifically, the addresses of two trusted domain name servers (the first trusted domain name server and the second trusted domain name server) can be added to the configuration of the firewall system. These two trusted domain name servers can be any other two authorized domain name servers. server or any other two DNS domain name servers with certain credibility, such as 8.8.8.8 and 114.114.114.114.

[0069] S200. Determine domain name information;

[0070] It should be explained that the firewall system plays a role of preventing hijacking in this embodiment of the application. Therefore, it is first necessary to determine the specific ...

Embodiment 2

[0089] refer to figure 2 , a flow chart of another DNS hijacking defense method based on a firewall system provided by an embodiment of the present application, the step of determining domain name information includes:

[0090] S201. The firewall system monitors the DNS request, and extracts the domain name in the DNS request;

[0091] It should be noted that the firewall system monitors and extracts the domain name in the DNS request message in real time. In the embodiment of the present application, the firewall system monitors each DNS request message in real time.

[0092] S202. Count the number of requests for each domain name;

[0093] S203. Judging whether the number of requests for each domain name reaches a request number threshold;

[0094] S204. If the request times threshold is reached, determine that the domain name is a learning domain name, and add the learning domain name to a domain name cache list.

[0095] Specifically, when the number of requests for t...

Embodiment 3

[0098] The step of determining domain name information also includes:

[0099] Configure custom domain names to the domain name cache list.

[0100] In the embodiment of this application, if there is a special protection requirement for a certain domain name, manual configuration can be performed. For example, www.dfg.com is directly added to the domain name cache list.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application discloses a DNS hijack defending method, device and system based on a firewall system. The method comprises the following steps: configuring a first credible domain name server and a second credible domain name server; judging whether parsing results relevant to domain name information returned by the first credible domain server and the second credible domain server are the same or not; if so, storing the parsing results in a domain cache list; comparing whether a third parsing result returned by a local authorized domain name server is the same as the parsing results in the domain name cache list or not; and if not, hijacking a third parsing result by the firewall system since the third parsing result is hijacked. Third parties, namely, the first credible domain name server, the second credible domain name server and the local authorized domain name server are used for confirmation to realize the defending function of the firewall system for DNS hijacks, so that DNS hijack attack behaviors can be detected and intercepted reasonably and effectively, and harm to a user caused by phishing sites is avoided.

Description

technical field [0001] The present application relates to the technical field of DNS hijacking defense, in particular to a firewall system-based DNS hijacking defense method, device and system. Background technique [0002] DNS hijacking, also known as domain name hijacking, refers to intercepting domain name resolution requests within the hijacked network range, analyzing the requested domain name, and returning a fake IP address. The effect is that a specific network access is a fake URL, such as a phishing website. DNS hijacking mainly uses forged DNS servers as a main means of attack. The attacker hijacks the DNS request message sent by the user to the authorized domain name server, and then returns the IP of the phishing website to the user by forging the DNS server to deceive the user. [0003] For the above-mentioned DNS hijacking, the existing technology mainly adopts a passive solution for defense, specifically, the website service provider can provide two domain na...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/1466
Inventor 张辉
Owner 天津睿邦安通技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap