CN103179136B - The method and system of saturated distributed denial of service attack in defence dynamic website - Google Patents
The method and system of saturated distributed denial of service attack in defence dynamic website Download PDFInfo
- Publication number
- CN103179136B CN103179136B CN201310141679.1A CN201310141679A CN103179136B CN 103179136 B CN103179136 B CN 103179136B CN 201310141679 A CN201310141679 A CN 201310141679A CN 103179136 B CN103179136 B CN 103179136B
- Authority
- CN
- China
- Prior art keywords
- server
- service attack
- domain name
- distributed denial
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of method and system defending saturated distributed denial of service attack in dynamic website, when suffering saturated distributed denial of service attack, automatically by data flow handoff extremely hidden reserve link, and automatically data flow handoff can be gone back to original backbone road when attack is disappeared; When suffering saturated distributed denial of service attack in solution prior art, the situation that dynamic data cannot be accessed.The present invention can be applicable to E-Government, ecommerce, security, bank etc., in saturated distributed denial of service attack situation, still needs the numerous areas carrying out dynamic data transmission, is with a wide range of applications.
Description
Technical field
The present invention relates to a kind of implementation method and the system that solve saturated distributed denial of service attack, particularly a kind of method and system defending saturated distributed denial of service attack in dynamic website, belongs to technical field of network security.
Background technology
Along with continuous maturation and the development of network technology, distributed denial of service attack has become current site potential safety hazard the severeest, for saturated distributed denial of service attack, very effective means are not had to protect especially, harm when static website is subject to saturated distributed denial of service attack effectively can only be protected for the mode adopting CDN mode to carry out website data shunting and acceleration, and cannot immediate updating website dynamic content for dynamic website, and the means of conventional protection distributed denial of service attack have such as the following several:
1, the anti-DDOS(distributed denial of service of specialty is utilized) equipment: single anti-DDOS equipment effectively can protect DDOS attack, the state (saturation condition: attack traffic is more than or equal to the total bandwidth flow of network) but if distributed denial of service attack reaches capacity, then network congestion can be caused, even if now deploy the anti-DDOS equipment of specialty, because network is in congestion state, then the application of website still cannot be accessed, and causes the object of assailant to be reached.
2, CDN(ContentDeliveryNetwork is utilized: content distributing network) carry out shunting and the acceleration of website: shunting and the acceleration of this method in the early stage just in order to carry out website, but for static website, when main web site is subject to distributed denial of service attack, even if the network of main web site is in congestion state, other CDN node still can effectively be accessed, and has the function of certain anti-saturation distributed denial of service attack.But unfortunately: for dynamic website, because main web site is in congestion state, then what dynamic content cannot be correct transfers to CDN node from main web site, and dynamic message transmission is caused to postpone or show incorrect problem.
Therefore be subject to the problem of saturated distributed denial of service attack for dynamic website, need a kind of effective mean of defense and solution.
Summary of the invention
Goal of the invention: for problems of the prior art with not enough, the invention provides a kind of dynamic website when being subject to saturated Denial of Service attack, can be automatically switched transmission link, dynamic data transmission on multiple secondary node, is reached the method and system of saturated distributed denial of service attack in defence dynamic website by the reserve link that utilization is hidden.
Technical scheme: a kind of method of defending saturated distributed denial of service attack in dynamic website, sets up the reserve link and backup server cluster hidden, the chain route primary link of master server cluster and reserve link composition; When not suffering distributed denial of service attack, born the data input and output of user's access by primary link, backup server cluster does not work; When there being distributed denial of service attack, enable backup server cluster, standby server passes through reserve link, the dynamic data of request master server, master server is according to request, structure dynamic data, return to standby server by reserve link, standby server returns to the up-to-date dynamic data information of user; After distributed denial of service attack disappears, data communication is switched to primary link from reserve link.
When not suffering distributed denial of service attack, born the data input and output of user's access by primary link, backup server cluster does not work, and concrete steps are as follows:
Step 301, user submits to access domain name request to dns server cluster;
Step 302, is returned to the IP address of accessed master server by dns server cluster;
Step 303, user submits to access request data to master server according to the IP address of master server;
Step 304, be deployed in the ADS equipment inspection user request data stream of master server front end and whether comprise distributed denial of service attack, when not suffering distributed denial of service attack, ADS equipment Inspection is less than distributed denial of service attack, and ADS equipment submits user's request msg to master server cluster;
Step 305, master server returns results to user after the access request process of user being completed;
Step 306, process terminates.
When the primary link of master server suffers distributed denial of service attack, be at this moment divided into 2 kinds of situations, the first: distributed denial of service attack does not reach capacity state, and now primary link still can carry out transfer of data; The second: distributed denial of service attack reaches capacity state, and now primary link is in blocked state, any data cannot normal transmission; For the first situation, the concrete steps of process are as follows:
Step 401, assailant initiates distributed denial of service attack, and deployment ADS equipment over the primary link, according to the prevention policies of administrator configurations, detects distributed denial of service attack and filters;
Step 402, ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked, the domain name of amendment domain name is pointed to, and backup server cluster address is revised as in IP address;
Step 403, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 404, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster is directed to backup server cluster according to the domain name after renewal;
Step 405, when user accesses domain name, first goes the sensing of dns server nslookup;
Step 406, dns server, according to the geographic area at user place, returns to the standby server IP address of a user region;
Step 407, user submits to visit data to standby server according to the standby server IP address returned;
Step 408, the distributed purging system being deployed in standby server front end filters the attack data existed in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server, by reserve link, asks the dynamic data of master server;
Step 410, main service is according to the request of standby server, and structure dynamic data, returns to standby server by reserve link;
Step 411, standby server returns to the up-to-date dynamic data information of user, and process terminates.
For the second situation, the concrete steps of process are as follows:
Step 501, assailant initiates saturated distributed denial of service attack, now primary link be saturated attack congested, ADS equipment cannot send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation, when finding that primary link cannot respond, confirms that this primary link suffers saturated Denial of Service attack, or primary link off-line, the sensing of amendment domain name, and backup server cluster address is revised as in IP address;
Step 503, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 504, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to backup server cluster;
Step 505, when user accesses master server domain name, first goes dns server to inquire about the sensing of domain name;
Step 506, dns server, according to the geographic area at user place, returns to the standby server IP address of a user region;
Step 507, user submits to visit data to standby server according to the standby server IP address returned;
Step 508, the distributed purging system being deployed in standby server front end filters the attack data existed in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server, by reserve link, asks the dynamic data of master server;
Step 510, master server is according to standby server request, and structure dynamic data, returns to standby server by reserve link;
Step 511, standby server returns to the up-to-date dynamic data information of user, and process terminates.
After distributed denial of service attack disappears, data communication automatically switches to primary link from reserve link, and concrete steps are as follows:
Step 601, assailant stops saturated distributed denial of service attack, and distributed purging system judges that attack is disappeared;
Step 602, notify cloud dispatching patcher by distributed purging system, attack is disappeared, and prepares switchback primary link, and cloud dispatching patcher receives attack and disappears after notification message, update of domain name state;
Step 603, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 604, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to master server cluster;
Step 605, when user accesses domain name, first goes dns server to inquire about the sensing of domain name;
Step 606, dns server returns to user's master server IP address;
Step 607, user submits to visit data to master server according to the master server IP address returned;
Step 608, the ADS equipment being deployed in master server front end by the data flow of access request to master server;
Step 609, master server is according to access request, and structure dynamic data, return to user, process terminates.
Defend a system for saturated distributed denial of service attack in dynamic website, comprise master server cluster, primary link, hiding backup server cluster and reserve link, ADS equipment, cloud dispatching patcher, and distributed purging system;
Described master server cluster, when not suffering distributed denial of service attack or after distributed denial of service attack disappears, by primary link for responding user access request;
Described backup server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server, for responding user access request; Described backup server cluster is distributed in different regions;
Described ADS equipment is located at the front end of master server, and keeper arranges the prevention policies of detection and filter distribution formula Denial of Service attack by ADS equipment, and configuration is needed domain name, primary link, the reserve link information of protection; Configuration information is sent to cloud dispatching patcher by ADS equipment; ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked or primary link off-line, according to configuration information, the domain name of amendment domain name is pointed to, and backup server cluster address is revised as in IP address;
Described cloud dispatching patcher comprises dns server cluster; The domain name state of dns server cluster timing inquiry cloud dispatching patcher; Cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster is directed to backup server cluster according to the domain name after renewal;
Described distributed purging system is located at standby server front end, for cleaning the distributed denial of service attack from assailant and filter, and the user access data flow through filtering is sent to standby server.
Described cloud dispatching patcher selects standby server to carry out data buffer storage according to configuration information.
Beneficial effect: the method and system of saturated distributed denial of service attack in defence dynamic website provided by the invention, when suffering saturated distributed denial of service attack, automatically by data flow handoff extremely hidden reserve link, and automatically data flow handoff can be gone back to original backbone road when attack is disappeared; When suffering saturated distributed denial of service attack in solution prior art, the situation that dynamic data cannot be accessed.The present invention can be applicable to E-Government, ecommerce, security, bank etc., in saturated distributed denial of service attack situation, still needs the numerous areas carrying out dynamic data transmission, is with a wide range of applications.
Accompanying drawing explanation
Fig. 1 is the systematic schematic diagram of the embodiment of the present invention;
Fig. 2 is the flow chart of Administrator prevention policies and configuration information in the embodiment of the present invention;
Fig. 3 is the normal browsing process figure of user in the embodiment of the present invention;
Fig. 4 is active link switching flow figure in the embodiment of the present invention;
Fig. 5 is passive link switching flow chart in the embodiment of the present invention;
Fig. 6 is after in the embodiment of the present invention, attack is disappeared, the flow chart of automatic switchback primary link.
Embodiment
Below in conjunction with specific embodiment, illustrate the present invention further, these embodiments should be understood only be not used in for illustration of the present invention and limit the scope of the invention, after having read the present invention, the amendment of those skilled in the art to the various equivalent form of value of the present invention has all fallen within the application's claims limited range.
As shown in Figure 1, in defence dynamic website, the system of saturated distributed denial of service attack, mainly comprises master server cluster, hiding backup server cluster, ADS equipment, cloud dispatching patcher, and distributed purging system;
Master server cluster, when not suffering distributed denial of service attack or after distributed denial of service attack disappears, by primary link for responding user access request; Master server bandwidth 100Mbps, user's visit capacity is less than 50Mbps at ordinary times, and dynamic data accessing amount is less than 20Mbps, and when normally accessing, bandwidth is enough.
Backup server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server, for responding user access request; Backup server cluster is distributed in different regions; The total bandwidth of backup server cluster is far longer than the bandwidth of master server, can prevent saturated Denial of Service attack.Reserve link is the hiding reserve link of 30Mbps, not external disclosure, and assailant cannot learn the IP address of reserve link.
ADS equipment is located at the front end of master server, and this equipment can with the collaborative work of cloud dispatching patcher, and keeper arranges the prevention policies of detection and filter distribution formula Denial of Service attack by ADS equipment, configuration information; ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked or primary link off-line, according to configuration information, the domain name of amendment domain name is pointed to, and backup server cluster address is revised as in IP address;
Cloud dispatching patcher comprises dns server cluster; The domain name state of dns server cluster timing inquiry cloud dispatching patcher; Cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster is directed to backup server cluster according to the domain name after renewal;
Distributed purging system is located at standby server front end, for cleaning the distributed denial of service attack from assailant and filter, and the user access data flow through filtering is sent to standby server.
Keeper described by Fig. 2 configuration step on ADS equipment is as follows:
Step 201, prevention policies configures: first keeper configures prevention policies on local ADS equipment;
Step 202, domain name configures: keeper is needing the domain name of protection, primary link, reserve link information solicitation complete;
Step 203, configuration information is sent to cloud dispatching patcher by ADS equipment;
Step 204, cloud dispatching patcher, according to the information of administrator configurations, selects standby server to carry out static data buffer memory.
As shown in Figure 3, when not suffering distributed denial of service attack, user normally accesses, and born the data input and output of user's access by primary link, backup server cluster does not work, and concrete steps are as follows:
Step 301, user submits to access domain name request to dns server cluster;
Step 302, is returned to the IP address of accessed master server by dns server cluster;
Step 303, user submits to access request data to master server according to the IP address of master server;
Step 304, whether the ADS equipment being deployed in master server front end comprises distributed denial of service attack according in the prevention policies inspection user request data stream of Administrator, when not suffering distributed denial of service attack, ADS equipment Inspection is less than distributed denial of service attack, and ADS equipment submits the user's request data stream after filtration to master server cluster;
Step 305, master server returns results to user after the access request process of user being completed;
Step 306, process terminates.
When the primary link of master server suffers distributed denial of service attack, be at this moment divided into 2 kinds of situations, the first: distributed denial of service attack does not reach capacity state, and now primary link still can carry out transfer of data.The second: distributed denial of service attack reaches capacity state, and now primary link is in blocked state, and any data cannot normal transmission.For the first situation, the concrete steps following (as shown in Figure 4, active link switching flow) of process:
Step 401, assailant initiates distributed denial of service attack, and deployment ADS equipment over the primary link, according to the prevention policies of administrator configurations, detects attack and filters;
Step 402, ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked, the domain name that amendment upgrades this domain name is pointed to and backup server cluster address is revised as in IP address;
Step 403, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 404, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to backup server cluster;
Step 405, when normal users accesses this domain name, first goes the sensing of this domain name of server lookup;
Step 406, dns server, according to geographic area, user place, returns to the standby server IP address that user one is corresponding with the region at its place;
Step 407, user submits to visit data to standby server according to the standby server IP address returned;
Step 408, the distributed purging system being deployed in standby server front end filters the attack data existed in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server, by reserve link, asks the dynamic data of master server;
Step 410, master server is according to the request of standby server, and structure dynamic data, returns to standby server by reserve link;
Step 411, standby server returns to the up-to-date dynamic data information of user, and process terminates.
For the second situation, as shown in Figure 5, passive link switching flow process, the concrete steps of process are as follows:
Step 501, assailant initiates saturated distributed denial of service attack, now primary link be saturated attack congested, ADS equipment cannot send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation, when finding that primary link cannot respond, confirms that this primary link suffers saturated Denial of Service attack, or primary link off-line, revises the sensing of this domain name, and backup server cluster address is revised as in IP address;
Step 503, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 504, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to backup server cluster;
Step 505, when normal users accesses this domain name, first goes dns server to inquire about the sensing of this domain name;
Step 506, dns server, according to geographic area, user place, returns to the standby server IP address that user one is corresponding with the region at its place;
Step 507, user submits to visit data to standby server according to the standby server IP address returned;
Step 508, the distributed purging system being deployed in standby server front end filters the attack data existed in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server, by reserve link, asks the dynamic data of master server;
Step 510, master server is according to request, and structure dynamic data, returns to standby server by reserve link;
Step 511, standby server returns to the up-to-date dynamic data information of user, and process terminates.
As shown in Figure 6, after attack is disappeared, data communication automatically switches to primary link from reserve link, and concrete steps are as follows:
Step 601, assailant stops saturated distributed denial of service attack, and distributed purging system judges that attack is disappeared;
Step 602, notify cloud dispatching patcher by distributed purging system, attack is disappeared, and prepares switchback primary link, and cloud dispatching patcher receives attack and disappears after notification message, upgrades this domain name state;
Step 603, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 604, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to master server cluster;
Step 605, when normal users accesses this domain name, first goes dns server to inquire about the sensing of this domain name;
Step 606, name server returns to user's master server IP address;
Step 607, user submits to visit data to master server according to the master server IP address returned;
Step 608, the ADS equipment being deployed in master server front end filters the attack data existed in access request, and the data flow of concurrent warp let-off filtration is to master server;
Step 609, step 610, main service is according to request, and structure dynamic data, return to user, process terminates.
In sum, data flow handoff, when suffering distributed denial of service attack, automatically by data flow handoff extremely hidden reserve link, and can be returned original link when attack is disappeared by the present invention automatically.Technique can be applied to E-Government, ecommerce, security, finance, the numerous areas such as military and national defense, such as, in E-Government, leave information disclosed in the government affairs in the database of master server in, when master server suffers saturated Denial of Service attack, by reserve link, multidate information is gone to standby server and be transferred to user, and standby server node is numerous, there is the very strong ability resisting saturated Denial of Service attack, the user of such access government website still can get information disclosed in relevant government affairs in time, because the program is disposed flexibly, the mode of network service can be adopted to provide to user, therefore, this technology has very high promotional value.
Claims (6)
1. defend a method for saturated distributed denial of service attack in dynamic website, it is characterized in that: set up the reserve link and backup server cluster hidden, the chain route primary link of master server cluster and reserve link composition; When not suffering distributed denial of service attack, born the input and output of user accesses data by primary link, backup server cluster does not work; When there being distributed denial of service attack, enable backup server cluster, standby server passes through reserve link, the dynamic data of request master server, master server is according to request, structure dynamic data, return to standby server by reserve link, standby server returns to the up-to-date dynamic data information of user; After distributed denial of service attack disappears, data communication is switched to primary link from reserve link;
When not suffering distributed denial of service attack, born the input and output of user accesses data by primary link, backup server cluster does not work, and concrete steps are as follows:
Step 301, user submits to access domain name request to dns server cluster;
Step 302, is returned to the IP address of accessed master server by dns server cluster;
Step 303, user submits to access request data to master server according to the IP address of master server;
Step 304, be deployed in the ADS equipment inspection user request data stream of master server front end and whether comprise distributed denial of service attack, when not suffering distributed denial of service attack, ADS equipment Inspection is less than distributed denial of service attack, and ADS equipment submits the user's request msg after filtration to master server cluster;
Step 305, master server returns results to user after the access request process of user being completed;
Step 306, process terminates;
When the primary link of master server suffers distributed denial of service attack, be at this moment divided into 2 kinds of situations, the first: distributed denial of service attack does not reach capacity state, and now primary link still can carry out transfer of data; The second: distributed denial of service attack reaches capacity state, and now primary link is in blocked state, any data cannot normal transmission; For the first situation, the concrete steps of process are as follows:
Step 401, assailant initiates distributed denial of service attack, and deployment ADS equipment over the primary link, according to the prevention policies of administrator configurations, detects distributed denial of service attack and filters;
Step 402, ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked, the domain name of amendment domain name is pointed to, and backup server cluster address is revised as in IP address;
Step 403, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 404, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster is directed to backup server cluster according to the domain name after renewal;
Step 405, when user accesses domain name, first goes the sensing of dns server nslookup;
Step 406, dns server, according to the geographic area at user place, returns to the standby server IP address of a user region;
Step 407, user submits to visit data to standby server according to the standby server IP address returned;
Step 408, the distributed purging system being deployed in standby server front end filters the attack data existed in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server, by reserve link, asks the dynamic data of master server;
Step 410, main service is according to the request of standby server, and structure dynamic data, returns to standby server by reserve link;
Step 411, standby server returns to the up-to-date dynamic data information of user, and process terminates.
2. method of defending saturated distributed denial of service attack in dynamic website as claimed in claim 1, it is characterized in that: for the second situation, the concrete steps of process are as follows:
Step 501, assailant initiates saturated distributed denial of service attack, now primary link be saturated attack congested, ADS equipment cannot send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation, when finding that primary link cannot respond, confirms that this primary link suffers saturated Denial of Service attack, or primary link off-line, the sensing of amendment domain name, and backup server cluster address is revised as in IP address;
Step 503, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 504, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to backup server cluster;
Step 505, when user accesses master server domain name, first goes dns server to inquire about the sensing of domain name;
Step 506, dns server, according to the geographic area at user place, returns to the standby server IP address of a user region;
Step 507, user submits to visit data to standby server according to the standby server IP address returned;
Step 508, the distributed purging system being deployed in standby server front end filters the attack data existed in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server, by reserve link, asks the dynamic data of master server;
Step 510, master server is according to standby server request, and structure dynamic data, returns to standby server by reserve link;
Step 511, standby server returns to the up-to-date dynamic data information of user, and process terminates.
3. method of defending saturated distributed denial of service attack in dynamic website as claimed in claim 1, it is characterized in that: after distributed denial of service attack disappears, data communication switches to primary link from reserve link, and concrete steps are as follows:
Step 601, assailant stops saturated distributed denial of service attack, and distributed purging system judges that attack is disappeared;
Step 602, notify cloud dispatching patcher by distributed purging system, attack is disappeared, and prepares switchback primary link, and cloud dispatching patcher receives attack and disappears after notification message, update of domain name state;
Step 603, the domain name state of dns server cluster timing inquiry cloud dispatching patcher;
Step 604, cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster upgrades domain name and is directed to master server cluster;
Step 605, when user accesses domain name, first goes dns server to inquire about the sensing of domain name;
Step 606, dns server returns to user's master server IP address;
Step 607, user submits to visit data to master server according to the master server IP address returned;
Step 608, the ADS equipment being deployed in master server front end is sent to master server by after the data stream filtering of access request;
Step 609, master server is according to access request, and structure dynamic data, return to user, process terminates.
4. one kind realizes the system of the method for saturated distributed denial of service attack in defence dynamic website as described in claim 1-3 any one, it is characterized in that: comprise master server cluster, primary link, the backup server cluster hidden and reserve link, ADS equipment, cloud dispatching patcher, and distributed purging system;
Described master server cluster, when not suffering distributed denial of service attack or after distributed denial of service attack disappears, by primary link for responding user access request;
Described backup server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server, for responding user access request;
Described ADS equipment is located at the front end of master server, and keeper arranges the prevention policies of detection and filter distribution formula Denial of Service attack by ADS equipment, and configuration is needed domain name, primary link, the reserve link information of protection; Configuration information is sent to cloud dispatching patcher by ADS equipment; ADS equipment is after detecting that distributed denial of service attack reaches the threshold value of administrator configurations, the alarm information attacked is sent to cloud dispatching patcher, after cloud dispatching patcher receives alarm information, confirm that primary link is attacked or primary link off-line, according to configuration information, the domain name of amendment domain name is pointed to, and backup server cluster address is revised as in IP address;
Described cloud dispatching patcher comprises dns server cluster; The domain name state of dns server cluster timing inquiry cloud dispatching patcher; Cloud dispatching patcher returns the IP address group of up-to-date domain name state and correspondence to dns server cluster, and dns server cluster is directed to backup server cluster according to the domain name after renewal;
Described distributed purging system is located at standby server front end, for cleaning the distributed denial of service attack from assailant and filter, and the user access data flow through filtering is sent to standby server.
5. system as claimed in claim 4, is characterized in that: described backup server cluster is distributed in different regions.
6. system as claimed in claim 4, is characterized in that: described cloud dispatching patcher selects standby server to carry out data buffer storage according to configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310141679.1A CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310141679.1A CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179136A CN103179136A (en) | 2013-06-26 |
| CN103179136B true CN103179136B (en) | 2016-01-20 |
Family
ID=48638759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310141679.1A Active CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103179136B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302313B (en) * | 2015-05-14 | 2019-10-08 | 阿里巴巴集团控股有限公司 | DDoS defence method and DDoS system of defense based on scheduling system |
| US10044673B2 (en) * | 2015-07-22 | 2018-08-07 | Fastly, Inc. | Protecting communication link between content delivery network and content origin server |
| CN105072211B (en) * | 2015-08-12 | 2018-11-02 | 网宿科技股份有限公司 | Domain name deployment system based on DNS and method |
| CN107294922A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of network address dispatching method and device for tackling network attack |
| CN106254429A (en) * | 2016-07-25 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | The control method of a kind of multi-path data transmission and device |
| CN106357496A (en) * | 2016-10-28 | 2017-01-25 | 美的智慧家居科技有限公司 | Switching control method and device of household electric appliance and cloud server |
| CN106453006B (en) * | 2016-10-31 | 2020-08-04 | 美的智慧家居科技有限公司 | Binding control method and device for household appliances and cloud server |
| CN109450841B (en) * | 2018-09-03 | 2020-12-04 | 中新网络信息安全股份有限公司 | Large-scale DDoS attack resisting defense method based on cloud + end equipment on-demand linkage mode |
| CN109347792B (en) * | 2018-09-03 | 2020-11-27 | 中新网络信息安全股份有限公司 | Large-scale DDoS attack resistance defense system and method based on cloud + end equipment continuous linkage mode |
| CN111385235B (en) * | 2018-12-27 | 2022-08-26 | 北京卫达信息技术有限公司 | DDoS attack defense system and method based on dynamic transformation |
| CN109617913B (en) * | 2019-01-15 | 2021-04-27 | 成都知道创宇信息技术有限公司 | Management method for rapidly positioning DDoS attack of multi-user sharing node |
| CN110138783A (en) * | 2019-05-15 | 2019-08-16 | 重庆八戒电子商务有限公司 | A method of ddos attack is handled based on cloud computing platform |
| CN110995848B (en) * | 2019-12-10 | 2022-09-06 | 京东科技信息技术有限公司 | Service management method, device, system, electronic equipment and storage medium |
| CN113489711B (en) * | 2021-07-01 | 2022-09-27 | 中国电信股份有限公司 | DDoS attack detection method, system, electronic device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127649A (en) * | 2007-09-30 | 2008-02-20 | 华为技术有限公司 | A method and system for preventing from network attacks |
| CN101136900A (en) * | 2006-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Fast transparent fault shift device and implementing method facing to service |
| CN101394285A (en) * | 2007-09-17 | 2009-03-25 | 国际商业机器公司 | Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
| CN102739453A (en) * | 2012-07-03 | 2012-10-17 | 华为软件技术有限公司 | Master-standby switching method, device and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8776207B2 (en) * | 2011-02-16 | 2014-07-08 | Fortinet, Inc. | Load balancing in a network with session information |
-
2013
- 2013-04-22 CN CN201310141679.1A patent/CN103179136B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136900A (en) * | 2006-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Fast transparent fault shift device and implementing method facing to service |
| CN101394285A (en) * | 2007-09-17 | 2009-03-25 | 国际商业机器公司 | Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack |
| CN101127649A (en) * | 2007-09-30 | 2008-02-20 | 华为技术有限公司 | A method and system for preventing from network attacks |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
| CN102739453A (en) * | 2012-07-03 | 2012-10-17 | 华为软件技术有限公司 | Master-standby switching method, device and system |
Non-Patent Citations (1)
| Title |
|---|
| 云清洗三打DDoS;郭庆;《网络世界》;20130107;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179136A (en) | 2013-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179136B (en) | The method and system of saturated distributed denial of service attack in defence dynamic website | |
| US9548961B2 (en) | Detecting adverse network conditions for a third-party network site | |
| Wang et al. | Cascade-based attack vulnerability on the US power grid | |
| CN103209192B (en) | For domain name state purging system during ddos attack and detection method | |
| CN102137111A (en) | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server | |
| CN101834875B (en) | Method, device and system for defending DDoS (Distributed Denial of Service) attacks | |
| CN103023924A (en) | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform | |
| CN104917779A (en) | Protection method of CC attack based on cloud, device thereof and system thereof | |
| CN106534114A (en) | Big-data-analysis-based anti-malicious attack system | |
| CN101945117A (en) | Method and equipment for preventing source address spoofing attack | |
| CN106385455A (en) | CDN (Content Delivery Network) mirror-based whole site lock setting method | |
| CN107277080A (en) | A kind of is the internet risk management method and system of service based on safety | |
| CN109688242A (en) | A kind of cloud guard system and method | |
| US8898332B2 (en) | Methods, systems, devices and computer program products for protecting a network by providing severable network zones | |
| Zhang et al. | Cascading failures of power grids caused by line breakdown | |
| CN112839052B (en) | Virtual network security protection system, method, server and readable storage medium | |
| CN101257502B (en) | Protecting server and network method | |
| CN103995901A (en) | Method for determining data node failure | |
| CN101989975A (en) | Distributed method for blocking access of illegal computers | |
| CN103227733B (en) | A kind of topology discovery method and system | |
| CN105338017A (en) | WEB defense method and system | |
| CN103166868B (en) | For the method and apparatus that anti-neighbours are shaken | |
| CN104539611A (en) | Method, device and system for managing shared file | |
| CN204948116U (en) | A kind of financial service plateform system of internet security | |
| CN101902337A (en) | Method for managing network intrusion event |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: Yuhuatai District of Nanjing city Ning dual 210012 Jiangsu province No. 18 building 4 layer D Applicant after: Nanjing Yxlink Information Technologies Co., Ltd. Address before: Yuhuatai District of Nanjing City, the 210012 avenue of flora in Jiangsu province 23 Building No. 3 509 Applicant before: Nanjing Yxlink Information Technologies Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: NANJING YXLINK INFORMATION TECHNOLOGIES LTD. TO: NANJING YXLINK INFORMATION TECHNOLOGIES CO., LTD. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |