WO2018095375A1 - Dns protection method, management device, and domain name server - Google Patents

Dns protection method, management device, and domain name server Download PDF

Info

Publication number
WO2018095375A1
WO2018095375A1 PCT/CN2017/112666 CN2017112666W WO2018095375A1 WO 2018095375 A1 WO2018095375 A1 WO 2018095375A1 CN 2017112666 W CN2017112666 W CN 2017112666W WO 2018095375 A1 WO2018095375 A1 WO 2018095375A1
Authority
WO
WIPO (PCT)
Prior art keywords
dns
management device
data
target
qps
Prior art date
Application number
PCT/CN2017/112666
Other languages
French (fr)
Chinese (zh)
Inventor
符立佳
苗辉
Original Assignee
贵州白山云科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 贵州白山云科技有限公司 filed Critical 贵州白山云科技有限公司
Publication of WO2018095375A1 publication Critical patent/WO2018095375A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Definitions

  • the embodiments of the present invention relate to, but are not limited to, a field of computer network security, and in particular, to a DNS protection method management device and a domain name resolution server.
  • Domain name resolution is one of the most important aspects of the network access process.
  • the main function of the domain name resolution server (DomainNameServer, abbreviation: DNS) is to convert the domain name into a network-recognizable IP. Due to the importance of DNS and low security, more and more DDOS attacks have targeted DNS in recent years. How to effectively defend against DNS DDOS attacks becomes an important task of network services.
  • the DNS usually adopts a marginal architecture, which means that the DNS server is pushed to the edge of the network by implementing the domain name NS record, that is, the DNS requests of different regions access different DNS servers.
  • the current method based on the DNS edge architecture to prevent DDOS attacks is: monitoring the query rate per second for a single DNS request (QueriesPerSecond, abbreviation: QPS).
  • QPS QueriesPerSecond, abbreviation: QPS.
  • the defense policy when the attack traffic is greater than the uplink bandwidth of the network or the processing capability of the DNS, the defense policy will be completely invalid, and the DNS service will be unavailable. If the attack source is concentrated in a certain area and the attack traffic is greater than the uplink bandwidth or server processing capability, at least one DNS in the DNS edged structure is completely unavailable. When the attack traffic comes from various areas, each DNS server in the DNS edged architecture will be attacked. When the attack traffic is greater than the network uplink bandwidth or server processing capability, the defense policy will be completely invalid, and the DNS service will not be available. use.
  • the management device sends a monitoring task to the service domain name resolution server DNS; the management device receives the monitoring data sent by the service DNS, and the monitoring data includes the target QPS data and the target access source IP corresponding to the target QPS data, and the target QPS data is monitored by the service DNS according to the monitoring task. Data in the QPS data that is greater than the threshold;
  • the management device determines the attack defense policy according to the target QPS data; the management device points the target access source IP to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to switch to the standby DNS.
  • the above methods also include:
  • the management device points the target access source IP to the alternate DNS according to the anti-attack policy, including:
  • the management device sends the IP of the alternate DNS to the target access source IP.
  • the management device determines an attack defense policy based on the target QPS data, including:
  • the above methods also include:
  • the management device includes a blacklist.
  • the blacklist points to the standby DNS.
  • the management device determines the attack defense policy based on the attack type.
  • the management device determines to start the blacklist
  • the management device adds the target access source IP to the blacklist
  • the management device receives the DNS access request
  • the above methods also include:
  • the management device includes a blacklist and a whitelist.
  • the blacklist points to the standby DNS.
  • the whitelist is used to cover the served IP.
  • the whitelist points to the service DNS.
  • the management device determines the attack defense policy according to the attack type. If the network is scattered, the management device determines to start the whitelist and blacklist.
  • the management device points the target access source IP to the alternate DNS according to the anti-attack policy, including:
  • the management device removes the target access source IP from the whitelist and adds it to the blacklist
  • the management device receives the DNS access request
  • the management device determines whether the source IP address corresponding to the DNS access request belongs to the whitelist. If the source IP address does not belong to the whitelist, the management device determines whether the source IP address belongs to the blacklist. If the blacklist is included, the management device routes the DNS access request to the standby DNS.
  • the above methods also include:
  • the QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet.
  • the service domain name resolution server DNS receives the monitoring task sent by the management device; the service DNS monitors the QPS data according to the monitoring task;
  • the service DNS determines whether the QPS data exceeds a threshold, and if so, the service DNS determines target QPS data exceeding the threshold in the QPS data, and a target access source IP corresponding to the target QPS data;
  • the service DNS generates monitoring data according to the target QPS data and the target access source IP;
  • the service DNS sends monitoring data to the management device.
  • the monitoring data is used to instruct the management device to determine an attack defense policy according to the target QPS data.
  • the target access source IP address is directed to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to be switched to the standby. DNS.
  • the above methods also include:
  • the monitoring tasks sent by the service DNS receiving management device include:
  • the DNS periodically receives the monitoring task sent by the management device, and the monitoring task includes the threshold of the QPS data.
  • the DNS periodically monitors the QPS data according to the monitoring task.
  • the QPS data includes the QPS data corresponding to the access IP, the QPS data corresponding to the domain name, and the QPS data corresponding to the specified protocol packet, and each type of QPS data has a corresponding threshold.
  • a sending module configured to send a monitoring task to the service DNS
  • the first receiving module is configured to receive monitoring data sent by the serving DNS, where the monitoring data includes the target access source IP corresponding to the target QPS data and the target QPS data, and the target QPS data is greater than a threshold in the QPS data monitored by the serving DNS according to the monitoring task. data;
  • the policy determining module is configured to determine an attack defense policy according to the target QPS data received by the first receiving module
  • the processing module is configured to point the target access source IP to the standby DNS according to the anti-attack policy determined by the policy determining module, so as to guide the attack traffic of the target access source IP to switch to the standby DNS.
  • a receiving module configured to receive a monitoring task sent by the management device
  • a monitoring module configured to monitor QPS data according to a monitoring task received by the receiving module
  • a determining module configured to determine whether the QPS data exceeds a threshold
  • a determining module configured to determine target QPS data exceeding a threshold in the QPS data, and a target access source IP corresponding to the target QPS data; and a generating module, configured to generate monitoring data according to the target QPS data determined by the determining module and the target access source IP;
  • a sending module configured to send monitoring data generated by the generating module to the management device
  • the monitoring data is used to indicate that the management device determines the attack defense policy according to the target QPS data; and the target access source IP is directed to the standby DNS according to the attack defense policy, so that the attack traffic of the target access source IP is switched to the standby DNS.
  • FIG. 1 is a schematic diagram of an embodiment of a method for protecting a DNS according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of another embodiment of a method for protecting a DNS according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of an embodiment of a management device according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an embodiment of a management device according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of another embodiment of a management device according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of another embodiment of a management device according to an embodiment of the present disclosure.
  • the sending module 310 is configured to send the IP of the standby DNS to the target access source IP.
  • the processing module 640 is further configured to remove the target access source IP from the whitelist and add the blacklist to the blacklist;
  • the second receiving module 660 is configured to receive a DNS access request.
  • the QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet.
  • the monitoring module 720 is configured to monitor the QPS data according to the monitoring task received by the receiving module 710.
  • the determining module 730 is configured to determine whether the QPS data exceeds a threshold.
  • the sending module 760 is configured to send, to the management device, the monitoring data generated by the generating module 750, where the monitoring data is used to instruct the management device to determine an attack defense policy according to the target QPS data; and the target access source IP is directed to the standby DNS according to the attack defense policy to guide the target.
  • the attack traffic accessing the source IP is switched to the alternate DNS.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in the present invention are a DNS protection method, management device, and related devices. The method comprises: a management device sends a monitoring task to a serving domain name server (DNS); the management device receives monitoring data sent by the serving DNS, the monitoring data comprising target QPS data and a target referrer IP corresponding to the target QPS data, and the target QPS data being data that is greater than a threshold and that is in the QPS data monitored by the serving DNS according to the monitoring task; the management device determines, according to the target QPS data, an anti-attack policy; and the management device points the target referrer IP to a standby DNS according to the anti-attack policy, so as to cause the attack traffic of the target referrer IP to be switched over to the standby DNS.

Description

一种DNS的防护方法、管理设备及域名解析服务器DNS protection method, management device and domain name resolution server
本申请要求在2016年11月23日提交中国专利局、申请号为201611042517.2、发明名称为“一种DNS的防护方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201611042517.2, entitled "A DNS Protection Method and Related Equipment", filed on November 23, 2016, the entire contents of which are incorporated herein by reference. In the application.
技术领域Technical field
本发明实施例涉及但不限于一种计算机网络安全领域,尤其涉及一种DNS的防护方法管理设备及域名解析服务器。The embodiments of the present invention relate to, but are not limited to, a field of computer network security, and in particular, to a DNS protection method management device and a domain name resolution server.
背景技术Background technique
域名解析是网络访问过程中最重要的环节之一,域名解析服务器(DomainNameServer,缩写:DNS)主要功能为将域名转换为网络可识别的IP。由于DNS具有业务重要、安全性低的特点,近年来越来越多的DDOS攻击把目标对准DNS。如何有效防御DNS的DDOS攻击成为网络服务的重要工作。当前为了防止网络拥塞,DNS通常采用边缘化架构,该边缘化架构指通过将域名NS记录实现将DNS服务器推向网络边缘,即不同区域的DNS请求会访问到不同的DNS服务器。Domain name resolution is one of the most important aspects of the network access process. The main function of the domain name resolution server (DomainNameServer, abbreviation: DNS) is to convert the domain name into a network-recognizable IP. Due to the importance of DNS and low security, more and more DDOS attacks have targeted DNS in recent years. How to effectively defend against DNS DDOS attacks becomes an important task of network services. Currently, in order to prevent network congestion, the DNS usually adopts a marginal architecture, which means that the DNS server is pushed to the edge of the network by implementing the domain name NS record, that is, the DNS requests of different regions access different DNS servers.
当前基于DNS边缘架构防止DDOS攻击的方法为:监控单台DNS请求的每秒查询率(QueriesPerSecond,缩写:QPS),当QPS大于预先设置的阀值,则启动流量清洗策略,将超过阀值的请求包丢弃,起到保护正常服务的效果。The current method based on the DNS edge architecture to prevent DDOS attacks is: monitoring the query rate per second for a single DNS request (QueriesPerSecond, abbreviation: QPS). When the QPS is greater than a preset threshold, the traffic cleaning policy is initiated, which will exceed the threshold. Request packet discarding to protect the normal service.
现有技术中,当攻击流量大于网络上联带宽或DNS的处理能力时,防御策略会完全失效,DNS的服务将不可用。若攻击来源集中在某一个区域,攻击流量大于上联带宽或者服务器处理能力时,DNS边缘化结构中至少一个DNS完全不可用。当攻击流量来自于各个区域时,DNS边缘化架构中的每台DNS服务器都会受到攻击,此时当攻击流量大于网络上联带宽或服务器处理能力时,防御策略会完全失效,DNS的服务将不可用。In the prior art, when the attack traffic is greater than the uplink bandwidth of the network or the processing capability of the DNS, the defense policy will be completely invalid, and the DNS service will be unavailable. If the attack source is concentrated in a certain area and the attack traffic is greater than the uplink bandwidth or server processing capability, at least one DNS in the DNS edged structure is completely unavailable. When the attack traffic comes from various areas, each DNS server in the DNS edged architecture will be attacked. When the attack traffic is greater than the network uplink bandwidth or server processing capability, the defense policy will be completely invalid, and the DNS service will not be available. use.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。 The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例中DNS的防护方法,包括:The method for protecting the DNS in the embodiment of the present invention includes:
管理设备向服务域名解析服务器DNS发送监控任务;管理设备接收服务DNS发送的监控数据,监控数据包括目标QPS数据和目标QPS数据对应的目标访问来源IP,目标QPS数据是由服务DNS根据监控任务监控的QPS数据中大于阈值的数据;The management device sends a monitoring task to the service domain name resolution server DNS; the management device receives the monitoring data sent by the service DNS, and the monitoring data includes the target QPS data and the target access source IP corresponding to the target QPS data, and the target QPS data is monitored by the service DNS according to the monitoring task. Data in the QPS data that is greater than the threshold;
管理设备根据目标QPS数据确定防攻击策略;管理设备根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The management device determines the attack defense policy according to the target QPS data; the management device points the target access source IP to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to switch to the standby DNS.
上述方法还包括:The above methods also include:
管理设备根据防攻击策略将目标访问来源IP指向备用DNS,包括:The management device points the target access source IP to the alternate DNS according to the anti-attack policy, including:
管理设备将备用DNS的IP向目标访问来源IP发送。The management device sends the IP of the alternate DNS to the target access source IP.
上述方法还包括:The above methods also include:
管理设备根据目标QPS数据确定防攻击策略,包括:The management device determines an attack defense policy based on the target QPS data, including:
管理设备根据目标QPS数据和映射关系表确定攻击类型,QPS数据与攻击类型具有映射关系表;管理设备根据攻击类型确定防攻击策略。The management device determines the attack type according to the target QPS data and the mapping relationship table, and the QPS data has a mapping relationship table with the attack type; the management device determines the attack defense policy according to the attack type.
上述方法还包括:The above methods also include:
管理设备中包括黑名单,黑名单指向备用DNS,管理设备根据攻击类型确定防攻击策略包括:The management device includes a blacklist. The blacklist points to the standby DNS. The management device determines the attack defense policy based on the attack type.
若攻击类型为集中攻击,则管理设备确定启动黑名单;If the attack type is a centralized attack, the management device determines to start the blacklist;
管理设备根据防攻击策略将目标访问来源IP指向备用DNS,包括:The management device points the target access source IP to the alternate DNS according to the anti-attack policy, including:
管理设备将目标访问来源IP加入黑名单中;The management device adds the target access source IP to the blacklist;
管理设备接收DNS访问请求;The management device receives the DNS access request;
管理设备判断DNS访问请求对应的来源IP是否属于黑名单,若是,则管理设备将DNS访问请求路由至备用DNS。The management device determines whether the source IP corresponding to the DNS access request belongs to the blacklist, and if so, the management device routes the DNS access request to the standby DNS.
上述方法还包括:The above methods also include:
管理设备包括黑名单和白名单,黑名单指向备用DNS,白名单用于覆盖被服务的IP,白名单指向服务DNS,管理设备根据攻击类型确定防攻击策略包括:若攻击类型包括集中攻击和全网分散攻击,则管理设备确定启动白名单和黑名单; The management device includes a blacklist and a whitelist. The blacklist points to the standby DNS. The whitelist is used to cover the served IP. The whitelist points to the service DNS. The management device determines the attack defense policy according to the attack type. If the network is scattered, the management device determines to start the whitelist and blacklist.
管理设备根据防攻击策略将目标访问来源IP指向备用DNS,包括:The management device points the target access source IP to the alternate DNS according to the anti-attack policy, including:
管理设备将目标访问来源IP从白名单中剔除,并加入黑名单中;The management device removes the target access source IP from the whitelist and adds it to the blacklist;
管理设备接收DNS访问请求;The management device receives the DNS access request;
管理设备判断DNS访问请求对应的来源IP是否属于白名单,若不属于白名单,则管理设备判断来源IP是否属于黑名单,若属于黑名单,则管理设备将DNS访问请求路由至备用DNS。The management device determines whether the source IP address corresponding to the DNS access request belongs to the whitelist. If the source IP address does not belong to the whitelist, the management device determines whether the source IP address belongs to the blacklist. If the blacklist is included, the management device routes the DNS access request to the standby DNS.
上述方法还包括:The above methods also include:
QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据。The QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet.
本发明实施例中DNS的防护方法,包括:The method for protecting the DNS in the embodiment of the present invention includes:
服务域名解析服务器DNS接收管理设备发送的监控任务;服务DNS根据监控任务监控QPS数据;The service domain name resolution server DNS receives the monitoring task sent by the management device; the service DNS monitors the QPS data according to the monitoring task;
服务DNS判断QPS数据是否超过阈值,若是,则服务DNS确定QPS数据中超过阈值的目标QPS数据,及与目标QPS数据对应的目标访问来源IP;The service DNS determines whether the QPS data exceeds a threshold, and if so, the service DNS determines target QPS data exceeding the threshold in the QPS data, and a target access source IP corresponding to the target QPS data;
服务DNS根据目标QPS数据和目标访问来源IP生成监控数据;The service DNS generates monitoring data according to the target QPS data and the target access source IP;
服务DNS向管理设备发送监控数据,监控数据用于指示管理设备根据目标QPS数据确定防攻击策略;根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The service DNS sends monitoring data to the management device. The monitoring data is used to instruct the management device to determine an attack defense policy according to the target QPS data. The target access source IP address is directed to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to be switched to the standby. DNS.
上述方法还包括:The above methods also include:
服务DNS接收管理设备发送的监控任务包括:The monitoring tasks sent by the service DNS receiving management device include:
DNS周期性的接收管理设备发送的监控任务,监控任务中包括QPS数据的阈值;The DNS periodically receives the monitoring task sent by the management device, and the monitoring task includes the threshold of the QPS data.
DNS根据监控任务监控QPS数据,包括:The DNS monitors QPS data based on monitoring tasks, including:
DNS根据监控任务周期性的监控QPS数据,QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据,每种类型的QPS数据均具有对应的阈值。The DNS periodically monitors the QPS data according to the monitoring task. The QPS data includes the QPS data corresponding to the access IP, the QPS data corresponding to the domain name, and the QPS data corresponding to the specified protocol packet, and each type of QPS data has a corresponding threshold.
本发明实施例中的管理设备,包括:The management device in the embodiment of the present invention includes:
发送模块,设置为向服务DNS发送监控任务; a sending module, configured to send a monitoring task to the service DNS;
第一接收模块,设置为接收服务DNS发送的监控数据,监控数据包括目标QPS数据和目标QPS数据对应的目标访问来源IP,目标QPS数据是由服务DNS根据监控任务监控的QPS数据中大于阈值的数据;The first receiving module is configured to receive monitoring data sent by the serving DNS, where the monitoring data includes the target access source IP corresponding to the target QPS data and the target QPS data, and the target QPS data is greater than a threshold in the QPS data monitored by the serving DNS according to the monitoring task. data;
策略确定模块,设置为根据第一接收模块接收的目标QPS数据确定防攻击策略;The policy determining module is configured to determine an attack defense policy according to the target QPS data received by the first receiving module;
处理模块,设置为根据策略确定模块确定的防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The processing module is configured to point the target access source IP to the standby DNS according to the anti-attack policy determined by the policy determining module, so as to guide the attack traffic of the target access source IP to switch to the standby DNS.
本发明实施例中的域名解析服务器,包括:The domain name resolution server in the embodiment of the present invention includes:
接收模块,设置为接收管理设备发送的监控任务;a receiving module, configured to receive a monitoring task sent by the management device;
监控模块,设置为根据接收模块接收的监控任务监控QPS数据;a monitoring module, configured to monitor QPS data according to a monitoring task received by the receiving module;
判断模块,设置为判断QPS数据是否超过阈值;a determining module, configured to determine whether the QPS data exceeds a threshold;
确定模块,设置为确定QPS数据中超过阈值的目标QPS数据,及与目标QPS数据对应的目标访问来源IP;生成模块,用于根据确定模块确定的目标QPS数据和目标访问来源IP生成监控数据;a determining module, configured to determine target QPS data exceeding a threshold in the QPS data, and a target access source IP corresponding to the target QPS data; and a generating module, configured to generate monitoring data according to the target QPS data determined by the determining module and the target access source IP;
发送模块,设置为向管理设备发送生成模块生成的监控数据,a sending module, configured to send monitoring data generated by the generating module to the management device,
监控数据用于指示管理设备根据目标QPS数据确定防攻击策略;根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The monitoring data is used to indicate that the management device determines the attack defense policy according to the target QPS data; and the target access source IP is directed to the standby DNS according to the attack defense policy, so that the attack traffic of the target access source IP is switched to the standby DNS.
本发明实施例具有以下优点:Embodiments of the invention have the following advantages:
管理设备根据接收DNS反馈的监控数据,监控数据包括目标QPS数据和目标访问来源IP。其中,目标QPS数据为大于阈值的数据,那么,目标QPS数据对应的目标访问来源IP可能为攻击方IP。该管理设备根据目标QPS数据确定目标访问来源IP是否为攻击方IP,并进一步确定攻击类型,管理设备根据攻击类型确定出对应的防攻击策略,管理设备根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS,实现了目标访问来源IP攻击行为的隔离。The management device receives monitoring data according to the DNS feedback, and the monitoring data includes the target QPS data and the target access source IP. Wherein, the target QPS data is data larger than the threshold, then the target access source IP corresponding to the target QPS data may be the attacker IP. The management device determines whether the target access source IP is the attacker IP according to the target QPS data, and further determines the attack type. The management device determines the corresponding attack defense policy according to the attack type, and the management device points the target access source IP to the backup according to the attack defense policy. DNS, to redirect the attack traffic of the target access source IP to the standby DNS, to achieve the isolation of the target access source IP attack behavior.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图说明 DRAWINGS
此处所说明的附图用来提供对本发明实施例的进一步理解,构成本申请的一部分,本发明实施例的示意性实施例及其说明用于解释本发明实施例,并不构成对本发明实施例的不当限定。在附图中:The accompanying drawings are intended to provide a further understanding of the embodiments of the embodiments of the invention Improper limitations. In the drawing:
图1为本发明实施例中的一种DNS的防护方法的一个实施例示意图;FIG. 1 is a schematic diagram of an embodiment of a method for protecting a DNS according to an embodiment of the present invention;
图2为本发明实施例中的一种DNS的防护方法的另一个实施例示意图;2 is a schematic diagram of another embodiment of a method for protecting a DNS according to an embodiment of the present invention;
图3为本发明实施例中的一种管理设备的一个实施例示意图;3 is a schematic diagram of an embodiment of a management device according to an embodiment of the present invention;
图4为本发明实施例中的一种管理设备的一个实施例示意图;4 is a schematic diagram of an embodiment of a management device according to an embodiment of the present invention;
图5为本发明实施例中的一种管理设备的另一个实施例示意图;FIG. 5 is a schematic diagram of another embodiment of a management device according to an embodiment of the present invention; FIG.
图6为本发明实施例中的一种管理设备的另一个实施例示意图;FIG. 6 is a schematic diagram of another embodiment of a management device according to an embodiment of the present disclosure;
图7为本发明实施例中的一种域名解析服务器的一个实施例示意图。FIG. 7 is a schematic diagram of an embodiment of a domain name resolution server according to an embodiment of the present invention.
具体实施方式detailed description
现结合附图和具体实施方式对本发明实施例进一步说明。The embodiments of the present invention will be further described with reference to the drawings and specific embodiments.
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is an embodiment of the invention, but not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts shall fall within the scope of the present invention.
本发明实施例提供了一种DNS的防护方法及相关设备,用于使目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS,实现了目标访问来源IP攻击行为的隔离。The embodiment of the present invention provides a DNS protection method and related device, which is used to point a target access source IP to an alternate DNS, to guide the attack traffic of the target access source IP to be switched to the standby DNS, and implement the target access source IP attack behavior. isolation.
本发明实施例提供了一种DNS的防护方法,该DNS的防护方法应用于一种防护系统,该防护系统包括服务DNS,管理设备和备用DNS,这里的服务DNS为正常进行域名解析的DNS。The embodiment of the present invention provides a DNS protection method. The protection method of the DNS is applied to a protection system, which includes a service DNS, a management device, and an alternate DNS. The service DNS here is a DNS for normal domain name resolution.
管理设备向服务DNS发送监控任务,服务DNS根据监控任务监控QPS数据,确定出QPS数据中大于阈值的目标QPS数据,并确定出该目标QPS数据对应的目标访问来源IP,该目标访问来源IP可能为攻击方。然后,服务DNS向管理设备发送监控数据,该监控数据包括目标QPS数据和目标访问来源IP。The management device sends a monitoring task to the service DNS, and the service DNS monitors the QPS data according to the monitoring task, determines the target QPS data that is greater than the threshold in the QPS data, and determines the target access source IP corresponding to the target QPS data, and the target access source IP may For the attacker. The service DNS then sends monitoring data to the management device, the monitoring data including the target QPS data and the target access source IP.
管理设备接收服务DNS发送的监控数据,管理设备根据目标QPS数据确 定防攻击策略,管理设备根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。该备用DNS可以理解为非服务的DNS,该备用DNS也可以理解为防攻击的DNS,管理设备将攻击流量切换至备用DNS保证服务DNS可以正常工作。The management device receives the monitoring data sent by the service DNS, and the management device determines according to the target QPS data. According to the anti-attack policy, the management device points the target access source IP to the standby DNS to guide the attack traffic of the target access source IP to the standby DNS. The standby DNS can be understood as a non-serving DNS. The standby DNS can also be understood as an anti-attack DNS. The management device switches the attack traffic to the standby DNS to ensure that the service DNS can work normally.
需要说明的是,该管理设备的功能可以由多个设备共同完成,也可以将多个设备的功能进行集成,由一个设备来完成,在实际应用中,管理设备的具体布设方式根据实际需求而定,本发明不限定是由一个集成的设备还是多个设备来执行管理设备的功能。本发明实施例中,该管理设备为一个集成设备为例进行说明。请参阅图1所示,本发明实施例中一种DNS的防护方法的一个实施例包括:It should be noted that the function of the management device may be completed by multiple devices, or the functions of multiple devices may be integrated and implemented by one device. In actual applications, the specific layout mode of the management device is based on actual needs. The present invention is not limited to whether the function of the management device is performed by one integrated device or multiple devices. In the embodiment of the present invention, the management device is an integrated device as an example for description. Referring to FIG. 1 , an embodiment of a method for protecting a DNS in an embodiment of the present invention includes:
步骤101、管理设备向服务DNS发送监控任务。Step 101: The management device sends a monitoring task to the service DNS.
管理设备根据服务DNSIP列表和人工配置的监控参数组合监控任务,该管理设备根据该服务DNSIP列表周期性的向各个服务DNS下发该监控任务。该服务DNSIP列表可以为该管理设备中存储的,也可以是实时获取的,具体的实现方式,本发明不限定。The management device combines the monitoring task according to the service DNSIP list and the manually configured monitoring parameters, and the management device periodically delivers the monitoring task to each service DNS according to the service DNSIP list. The service DNSIP list may be stored in the management device or may be obtained in real time. The specific implementation manner is not limited in the present invention.
该监控任务格式可以为“探测目标,探测监控项,探测方式,阀值”。该探测目标可以为探测每个来源IP访问的QPS数据,单域名访问的QPS数据,或者指定协议包的QPS数据。其中,指定协议包包括:UDP和TCP等。The monitoring task format can be “detecting target, detecting monitoring item, detecting mode, threshold”. The detection target may be to detect QPS data accessed by each source IP, QPS data accessed by a single domain name, or QPS data of a specified protocol packet. Among them, the specified protocol package includes: UDP and TCP.
该探测监控项包括:UDP、TCP、UDP53号端口、TCP53号端口等。监控参数包括UDP、TCP、UDP53号端口、TCP53号端口等监控项的探测方式、及每个监控参数所对应的阀值等。The detection monitoring items include: UDP, TCP, UDP port 53, and port number 53. The monitoring parameters include the detection methods of monitoring items such as UDP, TCP, UDP port 53 and TCP port 53, and the threshold corresponding to each monitoring parameter.
步骤102、服务DNS根据该监控任务监控QPS数据。Step 102: The service DNS monitors the QPS data according to the monitoring task.
服务DNS周期性的接收管理设备下发的监控任务,并根据监控任务对QPS数据进行监控。其中该QPS数据包括每个目标访问来源IP的QPS数据。可选的,目标QPS数据还可以包括服务DNS的QPS数据。目标访问来源IP的QPS数据为第一QPS数据,服务DNS的QPS数据为第二QPS数据。The service DNS periodically receives the monitoring tasks delivered by the management device and monitors the QPS data according to the monitoring tasks. The QPS data includes QPS data of each target access source IP. Optionally, the target QPS data may also include QPS data serving the DNS. The QPS data of the target access source IP is the first QPS data, and the QPS data of the serving DNS is the second QPS data.
步骤103、服务DNS判断该QPS数据是否大于阈值,若是,则执行步骤104。Step 103: The service DNS determines whether the QPS data is greater than a threshold. If yes, step 104 is performed.
服务DNS根据当前周期的探测数据和监控任务中的阈值,该第一QPS数据包括目标访问来源IP对应的QPS数据,单域名对应的QPS数据和指定协议 包对应的QPS数据。服务DNS判定各类型监控QPS数据是否大于阈值,每种类型的QPS数据具有对应的阈值,该服务DNS的QPS数据是否大于阈值的具体判断方式可以为:该服务DNS可以先分别对每种类型的QPS与其对应的阈值进行大小比较,然后通过每种类型的QPS数据的权重最后确定QPS数据是否大于阈值。The service DNS is based on the detection data of the current period and the threshold in the monitoring task. The first QPS data includes QPS data corresponding to the target access source IP, QPS data corresponding to the single domain name, and a specified protocol. The corresponding QPS data of the package. The service DNS determines whether each type of monitoring QPS data is greater than a threshold, and each type of QPS data has a corresponding threshold. The specific determination manner of whether the QPS data of the service DNS is greater than a threshold may be: the service DNS may be separately for each type of The QPS is compared in size with its corresponding threshold, and then the weight of each type of QPS data is used to finally determine if the QPS data is greater than a threshold.
若该服务DNS判断该QPS数据小于阈值,则表明没有受到攻击方的攻击,该DNS继续等待下一个探测周期。If the service DNS determines that the QPS data is less than the threshold, it indicates that there is no attack by the attacker, and the DNS continues to wait for the next detection period.
步骤104、服务DNS确定该QPS数据大于阈值的目标QPS数据,及该目标QPS数据对应的目标访问来源IP。Step 104: The serving DNS determines target QPS data whose QPS data is greater than a threshold, and a target access source IP corresponding to the target QPS data.
若QPS数据大于阈值,则该服务DNS确定该第一QPS数据大于阈值的目标QPS数据,及该目标QPS数据对应的目标访问来源IP,其中该目标访问来源IP为攻击方的来源IP。If the QPS data is greater than the threshold, the serving DNS determines the target QPS data that the first QPS data is greater than the threshold, and the target access source IP corresponding to the target QPS data, where the target access source IP is the source IP of the attacking party.
该服务DNS根据可以判断服务DNS的第二QPS数据是否大于第一门限,若第二QPS数据大于第一门限则表明服务DNS受到攻击,而且有多个目标访问来源IP一起攻击服务DNS。The service DNS can determine whether the second QPS data of the service DNS is greater than the first threshold according to whether the second QPS data is greater than the first threshold, indicating that the service DNS is attacked, and multiple target access source IPs attack the service DNS together.
步骤105、服务DNS根据该目标QPS数据和该目标访问来源IP生成监控数据。Step 105: The service DNS generates monitoring data according to the target QPS data and the target access source IP.
步骤106、服务DNS向该管理设备发送监控数据。Step 106: The service DNS sends monitoring data to the management device.
服务DNS周期性的向管理设备发送监控数据,该监控数据包括目标QPS数据和该目标访问来源IP。The serving DNS periodically sends monitoring data to the management device, the monitoring data including the target QPS data and the target access source IP.
步骤107、管理设备接收监控数据,该监控数据包括目标QPS数据和目标访问来源IP,管理设备根据该目标QPS数据确定防攻击策略。根据该防攻击策略将该目标访问来源IP指向备用DNS。Step 107: The management device receives the monitoring data, where the monitoring data includes the target QPS data and the target access source IP, and the management device determines the attack defense policy according to the target QPS data. The target access source IP is directed to the alternate DNS according to the attack defense policy.
具体的,管理设备确定出备用DNS的IP,管理设备将该备用DNS的IP向目标访问来源IP发送。本发明实施例中,目标访问来源IP为攻击方的来源IP,管理设备将备用DNS的IP反馈给目标访问来源IP的客户端,以使得该攻击方的客户端进行攻击时,直接攻击该备用DNS,达到了将攻击流量分离,以保证正常的服务DNS不受影响。Specifically, the management device determines the IP of the standby DNS, and the management device sends the IP of the standby DNS to the target access source IP. In the embodiment of the present invention, the target access source IP is the source IP of the attacker, and the management device feeds back the IP of the standby DNS to the client of the target access source IP, so that when the attacker's client attacks, directly attack the backup. DNS has achieved separation of attack traffic to ensure that normal service DNS is not affected.
请参阅图2所示,本发明实施例提供了一种DNS的防护方法的另一个优选 实施例包括:Referring to FIG. 2, an embodiment of the present invention provides another optimization method of a DNS protection method. Examples include:
管理设备包括黑名单和白名单,管理设备预先配置黑名单和白名单。该黑名单指向备用DNS,黑名单用于放置目标访问来源IP。该白名单用于覆盖被服务的IP,该白名单指向服务DNS。The management device includes a blacklist and a whitelist, and the management device pre-configures the blacklist and whitelist. The blacklist points to the alternate DNS, and the blacklist is used to place the target access source IP. This whitelist is used to cover the served IP, which points to the serving DNS.
步骤201至步骤206与图1对应的实施例中的步骤101至步骤106相同,此处不赘述。Steps 201 to 206 are the same as steps 101 to 106 in the embodiment corresponding to FIG. 1, and are not described herein.
步骤207、管理设备接收监控数据,并根据目标QPS数据和映射关系表确定攻击类型,该QPS数据与该攻击类型具有映射关系表。Step 207: The management device receives the monitoring data, and determines an attack type according to the target QPS data and the mapping relationship table, where the QPS data has a mapping relationship table with the attack type.
具体的,管理设备可以从大数据平台获取离线运算数据,结合攻击参数组合成攻击类型库,攻击类型库通过单IP访问QPS数据、单域名访问QPS数据、指定协议包的QPS数据及其每种类型的QPS数据的阈值组合在一起,形成对攻击类型的映射关系表。该攻击类型包括集中攻击和全网分散攻击,其中,集中攻击是指攻击方攻击某一个区域的DNS。例如,攻击北京的DNS。全网分散攻击是指攻击方同时攻击多个DNS,该多个DNS分属于不同的区域。Specifically, the management device can obtain offline operation data from the big data platform, and combine the attack parameters into an attack type library. The attack type library accesses the QPS data through a single IP, accesses the QPS data in a single domain name, and specifies the QPS data of the protocol package and each of them. The thresholds of the type of QPS data are combined to form a mapping table for the type of attack. The attack types include centralized attacks and distributed attacks on the entire network. The centralized attacks refer to the attacker attacking the DNS of a certain area. For example, attacking Beijing's DNS. A distributed attack on the entire network means that the attacker attacks multiple DNSs at the same time. The multiple DNSs belong to different areas.
管理设备周期性的接收服务DNS发送的最新监控数据,并将该监控数据保存到本地,管理设备将目标QPS数据与攻击类型库进行比对,通过目标QPS数据和映射关系表确定出攻击类型。The management device periodically receives the latest monitoring data sent by the service DNS, and saves the monitoring data to the local. The management device compares the target QPS data with the attack type library, and determines the attack type through the target QPS data and the mapping relationship table.
步骤208、该管理设备根据该攻击类型确定防攻击策略。第一种,若该攻击类型为集中攻击,或者,若只有少量的目标访问来源IP进行攻击,则管理设备启动该黑名单。第二种,若该攻击类型为全网分散攻击,或者,若大规模的目标访问来源IP进行攻击,则管理设备确定启动白名单,或者,启动白名单和黑名单。Step 208: The management device determines an attack defense policy according to the attack type. The first type, if the attack type is a centralized attack, or if only a small number of target access source IPs are used for attack, the management device starts the blacklist. The second type, if the attack type is a full-network distributed attack, or if the large-scale target access source IP attacks, the management device determines to start the whitelist, or starts the whitelist and the blacklist.
步骤209、该管理设备根据该防攻击策略将该目标访问来源IP指向备用DNS。Step 209: The management device points the target access source IP to the standby DNS according to the attack defense policy.
第一种,该管理设备将该目标访问来源IP加入该黑名单中。以使得当该管理设备接收DNS访问请求时,该管理设备判断该DNS访问请求对应的来源IP是否属于该黑名单,若是,则该管理设备将该DNS访问请求路由至该备用DNS。First, the management device adds the target access source IP to the blacklist. When the management device receives the DNS access request, the management device determines whether the source IP corresponding to the DNS access request belongs to the blacklist, and if so, the management device routes the DNS access request to the standby DNS.
第二种,该管理设备将该目标访问来源IP从该白名单中剔除,并加入黑名单中。以使得当管理设备接收DNS访问请求时,该管理设备判断该DNS访问请求对应的来源IP是否属于该白名单,若不属于白名单,则该管理设备将该 DNS访问请求路由至该备用DNS。进一步的,还可以判断该来源IP是否属于黑名单,若属于黑名单,则该管理设备将该DNS访问请求路由至该备用DNS。本发明实施例中,通过判断攻击类型,确定启动黑名单和/或白名单,通过黑白名单的隔离功能,将目标访问来源IP的访问请求切换到备用DNS,该备用DNS可以理解为防攻击的DNS,正常访问的IP使用服务DNS提供服务,实现了目标访问来源IP攻击的自动隔离。Second, the management device removes the target access source IP from the whitelist and adds it to the blacklist. When the management device receives the DNS access request, the management device determines whether the source IP corresponding to the DNS access request belongs to the whitelist, and if it does not belong to the whitelist, the management device A DNS access request is routed to the alternate DNS. Further, the source IP may be determined to be a blacklist, and if it belongs to the blacklist, the management device routes the DNS access request to the standby DNS. In the embodiment of the present invention, by determining the type of the attack, it is determined that the blacklist and/or the whitelist is activated, and the access request of the target access source IP is switched to the standby DNS by using the isolation function of the black and white list, and the standby DNS can be understood as an attack prevention. DNS, the normal access IP uses the service DNS to provide services, and achieves automatic isolation of target access source IP attacks.
请参阅图3所示,本发明实施例中管理设备300的一个实施例包括:Referring to FIG. 3, an embodiment of the management device 300 in the embodiment of the present invention includes:
发送模块310,设置为向服务DNS发送监控任务;The sending module 310 is configured to send a monitoring task to the service DNS.
第一接收模块320,设置为接收服务DNS发送的监控数据,监控数据包括目标QPS数据和目标QPS数据对应的目标访问来源IP,目标QPS数据是由服务DNS根据监控任务监控的QPS数据中大于阈值的数据;The first receiving module 320 is configured to receive monitoring data sent by the serving DNS, where the monitoring data includes the target access source IP corresponding to the target QPS data and the target QPS data, and the target QPS data is greater than a threshold in the QPS data monitored by the serving DNS according to the monitoring task. The data;
策略确定模块330,设置为根据第一接收模块320接收的目标QPS数据确定防攻击策略;The policy determining module 330 is configured to determine an attack defense policy according to the target QPS data received by the first receiving module 320.
处理模块340,设置为根据策略确定模块330确定的防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The processing module 340 is configured to direct the target access source IP to the standby DNS according to the attack defense policy determined by the policy determining module 330 to guide the attack traffic of the target access source IP to the standby DNS.
可选的,发送模块310,设置为将备用DNS的IP向目标访问来源IP发送。Optionally, the sending module 310 is configured to send the IP of the standby DNS to the target access source IP.
请参阅图4所示,本发明实施例中管理设备400的另一个实施例包括:Referring to FIG. 4, another embodiment of the management device 400 in the embodiment of the present invention includes:
发送模块410,设置为向服务DNS发送监控任务;The sending module 410 is configured to send a monitoring task to the service DNS.
第一接收模块420,设置为接收服务DNS发送的监控数据,监控数据包括目标QPS数据和目标QPS数据对应的目标访问来源IP,目标QPS数据是由服务DNS根据监控任务监控QPS数据,确定QPS数据中大于阈值的数据;The first receiving module 420 is configured to receive monitoring data sent by the serving DNS, where the monitoring data includes the target access source IP corresponding to the target QPS data and the target QPS data, and the target QPS data is monitored by the serving DNS according to the monitoring task, and the QPS data is determined. Medium greater than the threshold;
策略确定模块430,设置为根据第一接收模块320接收的目标QPS数据确定防攻击策略;The policy determining module 430 is configured to determine an attack defense policy according to the target QPS data received by the first receiving module 320.
处理模块440,设置为根据策略确定模块430确定的防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The processing module 440 is configured to direct the target access source IP to the standby DNS according to the attack defense policy determined by the policy determining module 430, so as to guide the attack traffic of the target access source IP to be switched to the standby DNS.
发送模块410,设置为将处理模块440确定的备用DNS的IP向目标访问来源IP发送。The sending module 410 is configured to send the IP of the standby DNS determined by the processing module 440 to the target access source IP.
请参阅图5所示,在图3对应的实施例的基础上,本发明实施例中管理设备500的另一个实施例包括: Referring to FIG. 5, another embodiment of the management device 500 in the embodiment of the present invention includes:
发送模块510、第一接收模块520、处理模块540的功能和图3中发送模块310、第一接收模块320、处理模块340的功能对应相同。The functions of the sending module 510, the first receiving module 520, and the processing module 540 are the same as those of the sending module 310, the first receiving module 320, and the processing module 340 in FIG.
策略确定模块530包括:类型确定单元5301和策略确定单元5302。The policy determination module 530 includes a type determination unit 5301 and a policy determination unit 5302.
类型确定单元5301,设置为根据接收模块接收的目标QPS数据和映射关系表确定攻击类型,QPS数据与攻击类型具有映射关系表。The type determining unit 5301 is configured to determine an attack type according to the target QPS data and the mapping relationship table received by the receiving module, and the QPS data has a mapping relationship table with the attack type.
策略确定单元5302,设置为根据类型确定单元5301确定的攻击类型确定防攻击策略。The policy determining unit 5302 is configured to determine an attack defense policy according to the attack type determined by the type determining unit 5301.
请参阅图6所示,在图5对应的实施例的基础上,本发明实施例中管理设备600的另一个实施例中管理设备中包括黑名单,黑名单指向备用DNS。Referring to FIG. 6, on the basis of the embodiment corresponding to FIG. 5, in another embodiment of the management device 600 in the embodiment of the present invention, the management device includes a blacklist, and the blacklist points to the standby DNS.
此管理设备中发送模块610、第一接收模块620、处理模块640的功能和图3中发送模块310、第一接收模块320、处理模块340的功能对应相同。策略确定模块630的功能和图5的实施例中的策略确定模块530的功能对应相同。The functions of the sending module 610, the first receiving module 620, and the processing module 640 in this management device are the same as those of the sending module 310, the first receiving module 320, and the processing module 340 in FIG. The function of the policy determination module 630 is the same as the function of the policy determination module 530 in the embodiment of FIG.
策略确定单元6302,还设置为当类型确定单元6301确定攻击类型为集中攻击时,确定启动黑名单。The policy determining unit 6302 is further configured to determine that the blacklist is activated when the type determining unit 6301 determines that the attack type is a centralized attack.
处理模块640,还设置为将接收模块接收的监控数据中的目标访问来源IP加入黑名单中。The processing module 640 is further configured to add the target access source IP in the monitoring data received by the receiving module to the blacklist.
第二接收模块660,设置为接收DNS访问请求。The second receiving module 660 is configured to receive a DNS access request.
判断模块650,设置为判断第二接收模块660接收的DNS访问请求对应的来源IP是否属于黑名单。The determining module 650 is configured to determine whether the source IP corresponding to the DNS access request received by the second receiving module 660 belongs to the blacklist.
处理模块640,当判断模块650确定DNS访问请求对应的来源IP属于黑名单,将DNS访问请求路由至备用DNS。The processing module 640, when the determining module 650 determines that the source IP corresponding to the DNS access request belongs to the blacklist, routes the DNS access request to the standby DNS.
可选的,管理设备包括黑名单和白名单,黑名单指向备用DNS,白名单用于覆盖被服务的IP,白名单指向服务DNS。Optionally, the management device includes a blacklist and a whitelist, the blacklist points to the alternate DNS, the whitelist is used to cover the served IP, and the whitelist points to the serving DNS.
策略确定单元6302,还设置为当类型确定单元6301确定攻击类型包括集中攻击和全网分散攻击时,确定启动白名单和黑名单;The policy determining unit 6302 is further configured to: when the type determining unit 6301 determines that the attack type includes a centralized attack and a network-wide distributed attack, determine to start a whitelist and a blacklist;
处理模块640,还设置为将目标访问来源IP从白名单中剔除,并加入黑名单中;The processing module 640 is further configured to remove the target access source IP from the whitelist and add the blacklist to the blacklist;
第二接收模块660,设置为接收DNS访问请求;The second receiving module 660 is configured to receive a DNS access request.
判断模块650,设置为判断接收模块接收的DNS访问请求对应的来源IP是 否属于白名单,若不属于白名单,则继续判断来源IP是否属于黑名单,The determining module 650 is configured to determine that the source IP corresponding to the DNS access request received by the receiving module is If it is not a whitelist, it will continue to determine whether the source IP is blacklisted.
处理模块640,还设置为当判断模块650确定来源IP属于黑名单时,则所将DNS访问请求路由至备用DNS。The processing module 640 is further configured to, when the determining module 650 determines that the source IP belongs to the blacklist, then route the DNS access request to the alternate DNS.
QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据。The QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet.
请参阅图7,本发明实施例提供了一种域名解析服务器的一个实施例包括:Referring to FIG. 7, an embodiment of a domain name resolution server according to an embodiment of the present invention includes:
接收模块710,设置为接收管理设备发送的监控任务。The receiving module 710 is configured to receive a monitoring task sent by the management device.
监控模块720,设置为根据接收模块710接收的监控任务监控QPS数据。判断模块730,设置为判断QPS数据是否超过阈值。The monitoring module 720 is configured to monitor the QPS data according to the monitoring task received by the receiving module 710. The determining module 730 is configured to determine whether the QPS data exceeds a threshold.
确定模块740,设置为确定QPS数据中超过阈值的目标QPS数据,及与目标QPS数据对应的目标访问来源IP。The determining module 740 is configured to determine target QPS data exceeding the threshold in the QPS data, and a target access source IP corresponding to the target QPS data.
生成模块750,设置为根据确定模块740确定的目标QPS数据和目标访问来源IP生成监控数据。The generating module 750 is configured to generate monitoring data according to the target QPS data determined by the determining module 740 and the target access source IP.
发送模块760,设置为向管理设备发送生成模块750生成的监控数据,监控数据用于指示管理设备根据目标QPS数据确定防攻击策略;根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The sending module 760 is configured to send, to the management device, the monitoring data generated by the generating module 750, where the monitoring data is used to instruct the management device to determine an attack defense policy according to the target QPS data; and the target access source IP is directed to the standby DNS according to the attack defense policy to guide the target. The attack traffic accessing the source IP is switched to the alternate DNS.
可选的,接收模块710,还设置为周期性的接收管理设备发送的监控任务,监控任务中包括QPS数据的阈值。Optionally, the receiving module 710 is further configured to periodically receive a monitoring task sent by the management device, where the monitoring task includes a threshold of QPS data.
监控模块720,还设置为周期性的监控QPS数据,QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据,每种类型的QPS数据均具有对应的阈值。The monitoring module 720 is further configured to periodically monitor the QPS data, where the QPS data includes the QPS data corresponding to the access IP, the QPS data corresponding to the domain name, and the QPS data corresponding to the specified protocol packet, and each type of QPS data has a corresponding threshold.
本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明技术方案的精神和范围,均应涵盖在权利要求范围当中。A person skilled in the art should understand that the technical solutions of the present invention may be modified or equivalent, without departing from the spirit and scope of the present invention, and should be included in the scope of the claims.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或 步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or The steps can be performed cooperatively by several physical components. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
工业实用性Industrial applicability
本发明实施例中管理设备根据目标QPS数据确定目标访问来源IP是否为攻击方IP,并进一步确定攻击类型,管理设备根据攻击类型确定出对应的防攻击策略,管理设备根据防攻击策略将目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS,实现了目标访问来源IP攻击行为的隔离。 In the embodiment of the present invention, the management device determines, according to the target QPS data, whether the target access source IP is the attacker IP, and further determines the attack type, and the management device determines the corresponding attack defense policy according to the attack type, and the management device accesses the target according to the attack defense policy. The source IP is directed to the alternate DNS to redirect the attack traffic of the target access source IP to the standby DNS, thereby achieving isolation of the target access source IP attack behavior.

Claims (10)

  1. 一种DNS的防护方法,其特征在于,包括:A DNS protection method, comprising:
    管理设备向服务域名解析服务器DNS发送监控任务;所述管理设备接收所述服务DNS发送的监控数据,所述监控数据包括目标QPS数据和所述目标QPS数据对应的目标访问来源IP,所述目标QPS数据是由所述服务DNS根据所述监控任务监控的QPS数据中大于阈值的数据;The management device sends a monitoring task to the service domain name resolution server DNS; the management device receives the monitoring data sent by the service DNS, and the monitoring data includes target QPS data and a target access source IP corresponding to the target QPS data, the target The QPS data is data greater than a threshold in the QPS data monitored by the serving DNS according to the monitoring task;
    所述管理设备根据所述目标QPS数据确定防攻击策略;所述管理设备根据所述防攻击策略将所述目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The management device determines an attack defense policy according to the target QPS data; the management device points the target access source IP to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to switch to the standby DNS.
  2. 如权利要求1所述的防护方法,其中,所述管理设备根据所述防攻击策略将所述目标访问来源IP指向备用DNS,包括:The protection method of claim 1, wherein the management device points the target access source IP to the standby DNS according to the attack defense policy, including:
    所述管理设备将所述备用DNS的IP向所述目标访问来源IP发送。The management device sends the IP of the standby DNS to the target access source IP.
  3. 如权利要求1所述的防护方法,其中,所述管理设备根据所述目标QPS数据确定防攻击策略,包括:The protection method according to claim 1, wherein the management device determines an attack defense policy according to the target QPS data, including:
    所述管理设备根据所述目标QPS数据和映射关系表确定攻击类型,所述QPS数据与所述攻击类型具有映射关系表;所述管理设备根据所述攻击类型确定防攻击策略。The management device determines an attack type according to the target QPS data and a mapping relationship table, where the QPS data has a mapping relationship with the attack type; and the management device determines an attack defense policy according to the attack type.
  4. 如权利要求3所述的DNS的防护方法,其中,所述管理设备中包括黑名单,所述黑名单指向备用DNS,所述管理设备根据所述攻击类型确定防攻击策略包括:The method for protecting a DNS according to claim 3, wherein the management device includes a blacklist, and the blacklist points to the standby DNS, and the management device determines the attack defense policy according to the attack type, including:
    若所述攻击类型为集中攻击,则所述管理设备确定启动所述黑名单;If the attack type is a centralized attack, the management device determines to start the blacklist;
    所述管理设备根据所述防攻击策略将所述目标访问来源IP指向备用DNS,包括:The management device points the target access source IP to the standby DNS according to the attack defense policy, including:
    所述管理设备将所述目标访问来源IP加入所述黑名单中;The management device adds the target access source IP to the blacklist;
    所述管理设备接收DNS访问请求;The management device receives a DNS access request;
    所述管理设备判断所述DNS访问请求对应的来源IP是否属于所述黑名单,若是,则所述管理设备将所述DNS访问请求路由至所述备用DNS。The management device determines whether the source IP corresponding to the DNS access request belongs to the blacklist, and if yes, the management device routes the DNS access request to the standby DNS.
  5. 如权利要求3所述的DNS的防护方法,其中,所述管理设备包括黑名单和白名单,所述黑名单指向备用DNS,所述白名单用于覆盖所述被服务的IP, 所述白名单指向服务DNS,所述管理设备根据所述攻击类型确定防攻击策略包括:若所述攻击类型包括集中攻击和全网分散攻击,则所述管理设备确定启动所述白名单和所述黑名单;The method for protecting a DNS according to claim 3, wherein the management device comprises a blacklist and a whitelist, the blacklist is directed to an alternate DNS, and the whitelist is used to cover the served IP. The whitelist is directed to the service DNS, and the management device determines the attack defense policy according to the attack type, and if the attack type includes a centralized attack and a network-wide distributed attack, the management device determines to start the whitelist and the Blacklist
    所述管理设备根据所述防攻击策略将所述目标访问来源IP指向备用DNS,包括:The management device points the target access source IP to the standby DNS according to the attack defense policy, including:
    所述管理设备将所述目标访问来源IP从所述白名单中剔除,并加入黑名单中;The management device removes the target access source IP from the whitelist and adds it to the blacklist;
    所述管理设备接收DNS访问请求;The management device receives a DNS access request;
    所述管理设备判断所述DNS访问请求对应的来源IP是否属于所述白名单,若不属于白名单,则所述管理设备判断所述来源IP是否属于黑名单,若属于黑名单,则所述管理设备将所述DNS访问请求路由至所述备用DNS。The management device determines whether the source IP corresponding to the DNS access request belongs to the whitelist, and if it does not belong to the whitelist, the management device determines whether the source IP belongs to the blacklist, and if it belongs to the blacklist, the The management device routes the DNS access request to the alternate DNS.
  6. 如权利要求1至5任一项所述的DNS的防护方法,其中,所述QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据。The method for protecting a DNS according to any one of claims 1 to 5, wherein the QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet.
  7. 一种DNS的防护方法,包括:A DNS protection method, including:
    服务域名解析服务器DNS接收管理设备发送的监控任务;所述服务DNS根据所述监控任务监控QPS数据;The service domain name resolution server DNS receives the monitoring task sent by the management device; the service DNS monitors the QPS data according to the monitoring task;
    所述服务DNS判断所述QPS数据是否超过阈值,若是,则所述服务DNS确定所述QPS数据中超过阈值的目标QPS数据,及与所述目标QPS数据对应的目标访问来源IP;The service DNS determines whether the QPS data exceeds a threshold, and if so, the service DNS determines target QPS data exceeding the threshold in the QPS data, and a target access source IP corresponding to the target QPS data;
    所述服务DNS根据所述目标QPS数据和所述目标访问来源IP生成监控数据;The service DNS generates monitoring data according to the target QPS data and the target access source IP;
    所述服务DNS向所述管理设备发送所述监控数据,所述监控数据用于指示所述管理设备根据所述目标QPS数据确定防攻击策略;根据所述防攻击策略将所述目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The service DNS sends the monitoring data to the management device, where the monitoring data is used to instruct the management device to determine an attack defense policy according to the target QPS data; and the target access source IP according to the attack defense policy Point to the alternate DNS to redirect the attack traffic from the target access source IP to the alternate DNS.
  8. 如权利要求7所述的DNS的防护方法,其中,所述服务DNS接收管理设备发送的监控任务包括:The method for protecting a DNS according to claim 7, wherein the monitoring task sent by the serving DNS receiving management device comprises:
    所述DNS周期性的接收管理设备发送的监控任务,所述监控任务中包括 QPS数据的阈值;The DNS periodically receives a monitoring task sent by the management device, where the monitoring task includes Threshold of QPS data;
    所述DNS根据所述监控任务监控QPS数据,包括:The DNS monitors QPS data according to the monitoring task, including:
    所述DNS根据所述监控任务周期性的监控所述QPS数据,所述QPS数据包括访问IP对应的QPS数据,域名对应的QPS数据和指定协议包对应的QPS数据,每种类型的QPS数据均具有对应的阈值。The DNS periodically monitors the QPS data according to the monitoring task, where the QPS data includes QPS data corresponding to the access IP, QPS data corresponding to the domain name, and QPS data corresponding to the specified protocol packet, and each type of QPS data is Has a corresponding threshold.
  9. 一种管理设备,包括:A management device that includes:
    发送模块,设置为向服务DNS发送监控任务;a sending module, configured to send a monitoring task to the service DNS;
    第一接收模块,设置为接收所述服务DNS发送的监控数据,所述监控数据包括目标QPS数据和所述目标QPS数据对应的目标访问来源IP,所述目标QPS数据是由所述服务DNS根据所述监控任务监控的QPS数据中大于阈值的数据;a first receiving module, configured to receive monitoring data sent by the service DNS, where the monitoring data includes target QPS data and a target access source IP corresponding to the target QPS data, where the target QPS data is determined by the serving DNS The data of the QPS data monitored by the monitoring task that is greater than a threshold;
    策略确定模块,设置为根据所述第一接收模块接收的所述目标QPS数据确定防攻击策略;a policy determining module, configured to determine an attack defense policy according to the target QPS data received by the first receiving module;
    处理模块,设置为根据所述策略确定模块确定的所述防攻击策略将所述目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。The processing module is configured to direct the target access source IP to the standby DNS according to the attack defense policy determined by the policy determining module, so as to guide the attack traffic of the target access source IP to be switched to the standby DNS.
  10. 一种域名解析服务器,包括:A domain name resolution server, comprising:
    接收模块,设置为接收管理设备发送的监控任务;a receiving module, configured to receive a monitoring task sent by the management device;
    监控模块,设置为根据所述接收模块接收的所述监控任务监控QPS数据;a monitoring module, configured to monitor QPS data according to the monitoring task received by the receiving module;
    判断模块,设置为判断所述QPS数据是否超过阈值;a determining module, configured to determine whether the QPS data exceeds a threshold;
    确定模块,设置为确定所述QPS数据中超过阈值的目标QPS数据,及与所述目标QPS数据对应的目标访问来源IP;生成模块,用于根据所述确定模块确定的所述目标QPS数据和所述目标访问来源IP生成监控数据;a determining module, configured to determine target QPS data exceeding the threshold in the QPS data, and a target access source IP corresponding to the target QPS data; and a generating module, configured to determine the target QPS data according to the determining module The target access source IP generates monitoring data;
    发送模块,设置为向所述管理设备发送所述生成模块生成的所述监控数据,a sending module, configured to send the monitoring data generated by the generating module to the management device, where
    所述监控数据用于指示所述管理设备根据所述目标QPS数据确定防攻击策略;根据所述防攻击策略将所述目标访问来源IP指向备用DNS,以引导目标访问来源IP的攻击流量切换至备用DNS。 The monitoring data is used to indicate that the management device determines an attack defense policy according to the target QPS data, and points the target access source IP to the standby DNS according to the attack defense policy, so as to guide the attack traffic of the target access source IP to be switched to Alternate DNS.
PCT/CN2017/112666 2016-11-23 2017-11-23 Dns protection method, management device, and domain name server WO2018095375A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611042517.2A CN108092940B (en) 2016-11-23 2016-11-23 DNS protection method and related equipment
CN201611042517.2 2016-11-23

Publications (1)

Publication Number Publication Date
WO2018095375A1 true WO2018095375A1 (en) 2018-05-31

Family

ID=62170921

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/112666 WO2018095375A1 (en) 2016-11-23 2017-11-23 Dns protection method, management device, and domain name server

Country Status (2)

Country Link
CN (1) CN108092940B (en)
WO (1) WO2018095375A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833406A (en) * 2018-06-14 2018-11-16 北京云端智度科技有限公司 The flow control safety protection technique of speed limit is voluntarily adjusted based on multi-layer
CN111431759A (en) * 2020-02-27 2020-07-17 北京达佳互联信息技术有限公司 Performance test method and device, electronic equipment and storage medium
WO2021057225A1 (en) * 2019-09-24 2021-04-01 国网河北省电力有限公司信息通信分公司 Protection method based on abnormal traffic of grid information system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591072A (en) * 2021-05-07 2021-11-02 海尔数字科技(青岛)有限公司 Attack event processing method, device, equipment and storage medium
CN115208625A (en) * 2022-06-01 2022-10-18 阿里巴巴(中国)有限公司 Data processing method and device
CN115967582A (en) * 2023-03-10 2023-04-14 中国信息通信研究院 Monitoring method and device for industrial internet node, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082836A (en) * 2009-11-30 2011-06-01 中国移动通信集团四川有限公司 DNS (Domain Name Server) safety monitoring system and method
CN102882892A (en) * 2012-10-26 2013-01-16 杭州迪普科技有限公司 Method and device for protecting DNS (Domain Name Server)
CN103618718A (en) * 2013-11-29 2014-03-05 北京奇虎科技有限公司 Processing method and device aiming at denial of service attack
CN104079421A (en) * 2013-03-27 2014-10-01 中国移动通信集团北京有限公司 Method and system for protecting domain name system (DNS)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082836A (en) * 2009-11-30 2011-06-01 中国移动通信集团四川有限公司 DNS (Domain Name Server) safety monitoring system and method
CN102882892A (en) * 2012-10-26 2013-01-16 杭州迪普科技有限公司 Method and device for protecting DNS (Domain Name Server)
CN104079421A (en) * 2013-03-27 2014-10-01 中国移动通信集团北京有限公司 Method and system for protecting domain name system (DNS)
CN103618718A (en) * 2013-11-29 2014-03-05 北京奇虎科技有限公司 Processing method and device aiming at denial of service attack

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833406A (en) * 2018-06-14 2018-11-16 北京云端智度科技有限公司 The flow control safety protection technique of speed limit is voluntarily adjusted based on multi-layer
CN108833406B (en) * 2018-06-14 2021-01-12 北京云端智度科技有限公司 Flow control safety protection method based on multi-level self-adjusting speed limit
WO2021057225A1 (en) * 2019-09-24 2021-04-01 国网河北省电力有限公司信息通信分公司 Protection method based on abnormal traffic of grid information system
CN111431759A (en) * 2020-02-27 2020-07-17 北京达佳互联信息技术有限公司 Performance test method and device, electronic equipment and storage medium
CN111431759B (en) * 2020-02-27 2022-02-25 北京达佳互联信息技术有限公司 Performance test method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN108092940A (en) 2018-05-29
CN108092940B (en) 2020-04-17

Similar Documents

Publication Publication Date Title
WO2018095375A1 (en) Dns protection method, management device, and domain name server
EP3485613B1 (en) Processing network traffic to defend against attacks
US9043912B2 (en) Method for thwarting application layer hypertext transport protocol flood attacks focused on consecutively similar application-specific data packets
EP3337123B1 (en) Network attack prevention method, apparatus and system
US6816910B1 (en) Method and apparatus for limiting network connection resources
US9088607B2 (en) Method, device, and system for network attack protection
US9614870B2 (en) Method of DDoS and hacking protection for internet-based servers using a private network of internet servers by executing computer-executable instructions stored on a non-transitory computer-readable medium
CN108737447B (en) User datagram protocol flow filtering method, device, server and storage medium
US8732832B2 (en) Routing apparatus and method for detecting server attack and network using the same
US7680062B2 (en) Apparatus and method for controlling abnormal traffic
US20180191774A1 (en) Method and system for shunting reflective ddos traffic
KR102462830B1 (en) Apparatus and Method of Detecting the Distributed Reflection Denial of Service Attack based on the Flow Information
US20110179479A1 (en) System and method for guarding against dispersed blocking attacks
US10142360B2 (en) System and method for iteratively updating network attack mitigation countermeasures
US20110265181A1 (en) Method, system and gateway for protection against network attacks
US9985985B2 (en) Method of distributed denial of service (DDos) and hacking protection for internet-based servers using a private network of internet servers by executing computer-executable instructions stored on a non-transitory computer-readable medium
US10462166B2 (en) System and method for managing tiered blacklists for mitigating network attacks
WO2019096104A1 (en) Attack prevention
KR101065800B1 (en) Network management apparatus and method thereof, user terminal for managing network and recoding medium thereof
KR20170109949A (en) Method and apparatus for enhancing network security in dynamic network environment
CN113014530B (en) ARP spoofing attack prevention method and system
Kumar et al. An analysis of tcp syn flooding attack and defense mechanism
EP4094413B1 (en) A system and method for udp ddos protection
KR20110080971A (en) Method and system for preventing denial of service attacks
JP2015029207A (en) Control device, communication system, and communication control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17873757

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17873757

Country of ref document: EP

Kind code of ref document: A1