CN103179136A - Saturation distribution type denial-of-service attack method and saturation distribution type denial-of-service attack system in defense dynamic website - Google Patents
Saturation distribution type denial-of-service attack method and saturation distribution type denial-of-service attack system in defense dynamic website Download PDFInfo
- Publication number
- CN103179136A CN103179136A CN2013101416791A CN201310141679A CN103179136A CN 103179136 A CN103179136 A CN 103179136A CN 2013101416791 A CN2013101416791 A CN 2013101416791A CN 201310141679 A CN201310141679 A CN 201310141679A CN 103179136 A CN103179136 A CN 103179136A
- Authority
- CN
- China
- Prior art keywords
- service attack
- domain name
- distributed denial
- standby server
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a saturation distribution type denial-of-service attack method and a saturation distribution type denial-of-service attack system in a defense dynamic website. Data stream is automatically switched to a hidden spare link under saturation distribution type denial-of-service attack, and is automatically switched to an original main link when the saturation distribution type denial-of-service attack is cancelled. With the adoption of the saturation distribution type denial-of-service attack method and the saturation distribution type denial-of-service attack system in the defense dynamic website provided by the invention, the problem that dynamic data cannot be accessed under the saturation distribution type denial-of-service attack in prior art can be solved. The saturation distribution type denial-of-service attack method and the saturation distribution type denial-of-service attack system in the defense dynamic website provided by the invention can be applied to various fields such as electronic government affairs, electronic commerce, negotiable securities and bank in need of carrying out dynamic data transmission under the saturation distribution type denial-of-service attack, and has a wide application prospect.
Description
?
Technical field
The present invention relates to a kind of implementation method and system that solves saturated distributed denial of service attack, particularly a kind of method and system of defending saturated distributed denial of service attack in dynamic website, belong to the network security technology field.
Background technology
Continuous maturation and development along with network technology, distributed denial of service attack has become the severeest potential safety hazard of current site, for saturated distributed denial of service attack, do not have especially very effective means to protect, carry out the website data shunting and the harm static website can only effectively be protected be subject to saturated distributed denial of service attack time of the mode accelerated for adopting the CDN mode, and for dynamic website can't immediate updating the website dynamic content, and the means of protection distributed denial of service attack commonly used have with inferior several:
1, utilize the distributed denial of service of anti-DDOS(of specialty) equipment: single anti-DDOS equipment can effectively protect DDOS and attack, the state but if distributed denial of service attack reaches capacity (saturation condition: attack traffic is more than or equal to the total bandwidth flow of network), can cause network congestion, even disposed the anti-DDOS equipment of specialty this moment, because network is in congestion state, the application of website still can't be accessed, and causes assailant's purpose to be reached.
2, utilize CDN(Content Delivery Network: content distributing network) carry out shunting and the acceleration of website: this method is just shunting and the acceleration in order to carry out the website in the early stage, but for static website, when main web site is subject to distributed denial of service attack, even the network of main web site is in congestion state, other CDN node still can effectively be accessed, and has the function of certain anti-saturation distributed denial of service attack.But not enough is: for dynamic website, because main web site has been in congestion state, what dynamic content can't be correct transfers to the CDN node from main web site, and causes dynamic message transmission to postpone or show incorrect problem.
Therefore be subject to the problem of saturated distributed denial of service attack for dynamic website, need a kind of effective mean of defense and solution.
Summary of the invention
Goal of the invention: for problems of the prior art and deficiency, the invention provides a kind of dynamic website when being subject to saturated Denial of Service attack, transmission link can automatically switch, the reserve link that utilization is hidden to a plurality of secondary nodes, reaches the method and system of saturated distributed denial of service attack in the defence dynamic website with dynamic data transmission.
Technical scheme: a kind of method of defending saturated distributed denial of service attack in dynamic website, set up reserve link and the standby server cluster hidden, the chain route primary link of master server cluster and reserve link form; When not suffering distributed denial of service attack, born the data input and output of user's access by primary link, the standby server cluster is not worked; When distributed denial of service attack is arranged, enable the standby server cluster, standby server passes through reserve link, the dynamic data of request master server, master server is according to request, the structure dynamic data returns to standby server by reserve link, and standby server returns to the up-to-date dynamic data information of user; After distributed denial of service attack disappears, data communication is switched to primary link from reserve link.
When not suffering distributed denial of service attack, born the data input and output of user's access by primary link, the standby server cluster is not worked, and concrete steps are as follows:
Step 301, the user submits to the access domain name request to the dns server cluster;
Step 302 is returned to the IP address of accessed master server by the dns server cluster;
Step 303, the user submits to access request data to master server according to the IP address of master server;
Step 304, be deployed in the ADS equipment inspection user request data stream of master server front end and whether comprise distributed denial of service attack, when not suffering distributed denial of service attack, the ADS equipment Inspection is less than distributed denial of service attack, and ADS equipment is submitted user's request msg to the master server cluster;
Step 305, master server return results to the user after user's access request is finished dealing with;
Step 306, process finishes.
When the primary link of master server suffers distributed denial of service attack, at this moment be divided into 2 kinds of situations, the first: the distributed denial of service attack state that do not reach capacity, this moment, primary link still can carry out transfer of data; The second: the distributed denial of service attack state that reaches capacity, this moment, primary link was in blocked state, and any data can't normal transmission; For the first situation, the concrete steps of processing are as follows:
Step 401, the assailant initiates distributed denial of service attack, and the ADS equipment on primary link of being deployed in detects and filters distributed denial of service attack according to the prevention policies of administrator configurations;
Step 402, ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked, revise the domain name of domain name and point to, and the standby server cluster address is revised as in the IP address;
Step 403, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 404, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and the dns server cluster is directed to the standby server cluster according to the domain name after upgrading;
Step 405 when the user accesses domain name, is at first gone the sensing of dns server nslookup;
Step 406, dns server return to the standby server IP address of a region of user according to the geographic area at user place;
Step 407, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 408, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server are asked the dynamic data of master server by reserve link;
Step 410, main service are according to the request of standby server, and the structure dynamic data returns to standby server by reserve link;
Step 411, standby server return to the up-to-date dynamic data information of user, and process finishes.
For the second situation, the concrete steps of processing are as follows:
Step 501, the assailant initiates saturated distributed denial of service attack, and this moment, primary link was congested by saturation attack, and ADS equipment can't send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation when finding that primary link can't respond, confirms that this primary link suffers saturated Denial of Service attack, perhaps the primary link off-line, revise the sensing of domain name, and the standby server cluster address is revised as in the IP address;
Step 503, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 504, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the standby server cluster;
Step 505 when the user accesses the master server domain name, is at first gone the sensing of dns server inquiry domain name;
Step 506, dns server return to the standby server IP address of a region of user according to the geographic area at user place;
Step 507, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 508, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server are asked the dynamic data of master server by reserve link;
Step 510, master server are according to the standby server request, and the structure dynamic data returns to standby server by reserve link;
Step 511, standby server return to the up-to-date dynamic data information of user, and process finishes.
After distributed denial of service attack disappeared, data communication automatically switched to primary link from reserve link, and concrete steps are as follows:
Step 601, the assailant stops saturated distributed denial of service attack, and distributed purging system judgement is attacked and is disappeared;
Step 602, by distributed purging system notice cloud dispatching patcher, attack is disappeared, and prepares the switchback primary link, after the cloud dispatching patcher receives and attacks the notification message that disappears, new domain name state more;
Step 603, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 604, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the master server cluster;
Step 605 when the user accesses domain name, is at first gone the sensing of dns server inquiry domain name;
Step 606, dns server return to user's master server IP address;
Step 607, the user submits to visit data to master server according to the master server IP address of returning;
Step 608, the ADS equipment that is deployed in the master server front end is sent to master server with the data flow of access request;
Step 609, master server are according to access request, and the structure dynamic data returns to the user, and process finishes.
A kind of system that defends saturated distributed denial of service attack in dynamic website comprises the master server cluster, primary link, hiding standby server cluster and reserve link, ADS equipment, cloud dispatching patcher, and distributed purging system;
Described master server cluster when not suffering distributed denial of service attack or after distributed denial of service attack disappears, is used for the response user access request by primary link;
Described standby server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server is used for the response user access request; Described standby server cluster is distributed in different regions;
Described ADS equipment is located at the front end of master server, and the keeper arranges by ADS equipment and detects and the prevention policies of filter distribution formula Denial of Service attack, and domain name, primary link, reserve link information that configuration is needed protection; ADS equipment sends to the cloud dispatching patcher with configuration information; ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked or the primary link off-line, according to configuration information, revise the domain name of domain name and point to, and the standby server cluster address is revised as in the IP address;
Described cloud dispatching patcher comprises the dns server cluster; The dns server cluster is regularly inquired about the domain name state of cloud dispatching patcher; The cloud dispatching patcher is returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and the dns server cluster is directed to the standby server cluster according to the domain name after upgrading;
Described distributed purging system is located at the standby server front end, is used for the distributed denial of service attack from the assailant is cleaned and filters, and will be sent to standby server through the user access data flow that filters.
Described cloud dispatching patcher selects standby server to carry out data buffer storage according to configuration information.
Beneficial effect: the method and system of saturated distributed denial of service attack in defence dynamic website provided by the invention, when suffering saturated distributed denial of service attack, automatically data flow is switched to hidden reserve link, and can automatically data flow be switched back original primary link when attack is disappeared; Solve when suffering saturated distributed denial of service attack in prior art the situation that dynamic data can't be accessed.The present invention can be applicable to E-Government, ecommerce, security, bank etc., in saturated distributed denial of service attack situation, still needs to carry out the numerous areas of dynamic data transmission, is with a wide range of applications.
Description of drawings
Fig. 1 is the systematic schematic diagram of the embodiment of the present invention;
Fig. 2 is the flow chart of Administrator prevention policies and configuration information in the embodiment of the present invention;
Fig. 3 is the normal browsing process figure of user in the embodiment of the present invention;
Fig. 4 is active link switching flow figure in the embodiment of the present invention;
Fig. 5 is passive link switching flow chart in the embodiment of the present invention;
Fig. 6 is after in the embodiment of the present invention, attack is disappeared, automatically the flow chart of switchback primary link.
Embodiment
Below in conjunction with specific embodiment, further illustrate the present invention, should understand these embodiment only is used for explanation the present invention and is not used in and limits the scope of the invention, after having read the present invention, those skilled in the art all fall within the application's claims limited range to the modification of the various equivalent form of values of the present invention.
As shown in Figure 1, in the defence dynamic website, the system of saturated distributed denial of service attack, mainly comprise the master server cluster, hiding standby server cluster, ADS equipment, cloud dispatching patcher, and distributed purging system;
The master server cluster when not suffering distributed denial of service attack or after distributed denial of service attack disappears, is used for the response user access request by primary link; Master server bandwidth 100Mbps, user's visit capacity is less than 50Mbps at ordinary times, and the dynamic data accessing amount is less than 20Mbps, and when normally accessing, bandwidth is enough.
The standby server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server is used for the response user access request; The standby server cluster is distributed in different regions; The total bandwidth of standby server cluster is far longer than the bandwidth of master server, can prevent saturated Denial of Service attack.Reserve link is the hiding reserve link of 30Mbps, external disclosure not, and the assailant can't learn the IP address of reserve link.
ADS equipment is located at the front end of master server, and this equipment can be with the collaborative work of cloud dispatching patcher, and the keeper arranges the prevention policies of detection and filter distribution formula Denial of Service attack, configuration information by ADS equipment; ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked or the primary link off-line, according to configuration information, revise the domain name of domain name and point to, and the standby server cluster address is revised as in the IP address;
The cloud dispatching patcher comprises the dns server cluster; The dns server cluster is regularly inquired about the domain name state of cloud dispatching patcher; The cloud dispatching patcher is returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and the dns server cluster is directed to the standby server cluster according to the domain name after upgrading;
Distributed purging system is located at the standby server front end, is used for the distributed denial of service attack from the assailant is cleaned and filters, and will be sent to standby server through the user access data flow that filters.
The described keeper of Fig. 2 configuration step on ADS equipment is as follows:
Step 201, the prevention policies configuration: at first the keeper configures prevention policies on local ADS equipment;
Step 202, the domain name configuration: the keeper fills in the domain name, primary link, the reserve link information that need protection complete;
Step 203, ADS equipment sends to the cloud dispatching patcher with configuration information;
Step 204, cloud dispatching patcher select standby server to carry out the static data buffer memory according to the information of administrator configurations.
As shown in Figure 3, when not suffering distributed denial of service attack, the user normally accesses, and is born the data input and output of user's access by primary link, and the standby server cluster is not worked, and concrete steps are as follows:
Step 301, the user submits to the access domain name request to the dns server cluster;
Step 302 is returned to the IP address of accessed master server by the dns server cluster;
Step 303, the user submits to access request data to master server according to the IP address of master server;
Step 304, be deployed in the prevention policies inspection user request data stream of ADS equipment according to Administrator of master server front end and whether comprise distributed denial of service attack, when not suffering distributed denial of service attack, the ADS equipment Inspection is less than distributed denial of service attack, and the user's request data stream after ADS equipment will filter is submitted the master server cluster to;
Step 305, master server return results to the user after user's access request is finished dealing with;
Step 306, process finishes.
When the primary link of master server suffers distributed denial of service attack, at this moment be divided into 2 kinds of situations, the first: the distributed denial of service attack state that do not reach capacity, this moment, primary link still can carry out transfer of data.The second: the distributed denial of service attack state that reaches capacity, this moment, primary link was in blocked state, and any data can't normal transmission.For the first situation, the concrete steps of processing following (active link switching flow as shown in Figure 4):
Step 401, the assailant initiates distributed denial of service attack, and the ADS equipment on primary link of being deployed in detects and filters attack according to the prevention policies of administrator configurations;
Step 402, ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked, revise that the domain name of upgrading this domain name is pointed to and the standby server cluster address is revised as in the IP address;
Step 403, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 404, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the standby server cluster;
When step 405, normal users are accessed this domain name, at first go the sensing of this domain name of server lookup;
Step 406, dns server be according to geographic area, user place, returns to the regional corresponding standby server IP address at one of user and its place;
Step 407, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 408, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server are asked the dynamic data of master server by reserve link;
Step 410, master server are according to the request of standby server, and the structure dynamic data returns to standby server by reserve link;
Step 411, standby server return to the up-to-date dynamic data information of user, and process finishes.
For the second situation, as shown in Figure 5, passive link switching flow process, the concrete steps of processing are as follows:
Step 501, the assailant initiates saturated distributed denial of service attack, and this moment, primary link was congested by saturation attack, and ADS equipment can't send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation when finding that primary link can't respond, confirms that this primary link suffers saturated Denial of Service attack, perhaps the primary link off-line, revise the sensing of this domain name, and the standby server cluster address is revised as in the IP address;
Step 503, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 504, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the standby server cluster;
When step 505, normal users are accessed this domain name, at first go dns server to inquire about the sensing of this domain name;
Step 506, dns server be according to geographic area, user place, returns to the regional corresponding standby server IP address at one of user and its place;
Step 507, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 508, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server are asked the dynamic data of master server by reserve link;
Step 510, master server are according to request, and the structure dynamic data returns to standby server by reserve link;
Step 511, standby server return to the up-to-date dynamic data information of user, and process finishes.
As shown in Figure 6, after attack was disappeared, data communication automatically switched to primary link from reserve link, and concrete steps are as follows:
Step 601, the assailant stops saturated distributed denial of service attack, and distributed purging system judgement is attacked and is disappeared;
Step 602, by distributed purging system notice cloud dispatching patcher, attack is disappeared, and prepares the switchback primary link, and the cloud dispatching patcher is upgraded this domain name state after receiving and attacking the notification message that disappears;
Step 603, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 604, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the master server cluster;
When step 605, normal users are accessed this domain name, at first go dns server to inquire about the sensing of this domain name;
Step 606, name server return to user's master server IP address;
Step 607, the user submits to visit data to master server according to the master server IP address of returning;
Step 608, the ADS equipment that is deployed in the master server front end filters the attack data that exist in access request, and the data flow of concurrent warp let-off filtration is to master server;
Step 609, step 610, main service is according to request, and the structure dynamic data returns to the user, and process finishes.
In sum, the present invention automatically switches to data flow hidden reserve link, and can automatically data flow be switched back original link when attack is disappeared when suffering distributed denial of service attack.technique can be applied to E-Government, ecommerce, security, finance, the numerous areas such as military and national defense, for example, in E-Government, leave the disclosed information of government affairs in the database of master server in, when master server suffers saturated Denial of Service attack, by reserve link, multidate information is gone to standby server and be transferred to the user, and the standby server node is numerous, has the very strong ability of resisting saturated Denial of Service attack, the user of access government website still can in time get the disclosed information of relevant government affairs like this, because this scheme is disposed flexibly, mode that can the Adoption Network service provides to the user, therefore, present technique has very high promotional value.
Claims (8)
1. a method of defending saturated distributed denial of service attack in dynamic website, is characterized in that: set up reserve link and the standby server cluster hidden, the chain route primary link of master server cluster and reserve link composition; When not suffering distributed denial of service attack, born the input and output of user accesses data by primary link, the standby server cluster is not worked; When distributed denial of service attack is arranged, enable the standby server cluster, standby server passes through reserve link, the dynamic data of request master server, master server is according to request, the structure dynamic data returns to standby server by reserve link, and standby server returns to the up-to-date dynamic data information of user; After distributed denial of service attack disappears, data communication is switched to primary link from reserve link.
2. the method for saturated distributed denial of service attack in defence dynamic website as claimed in claim 1, it is characterized in that: when not suffering distributed denial of service attack, born the input and output of user accesses data by primary link, the standby server cluster is not worked, and concrete steps are as follows:
Step 301, the user submits to the access domain name request to the dns server cluster;
Step 302 is returned to the IP address of accessed master server by the dns server cluster;
Step 303, the user submits to access request data to master server according to the IP address of master server;
Step 304, be deployed in the ADS equipment inspection user request data stream of master server front end and whether comprise distributed denial of service attack, when not suffering distributed denial of service attack, the ADS equipment Inspection is less than distributed denial of service attack, and the user's request msg after ADS equipment will filter is submitted the master server cluster to;
Step 305, master server return results to the user after user's access request is finished dealing with;
Step 306, process finishes.
3. the method for saturated distributed denial of service attack in defence dynamic website as claimed in claim 1, it is characterized in that: when the primary link of master server suffers distributed denial of service attack, at this moment be divided into 2 kinds of situations, the first: the distributed denial of service attack state that do not reach capacity, this moment, primary link still can carry out transfer of data; The second: the distributed denial of service attack state that reaches capacity, this moment, primary link was in blocked state, and any data can't normal transmission; For the first situation, the concrete steps of processing are as follows:
Step 401, the assailant initiates distributed denial of service attack, and the ADS equipment on primary link of being deployed in detects and filters distributed denial of service attack according to the prevention policies of administrator configurations;
Step 402, ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked, revise the domain name of domain name and point to, and the standby server cluster address is revised as in the IP address;
Step 403, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 404, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and the dns server cluster is directed to the standby server cluster according to the domain name after upgrading;
Step 405 when the user accesses domain name, is at first gone the sensing of dns server nslookup;
Step 406, dns server return to the standby server IP address of a region of user according to the geographic area at user place;
Step 407, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 408, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 409, standby server are asked the dynamic data of master server by reserve link;
Step 410, main service are according to the request of standby server, and the structure dynamic data returns to standby server by reserve link;
Step 411, standby server return to the up-to-date dynamic data information of user, and process finishes.
4. the method for saturated distributed denial of service attack in defence dynamic website as claimed in claim 3, it is characterized in that: for the second situation, the concrete steps of processing are as follows:
Step 501, the assailant initiates saturated distributed denial of service attack, and this moment, primary link was congested by saturation attack, and ADS equipment can't send a warning message;
Step 502, cloud dispatching patcher regular check primary link situation when finding that primary link can't respond, confirms that this primary link suffers saturated Denial of Service attack, perhaps the primary link off-line, revise the sensing of domain name, and the standby server cluster address is revised as in the IP address;
Step 503, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 504, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the standby server cluster;
Step 505 when the user accesses the master server domain name, is at first gone the sensing of dns server inquiry domain name;
Step 506, dns server return to the standby server IP address of a region of user according to the geographic area at user place;
Step 507, the user submits to visit data to standby server according to the standby server IP address of returning;
Step 508, the distributed purging system that is deployed in the standby server front end filters the attack data that exist in user access request, and the data flow of concurrent warp let-off filtration is to standby server;
Step 509, standby server are asked the dynamic data of master server by reserve link;
Step 510, master server are according to the standby server request, and the structure dynamic data returns to standby server by reserve link;
Step 511, standby server return to the up-to-date dynamic data information of user, and process finishes.
5. the method for saturated distributed denial of service attack in defence dynamic website as claimed in claim 1, it is characterized in that: after distributed denial of service attack disappeared, data communication switched to primary link from reserve link, and concrete steps are as follows:
Step 601, the assailant stops saturated distributed denial of service attack, and distributed purging system judgement is attacked and is disappeared;
Step 602, by distributed purging system notice cloud dispatching patcher, attack is disappeared, and prepares the switchback primary link, after the cloud dispatching patcher receives and attacks the notification message that disappears, new domain name state more;
Step 603, dns server cluster are regularly inquired about the domain name state of cloud dispatching patcher;
Step 604, cloud dispatching patcher are returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and dns server cluster more new domain name is directed to the master server cluster;
Step 605 when the user accesses domain name, is at first gone the sensing of dns server inquiry domain name;
Step 606, dns server return to user's master server IP address;
Step 607, the user submits to visit data to master server according to the master server IP address of returning;
Step 608 is sent to master server after being deployed in the data stream filtering of ADS equipment with access request of master server front end;
Step 609, master server are according to access request, and the structure dynamic data returns to the user, and process finishes.
6. the system of saturated distributed denial of service attack in a realization defence dynamic website as described in claim 1-5 any one, it is characterized in that: comprise the master server cluster, primary link, standby server cluster and the reserve link hidden, ADS equipment, cloud dispatching patcher, and distributed purging system;
Described master server cluster when not suffering distributed denial of service attack or after distributed denial of service attack disappears, is used for the response user access request by primary link;
Described standby server cluster, when suffering distributed denial of service attack, by reserve link, the dynamic data of request master server is used for the response user access request;
Described ADS equipment is located at the front end of master server, and the keeper arranges by ADS equipment and detects and the prevention policies of filter distribution formula Denial of Service attack, and domain name, primary link, reserve link information that configuration is needed protection; ADS equipment sends to the cloud dispatching patcher with configuration information; ADS equipment is after distributed denial of service attack being detected and reaching the threshold value of administrator configurations, send the alarm information of being attacked to the cloud dispatching patcher, after the cloud dispatching patcher receives alarm information, confirm that primary link is attacked or the primary link off-line, according to configuration information, revise the domain name of domain name and point to, and the standby server cluster address is revised as in the IP address;
Described cloud dispatching patcher comprises the dns server cluster; The dns server cluster is regularly inquired about the domain name state of cloud dispatching patcher; The cloud dispatching patcher is returned to the IP address group of up-to-date domain name state and correspondence to the dns server cluster, and the dns server cluster is directed to the standby server cluster according to the domain name after upgrading;
Described distributed purging system is located at the standby server front end, is used for the distributed denial of service attack from the assailant is cleaned and filters, and will be sent to standby server through the user access data flow that filters.
7. the system of saturated distributed denial of service attack in defence dynamic website as described in claim 6, it is characterized in that: described standby server cluster is distributed in different regions.
8. the system of saturated distributed denial of service attack in defence dynamic website as described in claim 6 is characterized in that: described cloud dispatching patcher selects standby server to carry out data buffer storage according to configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310141679.1A CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310141679.1A CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179136A true CN103179136A (en) | 2013-06-26 |
| CN103179136B CN103179136B (en) | 2016-01-20 |
Family
ID=48638759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310141679.1A Active CN103179136B (en) | 2013-04-22 | 2013-04-22 | The method and system of saturated distributed denial of service attack in defence dynamic website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103179136B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072211A (en) * | 2015-08-12 | 2015-11-18 | 网宿科技股份有限公司 | Domain name deployment system and domain name deployment method based on DNS (Domain Name Server) |
| CN106254429A (en) * | 2016-07-25 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | The control method of a kind of multi-path data transmission and device |
| CN106302313A (en) * | 2015-05-14 | 2017-01-04 | 阿里巴巴集团控股有限公司 | DDoS defence method based on dispatching patcher and DDoS system of defense |
| CN106357496A (en) * | 2016-10-28 | 2017-01-25 | 美的智慧家居科技有限公司 | Switching control method and device of household electric appliance and cloud server |
| CN106453006A (en) * | 2016-10-31 | 2017-02-22 | 美的智慧家居科技有限公司 | Binding control method and device for household appliance and cloud server |
| CN107294922A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of network address dispatching method and device for tackling network attack |
| CN107735778A (en) * | 2015-07-22 | 2018-02-23 | 法斯特利有限公司 | Protect the communication link between content delivery network and content original server |
| CN109347792A (en) * | 2018-09-03 | 2019-02-15 | 中新网络信息安全股份有限公司 | A kind of anti-Large Scale DDoS Attack system of defense and defence method continuing linkage pattern based on cloud+end equipment |
| CN109450841A (en) * | 2018-09-03 | 2019-03-08 | 中新网络信息安全股份有限公司 | A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment |
| CN109617913A (en) * | 2019-01-15 | 2019-04-12 | 成都知道创宇信息技术有限公司 | A kind of management method of quick positioning multiple users share node ddos attack |
| CN110138783A (en) * | 2019-05-15 | 2019-08-16 | 重庆八戒电子商务有限公司 | A method of ddos attack is handled based on cloud computing platform |
| CN110995848A (en) * | 2019-12-10 | 2020-04-10 | 北京海益同展信息科技有限公司 | Service management method, device, system, electronic equipment and storage medium |
| CN111385235A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | DDoS attack defense system and method based on dynamic transformation |
| CN113489711A (en) * | 2021-07-01 | 2021-10-08 | 中国电信股份有限公司 | DDoS attack detection method, system, electronic device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127649A (en) * | 2007-09-30 | 2008-02-20 | 华为技术有限公司 | A method and system for preventing from network attacks |
| CN101136900A (en) * | 2006-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Fast transparent fault shift device and implementing method facing to service |
| CN101394285A (en) * | 2007-09-17 | 2009-03-25 | 国际商业机器公司 | Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
| US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
| CN102739453A (en) * | 2012-07-03 | 2012-10-17 | 华为软件技术有限公司 | Master-standby switching method, device and system |
-
2013
- 2013-04-22 CN CN201310141679.1A patent/CN103179136B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136900A (en) * | 2006-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Fast transparent fault shift device and implementing method facing to service |
| CN101394285A (en) * | 2007-09-17 | 2009-03-25 | 国际商业机器公司 | Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack |
| CN101127649A (en) * | 2007-09-30 | 2008-02-20 | 华为技术有限公司 | A method and system for preventing from network attacks |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
| US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
| CN102739453A (en) * | 2012-07-03 | 2012-10-17 | 华为软件技术有限公司 | Master-standby switching method, device and system |
Non-Patent Citations (1)
| Title |
|---|
| 郭庆: "云清洗三打DDoS", 《网络世界》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302313A (en) * | 2015-05-14 | 2017-01-04 | 阿里巴巴集团控股有限公司 | DDoS defence method based on dispatching patcher and DDoS system of defense |
| CN110691149B (en) * | 2015-07-22 | 2022-12-13 | 法斯特利有限公司 | Method and apparatus for operating content delivery network and method for operating origin server |
| CN110691149A (en) * | 2015-07-22 | 2020-01-14 | 法斯特利有限公司 | Securing communications between a content delivery network and an origin server |
| CN107735778A (en) * | 2015-07-22 | 2018-02-23 | 法斯特利有限公司 | Protect the communication link between content delivery network and content original server |
| CN107735778B (en) * | 2015-07-22 | 2019-10-18 | 法斯特利有限公司 | Protect the communication link between content delivery network and content original server |
| CN105072211A (en) * | 2015-08-12 | 2015-11-18 | 网宿科技股份有限公司 | Domain name deployment system and domain name deployment method based on DNS (Domain Name Server) |
| CN105072211B (en) * | 2015-08-12 | 2018-11-02 | 网宿科技股份有限公司 | Domain name deployment system based on DNS and method |
| CN107294922A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of network address dispatching method and device for tackling network attack |
| CN106254429A (en) * | 2016-07-25 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | The control method of a kind of multi-path data transmission and device |
| CN106357496A (en) * | 2016-10-28 | 2017-01-25 | 美的智慧家居科技有限公司 | Switching control method and device of household electric appliance and cloud server |
| CN106453006A (en) * | 2016-10-31 | 2017-02-22 | 美的智慧家居科技有限公司 | Binding control method and device for household appliance and cloud server |
| CN106453006B (en) * | 2016-10-31 | 2020-08-04 | 美的智慧家居科技有限公司 | Binding control method and device for household appliances and cloud server |
| CN109450841A (en) * | 2018-09-03 | 2019-03-08 | 中新网络信息安全股份有限公司 | A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment |
| CN109347792B (en) * | 2018-09-03 | 2020-11-27 | 中新网络信息安全股份有限公司 | Large-scale DDoS attack resistance defense system and method based on cloud + end equipment continuous linkage mode |
| CN109347792A (en) * | 2018-09-03 | 2019-02-15 | 中新网络信息安全股份有限公司 | A kind of anti-Large Scale DDoS Attack system of defense and defence method continuing linkage pattern based on cloud+end equipment |
| CN111385235A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | DDoS attack defense system and method based on dynamic transformation |
| CN111385235B (en) * | 2018-12-27 | 2022-08-26 | 北京卫达信息技术有限公司 | DDoS attack defense system and method based on dynamic transformation |
| CN109617913B (en) * | 2019-01-15 | 2021-04-27 | 成都知道创宇信息技术有限公司 | Management method for rapidly positioning DDoS attack of multi-user sharing node |
| CN109617913A (en) * | 2019-01-15 | 2019-04-12 | 成都知道创宇信息技术有限公司 | A kind of management method of quick positioning multiple users share node ddos attack |
| CN110138783A (en) * | 2019-05-15 | 2019-08-16 | 重庆八戒电子商务有限公司 | A method of ddos attack is handled based on cloud computing platform |
| CN110995848A (en) * | 2019-12-10 | 2020-04-10 | 北京海益同展信息科技有限公司 | Service management method, device, system, electronic equipment and storage medium |
| CN110995848B (en) * | 2019-12-10 | 2022-09-06 | 京东科技信息技术有限公司 | Service management method, device, system, electronic equipment and storage medium |
| CN113489711A (en) * | 2021-07-01 | 2021-10-08 | 中国电信股份有限公司 | DDoS attack detection method, system, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179136B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179136A (en) | Saturation distribution type denial-of-service attack method and saturation distribution type denial-of-service attack system in defense dynamic website | |
| US9548961B2 (en) | Detecting adverse network conditions for a third-party network site | |
| Babiceanu et al. | Cyber resilience protection for industrial internet of things: A software-defined networking approach | |
| Wang et al. | Cascade-based attack vulnerability on the US power grid | |
| CN104106094B (en) | In a network environment using local policy application enter to rack email message scan | |
| Dewar | The “triptych of cyber security”: A classifi cation of active cyber defence | |
| CN103023924A (en) | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform | |
| CN103209192B (en) | For domain name state purging system during ddos attack and detection method | |
| CN102137111A (en) | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server | |
| CN104380657A (en) | System and method for determining and using local reputations of users and hosts to protect information in a network environment | |
| CN106534114A (en) | Big-data-analysis-based anti-malicious attack system | |
| CN107634959A (en) | Means of defence, apparatus and system based on automobile | |
| CN101213812A (en) | Method for defending against denial of service attacks in IP networks by target victim self-identification and control | |
| CN104917779A (en) | Protection method of CC attack based on cloud, device thereof and system thereof | |
| CN107277080A (en) | A kind of is the internet risk management method and system of service based on safety | |
| CN101213813A (en) | Method for defending against denial of service attacks in IP networks by target victim self-identification and control | |
| CN105282169A (en) | DDoS attack warning method and system based on SDN controller threshold | |
| CN109714372A (en) | Network safety system and processing method based on block chain | |
| CN103856487A (en) | Method and system for protecting authorization DNS | |
| CN104394163A (en) | Security detection method based on Web application | |
| CN109688242A (en) | A kind of cloud guard system and method | |
| US8898332B2 (en) | Methods, systems, devices and computer program products for protecting a network by providing severable network zones | |
| Zhang et al. | Cascading failures of power grids caused by line breakdown | |
| Dalek et al. | Information controls during military operations: The case of Yemen during the 2015 political and armed conflict | |
| CN104426840A (en) | Active threat detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: Yuhuatai District of Nanjing city Ning dual 210012 Jiangsu province No. 18 building 4 layer D Applicant after: Nanjing Yxlink Information Technologies Co., Ltd. Address before: Yuhuatai District of Nanjing City, the 210012 avenue of flora in Jiangsu province 23 Building No. 3 509 Applicant before: Nanjing Yxlink Information Technologies Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: NANJING YXLINK INFORMATION TECHNOLOGIES LTD. TO: NANJING YXLINK INFORMATION TECHNOLOGIES CO., LTD. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |