CN103685318B - Data processing method and device for network safety prevention - Google Patents
Data processing method and device for network safety prevention Download PDFInfo
- Publication number
- CN103685318B CN103685318B CN201310751667.0A CN201310751667A CN103685318B CN 103685318 B CN103685318 B CN 103685318B CN 201310751667 A CN201310751667 A CN 201310751667A CN 103685318 B CN103685318 B CN 103685318B
- Authority
- CN
- China
- Prior art keywords
- address
- application server
- unsafe
- response message
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of data processing method and device for network safety prevention.The data processing method for being used for network safety prevention includes:Receiving terminal accesses the request of application server;According to the IP address of request analysis application server;Judge whether the IP address that parsing is obtained is unsafe IP address;If it is judged that the IP address that parsing is obtained is unsafe IP address, then unsafe IP address is deleted from response message;The response message deleted after unsafe IP address is sent to terminal.By the present invention, the barrier propterty of network-safeguard system is improved.
Description
Technical field
The present invention relates to fire wall field, in particular to a kind of data processing method for network safety prevention
And device.
Background technology
Intranet user is in online, and it is safe to access which server, which application, is the core of network security all the time
One of problem.Face virtualization, mobile interchange technology for representative new application scenarios under, be with " State Inspection Packet Filter "
The traditional firewall technology on basis, it is more and more unable to do what one wishes in security protection ability.Fire wall of future generation(Next
Generation Firewall, abbreviation NGFW), it is suggested by the upgraded version as traditional firewall technology.In the general of NGFW
In thought, emphasized using identification as key concept, but solving " which application is safe " this key problem
When, generally acknowledged method is not found.
Prior art one related to the present invention is the application control based on application identification.
Application control based on application identification is pre-defined " which application is safe, and which application is unsafe ",
By applying identification technology, unsafe application is controlled.
Application control based on application identification has the disadvantages that:
(1)It is inaccurate.The application identification technology for being currently based on content is inaccurate, so by the application of its recognition result
Control, it is easy to the problem of causing to report by mistake or fail to report.
(2)Control granularity is too thick.Although being implicitly present in unsafe application itself, situation but more is, using this
Body is safe, is simply unsafe on certain server or in some period.Application control based on application identification
System, it is impossible to definition is provided in the two granularities.
Prior art two related to the present invention is IP prestige technologies.
IP prestige technology is identified to the IP address on network by one " IP credit databases ", which IP is indicated
It is safe, which IP is unsafe.
IP prestige technologies have the disadvantages that:
(1)Performance is low.Because each session is required for being inquired about in IP credit databases according to IP address, therefore
When there is a plurality of session, being required for being inquired about in IP credit databases, causing query performance low.
(2)Robustness is poor.Assuming that certain uses three servers using P, externally using three different IP address A, B, C,
It is parallel to complete service.Assuming that attacker attacks and controls A servers, but A servers can be used as somewhere by dns server just
Area S preferred server is provided to the user in S areas.If A is designated by IP credit databases, " danger does not allow to visit
Ask ", then the guard system based on IP credit databases can actually forbid the user in S areas to be serviced using P(Because S
User in area is when accessing P services, the preferred IP address A that can all select DNS systems to provide).
For network-safeguard system in the prior art barrier propterty it is low the problem of, effective solution party is not yet proposed at present
Case.
The content of the invention
It is a primary object of the present invention to provide a kind of data processing method and device for network safety prevention, to solve
The problem of certainly barrier propterty of Intranet guard system is low in the prior art.
To achieve these goals, according to an aspect of the invention, there is provided a kind of number for network safety prevention
According to processing method.Included according to the data processing method for network safety prevention of the present invention:Receiving terminal accesses application clothes
The request of business device;According to the IP address of request analysis application server;Judge whether the IP address that parsing is obtained is unsafe
IP address;If it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response report
Deleted in text;And send the response message deleted after unsafe IP address to terminal.
Further, the response message after by the unsafe IP address of deletion is sent to before terminal, data processing side
Method also includes:The secure IP addresses deleted in the response message after unsafe IP address are sorted according to IP prestige;According to row
Secure IP addresses are stored in response message by the order of the IP prestige after sequence;And in fire wall with locally preserving safe IP
Location.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server;Judge locally whether to find the IP address of application server in fire wall;And if
The IP address less than application server is locally searched in fire wall, then sends the requests to dns server, and receive DNS service
The IP address for the application server that device parsing is obtained.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server;Judge locally whether to find the IP address of application server in fire wall;And if
The IP address of application server is locally found in fire wall, then does not send the requests to dns server, directly invokes and find
Application server IP address as dns server response.
Further, after unsafe IP address is deleted from response message, data processing method also includes:Sentence
Whether the number of the secure IP addresses in disconnected response message is 0;If it is judged that the number of the secure IP addresses in response message
For 0, then the response message for forbidding accessing is sent to terminal.
To achieve these goals, there is provided a kind of number for network safety prevention according to another aspect of the present invention
According to processing unit.Included according to the data processing equipment for network safety prevention of the present invention:Receiving unit, for receiving end
End accesses the request of application server;Resolution unit, for the IP address according to request analysis application server;Judging unit,
For judging whether the IP address that parsing is obtained is unsafe IP address;Unit is deleted, for judging to parse what is obtained
When IP address is unsafe IP address, unsafe IP address is deleted from response message;And response unit, for inciting somebody to action
The response message after unsafe IP address is deleted to send to terminal.
Further, data processing equipment also includes:Sequencing unit, for answering after by the unsafe IP address of deletion
Answer message to send to before terminal, by the secure IP addresses deleted in the response message after unsafe IP address according to IP prestige
Sequence;Message storage unit, for IP prestige highest secure IP addresses to be stored in response message;And list is locally stored
Member, for locally preserving secure IP addresses in fire wall.
Further, resolution unit includes:Searching modul, the IP for locally searching in fire wall application server
Location;Judge module, the IP address for judging locally whether to find application server in fire wall;And transceiver module, use
When the IP address less than application server is locally searched in fire wall, dns server is sent the requests to, and receive DNS clothes
The IP address for the application server that business device parsing is obtained.
Further, resolution unit includes:Searching modul, the IP for locally searching in fire wall application server
Location;Judge module, the IP address for judging locally whether to find application server in fire wall;And calling module, use
When the IP address of application server is locally found in fire wall, dns server is not sent the requests to, lookup is directly invoked
The IP address of the application server arrived as dns server response.
Further, data processing equipment also includes:Message judging unit, for by unsafe IP address from response
After being deleted in message, whether the number for judging the secure IP addresses in response message is 0;Transmitting element, for judging
When the number of secure IP addresses in response message is 0, the response message for forbidding accessing is sent to terminal.
By the present invention, solve network-safeguard system in the prior art barrier propterty it is low the problem of, and then reach
Improve the effect of the barrier propterty of network-safeguard system.
Brief description of the drawings
The accompanying drawing for constituting the part of the application is used for providing a further understanding of the present invention, schematic reality of the invention
Apply example and its illustrate to be used to explain the present invention, do not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of data processing method according to a first embodiment of the present invention;
Fig. 2 is data processing method flow chart according to a second embodiment of the present invention;
Fig. 3 is the schematic diagram of data processing method according to embodiments of the present invention by taking application P as an example;
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention;And
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention.
Embodiment
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase
Mutually combination.Describe the present invention in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so using
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Lid is non-exclusive to be included, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
The embodiments of the invention provide a kind of data processing method for network safety prevention.
Fig. 1 is the flow chart of data processing method according to a first embodiment of the present invention.As illustrated, the data processing side
Method comprises the following steps:
Step S102, receiving terminal accesses the request of application server.
User is in using terminal, it is impossible to be immediately seen the IP address of application server, user sees in terminal to be accessed
Domain name, such as service.aaa.com.Applied if user needs to access, the safeguard such as fire wall is receiving use
After the access request at family, the domain name service.aaa.com for needing to access is parsed.
Step S104, according to the IP address of request analysis application server.
The IP address for parsing application server parses IP address using dns server, can also be local in fire wall
DNS cache in search IP address.The method for parsing IP address using dns server can be using the conventional solution of dns server
The method for analysing IP address, because the method that IP address is parsed using dns server is not that the present invention is of interest, does not do superfluous herein
State.The particular content for searching IP address using the local DNS cache of fire wall has corresponding description in the following embodiments.
Step S106, judges whether the IP address that parsing is obtained is unsafe IP address.
Obtained IP address is parsed using dns server, or finds corresponding IP address in the dns cache, is all needed
Will be by the judgement of fire wall, to determine to parse whether obtained IP is unsafe IP address.
The obtained IP address of parsing is searched in IP credit databases, according to each IP stored in IP credit databases
The corresponding IP prestige in location, determines whether the IP address that the parsing is obtained is unsafe IP address.
If the IP prestige that the IP address that the parsing is obtained is found in IP credit databases is low, it is determined that parsing is obtained
IP address be unsafe IP address.
Step S108, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP
Deleted from response message location.
After unsafe IP address is deleted from response message, terminal can not perceive unsafe IP address, therefore,
It can be good at avoiding the unsafe IP address of terminal access, adding terminal makes the security of application.
Step S110, the response message deleted after unsafe IP address is sent to terminal.
Delete after unsafe IP address, the IP address of safety has been only included in response message, it is not unsafe
IP address, therefore, any one IP address in terminal access response message are all safe, can ensure that terminal can make
With application terminal, and the application server of access safety.
If after deleting unsafe IP address, there is no IP address in response message, then return and can not visit to terminal
The response asked.
By the embodiment of the present invention, judge whether the IP address that parsing is obtained is unsafe IP address, if it is judged that
IP address is unsafe, and unsafe IP address is deleted from response message, and will delete unsafe IP address
Response message is sent to terminal so that terminal can not perceive appointing in unsafe IP address, and terminal access response message
One IP address of meaning can access safety application server.Because terminal can be utilized in addition to unsafe IP address
Secure IP addresses access application server, therefore, the terminal some application server be unsafe server when, also
Using other safe application servers the terminal can normally be used, improve the robustness of terminal program.
Meanwhile, when parsing the IP address of application server, the IP of application server can be directly inquired about in the dns cache
Address, if it is possible to inquire the IP address, it may not be necessary to sent to dns server and parse asking for application server IP address
Ask, improve the efficiency of inquiry, further increase the efficiency of network protection.
Fig. 2 is data processing method flow chart according to a second embodiment of the present invention.As illustrated, dangerous that will delete
IP address after response message send to before terminal, the data processing method also comprises the following steps:
Step S202, the secure IP addresses deleted in the response message after unsafe IP address are arranged according to IP prestige
Sequence.
After unsafe IP address is deleted, the secure IP addresses in the Chinese inquiry response message of IP credit databases
Corresponding IP prestige, and the IP address of safety is ranked up according to the height of IP prestige.
Secure IP addresses, are stored in response message by step S204 according to the order of the IP prestige after sequence.
After height according to IP prestige is ranked up, the IP address of safety is stored in response according to the height of IP prestige
In message.
Because the IP prestige that IP address above is come in response message is higher, terminal is generally selected in response message and leaned on
Preceding IP address conducts interviews as the IP address of application server, and the access speed of the higher application server of IP prestige and
Access stability all preferable, therefore, the secure IP addresses after the height sequence according to IP prestige are stored in response message.
Step S206, secure IP addresses are locally preserved in fire wall.
Safe IP address is locally preserved in fire wall, the terminal is used within some period, and access application clothes
During business device, corresponding IP address can be directly called in the caching of fire wall, is parsed without sending to dns server,
The security of the application server of terminal access can not only be ensured, moreover it is possible to improve the protection efficiency of safeguard, improve protection
Performance.
By the above method, the higher IP address of IP prestige is sent to terminal as preferred IP address, provided for terminal
More stablize and safe application server, the access safety of user can not only be ensured, moreover it is possible to improve Consumer's Experience.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server.Judge locally whether to find the IP address of application server in fire wall.And if
The IP address less than application server is locally searched in fire wall, then sends the requests to dns server, and receive DNS service
The IP address for the application server that device parsing is obtained.
Fire wall, which locally has, can store the IP address of application server in DNS cache, DNS cache, please in parsing terminal
When seeking the IP address of access, IP address corresponding with the application server asked is searched in the dns cache first, if in fire prevention
IP address corresponding less than with the application server of request is searched in the DNS cache of wall, then by parsing application server IP
The request of location is sent to dns server, and IP address corresponding with application server, dns server parsing are parsed by dns server
Obtain after IP address corresponding with application server, the IP address that parsing is obtained returns to fire wall, and fire wall is received
Search whether the IP address after parsing is safe IP address after IP address after parsing.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server.Judge locally whether to find the IP address of application server in fire wall.And if
The IP address of application server is locally found in fire wall, then does not send the requests to dns server, directly invokes and find
Application server IP address as dns server response.
Similarly, if can locally find the IP address of application server in fire wall, without with will parsing IP
The request of location is sent to dns server, directly the corresponding IP address of the application server of search request in the dns cache, if
IP address corresponding with the application server asked is found, then directly invokes the IP address of lookup, and the IP that judgement is found
Whether address is safe IP address.
Obtained IP address, or the IP address locally found in fire wall are either parsed by dns server, all
Need to judge whether the IP address that parsing is obtained is safe by fire wall.
The IP address that parsing is obtained is searched in IP credit databases, judges whether the IP address that parsing is obtained is safety
, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response message
It is middle to delete.
It should be noted that the IP address that parsing is obtained is probably one or more, usual terminal can possess multiple IP
, there is a preferred IP address address in multiple IP address, and terminal accesses application server according to preferred IP address.
Further, after unsafe IP address is deleted from response message, data processing method also includes:Sentence
Whether the number of the secure IP addresses in disconnected response message is 0.If it is judged that the number of the secure IP addresses in response message
For 0, then the response message for forbidding accessing is sent to terminal.
Be resolved to after IP address, unsafe IP address deleted from response message, then unsafe IP address without
Method is perceived by terminal, and terminal can not access unsafe IP address naturally, so as to ensure that using terminal accesses application server
Security.Whether the number for judging the IP address in response message is 0, if it is judged that of the IP address in response message
Number is 0, then does not have safe IP address to supply with using in response message, then the response message for forbidding accessing is sent to terminal.
If the number of the IP address in response message is not 0, the IP address to safety sorts according to IP prestige, by the row of being stored with
The response message of IP address after sequence is sent to terminal, and IP prestige highest IP address comes in response message front end as first choice
IP address, terminal accesses application server after response message is received according to preferred IP address, so that terminal security is visited
Ask application server.
By the present invention, IP prestige is searched to the IP address that parsing is obtained first, by unsafe IP address from response report
Deleted in text so that terminal can not perceive unsafe IP address, so as to ensure that terminal security accesses application server, further
Ground, after unsafe IP address is deleted, the IP address to safety carries out IP prestige sequences, by IP prestige highest IP address
As preferred IP address, accessed for terminal program, so that when unsafe IP address is preferred IP address, deleting not
After the IP address of safety, application program can also be used normally, using the above method, not only ensure terminal access application service
The security of device, additionally it is possible to which terminal can also be used normally when unsafe IP address is disabled, so as to solve prior art
The problem of barrier propterty of middle network-safeguard system is low, and then reached the effect for the barrier propterty for improving network-safeguard system.
Fig. 3 is the schematic diagram of data processing method according to embodiments of the present invention by taking application P as an example.
Specifically, by taking application P as an example, it is assumed that application P using two application servers, respectively application server A300 and
Application server B400, corresponding two different IP addresses are A, B.Assuming that attacker attacks and controls application server
A300, lucky A servers are supplied to the user in S areas by dns server as somewhere S preferred server.
Terminal 100 is when application P is accessed, the access request of the receiving terminal 100 of fire wall 200, and in fire wall 200
DNS cache 600 in inquire about the terminal 100 request application P server address.
If inquiring the application P of the terminal 100 request server address in DNS cache 600, fire wall is searched
Using the IP prestige of P server address.If not inquiring the application P of the terminal 100 request in DNS cache 600
Server address, then be sent to dns server 500 by the request of terminal 100, the request by dns server 500 to terminal 100
Parsed, and the server address of the application P after parsing is back to fire wall 200.
The server address for the application P that fire wall 200 is inquired about or received is A, B, now in IP credit databases 700
Middle inquiry server address A, B, it is assumed that inquire A for unsafe IP address, then delete A from response message, reservation
Server address is B.
Server address in response message is B, then sends B to terminal 100, terminal 100 is according to access IP address B.
If also including the server address C of safety in response message, the server address retained in response message is B, C, according to
B, C IP prestige are ranked up, and such as B prestige is more than C prestige, then comes B before C, if B, C for inquiring
IP prestige is identical, then is arranged according to the order in original response message.
Server address B, the C retained in response message is safe IP address, can will contain server address B, C
Response message is sent to terminal 100, and the higher server address B of IP prestige is supplied into terminal 100 as preferred IP address, and
Server address B, C for retaining in response message are stored in the DNS cache 600 of fire wall.
User is obtained after server address B, can access server B, so as to using applying P.
Using the above method, in dns resolution server address, by the low server address of IP prestige from response message
Delete so that terminal can not perceive malicious IP addresses, improve the whole efficiency of network-safeguard system.In addition, being obtained in parsing
After multiple IP address, multiple IP address that parsing is obtained are searched in IP credit databases, are carried out according to the height of IP prestige
Sequence, is sent to terminal, the high server of the IP prestige that terminal access is received by the high IP address of IP prestige.By sorting it
Afterwards, the preferred IP address in original response message is have changed, not only causes terminal normally using applying P, moreover it is possible to avoid terminal from visiting
Unsafe IP address is asked, the stability of application is improved.
Meanwhile, preserved using the DNS cache in fire wall and obtained IP address is parsed, it is necessary to identical according to terminal request
When request is parsed, directly searched, parsed without sending to dns server in fire wall, improve parsing
The efficiency of terminal request, so as to improve the operational efficiency of terminal applies.
The data processing equipment that the data processing method of the embodiment of the present invention can be provided by the embodiment of the present invention come
Perform, the data processing equipment of the embodiment of the present invention can be used for performing the data processing side that the embodiment of the present invention is provided
Method.
The embodiment of the present invention additionally provides a kind of data processing equipment for network safety prevention.
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention.As illustrated, the data processing is filled
Put including receiving unit 10, resolution unit 20, judging unit 30, deletion unit 40 and response unit 50.
Receiving unit 10 is used for the request that receiving terminal accesses application server.
User is in using terminal, it is impossible to be immediately seen the IP address of application server, user sees in terminal to be accessed
Domain name, such as service.aaa.com.Applied if user needs to access, the safeguard such as fire wall is receiving use
After the access request at family, the domain name service.aaa.com for needing to access is parsed.
Resolution unit 20 is used for the IP address according to request analysis application server.
The IP address for parsing application server parses IP address using dns server, can also be local in fire wall
DNS cache in search IP address.The method for parsing IP address using dns server can be using the conventional solution of dns server
The method for analysing IP address, because the method that IP address is parsed using dns server is not that the present invention is of interest, does not do superfluous herein
State.The particular content for searching IP address using the local DNS cache of fire wall has corresponding description in the following embodiments.
Judging unit 30 is used to judge whether the IP address that parsing is obtained is unsafe IP address.
Obtained IP address is parsed using dns server, or finds corresponding IP address in the dns cache, is all needed
Will be by the judgement of fire wall, to determine to parse whether obtained IP is unsafe IP address.
The obtained IP address of parsing is searched in IP credit databases, according to each IP stored in IP credit databases
The corresponding IP prestige in location, determines whether the IP address that the parsing is obtained is unsafe IP address.
If the IP prestige that the IP address that the parsing is obtained is found in IP credit databases is low, it is determined that parsing is obtained
IP address be unsafe IP address.
Unit 40 is deleted for when judging that it is unsafe IP address to parse obtained IP address, by unsafe IP
Deleted from response message address.
After unsafe IP address is deleted from response message, terminal can not perceive unsafe IP address, therefore,
It can be good at avoiding the unsafe IP address of terminal access, adding terminal makes the security of application.
Response unit 50 is used to send the response message deleted after unsafe IP address to terminal.
Delete after unsafe IP address, the IP address of safety has been only included in response message, it is not unsafe
IP address, therefore, any one IP address in terminal access response message are all safe, can ensure that terminal can make
With application terminal, and the application server of access safety.
If after deleting unsafe IP address, there is no IP address in response message, then return and can not visit to terminal
The response asked.
By the embodiment of the present invention, judge whether the IP address that parsing is obtained is unsafe IP address, if it is judged that
IP address is unsafe, and unsafe IP address is deleted from response message, and will delete unsafe IP address
Response message is sent to terminal so that terminal can not perceive appointing in unsafe IP address, and terminal access response message
One IP address of meaning can access safety application server.Because terminal can be utilized in addition to unsafe IP address
Secure IP addresses access application server, therefore, the terminal some application server be unsafe server when, also
Using other safe application servers the terminal can normally be used, improve the robustness of terminal program.
Meanwhile, when parsing the IP address of application server, the IP of application server can be directly inquired about in the dns cache
Address, if it is possible to inquire the IP address, it may not be necessary to sent to dns server and parse asking for application server IP address
Ask, improve the efficiency of inquiry, further increase the efficiency of network protection.
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention.As illustrated, the data processing is filled
Put including:Receiving unit 10, resolution unit 20, judging unit 30 and deletion unit 40, in addition to sequencing unit 60, message are preserved
Unit 70 and local storage unit 80.
The response message that sequencing unit 60 is used for after by the unsafe IP address of deletion is sent to before terminal, will be deleted
The secure IP addresses in response message after unsafe IP address sort according to IP prestige.
After unsafe IP address is deleted, the secure IP addresses in the Chinese inquiry response message of IP credit databases
Corresponding IP prestige, and the IP address of safety is ranked up according to the height of IP prestige.
Message storage unit 70 is used to IP prestige highest secure IP addresses being stored in response message.And
Because the IP prestige that IP address above is come in response message is higher, terminal is generally selected in response message and leaned on
Preceding IP address conducts interviews as the IP address of application server, and the access speed of the higher application server of IP prestige and
Access stability all preferable, therefore, the secure IP addresses after the height sequence according to IP prestige are stored in response message.
Local storage unit 80 is used to locally preserve secure IP addresses in fire wall.
Safe IP address is locally preserved in fire wall, the terminal is used within some period, and access application clothes
During business device, corresponding IP address can be directly called in the caching of fire wall, is parsed without sending to dns server,
The security of the application server of terminal access can not only be ensured, moreover it is possible to improve the protection efficiency of safeguard, improve protection
Performance.
By the above method, the higher IP address of IP prestige is sent to terminal as preferred IP address, provided for terminal
More stablize and safe application server, the access safety of user can not only be ensured, moreover it is possible to improve Consumer's Experience.
Further, resolution unit 20 includes searching modul, judge module and transceiver module.
Searching modul is used for the IP address that application server is locally searched in fire wall.Judge module is used to judge in fire prevention
Whether wall locally finds the IP address of application server.Transceiver module is used to locally search less than application server in fire wall
IP address when, send the requests to dns server, and receive the IP address for the application server that dns server parsing is obtained.
Fire wall, which locally has, can store the IP address of application server in DNS cache, DNS cache, please in parsing terminal
When seeking the IP address of access, IP address corresponding with the application server asked is searched in the dns cache first, if in fire prevention
IP address corresponding less than with the application server of request is searched in the DNS cache of wall, then by parsing application server IP
The request of location is sent to dns server, and IP address corresponding with application server, dns server parsing are parsed by dns server
Obtain after IP address corresponding with application server, the IP address that parsing is obtained returns to fire wall, and fire wall is received
Search whether the IP address after parsing is safe IP address after IP address after parsing.
Further, resolution unit 20 includes:Searching modul is with being used for the IP that application server is locally searched in fire wall
Location.Judge module is used to judge locally whether find the IP address of application server in fire wall.And calling module is used for
When fire wall locally finds the IP address of application server, dns server is not sent the requests to, directly invokes and finds
Application server IP address as dns server response.
Similarly, if can locally find the IP address of application server in fire wall, without with will parsing IP
The request of location is sent to dns server, directly the corresponding IP address of the application server of search request in the dns cache, if
IP address corresponding with the application server asked is found, then directly invokes the IP address of lookup, and the IP that judgement is found
Whether address is safe IP address.
Obtained IP address, or the IP address locally found in fire wall are either parsed by dns server, all
Need to judge whether the IP address that parsing is obtained is safe by fire wall.
The IP address that parsing is obtained is searched in IP credit databases, judges whether the IP address that parsing is obtained is safety
, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response message
It is middle to delete.
It should be noted that the IP address that parsing is obtained is probably one or more, usual terminal can possess multiple IP
, there is a preferred IP address address in multiple IP address, and terminal accesses application server according to preferred IP address.
Further, the data processing equipment also includes message judging unit and transmitting element.
Message judging unit is used for after unsafe IP address is deleted from response message, judges in response message
The numbers of secure IP addresses whether be 0.
Transmitting element is used to, when the number of the secure IP addresses in judging response message is 0, send and forbid to terminal
The response message of access.
Be resolved to after IP address, unsafe IP address deleted from response message, then unsafe IP address without
Method is perceived by terminal, and terminal can not access unsafe IP address naturally, so as to ensure that using terminal accesses application server
Security.Whether the number for judging the IP address in response message is 0, if it is judged that of the IP address in response message
Number is 0, then does not have safe IP address to supply with using in response message, then the response message for forbidding accessing is sent to terminal.
If the number of the IP address in response message is not 0, the IP address to safety sorts according to IP prestige, by the row of being stored with
The response message of IP address after sequence is sent to terminal, and IP prestige highest IP address comes in response message front end as first choice
IP address, terminal accesses application server after response message is received according to preferred IP address, so that terminal security is visited
Ask application server.
By the present invention, IP prestige is searched to the IP address that parsing is obtained first, by unsafe IP address from response report
Deleted in text so that terminal can not perceive unsafe IP address, so as to ensure that terminal security accesses application server, further
Ground, after unsafe IP address is deleted, the IP address to safety carries out IP prestige sequences, by IP prestige highest IP address
As preferred IP address, accessed for terminal program, so that when unsafe IP address is preferred IP address, deleting not
After the IP address of safety, application program can also be used normally, using the above method, not only ensure terminal access application service
The security of device, additionally it is possible to which terminal can also be used normally when unsafe IP address is disabled, so as to solve prior art
The problem of barrier propterty of middle network-safeguard system is low, and then reached the effect for the barrier propterty for improving network-safeguard system.
It should be noted that can be in such as one group computer executable instructions the step of the flow of accompanying drawing is illustrated
Performed in computer system, and, although logical order is shown in flow charts, but in some cases, can be with not
The order being same as herein performs shown or described step.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (8)
1. a kind of data processing method for network safety prevention, it is characterised in that including:
Receiving terminal accesses the request of application server;
According to the IP address of application server described in the request analysis;
Judge whether the IP address that parsing is obtained is unsafe IP address;
If it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response report
Deleted in text;And
The response message deleted after unsafe IP address is sent to the terminal,
Wherein, the response message after by deletion unsafe IP address is sent to before the terminal, the number
Also include according to processing method:
The secure IP addresses deleted in the response message after unsafe IP address are sorted according to IP prestige;
Secure IP addresses are stored in the response message by the order according to the IP prestige after sequence;And
The secure IP addresses are locally preserved in fire wall.
2. data processing method according to claim 1, it is characterised in that according to the request analysis of the access server
The IP address of the application server includes:
The IP address of the application server is locally searched in fire wall;
Judge locally whether to find the IP address of the application server in the fire wall;And
If locally searching the IP address less than the application server in the fire wall, DNS is sent the request to
Server, and receive the IP address for the application server that the dns server parsing is obtained.
3. data processing method according to claim 1, it is characterised in that according to the request analysis of the access server
The IP address of the application server includes:
The IP address of the application server is locally searched in fire wall;
Judge locally whether to find the IP address of the application server in the fire wall;And
If locally finding the IP address of the application server in the fire wall, DNS is not sent the request to
Server, the IP address for directly invoking the application server found is used as the response of the dns server.
4. data processing method according to claim 1, it is characterised in that by unsafe IP address from response
After being deleted in message, the data processing method also includes:
Whether the number for judging the secure IP addresses in the response message is 0;
If it is judged that the number of the secure IP addresses in the response message is 0, is then sent to the terminal and forbid what is accessed
Response message.
5. a kind of data processing equipment protected for intranet security, it is characterised in that
Receiving unit, the request of application server is accessed for receiving terminal;
Resolution unit, for the IP address according to application server described in the request analysis;
Judging unit, for judging whether the IP address that parsing is obtained is unsafe IP address;
Unit is deleted, for when judging that it is unsafe IP address to parse obtained IP address, by unsafe IP
Deleted from response message address;And
Response unit, for the response message deleted after unsafe IP address to be sent to the terminal,
Wherein, the data processing equipment also includes:
Sequencing unit, for will delete the response message after unsafe IP address send to the terminal it
Before, the secure IP addresses deleted in the response message after unsafe IP address are sorted according to IP prestige;
Message storage unit, for the IP prestige highest secure IP addresses to be stored in the response message;And
Local storage unit, for locally preserving the secure IP addresses in fire wall.
6. data processing equipment according to claim 5, it is characterised in that the resolution unit includes:
Searching modul, the IP address for locally searching the application server in fire wall;
Judge module, the IP address for judging locally whether to find the application server in the fire wall;
And
Transceiver module, for when the fire wall locally searches the IP address less than the application server, by the request
Dns server is sent to, and receives the IP address for the application server that the dns server parsing is obtained.
7. data processing equipment according to claim 5, it is characterised in that the resolution unit includes:
Searching modul, the IP address for locally searching the application server in fire wall;
Judge module, the IP address for judging locally whether to find the application server in the fire wall;
And
When calling module, IP address for locally finding the application server in the fire wall, not by the request
Dns server is sent to, IP address the answering as the dns server of the application server found is directly invoked
Answer.
8. data processing equipment according to claim 5, it is characterised in that the data processing equipment also includes:
Message judging unit, for after unsafe IP address is deleted from response message, judging the response
Whether the number of the secure IP addresses in message is 0;
Transmitting element, for when the number of the secure IP addresses in judging the response message is 0, being sent to the terminal
Forbid the response message accessed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751667.0A CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751667.0A CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103685318A CN103685318A (en) | 2014-03-26 |
| CN103685318B true CN103685318B (en) | 2017-09-12 |
Family
ID=50321632
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310751667.0A Active CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103685318B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135187A (en) * | 2016-02-29 | 2017-09-05 | 阿里巴巴集团控股有限公司 | Preventing control method, the apparatus and system of network attack |
| CN108667783B (en) * | 2017-04-01 | 2019-05-17 | 北京数安鑫云信息技术有限公司 | A kind of Accurate Interception methods, devices and systems for IP address |
| CN110266684B (en) * | 2019-06-19 | 2022-06-24 | 北京天融信网络安全技术有限公司 | Domain name system safety protection method and device |
| CN113542292A (en) * | 2021-07-21 | 2021-10-22 | 江南信安(北京)科技有限公司 | Intranet safety protection method and system based on DNS and IP credit data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7725602B2 (en) * | 2000-07-19 | 2010-05-25 | Akamai Technologies, Inc. | Domain name resolution using a distributed DNS network |
| US20070180090A1 (en) * | 2006-02-01 | 2007-08-02 | Simplicita Software, Inc. | Dns traffic switch |
| US9083712B2 (en) * | 2007-04-04 | 2015-07-14 | Sri International | Method and apparatus for generating highly predictive blacklists |
| CN101227467B (en) * | 2008-01-08 | 2011-11-30 | 中兴通讯股份有限公司 | Apparatus for managing black list |
| CN101815104A (en) * | 2010-03-19 | 2010-08-25 | 中兴通讯股份有限公司 | Network protocol address feedback method and domain name resolution server |
| CN102571738B (en) * | 2010-12-08 | 2015-09-16 | 中国电信股份有限公司 | Based on the intrusion prevention method and system that VLAN exchanges |
| CN102891794B (en) * | 2011-07-22 | 2015-07-29 | 华为技术有限公司 | A kind of method that data packet transmission controls and gateway |
| CN103269389B (en) * | 2013-06-03 | 2016-05-25 | 北京奇虎科技有限公司 | Check and repair the method and apparatus that malice DNS arranges |
-
2013
- 2013-12-31 CN CN201310751667.0A patent/CN103685318B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103685318A (en) | 2014-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10142291B2 (en) | System for providing DNS-based policies for devices | |
| CN103607385B (en) | Method and apparatus for security detection based on browser | |
| CN103825895B (en) | A kind of information processing method and electronic equipment | |
| CN103957201B (en) | Domain-name information processing method based on DNS, apparatus and system | |
| US10148700B2 (en) | Classification of top-level domain (TLD) websites based on a known website classification | |
| US9325560B2 (en) | Method, device and system for providing web page content according to user ranking | |
| US8522336B2 (en) | Gateway device and method for using the same to prevent phishing attacks | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| CN102737119B (en) | The lookup method of URL(uniform resource locator), filter method and relevant device and system | |
| CN104158818B (en) | A kind of single-point logging method and system | |
| CN105939326A (en) | Message processing method and device | |
| US9021085B1 (en) | Method and system for web filtering | |
| CN107295116B (en) | Domain name resolution method, device and system | |
| CN103685318B (en) | Data processing method and device for network safety prevention | |
| CN108156270B (en) | Domain name request processing method and device | |
| CN106453216A (en) | Malicious website interception method, malicious website interception device and client | |
| CN110430188A (en) | A kind of quick url filtering method and device | |
| CN112600868A (en) | Domain name resolution method, domain name resolution device and electronic equipment | |
| CN111797418B (en) | Online service control method and device, service terminal, server and storage medium | |
| CN109660552A (en) | A kind of Web defence method combining address jump and WAF technology | |
| CN108449368A (en) | A kind of application layer attack detection method, device and electronic equipment | |
| CN108063833A (en) | HTTP dns resolutions message processing method and device | |
| KR101127246B1 (en) | Method of identifying terminals which share an ip address and apparatus thereof | |
| CN108429785A (en) | A kind of generation method, reptile recognition methods and the device of reptile identification encryption string | |
| CN105100048A (en) | WiFi network security identification method, server, client device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: SHANSHI NETWORK COMMUNICATION TECHNOLOGY CO., LTD. Address before: 215163 3rd Floor, 7th Building, High-tech Software Park, 78 Keling Road, Suzhou Science and Technology City, Jiangsu Province Patentee before: HILLSTONE NETWORKS |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220119 Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: Shanshi Netcom Communication Technology Co.,Ltd. Patentee after: Jingyi Zhiyuan (Wuhan) Information Technology Co., Ltd Address before: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee before: Shanshi Netcom Communication Technology Co.,Ltd. |