CN104219200A - Device and method for protection from DNS cache attack - Google Patents
Device and method for protection from DNS cache attack Download PDFInfo
- Publication number
- CN104219200A CN104219200A CN201310209362.7A CN201310209362A CN104219200A CN 104219200 A CN104219200 A CN 104219200A CN 201310209362 A CN201310209362 A CN 201310209362A CN 104219200 A CN104219200 A CN 104219200A
- Authority
- CN
- China
- Prior art keywords
- response message
- dns response
- domain name
- address
- parsing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides device and method for protection from DNS cache attack, which are applied on a network security apparatus, wherein the device performs the following processing procedure: step A, acquiring an analyzed domain name carried in a received DNS response message and judging whether the analyzed domain name is in a preset domain name monitoring list, turning to step B if so, otherwise, turning to step C; step B, judging whether the analyzing IP addresses carried in the DNS response message and corresponding to the analyzed domain name are all in a white list, and allowing the DNS response message to pass if so; step C, judging whether there is any abnormal IP address belonging to a black list in the analyzing IP addresses carried in the DNS response message and corresponding to the analyzed domain name, and allowing the DNS response message to pass if not. The technical solution of the present invention efficiently improves capability of a network security apparatus for protection from DNS cache attack, thereby further ensuring the network security.
Description
Technical field
The present invention relates to network security technology, particularly relate to a kind of apparatus and method of taking precautions against DNS cache and attacking.
Background technology
DNS is the abbreviation of domain name system (Domain Name System), and it is made up of resolver and name server.Name server (DNS Server) refers to the domain name and corresponding IP address of preserving All hosts in this network, and to have domain name mapping be the server of IP address function.Please refer to Fig. 1, the flow process of dns resolution domain name is substantially as follows: first by the request of client initiated domain name analysis, after local dns server receives this request, can search in this locality and buffer memory, if do not found, then can initiate analysis request to upper level dns server, analysis result can be returned to local dns server by back message by upper level dns server, now, local dns server by described analysis result stored in buffer memory, so that subsequent client again this domain name of request analysis time, directly can return analysis result, analysis result can be returned to the client of this this domain name of request analysis simultaneously.
DNS attack occurs repeatedly in recent years, and the behavior of carrying out attacking for DNS cache is at present also very common.DNS cache is attacked and is mainly contained two classes:
The first kind, the buffer memory of dns server meeting regular update oneself.During buffer update, need superior server to send request, assailant then sends the back message of structure meticulously to dns server.Such as if when dns server upgrades www.google.com domain name, assailant sends back message to dns server, just likely success attack, makes the IP address that assailant specifies into by IP address corresponding for www.google.com domain name.
Equations of The Second Kind, assailant deliberately utilizes the second level domain of certain domain name non-existent to send request, and such dns server will the request of superior dns server sending domain name analysis owing to resolving, this time, assailant sends back message to DNS, just likely success attack.Such as, assailant wants to attack www.google.com, it just can send aa.google.com(is only example, suppose that this domain name does not exist) to dns server, in this time, assailant sends back message, and this message is replied aa.google.com domain name and do not existed, but in additional resource, www.google.com is made into the IP address that assailant specifies wherein, so DNS cache success attack.
Summary of the invention
In view of this, the invention provides a kind of apparatus and method of taking precautions against DNS cache and attacking, to solve the deficiency that prior art exists.
Particularly, described application of installation is on Network Security Device, and this device comprises:
Domain name judge module, for obtaining its resolved domain name of carrying from the DNS response message received, and judges described resolved domain name whether in the domain name watch-list preset, if, then advice range detection module, if not, then notification filter protection module;
Range detection module, for judging the parsing IP address corresponding with this resolved domain name that described DNS response message carries whether all in white list, if so, then allows this DNS response message to pass through;
Filter protection module, for judging whether the parsing IP address corresponding with this resolved domain name that described DNS response message carries has the unusual IP addresses belonged in blacklist, if not, then allows this DNS response message to pass through.
Said method comprising the steps of:
Steps A, from the DNS response message received, obtain its resolved domain name of carrying, and judge described resolved domain name whether in the domain name watch-list preset, if so, then go to step B, if not, then go to step C;
Step B, judge the parsing IP address corresponding with this resolved domain name that described DNS response message carries whether all in white list, if so, then allow this DNS response message to pass through;
Step C, judge whether the parsing IP address corresponding with this resolved domain name that described DNS response message carries has the unusual IP addresses belonged in blacklist, if not, then allow this DNS response message to pass through.
From above technical scheme, the present invention by arranging black, white list, and then realizes resolving the monitoring of IP address, and can Exception Filter IP address, has effectively taken precautions against the attack of assailant to DNS cache.
Accompanying drawing explanation
Fig. 1 is typical DNS request process chart;
Fig. 2 is the method flow diagram of one embodiment of the present invention;
Fig. 3 is the device logic diagram of one embodiment of the present invention.
Embodiment
In prior art, Network Security Device between DNS request side and parsing side is after receiving DNS request message, according to random algorithm amendment source port and TID, and then DNS request message repeating can be gone out, the source port before and after record modification simultaneously and the mapping relations of TID.After receiving DNS response message, contrast source port and TID errorless after, by described source port and TID reduction, and then to forward.Although this method substantially reduces the success rate that traditional buffer memory is attacked, but in extreme circumstances, if assailant sends the response message for certain domain name discretely, or send attack message after source port and TID being reduced the scope, in theory still having necessarily may success attack.The invention provides a kind of apparatus and method of taking precautions against DNS cache and attacking, be applied on Network Security Device, be intended to the difficulty of to increase substantially assailant, DNS cache being attacked from another angle, DNS is served safer.In order to make the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the drawings and specific embodiments.
Please refer to Fig. 2 and Fig. 3, one of the present invention preferred embodiment in, the invention provides a kind of DNS cache of taking precautions against and attack device, this device comprises: domain name judge module, range detection module, filter protection module and list maintenance module.This device performs following handling process in running:
Step 101, from the DNS response message received, obtain its resolved domain name of carrying, and judge described resolved domain name whether in the domain name watch-list preset.This step is performed by domain name judge module.
In the Internet of present stage, DNS cache is attacked pointed often, most assailant can select to attack specific well-known website, the present invention utilizes this behavioral characteristic of assailant, by knowing the identity of more assailant to the monitoring of the well-known website of minority, a lot of assailant may attack these well-known websites usually.In this step, described default domain name monitoring form, by administrator configurations, generally includes the high well-known website domain name of clicking rate and other pregnable website domain names.By to preset domain name monitoring form, can not only know assailant in subsequent treatment, the domain name of these well-known websites more importantly can be protected not attacked, these well-known websites have accumulated the most flowing of access in the Internet after all.
The modes such as safety means can receive various message, and it can utilize the mechanism of some maturations, such as ACL, filter out DNS response message and do special process.After receiving DNS response message, its resolved domain name of carrying can be obtained from the field that DNS response message is fixed, judge described resolved domain name whether in described default domain name watch-list, if, illustrate that described resolved domain name is the domain name that emphasis needs monitoring, go to step 102; If not, then go to step 103.
Step 102, judge the parsing IP address corresponding with this resolved domain name that described DNS response message carries whether all in white list, if so, then allow this DNS response message to pass through.This step is performed by range detection module.
Described white list is for recording legal IP address.A website usually can to there being multiple legal IP address; for example as the large-scale website such as Google, Sina; a lot of station server can be disposed; every station server all can have a private network IP address, considers the property in short supply of IP address, in IPv4 network; these servers can share multiple public network IP address; and for Internet user, the service that these public network IP address provide is consistent, therefore just there will be the situation of the corresponding multiple IP address of a domain name.Although each domain name may corresponding multiple IP address, but in the scope that many times all IP addresses of its correspondence all can be specified or several, so the IP scope that the present invention can specify according to this or several (such as IP address field) formulates white list.
If described parsing IP address is all in white list, illustrating that these resolve IP address is the legitimate ip address that dns server parses, and allows described DNS response message to pass through.If described parsing IP address is not exclusively in white list, now can not determine that this parsing IP address is exactly illegal, because these well-known websites newly-increased more public network IP address resources possibly; Therefore in fact this situation may need further judgement, and then goes to step 103, and reports daily record to webmaster.
Webmaster regularly check described in parsing IP address in the daily record that reports not in white list, if described parsing IP address is the IP address that this website self increases newly really, this parsing IP address then can notify that this parsing IP address is increased in white list by list maintenance module by network management path, so that next time, can be passed through smoothly.If described parsing IP address is unusual IP addresses, then illustrates that this is the IP address that assailant attempts to use, now can notify that this parsing IP address is increased in blacklist by list maintenance module, this IP address directly can be filtered out next time.Described blacklist is used for the unusual IP addresses of records manager identification or characterizes the IP address range of multiple unusual IP addresses, and these IP addresses, from the angle of domain name mapping, also can be understood as illegal IP address usually.Particularly, described unusual IP addresses or IP address range may be the addresses that assailant wants to guide user's access, now, just can be set to the abnormal IP of the overall situation; Described unusual IP addresses or IP address range also may be the addresses that assailant wants to attack, namely assailant wants the described address of access by guiding user a large amount of, and then cause the server of described address to collapse, now, will by this unusual IP addresses or IP address range corresponding with some domain name, like this can the misguidance of security from attacks person, also can not stop the normal access of other users.
Step 103, judge whether the parsing IP address that described DNS response message carries has the unusual IP addresses belonged in blacklist.This step is performed by filter protection module.
The setting of this step is mainly in order to avoid the domain name not in domain name watch-list not attacked as far as possible; although the domain name not in domain name watch-list can be the non-well-known website that some rates of people logging in are lower usually; but it also may be attacked, that is this step can also determine the parsing IP address not in white list in monitoring step 102.Particularly, check whether the parsing IP address that DNS response message carries has the unusual IP addresses belonged in blacklist, described blacklist is except comprising known illegal IP, according to the needs of user, can also configure and comprise: the IP address that private network IP address, multicast address and broadcast address etc. are abnormal, usually such IP address should not appear at as analysis result in DNS response message.If described parsing IP address is not in blacklist, then can illustrate that resolving IP address is a legitimate ip address to a great extent, described DNS response message now can be allowed to pass through, if when there is a unusual IP addresses belonged in blacklist described parsing IP address, illustrate that this DNS response message is very likely that assailant sends, now, this message can directly be lost.
In actual applications, also the existing legitimate ip address in parsing IP address that there will be in certain DNS response message has again the situation of unusual IP addresses, so, in a preferred embodiment, when there is unusual IP addresses in the parsing IP address of filter protection module through judging discovery DNS response message, not merely lose this message, but delete the parsing IP address of exception wherein, if the parsing IP address after deleting in described DNS response message is not empty, then this DNS response message is allowed to pass through.So just can ensure that legitimate ip address wherein normally can be sent to the server or client of asking this dns resolution.
By describing above and can finding out, the present invention is by the monitoring to minority well-known website domain name, the unusual IP addresses that most of assailant uses can be known, can the unusual IP addresses that assailant uses be added in blacklist again while realizing the protection of emphasis domain name, then blacklist is utilized to realize the filtration to unusual IP addresses, and the filtration of blacklist can be attacked towards whole domain name, therefore strengthen again the safeguard function of DNS cache on the whole.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (8)
1. take precautions against the device that DNS cache is attacked, be applied on Network Security Device, this device comprises:
Domain name judge module, for obtaining its resolved domain name of carrying from the DNS response message received, and judges described resolved domain name whether in the domain name watch-list preset, if, then advice range detection module, if not, then notification filter protection module;
Range detection module, for judging the parsing IP address corresponding with this resolved domain name that described DNS response message carries whether all in white list, if so, then allows this DNS response message to pass through;
Filter protection module, for judging whether the parsing IP address corresponding with this resolved domain name that described DNS response message carries has the unusual IP addresses belonged in blacklist, if not, then allows this DNS response message to pass through.
2. device according to claim 1, is characterized in that,
Range detection module is further used for when judging that parsing IP address that described DNS response message carries is not exclusively in white list, and the process of notification filter protection module also reports daily record to webmaster.
3. device according to claim 1, is characterized in that, described device also comprises:
List maintenance module, for upgrading described white list and blacklist according to the instruction of webmaster.
4. device according to claim 1, it is characterized in that, filter protection module is further used for when there is the unusual IP addresses belonged in blacklist the parsing IP address that described DNS response message carries, delete the parsing IP address of the exception in this DNS response message, if the parsing IP address of carrying in described DNS response message after deleting for empty, does not then allow this DNS response message to pass through.
5. take precautions against the method that DNS cache is attacked, be applied on Network Security Device, the method comprises:
Steps A, from the DNS response message received, obtain its resolved domain name of carrying, and judge described resolved domain name whether in the domain name watch-list preset, if so, then go to step B, if not, then go to step C;
Step B, judge the parsing IP address corresponding with this resolved domain name that described DNS response message carries whether all in white list, if so, then allow this DNS response message to pass through;
Step C, judge whether the parsing IP address corresponding with this resolved domain name that described DNS response message carries has the unusual IP addresses belonged in blacklist, if not, then allow this DNS response message to pass through.
6. method according to claim 5, is characterized in that, step B comprises further: when judging that parsing IP address that described DNS response message carries is not exclusively in white list, going to step C and reporting daily record to webmaster.
7. method according to claim 5, is characterized in that, the method comprises further:
Step D, upgrade described white list and blacklist according to the instruction of webmaster.
8. method according to claim 5, it is characterized in that, step C comprises further: when there is the unusual IP addresses belonged in blacklist the parsing IP address that described DNS response message carries, delete the parsing IP address of the exception in this DNS response message, if the parsing IP address of carrying in described DNS response message after deleting for empty, does not then allow this DNS response message to pass through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310209362.7A CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310209362.7A CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104219200A true CN104219200A (en) | 2014-12-17 |
| CN104219200B CN104219200B (en) | 2017-10-17 |
Family
ID=52100340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310209362.7A Active CN104219200B (en) | 2013-05-30 | 2013-05-30 | A kind of apparatus and method for taking precautions against DNS cache attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104219200B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685318A (en) * | 2013-12-31 | 2014-03-26 | 山石网科通信技术有限公司 | Data processing method and device for protecting network security |
| CN105592046A (en) * | 2015-08-25 | 2016-05-18 | 杭州华三通信技术有限公司 | Authentication-free access method and device |
| CN106385395A (en) * | 2015-07-15 | 2017-02-08 | 广州市动景计算机科技有限公司 | Network attack determination method, safe network data transmission method and corresponding apparatus |
| CN106470214A (en) * | 2016-10-21 | 2017-03-01 | 杭州迪普科技股份有限公司 | Attack detection method and device |
| CN106470208A (en) * | 2015-08-18 | 2017-03-01 | 法赛特安全公司 | The no lock of domain name blacklist is updated |
| CN106559420A (en) * | 2016-11-07 | 2017-04-05 | 杭州迪普科技股份有限公司 | A kind of filter method and device of message |
| CN106612239A (en) * | 2015-10-22 | 2017-05-03 | 中国电信股份有限公司 | A DNS query flow control method, device and system |
| CN106685951A (en) * | 2016-12-26 | 2017-05-17 | 北京奇虎科技有限公司 | Network flow filtering system and method based on domain name rules |
| CN107295006A (en) * | 2017-07-28 | 2017-10-24 | 上海斐讯数据通信技术有限公司 | Authentication-exempt accesses URL method and system |
| CN107632990A (en) * | 2016-07-19 | 2018-01-26 | 北京京东尚科信息技术有限公司 | The methods of exhibiting and device of a kind of information |
| CN107769940A (en) * | 2016-08-17 | 2018-03-06 | 深圳市优朋普乐传媒发展有限公司 | A kind of method and device for determining failure web server |
| CN108667782A (en) * | 2017-04-01 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of ddos attack defence method and system for DNS service |
| CN108809891A (en) * | 2017-04-27 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of server intrusion detection method and device |
| CN110266684A (en) * | 2019-06-19 | 2019-09-20 | 北京天融信网络安全技术有限公司 | A kind of domain name system security means of defence and device |
| CN110535719A (en) * | 2019-08-19 | 2019-12-03 | 福建天晴在线互动科技有限公司 | A kind of plug-in behavior monitoring method of game based on DNS traffic characteristic |
| US10574673B2 (en) | 2015-07-15 | 2020-02-25 | Guangzhou Ucweb Computer Technology Co., Ltd. | Network attack determination method, secure network data transmission method, and corresponding apparatus |
| CN111131126A (en) * | 2018-10-30 | 2020-05-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN111131337A (en) * | 2020-03-31 | 2020-05-08 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
| CN112311722A (en) * | 2019-07-26 | 2021-02-02 | 中国移动通信有限公司研究院 | Access control method, device, equipment and computer readable storage medium |
| CN113556342A (en) * | 2021-07-21 | 2021-10-26 | 江南信安(北京)科技有限公司 | DNS cache server prefix change attack protection method and device |
| CN114726566A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Website filtering method, device and node |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272407A (en) * | 2008-04-28 | 2008-09-24 | 杭州华三通信技术有限公司 | Caching detecting method, caching detecting device and detection responding device for domain name system |
| CN101483648A (en) * | 2009-02-20 | 2009-07-15 | 杭州华三通信技术有限公司 | Method, system, apparatus and DNS server for DNS buffer probe |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
| CN101924776A (en) * | 2010-09-16 | 2010-12-22 | 网宿科技股份有限公司 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
| CN102035809A (en) * | 2009-09-29 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for defending cache poison |
| US20110119306A1 (en) * | 2009-11-19 | 2011-05-19 | International Business Machines Corporation | User-Based DNS Server Access Control |
| CN102301682A (en) * | 2011-04-29 | 2011-12-28 | 华为技术有限公司 | Method and system for network caching, domain name system redirection sub-system thereof |
| CN102404317A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for preventing DNS (domain name system) cache attack |
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| US8312125B1 (en) * | 2010-03-12 | 2012-11-13 | Local Corporation | System and method for bulk web domain generation and management |
| CN102932348A (en) * | 2012-10-30 | 2013-02-13 | 常州大学 | Real-time detection method and system of phishing website |
| CN102957693A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
-
2013
- 2013-05-30 CN CN201310209362.7A patent/CN104219200B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272407A (en) * | 2008-04-28 | 2008-09-24 | 杭州华三通信技术有限公司 | Caching detecting method, caching detecting device and detection responding device for domain name system |
| CN101483648A (en) * | 2009-02-20 | 2009-07-15 | 杭州华三通信技术有限公司 | Method, system, apparatus and DNS server for DNS buffer probe |
| CN102035809A (en) * | 2009-09-29 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for defending cache poison |
| US20110119306A1 (en) * | 2009-11-19 | 2011-05-19 | International Business Machines Corporation | User-Based DNS Server Access Control |
| US8312125B1 (en) * | 2010-03-12 | 2012-11-13 | Local Corporation | System and method for bulk web domain generation and management |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
| CN101924776A (en) * | 2010-09-16 | 2010-12-22 | 网宿科技股份有限公司 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
| CN102301682A (en) * | 2011-04-29 | 2011-12-28 | 华为技术有限公司 | Method and system for network caching, domain name system redirection sub-system thereof |
| CN102404317A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for preventing DNS (domain name system) cache attack |
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| CN102957693A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
| CN102932348A (en) * | 2012-10-30 | 2013-02-13 | 常州大学 | Real-time detection method and system of phishing website |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685318B (en) * | 2013-12-31 | 2017-09-12 | 山石网科通信技术有限公司 | Data processing method and device for network safety prevention |
| CN103685318A (en) * | 2013-12-31 | 2014-03-26 | 山石网科通信技术有限公司 | Data processing method and device for protecting network security |
| US10574673B2 (en) | 2015-07-15 | 2020-02-25 | Guangzhou Ucweb Computer Technology Co., Ltd. | Network attack determination method, secure network data transmission method, and corresponding apparatus |
| CN106385395A (en) * | 2015-07-15 | 2017-02-08 | 广州市动景计算机科技有限公司 | Network attack determination method, safe network data transmission method and corresponding apparatus |
| CN106385395B (en) * | 2015-07-15 | 2020-10-16 | 阿里巴巴(中国)有限公司 | Network attack judgment method, safe network data transmission method and corresponding device |
| US11277418B2 (en) | 2015-07-15 | 2022-03-15 | Alibaba Group Holding Limited | Network attack determination method, secure network data transmission method, and corresponding apparatus |
| CN106470208A (en) * | 2015-08-18 | 2017-03-01 | 法赛特安全公司 | The no lock of domain name blacklist is updated |
| CN106470208B (en) * | 2015-08-18 | 2017-11-21 | 法赛特安全公司 | Domain name blacklist is updated without lock |
| CN105592046B (en) * | 2015-08-25 | 2019-04-12 | 新华三技术有限公司 | A kind of authentication-exempt access method and device |
| CN105592046A (en) * | 2015-08-25 | 2016-05-18 | 杭州华三通信技术有限公司 | Authentication-free access method and device |
| CN106612239A (en) * | 2015-10-22 | 2017-05-03 | 中国电信股份有限公司 | A DNS query flow control method, device and system |
| CN107632990A (en) * | 2016-07-19 | 2018-01-26 | 北京京东尚科信息技术有限公司 | The methods of exhibiting and device of a kind of information |
| CN107632990B (en) * | 2016-07-19 | 2021-06-29 | 北京京东尚科信息技术有限公司 | Information display method and device |
| CN107769940A (en) * | 2016-08-17 | 2018-03-06 | 深圳市优朋普乐传媒发展有限公司 | A kind of method and device for determining failure web server |
| CN106470214A (en) * | 2016-10-21 | 2017-03-01 | 杭州迪普科技股份有限公司 | Attack detection method and device |
| CN106470214B (en) * | 2016-10-21 | 2020-03-06 | 杭州迪普科技股份有限公司 | Attack detection method and device |
| CN106559420A (en) * | 2016-11-07 | 2017-04-05 | 杭州迪普科技股份有限公司 | A kind of filter method and device of message |
| CN106685951A (en) * | 2016-12-26 | 2017-05-17 | 北京奇虎科技有限公司 | Network flow filtering system and method based on domain name rules |
| CN108667782A (en) * | 2017-04-01 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of ddos attack defence method and system for DNS service |
| CN108667782B (en) * | 2017-04-01 | 2021-03-23 | 贵州白山云科技股份有限公司 | DDoS attack defense method and system for DNS service |
| CN108809891A (en) * | 2017-04-27 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of server intrusion detection method and device |
| CN107295006A (en) * | 2017-07-28 | 2017-10-24 | 上海斐讯数据通信技术有限公司 | Authentication-exempt accesses URL method and system |
| CN111131126A (en) * | 2018-10-30 | 2020-05-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN111131126B (en) * | 2018-10-30 | 2022-02-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN110266684A (en) * | 2019-06-19 | 2019-09-20 | 北京天融信网络安全技术有限公司 | A kind of domain name system security means of defence and device |
| CN112311722A (en) * | 2019-07-26 | 2021-02-02 | 中国移动通信有限公司研究院 | Access control method, device, equipment and computer readable storage medium |
| CN110535719A (en) * | 2019-08-19 | 2019-12-03 | 福建天晴在线互动科技有限公司 | A kind of plug-in behavior monitoring method of game based on DNS traffic characteristic |
| CN111131337A (en) * | 2020-03-31 | 2020-05-08 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
| CN111131337B (en) * | 2020-03-31 | 2020-06-26 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
| CN114726566A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Website filtering method, device and node |
| CN113556342A (en) * | 2021-07-21 | 2021-10-26 | 江南信安(北京)科技有限公司 | DNS cache server prefix change attack protection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104219200B (en) | 2017-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104219200A (en) | Device and method for protection from DNS cache attack | |
| US11323469B2 (en) | Entity group behavior profiling | |
| US11082436B1 (en) | System and method for offloading packet processing and static analysis operations | |
| US9762543B2 (en) | Using DNS communications to filter domain names | |
| US10929538B2 (en) | Network security protection method and apparatus | |
| US9942235B2 (en) | Network access security for internet of things (IoT) devices | |
| US10469514B2 (en) | Collaborative and adaptive threat intelligence for computer security | |
| US7899849B2 (en) | Distributed security provisioning | |
| US9628508B2 (en) | Discovery of suspect IP addresses | |
| US8413238B1 (en) | Monitoring darknet access to identify malicious activity | |
| WO2017004947A1 (en) | Method and apparatus for preventing domain name hijacking | |
| EP3170091B1 (en) | Method and server of remote information query | |
| CN102404318B (en) | A kind of method and device taking precautions against DNS cache attack | |
| US10320833B2 (en) | System and method for detecting creation of malicious new user accounts by an attacker | |
| CN113228585A (en) | Network security system with feedback loop based enhanced traffic analysis | |
| CN102137111A (en) | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server | |
| CN112261172A (en) | Service addressing access method, device, system, equipment and medium | |
| US11063975B2 (en) | Malicious content detection with retrospective reporting | |
| US11683337B2 (en) | Harvesting fully qualified domain names from malicious data packets | |
| CN110768983B (en) | Message processing method and device | |
| US20230141028A1 (en) | Traffic control server and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181105 Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang. Patentee after: Hangzhou Depp Information Technology Co., Ltd. Address before: 310051, 6 floor, Chung Cai mansion, 68 Tong he road, Binjiang District, Hangzhou, Zhejiang. Patentee before: Hangzhou Dipu Polytron Technologies Inc |
|
| TR01 | Transfer of patent right |