CN108650211A - A kind of detection method and device of DNS abduction - Google Patents
A kind of detection method and device of DNS abduction Download PDFInfo
- Publication number
- CN108650211A CN108650211A CN201810209928.9A CN201810209928A CN108650211A CN 108650211 A CN108650211 A CN 108650211A CN 201810209928 A CN201810209928 A CN 201810209928A CN 108650211 A CN108650211 A CN 108650211A
- Authority
- CN
- China
- Prior art keywords
- address
- domain name
- servers
- request
- analysis request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
An embodiment of the present invention provides a kind of DNS detection methods kidnapped and device, this method and device are applied to DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping request is carried out parsing obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;It obtains HTTPDNS servers domain name mapping request is carried out parsing obtained second IP address;If the first IP address is different from the second IP address, the information warning that domain name analysis request is held as a hostage is returned to user.By issuing the user with information warning when kidnapping, user can be made to stop accessing the wrong content server pointed by the domain name being held as a hostage, user even can further take corresponding Disposal Measures according to the information warning, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
Description
Technical field
The present invention relates to Internet technical fields, more particularly to a kind of DNS detection methods kidnapped and device.
Background technology
DNS, which is kidnapped, is also known as Domain Hijacking, refers to that domain name mapping request is intercepted in the network range of abduction, analysis request
Domain name, and the request other than examination scope is let pass, false IP address is otherwise returned to, or do nothing that request is made to lose
It goes to respond, effect is exactly to prevent specific network from reacting or making user to access false network address.
Key foundation service of the dns server as internet will influence the big portion of internet once there is DNS abduction
The normal operation of separate service can not carry out normal network access thereby using family, or even cause economic loss to user.
Invention content
In view of this, the present invention provides a kind of DNS detection methods kidnapped and devices, to avoid shadow due to DNS is kidnapped
Ring normal access of the user to internet.
To solve the above-mentioned problems, the invention discloses the detection methods that a kind of DNS is kidnapped, and are applied to DNS systems, described
Detection method includes step:
When user sends out domain name mapping request, obtains local dns server and domain name analysis request is parsed
Obtained first IP address;
Domain name analysis request is sent to HTTPDNS servers;
HTTPDNS servers are obtained domain name analysis request is carried out to parse obtained second IP address;
If first IP address is different from second IP address, domain name analysis request quilt is returned to user
The information warning of abduction.
Optionally, described that domain name analysis request is sent to HTTPDNS servers, including:
An IP address is randomly selected from HTTPDNS server ip lists;
Domain name analysis request is sent to the HTTPDNS servers corresponding to selected IP address.
Optionally, further include step:
If the HTTPDNS servers are overtime to the parsing of domain name analysis request or can not return to the 2nd IP
Domain name analysis request is then sent to URP servers by address;
The URP servers are obtained domain name analysis request is carried out to parse obtained third IP address;
If first IP address is different from the third IP address, domain name analysis request quilt is returned to user
The information warning of abduction.
Optionally, described that domain name analysis request is sent to URP servers, including:
An IP address is randomly selected from URP server ip lists;
Domain name analysis request is sent to the URP servers corresponding to selected IP address.
Optionally, further include step:
If the URP servers are to the parsing of domain name analysis request time-out or with can not returning to the 3rd IP
Domain name analysis request is then sent to Authoritative DNS server by location;
The Authoritative DNS server is obtained domain name analysis request is carried out to parse obtained 4th IP address;
If first IP address is different from the 4th IP address, domain name analysis request quilt is returned to user
The information warning of abduction.
Optionally, described that domain name analysis request is sent to Authoritative DNS server, including:
An IP address is randomly selected from Authoritative DNS server IP lists;
Domain name analysis request is sent to the Authoritative DNS server corresponding to selected IP address.
Correspondingly, in order to ensure the implementation of the above method, the present invention also provides the detection devices that a kind of DNS is kidnapped, and answer
For DNS systems, the detection device includes:
First acquisition module, for when user sends out domain name mapping request, obtaining local dns server to domain name
Analysis request carries out parsing obtained first IP address;
First sending module, for domain name analysis request to be sent to HTTPDNS servers;
Second acquisition module to domain name analysis request parse for obtaining HTTPDNS servers obtained
Second IP address;
First warns module, if different from second IP address for first IP address, to user's return
The information warning that domain name analysis request is held as a hostage.
Optionally, first sending module includes:
First selection unit, for randomly selecting an IP address from HTTPDNS server ip lists;
First transmission unit, for domain name analysis request to be sent to corresponding to selected IP address
HTTPDNS servers.
Optionally, further include:
Second sending module, if for the HTTPDNS servers to the parsing of domain name analysis request time-out or
Second IP address can not be returned, then domain name analysis request is sent to URP servers;
Third acquisition module to domain name analysis request parse for obtaining the URP servers obtained
Third IP address;
Second warns module, if different from the third IP address for first IP address, to user's return
The information warning that domain name analysis request is held as a hostage.
Optionally, second sending module includes:
Second selection unit, for randomly selecting an IP address from URP server ip lists;
Second transmission unit, the URP clothes for being sent to domain name analysis request corresponding to selected IP address
Business device.
Optionally, further include:
Third sending module, if for the URP servers to the parsing of domain name analysis request time-out or can not
The third IP address is returned, then domain name analysis request is sent to Authoritative DNS server;
4th acquisition module, domain name analysis request is parsed for obtaining the Authoritative DNS server obtained by
The 4th IP address arrived;
Third is warned module, if different from the 4th IP address for first IP address, to user's return
The information warning that domain name analysis request is held as a hostage.
Optionally, the third sending module includes:
Third selection unit, for randomly selecting an IP address from Authoritative DNS server IP lists;
Third transmission unit, the authority for being sent to domain name analysis request corresponding to selected IP address
Dns server.
It can be seen from the above technical proposal that the present invention provides a kind of DNS detection methods kidnapped and device, this method
It is applied to DNS systems with device, specially:When user sends out domain name mapping request, local dns server is obtained to domain name solution
Analysis request carries out parsing obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;It obtains
HTTPDNS servers carry out parsing obtained second IP address to domain name mapping request;If the first IP address and the 2nd IP
Address is different, then returns to the information warning that domain name analysis request is held as a hostage to user.By being issued the user with when kidnapping
Information warning, can make the content server for the mistake that user stops accessing pointed by the domain name be held as a hostage, and user even can be with
Corresponding Disposal Measures are further taken according to the information warning, so as to avoid influencing user to interconnection because DNS is kidnapped
The normal access of net.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the step flow chart for the detection method that a kind of DNS provided in an embodiment of the present invention is kidnapped;
Fig. 2 is the step flow chart for the detection method that another kind DNS provided in an embodiment of the present invention is kidnapped;
Fig. 3 is the step flow chart for the detection method that another DNS provided in an embodiment of the present invention is kidnapped;
Fig. 4 is the structure diagram for the detection device that a kind of DNS provided in an embodiment of the present invention is kidnapped;
Fig. 5 is the structure diagram for the detection device that another kind DNS provided in an embodiment of the present invention is kidnapped;
Fig. 6 is the structure diagram for the detection device that another DNS provided in an embodiment of the present invention is kidnapped.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment one
Fig. 1 is the step flow chart for the detection method that a kind of DNS provided in an embodiment of the present invention is kidnapped.
Shown in referring to Fig.1, the detection method that DNS provided in this embodiment is kidnapped is applied to DNS systems, i.e. domain name system,
For detecting whether a domain name mapping request is held as a hostage, i.e., the IP for returning to mistake is asked to the domain name mapping of user by malice
Location does not return to correct IP address, which specifically comprises the following steps:
S101:Obtain the first IP address that local dns server returns.
It is to send this request to local dns server first when user sends out domain name mapping request, local dns clothes
Business device parses the domain-name information entrained by the request, provides and the domain name institute when receiving domain name mapping request
The IP address parsed will be returned to terminal device of the user for sending the request, at this point, in order to sentence by corresponding IP address
It is disconnected whether to be held as a hostage, the IP address that the local dns server is parsed is obtained, for the ease of distinguishing, is here taken local dns
The IP address that business device is parsed is known as the first IP address.
S102:It translates domain names into request and is sent to HTTPDNS servers.
While the domain name mapping request of user is sent to local dns server, also send the request to
HTTPDNS servers, so that the server parses the request.
HTTPDNS is made requests on to 80 ports of dns server using http protocol, i.e., instead of traditional DNS Protocol
It is made requests on to 53 ports of dns server.It namely goes to carry out dns resolution request using http protocol, server is returned
Analysis result, that is, the corresponding server ip address of domain name returns in the equipment of user.
In the present embodiment domain name mapping request is sent to HTTPDNS servers particular by following steps:
First, for load balancing, an IP address is randomly selected from HTTPDNS server ip lists, and by the IP
HTTPDNS servers corresponding to address are as target HTTPDNS servers;Then, domain name mapping request is sent to this
Target HTTPDNS servers are obtained and are asked so that target HTTPDNS servers parse the domain name in the request
The middle corresponding IP address of domain name is herein referred to as second to be distinguished with the IP address that local dns server is returned
IP address.
S103:Obtain the second IP address that HTTPDNS servers return.
Here HTTPDNS servers are target HTTPDNS servers described above, are serviced in target HTTPDNS
Domain name during device is asked according to the domain name mapping is parsed after obtaining the second IP address, and second IP address is obtained.
S104:Information warning is sent out if the first IP address and the second IP address difference.
After obtaining above-mentioned first IP address and the second IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from the second IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection method that DNS is kidnapped, this method application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;Obtain HTTPDNS servers pair
Domain name mapping request carries out parsing obtained second IP address;If the first IP address is different from the second IP address, to
Family returns to the information warning that domain name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, can make
User stops accessing the content server of the mistake pointed by the domain name be held as a hostage, user even can according to the information warning into
One step takes corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
Embodiment two
Fig. 2 is the step flow chart for the detection method that another kind DNS provided in an embodiment of the present invention is kidnapped.
With reference to shown in Fig. 2, the detection method that DNS provided in this embodiment is kidnapped is applied to DNS systems, i.e. domain name system,
For detecting whether a domain name mapping request is held as a hostage, i.e., the IP for returning to mistake is asked to the domain name mapping of user by malice
Location does not return to correct IP address, which specifically comprises the following steps:
S201:Obtain the first IP address that local dns server returns.
Here same or like with the scheme that obtains the first IP address in a upper embodiment, which is not described herein again.
S202:It translates domain names into request and is sent to HTTPDNS servers.
While the domain name mapping request of user is sent to local dns server, also send the request to
HTTPDNS servers parse the IP address corresponding to domain name in the request so that the server parses the request,
It is herein referred to as the second IP address.
S203:Request is translated domain names into if it cannot obtain the second IP address is sent to URP servers.
If after domain name mapping request is sent to HTTPDNS servers, which can not parse it
Obtain the second IP address, or to the parsing time-out of the request, then by domain name mapping request be sent to URP servers to its into
Row parsing, concrete operations are:
First, for load balancing, an IP address is randomly selected from URP server ip lists, and by the IP address
Corresponding URP servers are as target URP servers;Then, domain name mapping request is sent to target URP services
Device obtains IP address corresponding with domain name in request so that target URP servers parse the domain name in the request,
In order to which the IP address that the IP address and HTTPDNS servers that are returned with local dns server are returned is distinguished, here
It is referred to as third IP address.
If the HTTPDNS servers can normally return to the second IP address, directly by the second IP address and the first IP
Address is compared, by comparing the conclusion whether being held as a hostage, also just it is not necessary that domain name mapping request is then forwarded to URP
Server.
URP servers are a kind of interactive management servers, and interactivity is mainly manifested in four aspects:
Cooperation with service function:Its message mechanism based on XML is responsible for checking the validity of interactive information, converts not apposition
The commercial matters information of formula provides the interim preservation of information for asynchronous information processing;Agency service:It can make various tissues and application
The commercial matters information that need to be interacted quickly is received and submits, according to message response and driving application;Process services:Interactive management takes
Business device provides a specific graphical environment, to make non-technical personnel that can also be modeled to enterprises union business procedure, it
It being capable for the treatment of conditions branch, annular and the parallel Complicated Flows such as route that circulate;Deployment services:Interactive information is needed including management
Server address, agent address and the classification of the information to being interacted.Critically important in " interacted information classification " is exactly to join
Unified coding system between enterprise of alliance.
S204:Obtain the third IP address that URP servers return.
Here URP servers are target URP servers described above, in target URP servers according to the domain name
Domain name in analysis request is parsed after obtaining third IP address, and the third IP address is obtained.Specifically by target URP
The mode that server sends UDP packets searches the analysis result of URP servers, to obtain the third IP address.
S205:Information warning is sent out if the first IP address and third IP address difference.
After obtaining above-mentioned first IP address and third IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from third IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection method that DNS is kidnapped, this method application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;If HTTPDNS server solutions
Analysis time-out can not return to analysis result, then send the request to URP servers;URP servers are obtained to domain name mapping
Request carries out parsing obtained third IP address;If the first IP address is different from third IP address, to user's returns to field
The information warning that name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, user can be made to stop
The content server of the mistake pointed by the domain name being held as a hostage is accessed, user even can further take according to the information warning
Corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
Embodiment three
Fig. 3 is the step flow chart for the detection method that another DNS provided in an embodiment of the present invention is kidnapped.
With reference to shown in Fig. 3, the detection method that DNS provided in this embodiment is kidnapped is applied to DNS systems, i.e. domain name system,
For detecting whether a domain name mapping request is held as a hostage, i.e., the IP for returning to mistake is asked to the domain name mapping of user by malice
Location does not return to correct IP address, which specifically comprises the following steps:
S301:Obtain the first IP address that local dns server returns.
Here same or like with the scheme that obtains the first IP address in a upper embodiment, which is not described herein again.
S302:It translates domain names into request and is sent to HTTPDNS servers.
While the domain name mapping request of user is sent to local dns server, also send the request to
HTTPDNS servers parse the IP address corresponding to domain name in the request so that the server parses the request,
It is herein referred to as the second IP address.
S303:Request is translated domain names into if it cannot obtain the second IP address is sent to URP servers.
If after domain name mapping request is sent to URP servers, which can not be parsed to obtain to it
Second IP address, or to the parsing time-out of the request, then domain name mapping request is sent to URP servers and it is solved
Analysis, parsing obtain IP address corresponding with domain name in request, are herein referred to as third IP address.
If the URP servers can normally return to third IP address, directly by third IP address and the first IP address
It is compared, by comparing the conclusion whether being held as a hostage.
S304:Request, which is translated domain names into, if it cannot obtain third IP address is sent to Authoritative DNS server.
If after domain name mapping request is sent to URP servers, which can not be to solving the request
Analysis obtains third IP address, or to the parsing time-out of the request, then domain name mapping request is sent to Authoritative DNS server
Or disclosed dns server parses it, parsing obtains IP address corresponding with the domain name in the request.For the ease of area
Point, the IP address is known as the 4th IP address here.
First, for load balancing, from random in Authoritative DNS server IP lists or in open dns server IP lists
Choose an IP address, and using corresponding to the IP address Authoritative DNS server or open dns server as destination service
Device;Then, by the domain name mapping request be sent to the destination server so that the destination server to the domain name in the request into
Row parsing obtains IP address corresponding with domain name in request and is herein referred to as the 4th IP address for the ease of distinguishing.
If being unable to get the 4th IP address or query timeout, information such as " result are unknown " are returned to user, to carry
Show that this detection of user determines whether its domain name mapping request is held as a hostage without normal direction user, user can take other corresponding measures
It is detected, to increase safety.
S305:Obtain the 4th IP address that Authoritative DNS server returns.
Here Authoritative DNS server is destination server described above, in destination server according to the domain name solution
Domain name in analysis request is parsed after obtaining the 4th IP address, and the 4th IP address is obtained.Specially utilize BIND agreements to
Target dns server sends inquiry request, to obtain the 4th IP address.
S306:Information warning is sent out if the first IP address and the 4th IP address difference.
After obtaining above-mentioned first IP address and the 4th IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from the 4th IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection method that DNS is kidnapped, this method application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;If HTTPDNS server solutions
Analysis time-out can not return to analysis result, then send the request to URP servers;If URP servers parsing time-out or
Person can not return to analysis result, then send the request to Authoritative DNS server;Authoritative DNS server is obtained to domain name mapping
Request carries out parsing obtained 4th IP address;If the first IP address is different from the 4th IP address, to user's returns to field
The information warning that name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, user can be made to stop
The content server of the mistake pointed by the domain name being held as a hostage is accessed, user even can further take according to the information warning
Corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
It should be noted that for embodiment of the method, for simple description, therefore it is all expressed as a series of action group
It closes, but those skilled in the art should understand that, the embodiment of the present invention is not limited by the described action sequence, because according to
According to the embodiment of the present invention, certain steps can be performed in other orders or simultaneously.Secondly, those skilled in the art also should
Know, embodiment described in this description belongs to preferred embodiment, and the involved action not necessarily present invention is implemented
Necessary to example.
Example IV
Fig. 4 is the structure diagram for the detection device that a kind of DNS provided in an embodiment of the present invention is kidnapped.
With reference to shown in Fig. 4, the detection method that DNS provided in this embodiment is kidnapped is applied to DNS systems, i.e. domain name system,
For detecting whether a domain name mapping request is held as a hostage, i.e., the IP for returning to mistake is asked to the domain name mapping of user by malice
Location does not return to correct IP address, which specifically includes the first acquisition module 10, the first sending module 20, second
Acquisition module 30 and first is warned module 40.
First acquisition module is used to obtain the first IP address of local dns server return.
It is to send this request to local dns server first when user sends out domain name mapping request, local dns clothes
Business device parses the domain-name information entrained by the request, provides and the domain name institute when receiving domain name mapping request
The IP address parsed will be returned to terminal device of the user for sending the request, at this point, in order to sentence by corresponding IP address
It is disconnected whether to be held as a hostage, the IP address that the local dns server is parsed is obtained, for the ease of distinguishing, is here taken local dns
The IP address that business device is parsed is known as the first IP address.
First sending module is sent to HTTPDNS servers for translating domain names into request.
While the domain name mapping request of user is sent to local dns server, also send the request to
HTTPDNS servers, so that the server parses the request.
HTTPDNS is made requests on to 80 ports of dns server using http protocol, i.e., instead of traditional DNS Protocol
It is made requests on to 53 ports of dns server.It namely goes to carry out dns resolution request using http protocol, server is returned
Analysis result, that is, the corresponding server ip address of domain name returns in the equipment of user.
First sending module of the present embodiment specifically includes the first selection unit and the first transmission unit.
For load balancing, the first selection unit randomly selects an IP address from HTTPDNS server ip lists, and
Using the HTTPDNS servers corresponding to the IP address as target HTTPDNS servers;First transmission unit is then used for the domain
Name analysis request be sent to target HTTPDNS servers so that target HTTPDNS servers to the domain name in the request into
Row parsing obtains IP address corresponding with domain name in request, in order to give area with the IP address that local dns server is returned
Point, it is herein referred to as the second IP address.
Second acquisition module is used to obtain the second IP address of HTTPDNS servers return.
Here HTTPDNS servers are target HTTPDNS servers described above, are serviced in target HTTPDNS
Domain name during device is asked according to the domain name mapping is parsed after obtaining the second IP address, and second IP address is obtained.
First warn module for sending out information warning if the first IP address and the second IP address difference.
After obtaining above-mentioned first IP address and the second IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from the second IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection device that DNS is kidnapped, the device application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;Obtain HTTPDNS servers pair
Domain name mapping request carries out parsing obtained second IP address;If the first IP address is different from the second IP address, to
Family returns to the information warning that domain name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, can make
User stops accessing the content server of the mistake pointed by the domain name be held as a hostage, user even can according to the information warning into
One step takes corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
Embodiment five
Fig. 5 is the structure diagram for the detection device that another kind DNS provided in an embodiment of the present invention is kidnapped.
Referring to Figure 5, the detection device that DNS provided in this embodiment is kidnapped is added on the basis of a upper embodiment
Second sending module 50, third acquisition module 60 and second are warned module 70.
Second sending module is sent to URP services for translating domain names into request if it cannot obtain the second IP address
Device.
If after domain name mapping request is sent to HTTPDNS servers, which can not parse it
Obtain the second IP address, or to the parsing time-out of the request, then by domain name mapping request be sent to URP servers to its into
Row parsing, the module specifically include the second selection unit and the second transmission unit.
For load balancing, the second selection unit randomly selects an IP address from URP server ip lists, and should
URP servers corresponding to IP address are as target URP servers;Second transmission unit is then used to ask to send out by the domain name mapping
Target URP servers are given, so that target URP servers parse the domain name in the request, in obtaining and asking
The corresponding IP address of domain name, the IP returned for the IP address and HTTPDNS servers that are returned with local dns server
Address is distinguished, and third IP address is herein referred to as.
If the HTTPDNS servers can normally return to the second IP address, directly by the second IP address and the first IP
Address is compared, by comparing the conclusion whether being held as a hostage, also just it is not necessary that domain name mapping request is then forwarded to URP
Server.
Third acquisition module is used to obtain the third IP address of URP servers return.
Here URP servers are target URP servers described above, in target URP servers according to the domain name
Domain name in analysis request is parsed after obtaining third IP address, and the third IP address is obtained.Specifically by target DNS
The mode that server sends UDP packets searches the analysis result of URP servers, to obtain the third IP address.
Second alarm module is used to send out information warning if the first IP address and third IP address difference.
After obtaining above-mentioned first IP address and third IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from third IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection device that DNS is kidnapped, the device application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;If HTTPDNS server solutions
Analysis time-out can not return to analysis result, then send the request to URP servers;URP servers are obtained to domain name mapping
Request carries out parsing obtained third IP address;If the first IP address is different from third IP address, to user's returns to field
The information warning that name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, user can be made to stop
The content server of the mistake pointed by the domain name being held as a hostage is accessed, user even can further take according to the information warning
Corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
Embodiment six
Fig. 6 is the structure diagram for the detection device that another DNS provided in an embodiment of the present invention is kidnapped.
With reference to shown in Fig. 6, the detection device that DNS provided in this embodiment is kidnapped is added on the basis of a upper embodiment
Third sending module 80, the 4th acquisition module 90 and third are warned module 100.
Third sending module is sent to authoritative DNS clothes for translating domain names into request if it cannot obtain third IP address
Business device.
If after domain name mapping request is sent to URP servers, which can not be to carrying out the request
Parsing obtains third IP address, or to the parsing time-out of the request, then domain name mapping request is sent to authoritative DNS service
Device or disclosed dns server parse it, and parsing obtains IP address corresponding with the domain name in the request.For the ease of
It distinguishes, the IP address is known as the 4th IP address here.The module specifically includes third selection unit and third transmission unit.
For load balancing, the dns server IP lists from Authoritative DNS server IP lists or openly of terrain-choosing unit
In randomly select an IP address, and using corresponding to the IP address Authoritative DNS server or open dns server as target
Server;Third transmission unit is used to domain name mapping request being sent to the destination server, so that the destination server pair
Domain name in the request is parsed, and is obtained IP address corresponding with domain name in request and is herein referred to as the ease of distinguishing
4th IP address.
If being unable to get the 4th IP address or query timeout, information such as " result are unknown " are returned to user, to carry
Show that this detection of user determines whether its domain name mapping request is held as a hostage without normal direction user, user can take other corresponding measures
It is detected, to increase safety.
4th acquisition module is used to obtain the 4th IP address of Authoritative DNS server return.
Here Authoritative DNS server is destination server described above, in destination server according to the domain name solution
Domain name in analysis request is parsed after obtaining the 4th IP address, and the 4th IP address is obtained.Specially utilize BIND agreements to
Target dns server sends inquiry request, to obtain the third IP address.
Third warns module for sending out information warning if the first IP address and the 4th IP address difference.
After obtaining above-mentioned first IP address and the 4th IP address, the two is compared, if the two is identical, is shown
The domain name mapping request of user is not held as a hostage in local scope, is not done any reaction at this time, i.e., is not made to the behavior of user
Go out any warning or intervention.
If the first IP address is different from the 4th IP address, show that domain name mapping request is robbed in local scope
It holds, i.e., it is the content server IP address of mistake to have abduction behavior, i.e. the first IP address in local dns server, at this time
Information warning is issued the user in time, the request that it sends out is prompted the user with and has been held as a hostage.Meanwhile in order to make to avoid user into
Enter the content server pointed by the IP address of the mistake, the equipment refusal that can also control user logs in the content clothes of the mistake
Business device.
It can be seen from the above technical proposal that present embodiments providing a kind of detection device that DNS is kidnapped, the device application
In DNS systems, specially:When user sends out domain name mapping request, obtains local dns server and domain name mapping is asked to carry out
Parse obtained first IP address;It translates domain names into request and is sent to HTTPDNS servers;If HTTPDNS server solutions
Analysis time-out can not return to analysis result, then send the request to URP servers;If URP servers parsing time-out or
Person can not return to analysis result, then send the request to Authoritative DNS server;Authoritative DNS server is obtained to domain name mapping
Request carries out parsing obtained 4th IP address;If the first IP address is different from the 4th IP address, to user's returns to field
The information warning that name analysis request is held as a hostage.By issuing the user with information warning when kidnapping, user can be made to stop
The content server of the mistake pointed by the domain name being held as a hostage is accessed, user even can further take according to the information warning
Corresponding Disposal Measures, so as to avoid the normal access for influencing user to internet because DNS is kidnapped.
In addition, above-mentioned first warn module, second warn module and third module of warning can be same module, i.e., it is sharp
The effect of warning in varied situations is completed with a module.
For device embodiments, since it is basically similar to the method embodiment, so fairly simple, the correlation of description
Place illustrates referring to the part of embodiment of the method.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiment, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be with reference to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in flow and/or box combination.These can be provided
Computer program instructions are set to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine so that is held by the processor of computer or other programmable data processing terminal equipments
Capable instruction generates for realizing in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes
The device of specified function.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing terminal equipments
In computer-readable memory operate in a specific manner so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one flow of flow chart or multiple flows and/or one side of block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing terminal equipments so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one flow of flow chart or multiple flows
And/or in one box of block diagram or multiple boxes specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also include other elements that are not explicitly listed, or further include for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device including the element.
Technical solution provided by the present invention is described in detail above, specific case used herein is to this hair
Bright principle and embodiment is expounded, the explanation of above example is only intended to help understand the present invention method and its
Core concept;Meanwhile for those of ordinary skill in the art, according to the thought of the present invention, in specific implementation mode and application
There will be changes in range, in conclusion the content of the present specification should not be construed as limiting the invention.
Claims (12)
1. the detection method that a kind of DNS is kidnapped is applied to DNS systems, which is characterized in that the detection method includes step:
When user sends out domain name mapping request, obtain obtained by local dns server parses domain name analysis request
The first IP address arrived;
Domain name analysis request is sent to HTTPDNS servers;
HTTPDNS servers are obtained domain name analysis request is carried out to parse obtained second IP address;
If first IP address is different from second IP address, returns to domain name analysis request to user and be held as a hostage
Information warning.
2. detection method as described in claim 1, which is characterized in that described to be sent to domain name analysis request
HTTPDNS servers, including:
An IP address is randomly selected from HTTPDNS server ip lists;
Domain name analysis request is sent to the HTTPDNS servers corresponding to selected IP address.
3. detection method as described in claim 1, which is characterized in that further include step:
If the HTTPDNS servers are to the parsing of domain name analysis request time-out or with can not returning to the 2nd IP
Domain name analysis request is then sent to URP servers by location;
The URP servers are obtained domain name analysis request is carried out to parse obtained third IP address;
If first IP address is different from the third IP address, returns to domain name analysis request to user and be held as a hostage
Information warning.
4. detection method as claimed in claim 3, which is characterized in that described that domain name analysis request is sent to URP clothes
Business device, including:
An IP address is randomly selected from URP server ip lists;
Domain name analysis request is sent to the URP servers corresponding to selected IP address.
5. detection method as claimed in claim 3, which is characterized in that further include step:
If the URP servers are overtime to the parsing of domain name analysis request or can not return to the third IP address,
Domain name analysis request is sent to Authoritative DNS server;
The Authoritative DNS server is obtained domain name analysis request is carried out to parse obtained 4th IP address;
If first IP address is different from the 4th IP address, returns to domain name analysis request to user and be held as a hostage
Information warning.
6. detection method as claimed in claim 5, which is characterized in that described that domain name analysis request is sent to authority
Dns server, including:
An IP address is randomly selected from Authoritative DNS server IP lists;
Domain name analysis request is sent to the Authoritative DNS server corresponding to selected IP address.
7. the detection device that a kind of DNS is kidnapped is applied to DNS systems, which is characterized in that the detection device includes:
First acquisition module, for when user sends out domain name mapping request, obtaining local dns server and being parsed to domain name
Request carries out parsing obtained first IP address;
First sending module, for domain name analysis request to be sent to HTTPDNS servers;
Second acquisition module carries out domain name analysis request to parse obtained second for obtaining HTTPDNS servers
IP address;
First warns module, if different from second IP address for first IP address, described in user's return
The information warning being held as a hostage is asked in domain name mapping.
8. detection device as claimed in claim 7, which is characterized in that first sending module includes:
First selection unit, for randomly selecting an IP address from HTTPDNS server ip lists;
First transmission unit, the HTTPDNS clothes for being sent to domain name analysis request corresponding to selected IP address
Business device.
9. detection device as claimed in claim 7, which is characterized in that further include:
Second sending module, if for the HTTPDNS servers to the parsing of domain name analysis request time-out or can not
Second IP address is returned, then domain name analysis request is sent to URP servers;
Third acquisition module carries out domain name analysis request to parse obtained third for obtaining the URP servers
IP address;
Second warns module, if different from the third IP address for first IP address, described in user's return
The information warning being held as a hostage is asked in domain name mapping.
10. detection device as claimed in claim 9, which is characterized in that second sending module includes:
Second selection unit, for randomly selecting an IP address from URP server ip lists;
Second transmission unit, the URP servers for being sent to domain name analysis request corresponding to selected IP address.
11. detection device as claimed in claim 9, which is characterized in that further include:
Third sending module, if to the parsing time-out of domain name analysis request or can not be returned for the URP servers
The third IP address, then be sent to Authoritative DNS server by domain name analysis request;
4th acquisition module to domain name analysis request parse for obtaining the Authoritative DNS server obtained
4th IP address;
Third is warned module, if different from the 4th IP address for first IP address, described in user's return
The information warning being held as a hostage is asked in domain name mapping.
12. detection device as claimed in claim 11, which is characterized in that the third sending module includes:
Third selection unit, for randomly selecting an IP address from Authoritative DNS server IP lists;
Third transmission unit, the authoritative DNS clothes for being sent to domain name analysis request corresponding to selected IP address
Business device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810209928.9A CN108650211A (en) | 2018-03-14 | 2018-03-14 | A kind of detection method and device of DNS abduction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810209928.9A CN108650211A (en) | 2018-03-14 | 2018-03-14 | A kind of detection method and device of DNS abduction |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108650211A true CN108650211A (en) | 2018-10-12 |
Family
ID=63744214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810209928.9A Pending CN108650211A (en) | 2018-03-14 | 2018-03-14 | A kind of detection method and device of DNS abduction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108650211A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572390A (en) * | 2019-09-06 | 2019-12-13 | 深圳平安通信科技有限公司 | Method, device, computer equipment and storage medium for detecting domain name hijacking |
| CN110912925A (en) * | 2019-12-04 | 2020-03-24 | 北京小米移动软件有限公司 | Method and device for detecting Domain Name System (DNS) hijacking and storage medium |
| CN111193672A (en) * | 2019-12-06 | 2020-05-22 | 新浪网技术(中国)有限公司 | Method and system for fine scheduling of traffic |
| CN112887255A (en) * | 2019-11-29 | 2021-06-01 | 北京一起教育信息咨询有限责任公司 | Network communication method and device |
| CN114338630A (en) * | 2021-12-13 | 2022-04-12 | 海尔优家智能科技(北京)有限公司 | Domain name access method, device, electronic equipment, storage medium and program product |
| CN114401247A (en) * | 2022-01-14 | 2022-04-26 | 深圳市和讯华谷信息技术有限公司 | High-concurrency service request processing system based on bind service |
| CN114760267A (en) * | 2022-04-08 | 2022-07-15 | 中国移动通信集团陕西有限公司 | Domain name plugging method, device, equipment, medium and program product |
| CN117061247A (en) * | 2023-10-11 | 2023-11-14 | 国家计算机网络与信息安全管理中心 | DNS-based traceability positioning method and device, electronic equipment and storage medium |
| CN114338630B (en) * | 2021-12-13 | 2024-04-19 | 海尔优家智能科技(北京)有限公司 | Domain name access method, device, electronic equipment, storage medium and program product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
| CN106302384A (en) * | 2016-07-25 | 2017-01-04 | 中国联合网络通信集团有限公司 | DNS message processing method and device |
| US20170118250A1 (en) * | 2015-10-21 | 2017-04-27 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked dns records |
| CN107135236A (en) * | 2017-07-06 | 2017-09-05 | 广州优视网络科技有限公司 | A kind of detection method and system of target Domain Hijacking |
| CN107528862A (en) * | 2017-10-23 | 2017-12-29 | 北京京东金融科技控股有限公司 | The method and device of domain name mapping |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
-
2018
- 2018-03-14 CN CN201810209928.9A patent/CN108650211A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170118250A1 (en) * | 2015-10-21 | 2017-04-27 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked dns records |
| CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
| CN106302384A (en) * | 2016-07-25 | 2017-01-04 | 中国联合网络通信集团有限公司 | DNS message processing method and device |
| CN107135236A (en) * | 2017-07-06 | 2017-09-05 | 广州优视网络科技有限公司 | A kind of detection method and system of target Domain Hijacking |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
| CN107528862A (en) * | 2017-10-23 | 2017-12-29 | 北京京东金融科技控股有限公司 | The method and device of domain name mapping |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572390A (en) * | 2019-09-06 | 2019-12-13 | 深圳平安通信科技有限公司 | Method, device, computer equipment and storage medium for detecting domain name hijacking |
| CN112887255A (en) * | 2019-11-29 | 2021-06-01 | 北京一起教育信息咨询有限责任公司 | Network communication method and device |
| CN110912925A (en) * | 2019-12-04 | 2020-03-24 | 北京小米移动软件有限公司 | Method and device for detecting Domain Name System (DNS) hijacking and storage medium |
| CN111193672A (en) * | 2019-12-06 | 2020-05-22 | 新浪网技术(中国)有限公司 | Method and system for fine scheduling of traffic |
| CN111193672B (en) * | 2019-12-06 | 2023-05-26 | 新浪技术(中国)有限公司 | Flow fine scheduling method and system |
| CN114338630A (en) * | 2021-12-13 | 2022-04-12 | 海尔优家智能科技(北京)有限公司 | Domain name access method, device, electronic equipment, storage medium and program product |
| CN114338630B (en) * | 2021-12-13 | 2024-04-19 | 海尔优家智能科技(北京)有限公司 | Domain name access method, device, electronic equipment, storage medium and program product |
| CN114401247A (en) * | 2022-01-14 | 2022-04-26 | 深圳市和讯华谷信息技术有限公司 | High-concurrency service request processing system based on bind service |
| CN114760267A (en) * | 2022-04-08 | 2022-07-15 | 中国移动通信集团陕西有限公司 | Domain name plugging method, device, equipment, medium and program product |
| CN114760267B (en) * | 2022-04-08 | 2024-03-19 | 中国移动通信集团陕西有限公司 | Domain name blocking method, device, equipment, medium and program product |
| CN117061247A (en) * | 2023-10-11 | 2023-11-14 | 国家计算机网络与信息安全管理中心 | DNS-based traceability positioning method and device, electronic equipment and storage medium |
| CN117061247B (en) * | 2023-10-11 | 2024-01-05 | 国家计算机网络与信息安全管理中心 | DNS-based traceability positioning method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108650211A (en) | A kind of detection method and device of DNS abduction | |
| US7376717B2 (en) | Method and apparatus for automatically configuring a computer for different local area networks | |
| US6256671B1 (en) | Method and apparatus for providing network access control using a domain name system | |
| US8020045B2 (en) | Root cause analysis method, apparatus, and program for IT apparatuses from which event information is not obtained | |
| CN110636115B (en) | Cross-cloud service calling processing method, gateway server and requester server | |
| US8605731B2 (en) | Network system and server | |
| US7467203B2 (en) | System and methods for robust discovery of servers and services in a heterogeneous environment | |
| US9648033B2 (en) | System for detecting the presence of rogue domain name service providers through passive monitoring | |
| US10567384B2 (en) | Verifying whether connectivity in a composed policy graph reflects a corresponding policy in input policy graphs | |
| CN105610867B (en) | A kind of anti-abduction method and apparatus of DNS | |
| CN103929429A (en) | Network vulnerability scanning system and method based on RESTful Web service | |
| CN104993953A (en) | Method for detecting network service state and device detecting network service state | |
| US20120317254A1 (en) | Network platform in a network device ecosystem | |
| US9264440B1 (en) | Parallel detection of updates to a domain name system record system using a common filter | |
| CN108027808A (en) | Internet security and management equipment | |
| US20090129290A1 (en) | Method for acquiring information of network resources connected to ports of network switches | |
| CN110062064A (en) | A kind of Address Resolution Protocol ARP request message response method and device | |
| US9762542B2 (en) | Parallel detection of updates to a domain name system record system using a common filter | |
| JP4009591B2 (en) | Domain naming system (DNS) for accessing databases | |
| KR20140044987A (en) | Security system and operating method thereof | |
| US20110302292A1 (en) | Systems and methods for service assurance using virtualized federated presence infrastructure | |
| CN101404595B (en) | Network bridge uplink port identification | |
| KR101522139B1 (en) | Method for blocking selectively in dns server and change the dns address using proxy | |
| US7502847B2 (en) | Method of providing views of a managed network that uses network address translation | |
| JP2002368781A (en) | User location management domain name conversion system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181012 |
|
| RJ01 | Rejection of invention patent application after publication |