Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method and device for DNS hijacking

A detection method and detection device technology, applied in the Internet field, can solve problems such as economic loss of users, influence on normal operation of Internet services, and failure of users to perform normal network access, so as to achieve the effect of avoiding normal access

Inactive Publication Date: 2018-10-12
BEIJING QIYI CENTURY SCI & TECH CO LTD
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] DNS server is a key basic service of the Internet. Once DNS hijacking occurs, it will affect the normal operation of most Internet services, so that users cannot perform normal network access, and even cause economic losses to users.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for DNS hijacking
  • Detection method and device for DNS hijacking
  • Detection method and device for DNS hijacking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] figure 1 It is a flowchart of steps of a method for detecting DNS hijacking provided by an embodiment of the present invention.

[0060] refer to figure 1 As shown, the DNS hijacking detection method provided by this embodiment is applied to the DNS system, i.e. the domain name system, to detect whether a domain name resolution request is hijacked, that is, maliciously returns a wrong IP address to the user's domain name resolution request or does not return correct IP address, the detection method specifically includes the following steps:

[0061] S101: Obtain the first IP address returned by the local DNS server.

[0062] When a user sends a domain name resolution request, the request is first sent to the local DNS server. When the local DNS server receives the domain name resolution request, it analyzes the domain name information carried in the request and gives the domain name corresponding to the domain name. IP address, the parsed IP address will be returned to...

Embodiment 2

[0075] figure 2 It is a flowchart of steps of another DNS hijacking detection method provided by the embodiment of the present invention.

[0076] refer to figure 2 As shown, the DNS hijacking detection method provided by this embodiment is applied to the DNS system, i.e. the domain name system, to detect whether a domain name resolution request is hijacked, that is, maliciously returns a wrong IP address to the user's domain name resolution request or does not return correct IP address, the detection method specifically includes the following steps:

[0077] S201: Obtain the first IP address returned by the local DNS server.

[0078] This is the same as or similar to the solution for obtaining the first IP address in the previous embodiment, and will not be repeated here.

[0079] S202: Send the domain name resolution request to the HTTPDNS server.

[0080] While sending the user's domain name resolution request to the local DNS server, the request is also sent to the H...

Embodiment 3

[0094] image 3 It is a flow chart of steps for yet another DNS hijacking detection method provided by the embodiment of the present invention.

[0095] refer to image 3 As shown, the DNS hijacking detection method provided by this embodiment is applied to the DNS system, namely the domain name system, and is used to detect whether a domain name resolution request is hijacked, that is, maliciously returns a wrong IP address to the user's domain name resolution request or does not return correct IP address, the detection method specifically includes the following steps:

[0096] S301: Obtain the first IP address returned by the local DNS server.

[0097] This is the same as or similar to the solution for obtaining the first IP address in the previous embodiment, and will not be repeated here.

[0098] S302: Send the domain name resolution request to the HTTPDNS server.

[0099] While sending the user's domain name resolution request to the local DNS server, the request is ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a detection method and a detection device for DNS hijacking. The method and device are applied to a DNS system. The method specifically comprises the steps ofwhen a user sends out a domain name analysis request, acquiring a first IP address through analyzing the domain name analysis request by a local DNS server; sending the domain name analysis request toan HTTPDNS server; acquiring a second IP address through analyzing the domain name analysis request by the HTTPDNS server; and if the first IP address is different from the second IP address, returning warning information that the domain name analysis request is hijacked back to the user. Through sending the warning information to the user when the hijacking occurs, the user can be stopped from accessing the wrong content server to which the hijacked domain name points, the user even can further adopt the corresponding treatment measure according to the warning information, and thus the situation that the normal access of the user to the Internet is influenced by DNS hijacking can be avoided.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a method and device for detecting DNS hijacking. Background technique [0002] DNS hijacking, also known as domain name hijacking, refers to intercepting domain name resolution requests within the scope of the hijacked network, analyzing the requested domain name, and releasing the request outside the scope of review, otherwise returning a fake IP address, or doing nothing so that the request is lost Responses, the effect of which is to make a particular network unresponsive or to make users visit fake URLs. [0003] DNS server is a key basic service of the Internet. Once DNS hijacking occurs, it will affect the normal operation of most Internet services, so that users cannot perform normal network access, and even cause economic losses to users. Contents of the invention [0004] In view of this, the present invention provides a method and device for detecting DNS hijack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L29/12
CPCH04L63/1416H04L63/1466H04L67/02H04L61/4511
Inventor 陈归
Owner BEIJING QIYI CENTURY SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com