| Booming Internet provides very convenient conditions for our daily life, study and office work. However, in recent years the Internet security incidents continue to occur, exposing the Internet vulnerable to attack. DNS resolution system is an important part of the Internet. If the DNS resolution system can’t work properly, the Internet can’t work efficiently and properly. DNS spoofing attacks are the main factors causing the DNS resolution system can’t work properly. Therefore it is very important to study DNS spoofing attacks.Currently, the policy of DNS spoofing security can’t simultaneously achieve perfect protection, easy deployment and efficient process. This thesis designs a new defense model based on local proxy to resolve the problem. The module not only perfects defense DNS spoofing attacks, but also designs on the thinking of hierarchical processing and multi-module collaboration.Based on the above theoretical model, this thesis implements a DNS spoofing attack defense system. The system consists of IP blacklist module, buffer module, and filtering module. The IP blacklist module is responsible for defending against the known attackers. It also proactively detects potential attackers. In addition to maintaining cache content, the cache module also verifies them at certain times. The filtering module is responsible for identifying the response packet from attackers. The system is to be deployed to a local proxy. When received DNS queries from DNS client, the system checks the cache module first, then transfers them to DNS servers. When received DNS responses from DNS server, the system first processes through IP blacklist, and then check the response by the filter module. Finally, the system sends the correct DNS responses to the DNS client and updates the cache module.Finally, this thesis builds a platform to attack, and demonstrates that the system simultaneously achieves perfect protection of DNS spoof attack, easy deployment and high efficiency. |
PDF Full Text Request