| The DNS server provides the domain name resolution service for the Internet and converts the IP address and domain name.DNS protocol is vulnerable to attack by DNS server due to its own design flaws and vulnerabilities.Once the DNS server is attacked,it will affect most users of the Internet.Therefore,it is necessary to study the detection and protection of DNS attacks.At present,DDoS attacks and cache poisoning attacks are more common.Aiming at these two typical DNS attacks,this paper designs an attack detection and response system for private DNS server,which can detect the DDoS attack and the cache poisoning attack,and respond to the result of the detection.In this paper,the principle and characteristics of DNS attack are studied,and then the current detection technology and protection ideas are studied.First,we need to collect the DNS data,capture the packet through the server,set the filter,filter the packets of other protocols,analyze the packet by protocol,and restore the DNS packet.Secondly,the feature information in DNS packet is extracted,and the feature information such as source IP address,source port and TTL value are extracted and stored in the database,which provides the precondition for the detection algorithm.Then,according to the DDoS attack,the route jump number ratio is detected.First,the route detection is carried out,and then the route hops are compared according to the TTL value.In order to classify the attack packets and legitimate packets,we classify the packets according to the cache poisoning attack by bayesian classifier.Finally,the system response strategy is formulated,including filter module and speed limit processing,monitoring of server system resources,tractive reinjection of traffic,and fault tolerance using a standby server.To sum up,this paper completes the design and implementation of the attack detection and response system for private DNS.It can detect the attack of DDoS attack and caching attack,and take the response strategy to the attack packet. |
PDF Full Text Request