METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK

To provide a method, program, and device to prevent DNS water attack by multiple recursive queries including non-existent random subdomains by suppressing an increase in query load to an authoritative DNS server targeted for attack in a DNS full service resolver.SOLUTION: A DNS full service resolver...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	KAWANOBE HIROSHI
Format:	Patent
Sprache:	eng ; jpn
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	KAWANOBE HIROSHI
description	To provide a method, program, and device to prevent DNS water attack by multiple recursive queries including non-existent random subdomains by suppressing an increase in query load to an authoritative DNS server targeted for attack in a DNS full service resolver.SOLUTION: A DNS full service resolver 10 performs attack query determination on the basis of the results of counting the number of successes and failures defined by the presence or absence of an answer section included in a response packet obtained from a response content from an authoritative DNS server 73 in response to a plurality of recursive queries transmitted from a regular client group 50 and an attack client group 60 for each client and each zone, and sends back a response code indicating discard or failure without repeatedly querying by a certain rate due to rate limitation in the case of an attack query.SELECTED DRAWING: Figure 1 【課題】ＤＮＳフルサービスリゾルバーにおいて、攻撃対象の権威ＤＮＳサーバーへの問い合わせ負荷の増加を抑制させることにより実在しないランダムサブドメインを含む複数の再帰問い合わせクエリーによるＤＮＳ水責め攻撃を防御する方法、プログラム、及び装置を提供する。【解決手段】ＤＮＳフルサービスリゾルバー１０は正規クライアント群５０及び攻撃クライアント群６０から送信された複数の再帰問い合わせクエリーに応じた権威ＤＮＳサーバー７３からの応答内容により得られた応答パケットに含まれる回答セクションの存否により定まる成功数及び失敗数をクライアント毎及びゾーン毎にそれぞれ集計した結果に基づき攻撃クエリー判定を実施し、攻撃クエリーの場合にレート制限により一定の割合だけ反復問い合わせすることなく破棄又は失敗を示す応答コードを返答する。【選択図】図１
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_JP2019186659A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>JP2019186659A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_JP2019186659A3</originalsourceid><addsrcrecordid>eNrjZLD2dQ3x8HfRUQgI8ncPcvTVUXD0c1FwcQ3zdHZVcPMPAoq7hrn6hXj6uSu4-AUrhDuGuAYpOIaEODp78zCwpiXmFKfyQmluBiU31xBnD93Ugvz41OKCxOTUvNSSeK8AIwNDS0MLMzNTS0djohQBAPy_KXE</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK</title><source>esp@cenet</source><creator>KAWANOBE HIROSHI</creator><creatorcontrib>KAWANOBE HIROSHI</creatorcontrib><description>To provide a method, program, and device to prevent DNS water attack by multiple recursive queries including non-existent random subdomains by suppressing an increase in query load to an authoritative DNS server targeted for attack in a DNS full service resolver.SOLUTION: A DNS full service resolver 10 performs attack query determination on the basis of the results of counting the number of successes and failures defined by the presence or absence of an answer section included in a response packet obtained from a response content from an authoritative DNS server 73 in response to a plurality of recursive queries transmitted from a regular client group 50 and an attack client group 60 for each client and each zone, and sends back a response code indicating discard or failure without repeatedly querying by a certain rate due to rate limitation in the case of an attack query.SELECTED DRAWING: Figure 1 【課題】ＤＮＳフルサービスリゾルバーにおいて、攻撃対象の権威ＤＮＳサーバーへの問い合わせ負荷の増加を抑制させることにより実在しないランダムサブドメインを含む複数の再帰問い合わせクエリーによるＤＮＳ水責め攻撃を防御する方法、プログラム、及び装置を提供する。【解決手段】ＤＮＳフルサービスリゾルバー１０は正規クライアント群５０及び攻撃クライアント群６０から送信された複数の再帰問い合わせクエリーに応じた権威ＤＮＳサーバー７３からの応答内容により得られた応答パケットに含まれる回答セクションの存否により定まる成功数及び失敗数をクライアント毎及びゾーン毎にそれぞれ集計した結果に基づき攻撃クエリー判定を実施し、攻撃クエリーの場合にレート制限により一定の割合だけ反復問い合わせすることなく破棄又は失敗を示す応答コードを返答する。【選択図】図１</description><language>eng ; jpn</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2019</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20191024&DB=EPODOC&CC=JP&NR=2019186659A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20191024&DB=EPODOC&CC=JP&NR=2019186659A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>KAWANOBE HIROSHI</creatorcontrib><title>METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK</title><description>To provide a method, program, and device to prevent DNS water attack by multiple recursive queries including non-existent random subdomains by suppressing an increase in query load to an authoritative DNS server targeted for attack in a DNS full service resolver.SOLUTION: A DNS full service resolver 10 performs attack query determination on the basis of the results of counting the number of successes and failures defined by the presence or absence of an answer section included in a response packet obtained from a response content from an authoritative DNS server 73 in response to a plurality of recursive queries transmitted from a regular client group 50 and an attack client group 60 for each client and each zone, and sends back a response code indicating discard or failure without repeatedly querying by a certain rate due to rate limitation in the case of an attack query.SELECTED DRAWING: Figure 1 【課題】ＤＮＳフルサービスリゾルバーにおいて、攻撃対象の権威ＤＮＳサーバーへの問い合わせ負荷の増加を抑制させることにより実在しないランダムサブドメインを含む複数の再帰問い合わせクエリーによるＤＮＳ水責め攻撃を防御する方法、プログラム、及び装置を提供する。【解決手段】ＤＮＳフルサービスリゾルバー１０は正規クライアント群５０及び攻撃クライアント群６０から送信された複数の再帰問い合わせクエリーに応じた権威ＤＮＳサーバー７３からの応答内容により得られた応答パケットに含まれる回答セクションの存否により定まる成功数及び失敗数をクライアント毎及びゾーン毎にそれぞれ集計した結果に基づき攻撃クエリー判定を実施し、攻撃クエリーの場合にレート制限により一定の割合だけ反復問い合わせすることなく破棄又は失敗を示す応答コードを返答する。【選択図】図１</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2019</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLD2dQ3x8HfRUQgI8ncPcvTVUXD0c1FwcQ3zdHZVcPMPAoq7hrn6hXj6uSu4-AUrhDuGuAYpOIaEODp78zCwpiXmFKfyQmluBiU31xBnD93Ugvz41OKCxOTUvNSSeK8AIwNDS0MLMzNTS0djohQBAPy_KXE</recordid><startdate>20191024</startdate><enddate>20191024</enddate><creator>KAWANOBE HIROSHI</creator><scope>EVB</scope></search><sort><creationdate>20191024</creationdate><title>METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK</title><author>KAWANOBE HIROSHI</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_JP2019186659A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng ; jpn</language><creationdate>2019</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>KAWANOBE HIROSHI</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>KAWANOBE HIROSHI</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK</title><date>2019-10-24</date><risdate>2019</risdate><abstract>To provide a method, program, and device to prevent DNS water attack by multiple recursive queries including non-existent random subdomains by suppressing an increase in query load to an authoritative DNS server targeted for attack in a DNS full service resolver.SOLUTION: A DNS full service resolver 10 performs attack query determination on the basis of the results of counting the number of successes and failures defined by the presence or absence of an answer section included in a response packet obtained from a response content from an authoritative DNS server 73 in response to a plurality of recursive queries transmitted from a regular client group 50 and an attack client group 60 for each client and each zone, and sends back a response code indicating discard or failure without repeatedly querying by a certain rate due to rate limitation in the case of an attack query.SELECTED DRAWING: Figure 1 【課題】ＤＮＳフルサービスリゾルバーにおいて、攻撃対象の権威ＤＮＳサーバーへの問い合わせ負荷の増加を抑制させることにより実在しないランダムサブドメインを含む複数の再帰問い合わせクエリーによるＤＮＳ水責め攻撃を防御する方法、プログラム、及び装置を提供する。【解決手段】ＤＮＳフルサービスリゾルバー１０は正規クライアント群５０及び攻撃クライアント群６０から送信された複数の再帰問い合わせクエリーに応じた権威ＤＮＳサーバー７３からの応答内容により得られた応答パケットに含まれる回答セクションの存否により定まる成功数及び失敗数をクライアント毎及びゾーン毎にそれぞれ集計した結果に基づき攻撃クエリー判定を実施し、攻撃クエリーの場合にレート制限により一定の割合だけ反復問い合わせすることなく破棄又は失敗を示す応答コードを返答する。【選択図】図１</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	eng ; jpn
recordid	cdi_epo_espacenet_JP2019186659A
source	esp@cenet
subjects	CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title	METHOD, PROGRAM, AND DEVICE FOR PREVENTING DNS WATER ATTACK
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T20%3A22%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=KAWANOBE%20HIROSHI&rft.date=2019-10-24&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EJP2019186659A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true