期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

预防缓存中毒的DNS报文校验方案 被引量:3

A Solution for Packet Validity Check Against DNS Cache Poisoning
原文传递
导出
摘要 域名系统安全是互联网技术的热点之一。近一段时期,由DNS缓存中毒引起的安全案例时有发生,严重影响了互联网的安全性和可靠性。深入分析了缓存中毒的实现机理,提出了一套面向局域网的DNS报文合法性校验方案。新方案中所设计的逆向校验算法,在不必修改DNS协议的前提下,增强了对DNS报文合法性的鉴别能力,改变了底层局域网络只能依靠上层服务器可靠性来预防缓存中毒攻击的被动局面。 DNS security is one of the hot issues on the Internet. In recent years, security cases caused by DNS cache poisoning turn up frequently, thus bringing much affection to the stability and reliability of the Internet. In this article, the principle of DNS cache poisoning is analyzed in depth, and a LAN-oriented solution for checking DNS packet validity is proposed. The reverse-direction checking algorithm in the new solution could, without any modification of DNS protocols, work even better in checking the validity of DNS packet. This changes the passive situation that LAN depends mainly on the reliability of higher-layer servers for preventing DNS cache poisoning.
作者 田杰 谷大武 陆海宁
机构地区 上海交通大学电子信息与电气工程学院 上海交通大学信息安全工程学院
出处 《通信技术》 2010年第8期146-148,151,共4页 Communications Technology
基金 国家863课题资助(编号:2006AA01Z405)
关键词 域名系统安全 缓存中毒 局域网 逆向校验 报文合法性 DNS DNS cache poisoning LAN reverse-direction check packet validity
分类号 TP393.1 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1张小妹,赵荣彩,单征,陈静.基于DNS的拒绝服务攻击研究与防范[J].计算机工程与设计,2008,29(1):21-24. 被引量:11
  • 2Secure Works, Inc. DNS Cache Poisoning-The Next eneration [EB/OL]. (2007-04-03). [2009-09-01].http://www. secureworks. com/research/articles/cachepoisoning.
  • 3MOCKAPETRIS P. Domain Names-concepts and Facilities[S]. USA:The Internet Society, 1987: 5-17.
  • 4MOCKAPETRIS P. Domain Names-implementation and Specification[S]. USA:The Internet Society, 1987:31-43.
  • 5冯登国.密码学原理与实践[M].北京:电子工业出版社,2003.
  • 6SZMIT A, TOMASZEWSKI M, SZMIT M. Domain Name Servers Pseudo- Random Number Generators and DNS Cache Poisoning Attack[J]. Polish Journal of Environmental Studies, 2006,15(4c):1-6.
  • 7ARENDS R, AUSTEIN R, LARSON M. DNS Security Introduction and Requirements[S]. USA:The Internet Society, 2005: 7-15.
  • 8ARENDS R, AUSTEIN R, LARSON M. Resource Records for the DNS Security Extensions[S].USA:The Internet Society, 2005:4-14.
  • 9闫伯儒,方滨兴,李斌,王垚.DNS欺骗攻击的检测和防范[J].计算机工程,2006,32(21):130-132. 被引量:23

二级参考文献13

  • 1[2]Randal Vaughn,Gadi Evron.DNS amplification attacks[EB/OL].http://www.isotf.org/news/DNS-Amplification-Attacks.pdf,2006-03-17.
  • 2[3]ICANN.Root Server Attack on 6 February 2007[EB/OL].http:// www.icann.org/announcements/faetsheet-dns-attack-08mar07.pdf,2007-03.
  • 3[4]Eastlake D.Domain name system security extensions[S].RFC2535,IETF,1999-03.
  • 4[5]The Measurement Factory.Domain name servers:Pervasive and critical,yet often overlooked[EB/OL],http://dns.measurement-factory.com/surveys/suml.html,2006-06-14.
  • 5[7]Athins D.Threat analysis of the domain name system[EB/OL].http://www.ietf.org/interne t-drafts/draft-ietf-dnsext-dns-threats-01,2002.
  • 6[8]Verisign.Anatomy of recent DNS reflector attacks from the vic-tim and reflector point of view[EB/OL].http://www.verisign.com/static/037903.pdf,2006-06-14.
  • 7Mockapetris P.Domain Names-Concepts and Facilities[S].RFC1034,1987.
  • 8SANS Institute.The Twenty Most Critical Internet Security Vulnerabilities[Z].http://www.sans.org/top20/,2004.
  • 9Lioy A,Maino F,Marian M.DNS Security[C].Proc.of Terena Networking Conference,2000.
  • 10Men & Mice.Single Point of Failure Research[Z].http://www.menandmice.com/6000/6300_single_point_failure.html,2001.

共引文献33

同被引文献19

引证文献3

二级引证文献2

通信技术
2010年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部