CN102255778A - Anti-hijacking domain name authorization monitoring system - Google Patents
Anti-hijacking domain name authorization monitoring system Download PDFInfo
- Publication number
- CN102255778A CN102255778A CN2011102618274A CN201110261827A CN102255778A CN 102255778 A CN102255778 A CN 102255778A CN 2011102618274 A CN2011102618274 A CN 2011102618274A CN 201110261827 A CN201110261827 A CN 201110261827A CN 102255778 A CN102255778 A CN 102255778A
- Authority
- CN
- China
- Prior art keywords
- domain name
- module
- name server
- mandate
- typing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an anti-hijacking domain name authorization monitoring system, which is used for preventing the loss of websites, caused by the falsification of domain name authorization or the abnormity of DNS (Domain Name Server) analysis service. The technical scheme of the invention is as follows: the system comprises a recording module, an inquiring module, a first judging module and an alarming module, wherein the recording module is used for recording monitoring information of domain names to be monitored at intervals of preset time; the inquiring module is connected with the recording module and is used for checking authorization information of the domain names and analyzing the domain names to obtain an IP result set of a current domain name server; the first judging module is connected with the inquiring module and is used for judging whether the authorization of the domain names is hijacked based on an inquiring result of the inquiring module; and the alarming module is connected with the first judging module and is used for giving an alarm under the condition of judging the authorization of the domain names is hijacked.
Description
Technical field
The present invention relates to the internet information safety system, relate in particular to anti-domain name mandate supervisory control system of kidnapping.
Background technology
Can run into the incident that the domain name mandate is distorted in the internet security field.Morning on January 12nd, 2010 is more than 7, because the gross negligence of Register.com company of U.S. domain name registration service provider, cause the domain name mapping of the www.***.com of Baidu to suffer that lawless person's malice distorts, whole world many places user can not visit the Baidu website, fault continues a few hours, has caused heavy losses to Baidu.The detail of this incident is that the ns record of ***.com is pointed to the dns server (ynsl.yahoo.com and yns2.yahoo.com) that the hacker can control by malice, by controlled dns server the parsing content of domain names such as www.***.com is distorted then, make the visitor can not correctly obtain the server ip address of Baidu website.
It is unusual sometimes also can to run into the dns server service.In 20: 33: 59 evening of on May 18th, 2009,6 resolution servers of dnspod under beyond example big flow attacking (a free intelligent DNS product) begin to lose efficacy, and a large amount of websites begin intermittence can't be visited, comprising domestic many well-known websites.Similar dns server is attacked case and is happened occasionally at home, in case dns server is attacked, authorizes the website domain name of its parsing that service can't normally be provided, and normal operation in website and the normal online of netizen are all caused tremendous influence.
Summary of the invention
The objective of the invention is to address the above problem, a kind of domain name mandate supervisory control system of anti-abduction is provided, avoid the loss that the domain name mandate is distorted or the dns resolution service causes to the website unusually.
Technical scheme of the present invention is: the present invention has disclosed a kind of domain name mandate supervisory control system of anti-abduction, comprises typing module, enquiry module, first judge module and alarm module, wherein:
The typing module is every the monitor message of the domain name of default time typing desire monitoring;
Enquiry module connects described typing module, checks the authorization message of domain name, domain name is resolved, to obtain the IP result set of current name server;
First judge module connects described enquiry module, judges based on the Query Result of described enquiry module whether the domain name mandate is held as a hostage;
Alarm module connects first judge module, is judging under the situation that the domain name mandate is held as a hostage the processing of reporting to the police.
According to an embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention, the described monitor message of described typing module typing comprises: the analysis result collection of the domain name of the IP set of records ends of name server, the monitoring of described desire.
Embodiment according to the domain name mandate supervisory control system of anti-abduction of the present invention, described first judge module comprises name server correctness judging unit, judge the IP of the name server of the IP set of records ends that whether has the domain name server that does not belong to the typing of described typing module in the IP result set of the current name server that described enquiry module obtains, if exist then send the warning message of expression domain name server ip mistake to described alarm module.
Embodiment according to the domain name mandate supervisory control system of anti-abduction of the present invention, described first judge module also comprises name server number judging unit, connect domain name server correctness judging unit, under the situation that the mandate of domain name server correctness judgment unit judges domain name is not held as a hostage, move, whether the number of judging the name server in the IP result set of the current name server that described enquiry module obtains is less than preset value, then sends the very few warning message of expression domain name server ip quantity to described alarm module if be less than preset value.
According to an embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention, described system also comprises:
Concrete domain name mapping enquiry module connects domain name server number judging unit, resolves all IP in the IP result set of the current name server that described enquiry module obtains successively, obtains the analysis result collection;
Domain name service situation judge module, connect described concrete domain name mapping enquiry module, judge in the IP result set of the current name server that described enquiry module obtains and whether have the obstructed situation of IP 53 ports, judge then that as existing the name server service is unusual, send the warning message that Service-Port is closed to described alarm module;
Concrete domain name mapping results analyses module, connect domain name service status judge module, judge under the normal situation of name server service at domain name service status judge module and to move, whether the analysis result collection of domain name of judging the described desire monitoring in analysis result collection that described concrete domain name mapping enquiry module obtains and the described typing module is consistent, if inconsistent then send the warning message that expression domain name server parses is failed to described alarm module.
According to an embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention, described alarm module carries out alert notice by the mode of Email or SMS, and perhaps the mode of reporting to the police by audible alarm, Web interface is reminded.
According to an embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention, described enquiry module is by the mode of recursive query domain name to be resolved.
According to an embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention, described typing module also is provided with alarm rule and alarm parameters.
The present invention contrasts prior art following beneficial effect: the solution of the present invention is the Main Domain that will monitor of typing in advance and ns (the name server of domain name mandate, name server) IP of server (internet protocol, the Ethernet protocol address) set, some concrete domain names and the normal analysis result of this domain name under the Main Domain of typing simultaneously.Supervisory control system read one time entry information in per five minutes, Main Domain was carried out the inquiry of dig+trace (instrument of a domain name mapping inquiry).After obtaining the current ns server ip of domain name record by dig, the ns server ip information of itself and typing is in advance compared, if find in the ns IP result set of current dig, there is IP not belong to the ns IP result set of typing in advance, perhaps the IP quantity of current ns is less than two, assert that then domain name mandate parsing records the risk of being revised, send warning, parameter is nsip_error or nsips_too_less.It more than is exactly the monitoring strategies of domain name mandate.If the nsIP record of the mandate nsIP of domain name record and typing in advance is consistent, then at the concrete domain name of typing in advance, continue current each the ns server of dig, the result of its result who obtains and typing is in advance compared, if find that 53 ports of certain NS analysis result obstructed or dig result and typing in advance is inconsistent, the warning of then sending server_port_close or ns_resolv_errror respectively.Alert process is: the php page that sends mail by the wget command access, in the php page, pass through the email function, send to domain name predefined 139 mailboxes in advance, after binding by 139 mailboxes and SMS, just can the very first time pass through the SMS notification director, make domain name registration person the very first time to make countermeasure, thereby influence is reduced to minimum.
Description of drawings
Fig. 1 shows the schematic diagram of first embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.
Fig. 2 shows the schematic diagram of second embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.Fig. 3 shows the schematic diagram of the 3rd embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
First embodiment of anti-domain name mandate supervisory control system of kidnapping
Fig. 1 shows the principle of first embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.See also Fig. 1, the system of present embodiment comprises typing module 10, enquiry module 11, name server correctness judging unit 12 (also can be described as first judge module) and alarm module 13.
Annexation between these modules is: typing module 10 connects enquiry module 11, and enquiry module 11 connects name server correctness judging unit 12, and name server correctness judging unit 12 connects alarm module 13.
Typing module 10 is every the monitor message of the domain name of default time (for example every five minutes) typing desire monitoring.The monitor message of typing for example comprises: the IP set of records ends NSI{1.1.1.1 of name server, 1.1.1.2, the analysis result collection NSA{1.1.1.4} of the domain name www.abc.com of 1.1.1.3}, desire monitoring.Alarm parameters such as warning mailbox and alarm rule can also be set.
Enquiry module 11 is checked the authorization message of domain name, domain name is resolved, to obtain the IP result set of current name server.Enquiry module 11 is by sending the recursive query request to 13 the some root servers in the whole world, obtain the up-to-date authorization message of current Main Domain, thereby guarantee the reliability and the promptness in name server record source, again by carrying out Dig abc.com+trace, begin the recurrence inspection from root, obtain the IP result set NSR{nsip1 of current name server, nsip2 ....
Name server correctness judging unit 12 judges based on the Query Result of enquiry module 11 whether the domain name mandate is held as a hostage.Concrete deterministic process is: the IP result set NSR{nsip1 that judges the current name server that enquiry module 11 obtains, nsip2, in whether have the IP set of records ends NSI{1.1.1.1 of the name server that does not belong to 10 typings of typing module, 1.1.1.2,1.1.1.3} the IP of name server, record the risk of being revised if exist then illustrate that the domain name mandate is resolved, need send the warning message of expression domain name server ip mistake (nsip_error) to alarm module 13.
Alarm module 13 is being judged under the situation that the domain name mandate is held as a hostage the processing of reporting to the police.For example, can call the PHP warning page, send mail or note and report to the police by reading warning mailbox and the alarm parameters in the typing module 10.Can also be by the mode of reporting to the police in audible alarm or the web interface processing of reporting to the police.
Second embodiment of anti-domain name mandate supervisory control system of kidnapping
Fig. 2 shows the principle of second embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.See also Fig. 2, the system of present embodiment comprises typing module 20, enquiry module 21, name server correctness judging unit 22, name server number judging unit 24 (name server correctness judging unit 22, name server number judging unit 24 are parts of first judge module) and alarm module 23.
Annexation between these modules is: typing module 20 connects enquiry module 21, enquiry module 21 connects name server correctness judging unit 22, name server correctness judging unit 22 connects alarm module 23 and name server number judging unit 24, and name server number judging unit 24 connects alarm module 23.
Typing module 20 is every the monitor message of the domain name of default time (for example every five minutes) typing desire monitoring.The monitor message of typing for example comprises: the IP set of records ends NSI{1.1.1.1 of name server, 1.1.1.2, the analysis result collection NSA{1.1.1.4} of the domain name www.abc.com of 1.1.1.3}, desire monitoring.Alarm parameters such as warning mailbox and alarm rule can also be set.
Enquiry module 21 is checked the authorization message of domain name, domain name is resolved, to obtain the IP result set of current name server.Enquiry module 21 is by sending the recursive query request to 13 the some root servers in the whole world, obtain the up-to-date authorization message of current Main Domain, thereby guarantee the reliability and the promptness in name server record source, again by carrying out Dig abc.com+trace, begin the recurrence inspection from root, obtain the IP result set NSR{nsip1 of current name server, nsip2 ....
Name server correctness judging unit 22 judges based on the Query Result of enquiry module 21 whether the domain name mandate is held as a hostage.Concrete deterministic process is: the IP result set NSR{nsip1 that judges the current name server that enquiry module 21 obtains, nsip2, in whether have the IP set of records ends NSI{1.1.1.1 of the name server that does not belong to 20 typings of typing module, 1.1.1.2,1.1.1.3} the IP of name server, record the risk of being revised if exist then illustrate that the domain name mandate is resolved, need send the warning message of expression domain name server ip mistake (nsip_error) to alarm module 23.
Operation name server number judging unit 24 under the situation that the 22 judgement domain name mandates of name server correctness judging unit are not held as a hostage, judge the IP result set NSR{nsip1 of the current name server that enquiry module 21 obtains, nsip2, in the number of name server whether be less than preset value (for example being 2), if be less than preset value then sends warning message from expression domain name server ip quantity very few (nsips_too_less) to 23 of described warning moulds.
Alarm module 23 is being judged under the situation that the domain name mandate is held as a hostage the processing of reporting to the police.For example, can call the PHP warning page, send mail or note and report to the police by reading warning mailbox and the alarm parameters in the typing module 20.Can also be by the mode of reporting to the police in audible alarm or the web interface processing of reporting to the police.
The 3rd embodiment of anti-domain name mandate supervisory control system of kidnapping
Fig. 3 shows the principle of the 3rd embodiment of the domain name mandate supervisory control system of anti-abduction of the present invention.See also Fig. 3, the system of present embodiment comprises typing module 30, enquiry module 31, name server correctness judging unit 32, name server number judging unit 34 (name server correctness judging unit 32, name server number judging unit 34 are parts of first judge module), concrete domain name mapping enquiry module 35, domain name service situation judge module 36, concrete domain name mapping results analyses module 37 and alarm module 33.
Annexation between these modules is: typing module 30 connects enquiry module 31, enquiry module 31 connects name server correctness judging unit 32, name server correctness judging unit 32 connects alarm module 33 and name server number judging unit 34, name server number judging unit 34 connects alarm module 33 and concrete domain name mapping enquiry module 35, concrete domain name mapping enquiry module 35 connects domain name service status judge module 36, domain name service situation judge module 36 connects alarm module 33 and concrete domain name mapping results analyses module 37, and concrete domain name mapping results analyses module 37 connects alarm module 33.
Typing module 30 is every the monitor message of the domain name of default time (for example every five minutes) typing desire monitoring.The monitor message of typing for example comprises: the IP set of records ends NSI{1.1.1.1 of name server, 1.1.1.2, the analysis result collection NSA{1.1.1.4} of the domain name www.abc.com of 1.1.1.3}, desire monitoring.Alarm parameters such as warning mailbox and alarm rule can also be set.
Enquiry module 31 is checked the authorization message of domain name, domain name is resolved, to obtain the IP result set of current name server.Enquiry module 31 is by sending the recursive query request to 13 the some root servers in the whole world, obtain the up-to-date authorization message of current Main Domain, thereby guarantee the reliability and the promptness in name server record source, again by carrying out Dig abc.com+trace, begin the recurrence inspection from root, obtain the IP result set NSR{nsip1 of current name server, nsip2 ....
Name server correctness judging unit 32 judges based on the Query Result of enquiry module 31 whether the domain name mandate is held as a hostage.Concrete deterministic process is: the IP result set NSR{nsip1 that judges the current name server that enquiry module 31 obtains, nsip2, in whether have the IP set of records ends NSI{1.1.1.1 of the name server that does not belong to 30 typings of typing module, 1.1.1.2,1.1.1.3} the IP of name server, record the risk of being revised if exist then illustrate that the domain name mandate is resolved, need send the warning message of expression domain name server ip mistake (nsip_error) to alarm module 33.
Operation name server number judging unit 34 under the situation that the 32 judgement domain name mandates of name server correctness judging unit are not held as a hostage, judge the IP result set NSR{nsip1 of the current name server that enquiry module 31 obtains, nsip2, in the number of name server whether be less than preset value (for example being 2), if be less than preset value then sends warning message from expression domain name server ip quantity very few (nsips_too_less) to 33 of described warning moulds.
Judge the concrete domain name mapping enquiry module 35 of startup under the normal situation at name server number judging unit 34, concrete domain name mapping enquiry module 35 is resolved all IP in the IP result set of the current name server that enquiry module 30 obtains successively, obtains analysis result collection RNSA.
Then, domain name service situation judge module 36 is judged the IP result set NSR{nsip1 of the current name server that enquiry module 31 obtains, nsip2, in whether have the obstructed situation of IP 53 ports, judge then that as existing the name server service is unusual, send the warning message that Service-Port is closed (server_port_close) to alarm module 33.
Concrete domain name mapping results analyses module 37 is judged under the normal situation of name server service at domain name service situation judge module 36 and is moved, the analysis result collection NSR{nsip1 of the analysis result collection RNSA that the concrete domain name mapping enquiry module 35 of concrete domain name mapping results analyses module 37 judgements obtains and the domain name of the monitoring of the desire in the typing module 30, nsip2, whether consistent, if inconsistent then send the warning message of expression domain name server parses failure (ns_resolv_error) to alarm module 33.
Alarm module 33 is being judged under the situation that the domain name mandate is held as a hostage the processing of reporting to the police.For example, can call the PHP warning page, send mail or note and report to the police by reading warning mailbox and the alarm parameters in the typing module 20.Can also be by the mode of reporting to the police in audible alarm or the web interface processing of reporting to the police.
The foregoing description provides to those of ordinary skills and realizes and use of the present invention, those of ordinary skills can be under the situation that does not break away from invention thought of the present invention, the foregoing description is made various modifications or variation, thereby invention scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (8)
1. an anti-domain name mandate supervisory control system of kidnapping comprises typing module, enquiry module, first judge module and alarm module, wherein:
The typing module is every the monitor message of the domain name of default time typing desire monitoring;
Enquiry module connects described typing module, checks the authorization message of domain name, domain name is resolved, to obtain the IP result set of current name server;
First judge module connects described enquiry module, judges based on the Query Result of described enquiry module whether the domain name mandate is held as a hostage;
Alarm module connects first judge module, is judging under the situation that the domain name mandate is held as a hostage the processing of reporting to the police.
2. the domain name mandate supervisory control system of anti-abduction according to claim 1 is characterized in that, the described monitor message of described typing module typing comprises: the analysis result collection of the domain name of the IP set of records ends of name server, the monitoring of described desire.
3. the domain name mandate supervisory control system of anti-abduction according to claim 2, it is characterized in that, described first judge module comprises name server correctness judging unit, judge the IP of the name server of the IP set of records ends that whether has the domain name server that does not belong to the typing of described typing module in the IP result set of the current name server that described enquiry module obtains, if exist then send the warning message of expression domain name server ip mistake to described alarm module.
4. the domain name mandate supervisory control system of anti-abduction according to claim 3, it is characterized in that, described first judge module also comprises name server number judging unit, connect domain name server correctness judging unit, under the situation that the mandate of domain name server correctness judgment unit judges domain name is not held as a hostage, move, whether the number of judging the name server in the IP result set of the current name server that described enquiry module obtains is less than preset value, then sends the very few warning message of expression domain name server ip quantity to described alarm module if be less than preset value.
5. the domain name mandate supervisory control system of anti-abduction according to claim 4 is characterized in that described system also comprises:
Concrete domain name mapping enquiry module connects domain name server number judging unit, resolves all IP in the IP result set of the current name server that described enquiry module obtains successively, obtains the analysis result collection;
Domain name service situation judge module, connect described concrete domain name mapping enquiry module, judge in the IP result set of the current name server that described enquiry module obtains and whether have the obstructed situation of IP 53 ports, judge then that as existing the name server service is unusual, send the warning message that Service-Port is closed to described alarm module;
Concrete domain name mapping results analyses module, connect domain name service status judge module, judge under the normal situation of name server service at domain name service status judge module and to move, whether the analysis result collection of domain name of judging the described desire monitoring in analysis result collection that described concrete domain name mapping enquiry module obtains and the described typing module is consistent, if inconsistent then send the warning message that expression domain name server parses is failed to described alarm module.
6. the domain name mandate supervisory control system of anti-abduction according to claim 1 is characterized in that, described alarm module carries out alert notice by the mode of Email or SMS, and perhaps the mode of reporting to the police by audible alarm, Web interface is reminded.
7. according to the domain name mandate supervisory control system of each described anti-abduction in the claim 1~6, it is characterized in that described enquiry module is by the mode of recursive query domain name to be resolved.
8. according to the domain name mandate supervisory control system of each described anti-abduction in the claim 1~6, it is characterized in that described typing module also is provided with alarm rule and alarm parameters.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102618274A CN102255778A (en) | 2011-09-06 | 2011-09-06 | Anti-hijacking domain name authorization monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102618274A CN102255778A (en) | 2011-09-06 | 2011-09-06 | Anti-hijacking domain name authorization monitoring system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102255778A true CN102255778A (en) | 2011-11-23 |
Family
ID=44982783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102618274A Pending CN102255778A (en) | 2011-09-06 | 2011-09-06 | Anti-hijacking domain name authorization monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102255778A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546613A (en) * | 2011-12-28 | 2012-07-04 | 深圳市万兴软件有限公司 | Method for accessing GAE (Google app engine) hosted website, corresponding control device and corresponding system |
| CN102868773A (en) * | 2012-08-22 | 2013-01-09 | 北京奇虎科技有限公司 | Method, device and system for detecting domain name system (DNS) black hole hijack |
| CN104113447A (en) * | 2014-07-10 | 2014-10-22 | 北京蓝汛通信技术有限责任公司 | Method, device and system for monitoring domain name resolution pollution |
| CN105391818A (en) * | 2015-11-26 | 2016-03-09 | 中国互联网络信息中心 | Authoritative name emergency resolution system and method based on recursive server |
| WO2016155143A1 (en) * | 2015-03-30 | 2016-10-06 | 中兴通讯股份有限公司 | Method and device for controlling network security |
| CN106534149A (en) * | 2016-11-29 | 2017-03-22 | 北京小米移动软件有限公司 | DNS anti-hijacking method and device, terminal and server |
| CN107040546A (en) * | 2017-05-26 | 2017-08-11 | 浙江鹏信信息科技股份有限公司 | A kind of Domain Hijacking detection and linkage method of disposal and system |
| CN107295116A (en) * | 2017-05-11 | 2017-10-24 | 上海红阵信息科技有限公司 | A kind of domain name analytic method, apparatus and system |
| CN116760642A (en) * | 2023-08-18 | 2023-09-15 | 中国信息通信研究院 | Method, device, equipment and medium for judging domain name resource record change security |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834911A (en) * | 2010-03-31 | 2010-09-15 | 联想网御科技(北京)有限公司 | Defense method of domain name hijacking and network outlet equipment |
| CN102082836A (en) * | 2009-11-30 | 2011-06-01 | ***通信集团四川有限公司 | DNS (Domain Name Server) safety monitoring system and method |
-
2011
- 2011-09-06 CN CN2011102618274A patent/CN102255778A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082836A (en) * | 2009-11-30 | 2011-06-01 | ***通信集团四川有限公司 | DNS (Domain Name Server) safety monitoring system and method |
| CN101834911A (en) * | 2010-03-31 | 2010-09-15 | 联想网御科技(北京)有限公司 | Defense method of domain name hijacking and network outlet equipment |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546613A (en) * | 2011-12-28 | 2012-07-04 | 深圳市万兴软件有限公司 | Method for accessing GAE (Google app engine) hosted website, corresponding control device and corresponding system |
| CN102546613B (en) * | 2011-12-28 | 2015-08-19 | 深圳万兴信息科技股份有限公司 | The access method of GAE trustship website and the control device of correspondence and system |
| CN102868773A (en) * | 2012-08-22 | 2013-01-09 | 北京奇虎科技有限公司 | Method, device and system for detecting domain name system (DNS) black hole hijack |
| CN102868773B (en) * | 2012-08-22 | 2015-04-15 | 北京奇虎科技有限公司 | Method, device and system for detecting domain name system (DNS) black hole hijack |
| CN104113447A (en) * | 2014-07-10 | 2014-10-22 | 北京蓝汛通信技术有限责任公司 | Method, device and system for monitoring domain name resolution pollution |
| CN104113447B (en) * | 2014-07-10 | 2017-11-10 | 北京蓝汛通信技术有限责任公司 | Monitor the method, apparatus and system of domain name mapping pollution |
| WO2016155143A1 (en) * | 2015-03-30 | 2016-10-06 | 中兴通讯股份有限公司 | Method and device for controlling network security |
| CN105391818A (en) * | 2015-11-26 | 2016-03-09 | 中国互联网络信息中心 | Authoritative name emergency resolution system and method based on recursive server |
| CN105391818B (en) * | 2015-11-26 | 2019-02-05 | 中国互联网络信息中心 | A kind of authoritative domain name emergency analysis system and method based on recursion server |
| CN106534149A (en) * | 2016-11-29 | 2017-03-22 | 北京小米移动软件有限公司 | DNS anti-hijacking method and device, terminal and server |
| CN107295116A (en) * | 2017-05-11 | 2017-10-24 | 上海红阵信息科技有限公司 | A kind of domain name analytic method, apparatus and system |
| CN107295116B (en) * | 2017-05-11 | 2020-04-10 | 上海红阵信息科技有限公司 | Domain name resolution method, device and system |
| CN107040546A (en) * | 2017-05-26 | 2017-08-11 | 浙江鹏信信息科技股份有限公司 | A kind of Domain Hijacking detection and linkage method of disposal and system |
| CN116760642A (en) * | 2023-08-18 | 2023-09-15 | 中国信息通信研究院 | Method, device, equipment and medium for judging domain name resource record change security |
| CN116760642B (en) * | 2023-08-18 | 2023-11-03 | 中国信息通信研究院 | Method, device, equipment and medium for judging domain name resource record change security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255778A (en) | Anti-hijacking domain name authorization monitoring system | |
| CN107438079B (en) | Method for detecting unknown abnormal behaviors of website | |
| US8561187B1 (en) | System and method for prosecuting dangerous IP addresses on the internet | |
| US8051028B2 (en) | Method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining | |
| CN110472414A (en) | Detection method, device, terminal device and the medium of system vulnerability | |
| US20180075240A1 (en) | Method and device for detecting a suspicious process by analyzing data flow characteristics of a computing device | |
| CN104468860B (en) | The recognition methods of domain name resolution server danger and device | |
| CN112074834A (en) | Analysis device, method, system and storage medium for operating a technical system | |
| US8040231B2 (en) | Method for processing alarm data to generate security reports | |
| CN107682345B (en) | IP address detection method and device and electronic equipment | |
| WO2015018314A1 (en) | Method, device and system for detecting whether account is stolen | |
| CN103378991A (en) | Online service abnormity monitoring method and monitoring system thereof | |
| CN105404581A (en) | Database evaluation method and device | |
| CN111404937A (en) | Method and device for detecting server vulnerability | |
| CN105099762B (en) | A kind of self checking method and self-checking system of system O&M function | |
| CN115225385B (en) | Flow monitoring method, system, equipment and computer readable storage medium | |
| US8819704B1 (en) | Personalized availability characterization of online application services | |
| US20240236133A1 (en) | Detecting Data Exfiltration and Compromised User Accounts in a Computing Network | |
| EP3642718B1 (en) | Graphical user interface tool for configuring a vehicle's intrusion detection system | |
| US20170026341A1 (en) | Automation network and method for monitoring the security of the transfer of data packets | |
| CN112650180B (en) | Safety warning method, device, terminal equipment and storage medium | |
| CN111614614B (en) | Safety monitoring method and device applied to Internet of things | |
| CN109462617B (en) | Method and device for detecting communication behavior of equipment in local area network | |
| Kučera et al. | Fault Detection in Building management system networks | |
| CN114218316A (en) | Vehicle safety management method and system based on Internet of vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111123 |