CN105933356A - Method and device for detecting DNS (Domain Name System) hijacking of client - Google Patents

Method and device for detecting DNS (Domain Name System) hijacking of client Download PDF

Info

Publication number
CN105933356A
CN105933356A CN201610533569.3A CN201610533569A CN105933356A CN 105933356 A CN105933356 A CN 105933356A CN 201610533569 A CN201610533569 A CN 201610533569A CN 105933356 A CN105933356 A CN 105933356A
Authority
CN
China
Prior art keywords
client
dns
character string
kidnap
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610533569.3A
Other languages
Chinese (zh)
Inventor
王光友
候接力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
World (beijing) Network Technology Co Ltd
Original Assignee
World (beijing) Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by World (beijing) Network Technology Co Ltd filed Critical World (beijing) Network Technology Co Ltd
Priority to CN201610533569.3A priority Critical patent/CN105933356A/en
Publication of CN105933356A publication Critical patent/CN105933356A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and a device for detecting DNS (Domain Name System) hijacking of a client, and belongs to the technical field of detection. The method for detecting DNS hijacking of the client comprises the steps of acquiring a webpage authentication request sent by the client when the client is detected to log in, wherein request parameters of the webpage authentication request are set according to an encryption protocol; carrying out verification on the request parameters of the webpage authentication request, and determining that DNS hijacking occurs in the client if the verification fails. The method for detecting DNS hijacking of the client is low in detection cost, high in processing efficiency and accurate in detection result.

Description

A kind of method and device detecting the abduction of client DNS
Technical field
The present invention relates to detection technique field, particularly to a kind of detect client DNS kidnap method and Device.
Background technology
DNS (Domain Name System, domain name system): as domain name and IP address phase on the Internet The distributed data base mapped mutually, it is possible to make user more easily access the Internet, and do not spend and remember The IP numeric string that can be directly read by machine.
DNS kidnaps and is also called Domain Hijacking, refers to intercept asking of domain name mapping in the network range kidnapped Ask, the domain name of analysis request, beyond examination scope request let pass, otherwise return vacation IP address or Person does nothing and makes request lose response, and its result is can not to react specific network or access is false Network address.
At present, what a lot of client softwares have employed the embedded webpage of forms in a large number represents form, " the most micro- End ", its benefit is that development cost is low, and it is convenient to update.User is when accessing micro-end, and effect is equivalent to use net The network browser access page, therefore, it also can run into DNS and kidnap.So-called DNS kidnaps, and refers to some Virtual network operator, for number one, intercepts the domain name mapping request that browser sends on a dns, When the domain name request specified, return to false IP address, thus the consequence caused is: Yong Hufang Ask is the page or the illegal web page of false content, and not only the basic function of software can not normally use, very Carry out the operation such as unauthorized access, paying to user can be misled, not only affect network security, also can cause user Property loss.
In prior art, detect whether DNS is held as a hostage by comparing content of pages, specifically, logical Crossing server info to push, client can obtain and prestore the feature text of target pages, such as page mark Topic or the keyword etc. of content of pages.After there is page request, client first carries out page loading, then Obtain the field data of the page, finally judge whether to comprise default keyword, if it has not, then can be determined that Kidnap for DNS.The shortcoming of this kind of detection mode mainly has: one is to need propelling movement and maintenance to have webpage spy Solicit articles the relatively costly of this dictionary table, communication and storage;Two is to need to need each webpage to load in advance Rear just can determine that, treatment effeciency is relatively low.
Summary of the invention
Embodiments provide a kind of method and device detecting the abduction of client DNS, testing cost Cheap, treatment effeciency is high, and testing result is accurate.
The technical scheme that the embodiment of the present invention provides is as follows:
On the one hand, it is provided that a kind of detect client DNS kidnap method, including:
After detecting that client logs in, obtain the webpage certification request that described client sends, described The required parameter of webpage certification request is configured according to cryptographic protocol;
The required parameter of described webpage certification request is verified;
If authentication failed, it is determined that described client occurs DNS to kidnap.
Preferably, if be proved to be successful, described method also includes:
Receive the character string returned;
Described character string is verified;
If described character string authentication failed, it is determined that described client occurs DNS to kidnap;
If described character string is proved to be successful, it is determined that described client does not occurs DNS to kidnap.
Preferably, described method also includes:
After determining that described client occurs DNS to kidnap, described client is reminded to send out with local page form Raw DNS kidnaps;
After determining that described client does not occurs DNS to kidnap, the micro-end of normal display in described client.
Preferably, the required parameter of described webpage certification request includes: ID, timestamp and key, The described required parameter to described webpage certification request is verified, including:
MD5 value after the combination of described ID, timestamp and key is carried out md5 encryption is tested Card.
Preferably, described described character string is verified, including:
Obtain the MD5 value of preset characters string;
The MD5 value that cipher key calculation is corresponding is combined according to the ID in the character string returned, timestamp;
The relatively MD5 value of preset characters string is the most identical with the MD5 value calculated, if it is, really Determine character string to be verified;Otherwise, it determines character string authentication failed.
On the other hand, it is provided that a kind of detect client DNS kidnap device, including:
Acquisition module, for after detecting that client logs in, obtains the webpage that described client sends Certification is asked, and the required parameter of described webpage certification request is configured according to cryptographic protocol;
First authentication module, for verifying the required parameter of described webpage certification request;
First determines module, after the required parameter authentication failed in described webpage certification request, determines institute Stating client occurs DNS to kidnap.
Preferably, described device also includes:
Receiver module, for, after the success of webpage certification requests verification, receiving the character string returned;
Second authentication module, for verifying described character string;
Second determines module, for after described character string authentication failed, determines that described client occurs DNS Kidnap;
3rd determines module, for after described character string is proved to be successful, determines that described client does not occurs DNS kidnaps.
Preferably, described device also includes:
Prompting module, for, after determining that described client occurs DNS to kidnap, carrying with local page form Described client of waking up occurs DNS to kidnap;
Display module, for after determining that described client does not occurs DNS to kidnap, in described client The micro-end of normal display.
Preferably, the required parameter of described webpage certification request includes: ID, timestamp and key;
Described first authentication module, for carrying out MD5 to the combination of described ID, timestamp and key MD5 value after encryption is verified.
Preferably, described second authentication module, including:
Acquiring unit, for obtaining the MD5 value of preset characters string;
Computing unit, for combining cipher key calculation return according to the ID in the character string returned, timestamp Return the MD5 value of character string;
Comparing unit is the most identical with the MD5 value calculated for the MD5 value comparing preset characters string;
Determine unit, after MD5 value for comparing at comparing unit is identical, determine that character string checking is led to Cross;Otherwise, it determines character string authentication failed.
The method and device that detection client DNS that the embodiment of the present invention provides is kidnapped, is detecting client After end logs in, obtaining the webpage certification request that client sends, the required parameter of webpage certification request depends on It is configured according to cryptographic protocol;The required parameter of webpage certification request is verified;If authentication failed, Then determine that client occurs DNS to kidnap.The method that this detection client DNS is kidnapped, testing cost is low Honest and clean, treatment effeciency is high, and testing result is accurate.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to enforcement In example, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only Some embodiments described in the present invention, for those of ordinary skill in the art, it is also possible to according to these Accompanying drawing obtains other accompanying drawing.
Fig. 1 is a kind of flow chart detecting the method that client DNS is kidnapped that the embodiment of the present invention provides;
Fig. 2 is the flow process of the method that another detection client DNS that the embodiment of the present invention provides is kidnapped Figure;
Fig. 3 is the flow process of the method that another detection client DNS that the embodiment of the present invention provides is kidnapped Figure;
Fig. 4 is a kind of block diagram detecting the device that client DNS is kidnapped that the embodiment of the present invention provides;
Fig. 5 is the block diagram of the device that another detection client DNS that the embodiment of the present invention provides is kidnapped;
Fig. 6 is the block diagram of the device that another detection client DNS that the embodiment of the present invention provides is kidnapped;
Fig. 7 is the block diagram of the device that another detection client DNS that the embodiment of the present invention provides is kidnapped.
Detailed description of the invention
In order to make those skilled in the art be more fully understood that the scheme of the embodiment of the present invention, below in conjunction with the accompanying drawings and The embodiment of the present invention is described in further detail by embodiment.
The embodiment of the present invention provides a kind of and detects the method that client DNS is kidnapped, as it is shown in figure 1, include Following steps S101-S103:
In step S101, after detecting that client logs in, the webpage obtaining client transmission is recognized Card request, the required parameter of webpage certification request is configured according to cryptographic protocol.
In the present embodiment, webpage certification request can be Get request, specifically can be by client to clothes The safety certification page of business device sends Get request and is realized, wherein, and the required parameter root of Get request It is configured according to the cryptographic protocol of both sides' agreement.Should complete before micro-end page access in view of verification process, And the normal use of client can not be affected, a worker thread can be set up another and implement.Wherein, peace Domain name that full certification page is asked according to micro-end of client it may is that one or more, safety certification page Face should be the corresponding field page under one's name.
The present embodiment illustrates as a example by a domain name:
Such as, the domain name in all micro-end page faces is " xx.cn ", and the safety certification page is “http://xx.cn/verify.php?Uid=***&time=***&sign=*** ", wherein, " uid=***&time=***&sign=*** " for send Get request time both sides agreement and encryption after ginseng Number, wherein: uid is user id (also referred to as ID, user identity proves);Time is the unix time Stamp;Sign=md5 (uid+time+key), the character string i.e. combined by uid, time, key is carried out Secret value after md5 encryption, key key is arranged jointly by client and service end.
It should be noted that when " micro-end " interface of client exists the situation of multiple domain name access, doing During identification, can be in the way of employing be verified one by one.The reliability identified is improved in order to be further ensured that, permissible Increase number of retries.
In step s 102, the required parameter of webpage certification request is verified.
Specifically can be by the safety certification webpage of server, the request ginseng to the Get request that client sends Number carries out verifying and is realized, and according to being proved to be successful or unsuccessfully return different contents, such as, checking is lost Lose and can return fail, be proved to be successful then return string.Wherein, the form of the character string of return is: Connect with half-angle comma between uid, time, sign, three value, naturally it is also possible to use other form, such as Xml, json form etc.;Uid and time is returned by webpage, sign=md5 (uid+time+1+key). Wherein, in the formula of above-mentioned calculating sign, " 1 " is a random disturbance, higher at security level required In the case of, can replace with other random string.
In step s 103, if the required parameter authentication failed of the webpage certification request in step S102, Then determine that client occurs DNS to kidnap.
Wherein, the Different Results returned by above-mentioned steps S102, it may be determined that whether client robs Hold, specifically, when return fail time, or return client can not identify content time, it is believed that webpage Certification request authentification failure, determines that client is kidnapped.
The method that detection client DNS that the embodiment of the present invention provides is kidnapped, is detecting that client occurs After login, obtaining the webpage certification request that client sends, the required parameter of webpage certification request is according to encryption Agreement is configured;The required parameter of webpage certification request is verified;If authentication failed, it is determined that Client occurs DNS to kidnap.The method that this detection client DNS is kidnapped, testing cost is cheap, place Reason efficiency is high, and testing result is accurate.
In another embodiment, if as in figure 2 it is shown, in above-mentioned steps S102 webpage verification using data-hiding technology request Required parameter be proved to be successful, above-mentioned detection client DNS kidnap method also include step S201-S203:
In step s 201, the character string returned is received;
In step S202, the character string returned is verified;
If character string authentication failed, then perform step S103: determine that client occurs DNS to kidnap;
If character string is proved to be successful, then perform step S203: determine that client does not occurs DNS to kidnap.
In the present embodiment, uid, tri-values of time, sign are verified after receiving character string by client, Wherein, time time and the current timestamp obtained not can exceed that preset value, to prevent each server time poor Too big, wherein, preset value can be such as 100s, and preset value can be adjusted according to actual needs, The sign being simultaneously transmitted through webpage verifies, is proved to be successful expression domain name " xx.cn " and is not held as a hostage.
The method that detection client DNS that the embodiment of the present invention provides is kidnapped, asks certification in webpage certification After success, further the character string returned is verified, determine client according to character string the result DNS whether is occurred to kidnap, it is possible to the accuracy of testing result is effectively ensured.
In another embodiment, as it is shown on figure 3, above-mentioned detection client DNS kidnap method also Including step S301-S302:
In step S301, after determining that client occurs DNS to kidnap, remind visitor with local page form Family end occurs DNS to kidnap;
In step s 302, after determining that client does not occurs DNS to kidnap, the most normally show Micro-end.
The method that detection client DNS that the embodiment of the present invention provides is kidnapped, is determining that client occurs After DNS kidnaps, client is reminded to occur DNS to kidnap with local page form, it is possible to effectively to remind user There occurs that DNS kidnaps, thus cause the attention of user;Determine do not occur DNS kidnap after, client The micro-end of normal display in end, so that user can continue to browse.
In one embodiment, the required parameter of above-mentioned webpage certification request includes: ID, timestamp And key, webpage certification request is verified, including: the combination to ID, timestamp and key Carry out the MD5 value after md5 encryption to verify.
In another embodiment, above-mentioned character string is verified, including step S1-S3:
In step sl, the MD5 value of preset characters string is obtained;
In step s 2, cipher key calculation correspondence is combined according to the ID in the character string returned, timestamp MD5 value;
In step s3, the MD5 value comparing preset characters string is the most identical with the MD5 value calculated; If it is, determine that character string is verified;Otherwise, it determines character string authentication failed.
Wherein, input specific byte serial (preset characters string) at end to be verified, use md5 encryption raw Becoming the character string of 128, verifying end parses relevant parameter after receiving data to be verified, also calculates Go out a MD5 character string, compare two MD5 character strings, if equal, by checking, if not Deng the most not verified.
The embodiment of the present invention can effectively detect the situation that client DNS is held as a hostage, and reliability can reach substantially To 100%, according to testing result, client can shield illegal web page in time and point out user, it is to avoid use Family mistake clicks on even property loss.
Correspondingly, the embodiment of the present invention also provides for a kind of device detecting the abduction of client DNS, such as Fig. 4 Shown in, including:
Acquisition module 401, for after detecting that client logs in, obtains the webpage that client sends Certification is asked, and the required parameter of webpage certification request is configured according to cryptographic protocol;
First authentication module 402, for verifying the required parameter of webpage certification request;
First determines module 403, after the required parameter authentication failed in webpage certification request, determines visitor Family end occurs DNS to kidnap.
In another embodiment, as it is shown in figure 5, the device that above-mentioned detection client DNS is kidnapped, Also include:
Receiver module 501, for, after the success of webpage certification requests verification, receiving the character string returned;
Second authentication module 502, for verifying character string;
Second determines module 503, for after character string authentication failed, determines that client occurs DNS to rob Hold;
3rd determines module 504, for after character string is proved to be successful, determines that client does not occurs DNS Kidnap.
In another embodiment, as shown in Figure 6, the device that above-mentioned detection client DNS is kidnapped, Also include:
Prompting module 601, for, after determining that client occurs DNS to kidnap, carrying with local page form Client of waking up occurs DNS to kidnap;
Display module 602, is used for after determining that client does not occurs DNS to kidnap, the most normally Show micro-end.
In another embodiment, above-mentioned webpage certification request required parameter include: ID, time Between stamp and key;Above-mentioned first authentication module, for carrying out the combination of ID, timestamp and key MD5 value after md5 encryption is verified.
In another embodiment, as it is shown in fig. 7, the second authentication module 502, including:
Acquiring unit 5021, for obtaining the MD5 value of preset characters string;
Computing unit 5022, by combining based on key according to the ID in the character string returned, timestamp Calculate corresponding MD5 value;
Whether comparing unit 5023, be used for the MD5 value comparing preset characters string and the MD5 value calculated Identical;
Determine unit 5024, after MD5 value for comparing at comparing unit is identical, determine that character string is tested Card passes through;Otherwise, it determines character string authentication failed.
The device that detection client DNS that the embodiment of the present invention provides is kidnapped, is detecting that client occurs After login, obtain the webpage certification request that client sends, the request of webpage certification request by acquisition module Parameter is configured according to cryptographic protocol;The required parameter asked webpage certification by the first authentication module is entered Row checking;Determine that module, after the first authentication module authentication failed, determines that client occurs DNS by first Kidnap.The device that this detection client DNS is kidnapped, testing cost is cheap, and treatment effeciency is high, and inspection Survey result is accurate.
The method and apparatus that above-described embodiment provides belongs to same inventive concept, each module in device, unit Function and the process that realizes can refer to the description in embodiment of the method, repeat no more here.
Each embodiment in this specification all uses the mode gone forward one by one to describe, phase homophase between each embodiment As part see mutually, what each embodiment stressed is different from other embodiments it Place.For device embodiment, owing to it is substantially similar to embodiment of the method, so describing Fairly simple, relevant part sees the part of embodiment of the method and illustrates.Device described above is implemented Example is only that schematically the wherein said unit illustrated as separating component can be or may not be Physically separate, the parts shown as unit can be or may not be physical location, the most permissible It is positioned at a place, or can also be distributed on multiple NE.Can select according to the actual needs Some or all of module therein realizes the purpose of the present embodiment scheme.Those of ordinary skill in the art exist In the case of not paying creative work, i.e. it is appreciated that and implements.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all the present invention's Within spirit and principle, any modification, equivalent substitution and improvement etc. made, should be included in the present invention's Within protection domain.

Claims (10)

1. one kind is detected the method that client DNS is kidnapped, it is characterised in that including:
After detecting that client logs in, obtain the webpage certification request that described client sends, described The required parameter of webpage certification request is configured according to cryptographic protocol;
The required parameter of described webpage certification request is verified;
If authentication failed, it is determined that described client occurs DNS to kidnap.
Method the most according to claim 1, it is characterised in that if be proved to be successful, described method Also include:
Receive the character string returned;
Described character string is verified;
If described character string authentication failed, it is determined that described client occurs DNS to kidnap;
If described character string is proved to be successful, it is determined that described client does not occurs DNS to kidnap.
Method the most according to claim 2, it is characterised in that described method also includes:
After determining that described client occurs DNS to kidnap, described client is reminded to send out with local page form Raw DNS kidnaps;
After determining that described client does not occurs DNS to kidnap, the micro-end of normal display in described client.
Method the most according to claim 1, it is characterised in that the request of described webpage certification request Parameter includes: ID, timestamp and key, and the described required parameter to described webpage certification request enters Row checking, including:
MD5 value after the combination of described ID, timestamp and key is carried out md5 encryption is tested Card.
Method the most according to claim 2, it is characterised in that described described character string is tested Card, including:
Obtain the MD5 value of preset characters string;
The MD5 value that cipher key calculation is corresponding is combined according to the ID in the character string returned, timestamp;
The relatively MD5 value of preset characters string is the most identical with the MD5 value calculated, if it is, really Determine character string to be verified;Otherwise, it determines character string authentication failed.
6. one kind is detected the device that client DNS is kidnapped, it is characterised in that including:
Acquisition module, for after detecting that client logs in, obtains the webpage that described client sends Certification is asked, and the required parameter of described webpage certification request is configured according to cryptographic protocol;
First authentication module, for verifying the required parameter of described webpage certification request;
First determines module, after the required parameter authentication failed in described webpage certification request, determines institute Stating client occurs DNS to kidnap.
Device the most according to claim 6, it is characterised in that described device also includes:
Receiver module, for, after the success of webpage certification requests verification, receiving the character string returned;
Second authentication module, for verifying described character string;
Second determines module, for after described character string authentication failed, determines that described client occurs DNS Kidnap;
3rd determines module, for after described character string is proved to be successful, determines that described client does not occurs DNS kidnaps.
Device the most according to claim 7, it is characterised in that described device also includes:
Prompting module, for, after determining that described client occurs DNS to kidnap, carrying with local page form Described client of waking up occurs DNS to kidnap;
Display module, for after determining that described client does not occurs DNS to kidnap, in described client The micro-end of normal display.
Device the most according to claim 6, it is characterised in that the request of described webpage certification request Parameter includes: ID, timestamp and key;
Described first authentication module, for carrying out MD5 to the combination of described ID, timestamp and key MD5 value after encryption is verified.
Device the most according to claim 7, it is characterised in that described second authentication module, including:
Acquiring unit, for obtaining the MD5 value of preset characters string;
Computing unit, for combining cipher key calculation return according to the ID in the character string returned, timestamp Return the MD5 value of character string;
Comparing unit is the most identical with the MD5 value calculated for the MD5 value comparing preset characters string;
Determine unit, after MD5 value for comparing at comparing unit is identical, determine that character string checking is led to Cross;Otherwise, it determines character string authentication failed.
CN201610533569.3A 2016-07-07 2016-07-07 Method and device for detecting DNS (Domain Name System) hijacking of client Pending CN105933356A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610533569.3A CN105933356A (en) 2016-07-07 2016-07-07 Method and device for detecting DNS (Domain Name System) hijacking of client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610533569.3A CN105933356A (en) 2016-07-07 2016-07-07 Method and device for detecting DNS (Domain Name System) hijacking of client

Publications (1)

Publication Number Publication Date
CN105933356A true CN105933356A (en) 2016-09-07

Family

ID=56827716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610533569.3A Pending CN105933356A (en) 2016-07-07 2016-07-07 Method and device for detecting DNS (Domain Name System) hijacking of client

Country Status (1)

Country Link
CN (1) CN105933356A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107018156A (en) * 2017-06-01 2017-08-04 北京云端智度科技有限公司 The defence support method of Domain Hijacking
CN110557355A (en) * 2018-05-31 2019-12-10 上海连尚网络科技有限公司 method and equipment for detecting man-in-the-middle attack through user equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
CN103905273A (en) * 2014-03-25 2014-07-02 百度在线网络技术(北京)有限公司 DNS hijack monitoring method and device
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation
EP2779591A2 (en) * 2013-03-14 2014-09-17 Verisign, Inc. Method and apparatus for creating a list of trustworthy DNS clients
CN105245550A (en) * 2015-10-29 2016-01-13 广州酷狗计算机科技有限公司 Domain name hijacking judgment method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139200A (en) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 Single sign-on method of web service
EP2779591A2 (en) * 2013-03-14 2014-09-17 Verisign, Inc. Method and apparatus for creating a list of trustworthy DNS clients
CN103905273A (en) * 2014-03-25 2014-07-02 百度在线网络技术(北京)有限公司 DNS hijack monitoring method and device
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation
CN105245550A (en) * 2015-10-29 2016-01-13 广州酷狗计算机科技有限公司 Domain name hijacking judgment method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107018156A (en) * 2017-06-01 2017-08-04 北京云端智度科技有限公司 The defence support method of Domain Hijacking
CN110557355A (en) * 2018-05-31 2019-12-10 上海连尚网络科技有限公司 method and equipment for detecting man-in-the-middle attack through user equipment
CN110557355B (en) * 2018-05-31 2021-07-27 上海连尚网络科技有限公司 Method and equipment for detecting man-in-the-middle attack through user equipment

Similar Documents

Publication Publication Date Title
CN104301302B (en) Go beyond one's commission attack detection method and device
US10904007B2 (en) Authentication device based on biometric information, control server connected to the same, and login method based on biometric information thereof
USRE46158E1 (en) Methods and systems to detect attacks on internet transactions
EP3219068B1 (en) Method of identifying and counteracting internet attacks
CN101360102B (en) Method for detecting dns redirects or fraudulent local certificates for ssl sites in pharming/phishing schemes by remote validation and using a credential manager and recorded certificate attributes
US7313691B2 (en) Internet site authentication service
CN108989355B (en) Vulnerability detection method and device
WO2016078182A1 (en) Authorization method, device and system for sensitive data
CN104717192B (en) Legality identification method and intermediate server
JP2018501567A (en) Device verification method and equipment
CN105337949A (en) SSO (Single Sign On) authentication method, web server, authentication center and token check center
CN108696490A (en) The recognition methods of account permission and device
CN101997685A (en) Single sign-on method, single sign-on system and associated equipment
CN109067813A (en) Network hole detection method, device, storage medium and computer equipment
CN106453378A (en) Data authentication method, apparatus and system
CN102073822A (en) Method and system for preventing user information from leaking
CA2762706A1 (en) Method and system for securing communication sessions
CN103763104B (en) A kind of method and system of dynamic authentication
US20180302437A1 (en) Methods of identifying and counteracting internet attacks
CN108769063A (en) A kind of method and device of automatic detection WebLogic known bugs
CN104506541A (en) Website loophole alarming method and device
CN112118238A (en) Method, device, system, equipment and storage medium for authentication login
CN111259368A (en) Method and equipment for logging in system
CN106161411B (en) A kind of webpage verification using data-hiding technology method and device
CN109495458A (en) A kind of method, system and the associated component of data transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160907

RJ01 Rejection of invention patent application after publication