CONTROL DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION CONTROL METHOD

摘要

PROBLEM TO BE SOLVED: To discard an attack packet without a boundary router discarding a proper response packet at a time of performing reflection-type DoS countermeasures.SOLUTION: A communication system is provided with a control device 10 to control a boundary router 20. The control device 10 instructs a boundary router 20 which is a transmission source of attack notice to transfer a DNS query to the control device 10. Then, the control device 10 instructs each boundary router 20 other than the boundary router 20 to discard the DNS query. After that, when the control device 10 receives the DNS query (proper DNS query) from the boundary router 20 of the transmission source of attack notice, the control device 10 instructs each boundary router 20 other than the boundary router 20 to stop discarding the DNS query, and then the control device 10 transfers the received DNS query to a destination DNS server. After that, a boundary router 20 having received a response to the DNS query transfers the response to its destination.