| 摘要 |
<p>PURPOSE: A DNS flooding attack detecting method according to a property of attack traffic is provided to block only attack traffic caused by a malicious user while protecting the traffic of a normal user. CONSTITUTION: The generation of a DNS packet within a critical time is determined(432). The DNS packet includes a message of the same type as a message included in a transmitted packet. The DNS packet includes a specific filed value and a specific address same as the transmitted packet. If the DNS packet within the critical time is generated more than a predetermined number, the transmitted packet is determined as packets related to an attack(433). [Reference numerals] (410) Detecting a DNS packet; (411) DNS inquiry?; (421,432) Same SIP/DIP/DNS ID exists?; (422) Generating an entry; (431) DNS response?; (433) Cutting off the packet; (434) Removing the entry; (AA,DD,EE,GG) No; (BB,CC,FF,HH) Yes</p> |
