US 11,057,404 B2
Method and apparatus for defending against DNS attack, and storage medium
Fang Zhou Chen, Shenzhen (CN); and Feng Bo Jiang, Shenzhen (CN)
Assigned to TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED, Shenzhen (CN)
Filed by TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED, Guangdong (CN)
Filed on Apr. 19, 2019, as Appl. No. 16/389,212.
Application 16/389,212 is a continuation of application No. PCT/CN2017/116436, filed on Dec. 15, 2017.
Claims priority of application No. 201611183849.2 (CN), filed on Dec. 20, 2016.
Prior Publication US 2019/0245875 A1, Aug. 8, 2019
Int. Cl. G08B 23/00 (2006.01); H04L 29/06 (2006.01); H04L 29/12 (2006.01); H04L 9/32 (2006.01)
CPC H04L 63/1416 (2013.01) [H04L 9/32 (2013.01); H04L 29/06 (2013.01); H04L 29/12 (2013.01); H04L 61/1511 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for defending against a DNS attack, the method being performed by an apparatus for defending against the DNS attack, the method comprising:
receiving a DNS request from a request source;
obtaining an IP address of the request source from which the DNS request is received;
calculating a characteristic value of the IP address;
searching an internal memory for preset identifier information corresponding to the characteristic value;
obtaining request record information and an unblocking time corresponding to the characteristic value, the request record information including a number of request times from the request source in a predetermined period, based on the preset identifier information corresponding to the characteristic value being a detection identifier indicating an uncertainty of an existence of an attack risk in the DNS request;
determining that the DNS request is an attack request and discarding the DNS request, based on the number of request times exceeding a preset request threshold; and
determining that the DNS request is the attack request and discarding the DNS request, based on the number of request times not exceeding the preset request threshold and a current time not reaching a preset unblocking time,
wherein the obtaining request record information and the unblocking time further comprises:
saving information included in the DNS request as the request record information, based on the request record information corresponding to the characteristic value in the internal memory being null;
updating a request time of the DNS request in the request record information to a request time of a current DNS request and resetting the number of request times in the request record information to zero, based on the request record information in the internal memory not being null and a duration from the request time of the DNS request recorded in the request record information to the request time of the current DNS request exceeding the predetermined period; and
updating the request time of the DNS request in the request record information to the request time of the current DNS request and increasing the number of request times in the request record information by one, based on the request record information in the internal memory not being null and the duration from the request time of the DNS request recorded in the request record information to the request time of the current DNS request not exceeding the predetermined period.