计算机工程 ›› 2010, Vol. 36 ›› Issue (3): 125-127.doi: 10.3969/j.issn.1000-3428.2010.03.041

• 安全技术 • 上一篇    下一篇

DNS欺骗原理及其防御方案

孔 政,姜秀柱   

  1. (中国矿业大学计算机科学与技术学院,徐州 221008)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-02-05 发布日期:2010-02-05

DNS Spoofing Principle and Its Defense Scheme

KONG Zheng, JIANG Xiu-zhu   

  1. (School of Computer Science and Technology, China University of Mining and Technology, Xuzhou 221008)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-02-05 Published:2010-02-05

摘要: 针对DNS欺骗表现出的危害性大、隐蔽性强的特点,通过对DNS ID欺骗攻击及DNS缓存中毒攻击的原理进行剖析,应用概率学理论证明了“生日攻击”的危害,分别给出相应的防御方案。对于不同类型的用户可以根据自身的条件和对信息安全要求级别的高低,采用适合自己的应对方案。

关键词: DNS欺骗, ARP欺骗, DNS ID 欺骗, DNS缓存中毒, 生日攻击

Abstract: DNS spoofing presents the characteristics of severe harm and high dormancy. By analyzing the principle of DNS ID spoofing attack and DNS cache poisoning attack, this paper proves the harm of “birthday attack” by using the probability theory, and puts forward some corresponding defense methods. In conclusion, to different kinds of users, they can use practical and effective defense measures according to their conditions and demand levels of information security.

Key words: DNS spoofing, ARP spoofing, DNS ID spoofing, DNS cache poisoning, birthday attack

中图分类号: