论文部分内容阅读
DNS是互联网中最重要的基础设施,但由于其自身设计缺陷,针对其安全漏洞的网络攻击事件层出不穷。本文介绍了DNS协议基础框架和其存在的安全漏洞,讨论了基于这些漏洞实现的典型攻击方式,包括反射放大攻击,DNS劫持,缓存投毒攻击,DNS隧道等,在分析攻击实现原理和危害的基础上,给出了相应的抗攻击方法和建议。
DNS is the most important infrastructure on the Internet, but because of its own design flaws, there are more and more cyber attacks on its security breaches. This paper introduces the basic framework of the DNS protocol and its existing security vulnerabilities. It discusses the typical attacks based on these vulnerabilities, including reflection amplification attacks, DNS hijacking, cache poisoning attacks and DNS tunnels. After analyzing the principles and harms of attacks, Based on this, the corresponding methods and suggestions for anti-attack are given.