CN103685318A - Data processing method and device for protecting network security - Google Patents
Data processing method and device for protecting network security Download PDFInfo
- Publication number
- CN103685318A CN103685318A CN201310751667.0A CN201310751667A CN103685318A CN 103685318 A CN103685318 A CN 103685318A CN 201310751667 A CN201310751667 A CN 201310751667A CN 103685318 A CN103685318 A CN 103685318A
- Authority
- CN
- China
- Prior art keywords
- address
- application server
- response message
- unsafe
- data processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a data processing method and device for protecting network security. The data processing method for protecting the network security comprises the following steps: receiving a request, for accessing an application server, sent by a terminal; resolving the IP (Internet Protocol) address of the application server according to the request; judging whether the IP address obtained by resolving is an unsafe IP address or not; if the IP address obtained by resolving is an unsafe IP address according to judgment, deleting the unsafe IP address from a response message; transmitting the response message from which the unsafe IP address is deleted to the terminal. According to the data processing method and device, the protection performance of a network protection system is improved.
Description
Technical field
The present invention relates to fire compartment wall field, in particular to a kind of data processing method for network safety prevention and device.
Background technology
Intranet user is in when online, accesses which server, which application is safe, is one of key problem of network security all the time.Facing under the new application scenarios that virtual, mobile interconnection technique is representative, take " State Inspection Packet Filter " as basic traditional firewall technology, more and more unable to do what one wishes in security protection ability.Fire compartment wall of future generation (Next Generation Firewall is called for short NGFW), the upgraded version that is used as traditional firewall technology is suggested.In the concept of NGFW, application identification is used as key concept and is emphasized, but when solving " which application is safe " this key problem, does not find generally acknowledged method.
Prior art one related to the present invention is the application controls based on application identification.
Application controls pre-defined " which application is safe, and which application is unsafe " based on application identification, by application identification technology, controls unsafe application.
Application controls based on application identification has following shortcoming:
(1) inaccurate.Current content-based application identification technology is inaccurate, so by the application controls of its recognition result, be easy to the problem that causes wrong report or fail to report.
(2) control granularity is too thick.Although the unsafe application of existence itself really, situation is but more that application itself is safe, on certain server or in some time periods, is just unsafe.Application controls based on application identification can not provide definition in these two granularities.
Prior art two related to the present invention is IP prestige technology.
IP prestige technology, by one " IP credit database ", identifies the IP address on network, and it is safe indicating which IP, and which IP is unsafe.
IP prestige technology has following shortcoming:
(1) performance is low.Because each session all needs to inquire about in IP credit database according to IP address, therefore, when there is many sessions, all need in IP credit database, inquire about, cause query performance low.
(2) robustness is poor.Suppose that certain application P is used three station servers, externally use three different IP address A, B, C, service has walked abreast.Hypothesize attack person attacks and has controlled A server, but just A server can be provided for the user in S area as the preferred server of somewhere S by dns server.If A is designated " danger; do not allow access " by IP credit database, in fact guard system based on IP credit database can forbid that the user in S area is provided by P service (because the user in S area is when access P serves, the first-selected IP address A that can select DNS system to provide) so.
For the low problem of the barrier propterty of network-safeguard system in prior art, effective solution is not yet proposed at present.
Summary of the invention
Main purpose of the present invention is to provide a kind of data processing method for network safety prevention and device, to solve the low problem of barrier propterty of Intranet guard system in prior art.
To achieve these goals, according to an aspect of the present invention, provide a kind of data processing method for network safety prevention.Data processing method for network safety prevention according to the present invention comprises: the request of receiving terminal access application server; According to the IP address of request analysis application server; Judgement resolves whether the IP address obtaining is unsafe IP address; If judging and resolving the IP address obtaining is unsafe IP address, unsafe IP address is deleted from response message; And the response message of deleting behind unsafe IP address is sent to terminal.
Further, before the response message behind deletion unsafe IP address is sent to terminal, data processing method also comprises: sorted according to IP prestige in the safe IP address in the response message of deleting behind unsafe IP address; Order according to the IP prestige after sequence is kept at safe IP address in response message; And in the local safe IP address of preserving of fire compartment wall.
Further, according to the IP address of the request analysis application server of access services device, comprise: the IP address of searching application server in fire compartment wall this locality; Whether judgement finds the IP address of application server in fire compartment wall this locality; And if in fire compartment wall this locality, search the IP address less than application server, request is sent to dns server, and receives the IP address that dns server is resolved the application server obtain.
Further, according to the IP address of the request analysis application server of access services device, comprise: the IP address of searching application server in fire compartment wall this locality; Whether judgement finds the IP address of application server in fire compartment wall this locality; And if the IP address that finds application server in fire compartment wall this locality, request is not sent to dns server, directly call IP address the replying as dns server of the application server finding.
Further, after unsafe IP address is deleted from response message, data processing method also comprises: whether the number that judges the safe IP address in response message is 0; If judging the number of the safe IP address in response message is 0, to terminal, send the response message of disable access.
To achieve these goals, according to a further aspect in the invention, provide a kind of data processing equipment for network safety prevention.Data processing equipment for network safety prevention according to the present invention comprises: receiving element, for the request of receiving terminal access application server; Resolution unit, for the IP address according to request analysis application server; Judging unit, resolves for judging whether the IP address obtaining is unsafe IP address; Delete cells for resolving the IP address obtain while being unsafe IP address judging, is deleted unsafe IP address from response message; And response unit, for the response message of deleting behind unsafe IP address is sent to terminal.
Further, data processing equipment also comprises: sequencing unit, for before the response message behind deletion unsafe IP address is sent to terminal, sorts the safe IP address in the response message of deleting behind unsafe IP address according to IP prestige; Message storage unit, for being kept at response message by the highest safe IP address of IP prestige; And local memory cell, for preserving safe IP address in fire compartment wall this locality.
Further, resolution unit comprises: search module, for search the IP address of application server in fire compartment wall this locality; Judge module, for judging the IP address that whether finds application server in fire compartment wall this locality; And transceiver module, when searching the IP address less than application server in fire compartment wall this locality, request is sent to dns server, and receive the IP address that dns server is resolved the application server obtaining.
Further, resolution unit comprises: search module, for search the IP address of application server in fire compartment wall this locality; Judge module, for judging the IP address that whether finds application server in fire compartment wall this locality; And calling module, when finding the IP address of application server in fire compartment wall this locality, request is not sent to dns server, directly call IP address the replying as dns server of the application server finding.
Further, data processing equipment also comprises: message judging unit, for by unsafe IP address after response message is deleted, judge whether the number of the safe IP address in response message is 0; Transmitting element, is 0 o'clock for the number judging the safe IP address of response message, sends the response message of disable access to terminal.
By the present invention, solved the low problem of the barrier propterty of network-safeguard system in prior art, and then reached the effect that improves the barrier propterty of network-safeguard system.
Accompanying drawing explanation
The accompanying drawing that forms the application's a part is used to provide a further understanding of the present invention, and schematic description and description of the present invention is used for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is according to the flow chart of the data processing method of first embodiment of the invention;
Fig. 2 is the data processing method flow chart according to second embodiment of the invention;
Fig. 3 be take the schematic diagram of the application P data processing method that is example according to the embodiment of the present invention;
Fig. 4 is according to the schematic diagram of the data processing equipment of first embodiment of the invention; And
Fig. 5 is according to the schematic diagram of the data processing equipment of second embodiment of the invention.
Embodiment
It should be noted that, in the situation that not conflicting, embodiment and the feature in embodiment in the application can combine mutually.Describe below with reference to the accompanying drawings and in conjunction with the embodiments the present invention in detail.
In order to make those skilled in the art person understand better the present invention program, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, the term " first " in specification of the present invention and claims and above-mentioned accompanying drawing, " second " etc. are for distinguishing similar object, and needn't be for describing specific order or precedence.The data that should be appreciated that such use suitably can exchanged in situation, so as embodiments of the invention described herein can with except diagram here or describe those order enforcement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, for example, those steps or unit that the process that has comprised series of steps or unit, method, system, product or equipment are not necessarily limited to clearly list, but can comprise clearly do not list or for these processes, method, product or equipment intrinsic other step or unit.
The embodiment of the present invention provides a kind of data processing method for network safety prevention.
Fig. 1 is according to the flow chart of the data processing method of first embodiment of the invention.As shown in the figure, this data processing method comprises the steps:
Step S102, the request of receiving terminal access application server.
User, when using terminal, cannot directly see the IP address of application server, and user sees the domain name that will access, for example service.aaa.com in terminal.If user needs access application, the safeguard such as fire compartment wall, after receiving user's access request, is resolved the domain name service.aaa.com of needs access.
Step S104, according to the IP address of request analysis application server.
The IP address of resolving application server comprises and utilizes dns server to resolve IP address, also can in the DNS of fire compartment wall this locality buffer memory, search IP address.The method of utilizing dns server to resolve IP address can be utilized the method for the parsing IP address of dns server routine, because the method for utilizing dns server to resolve IP address is not that the present invention pays close attention to, at this, does not repeat.Utilize the particular content of the DNS cache lookup IP address of fire compartment wall this locality to have in the following embodiments corresponding description.
Step S106, judgement resolves whether the IP address obtaining is unsafe IP address.
Utilize dns server to resolve the IP address obtaining, or in DNS buffer memory, find corresponding IP address, all need the judgement by fire compartment wall, take and determine whether the IP that parsing obtains is unsafe IP address.
In IP credit database, search and resolve the IP address obtaining, the IP prestige corresponding according to each IP address of storing in IP credit database, determines whether the IP address that this parsing obtains is unsafe IP address.
If it is low to find the IP prestige of the IP address that this parsing obtains in IP credit database, determine that resolving the IP address obtaining is unsafe IP address.
Step S108, if judged, to resolve the IP address obtain be unsafe IP address, unsafe IP address deleted from response message.
After unsafe IP address is deleted from response message, terminal cannot the unsafe IP of perception address, therefore, can be good at avoiding the unsafe IP of terminal access address, has increased the fail safe that terminal makes application.
Step S110, is sent to terminal by the response message of deleting behind unsafe IP address.
After having deleted unsafe IP address, in response message, only included safe IP address, there is no unsafe IP address, therefore, any one IP address in terminal access response message is all safe, can both guarantee that terminal can be used application terminal, and the application server of access security.
If after having deleted unsafe IP address, there is no IP address in response message, return to terminal replying of cannot accessing.
Pass through the embodiment of the present invention, judgement resolves whether the IP address obtaining is unsafe IP address, if it is unsafe judging IP address, unsafe IP address is deleted from response message, and the response message of having deleted unsafe IP address is sent to terminal, make the terminal cannot the unsafe IP of perception address, and the application server that any one the IP address in terminal access response message can both access security.Because terminal can be utilized the safe IP address access application server except unsafe IP address, therefore, when certain application server of this terminal is unsafe server, can also utilize other safe application servers that this terminal can normally be used, improve the robustness of terminal program.
Simultaneously, when resolving the IP address of application server, can directly in DNS buffer memory, inquire about the IP address of application server, if can inquire this IP address, can send the request of resolving application server IP address to dns server, improve the efficiency of inquiry, further improved the efficiency of network protection.
Fig. 2 is the data processing method flow chart according to second embodiment of the invention.As shown in the figure, before the response message behind deletion unsafe IP address is sent to terminal, this data processing method also comprises the steps:
Step S202, sorts the safe IP address in the response message of deleting behind unsafe IP address according to IP prestige.
After deleting unsafe IP address, IP prestige corresponding to safe IP address in IP credit database China inquiry response message, and according to the height of IP prestige, sorted in the IP address of safety.
Step S204, is kept at safe IP address in response message according to the order of the IP prestige after sequence.
After sorting according to the height of IP prestige, the IP address of safety is kept in response message according to the height of IP prestige.
Higher owing to coming the IP prestige of IP address above in response message, terminal selects IP address forward in response message to conduct interviews as the IP address of application server conventionally, and the access speed of the higher application server of IP prestige and access stability are all better, therefore, the safe IP address after the height sequence according to IP prestige is kept in response message.
Step S206, in the local safe IP address of preserving of fire compartment wall.
In the safe IP address of the local preservation of fire compartment wall, within certain time period, use this terminal, and while accessing this application server, can directly in the buffer memory of fire compartment wall, call corresponding IP address, without being sent to dns server, resolve, not only can guarantee the fail safe of the application server of terminal access, can also improve the protection efficiency of safeguard, improve barrier propterty.
By said method, the IP address that IP prestige is higher sends to terminal as first-selected IP address, for terminal provides more stable and safe application server, not only can guarantee user's access security, can also improve user and experience.
Further, according to the IP address of the request analysis application server of access services device, comprise: the IP address of searching application server in fire compartment wall this locality.Whether judgement finds the IP address of application server in fire compartment wall this locality.And if in fire compartment wall this locality, search the IP address less than application server, request is sent to dns server, and receives the IP address that dns server is resolved the application server obtain.
There is DNS buffer memory fire compartment wall this locality, in DNS buffer memory, can store the IP address of application server, when resolving the IP address of terminal request access, first in DNS buffer memory, search the IP address corresponding with the application server of asking, if searched in the DNS of fire compartment wall buffer memory less than IP address corresponding to the application server with request, the request of this parsing application server IP address is sent to dns server, by dns server, resolve the IP address corresponding with application server, after dns server is resolved and is obtained the IP address corresponding with application server, the IP address that parsing is obtained returns to fire compartment wall, fire compartment wall receives whether the IP address of searching after parsing behind the IP address after parsing is safe IP address.
Further, according to the IP address of the request analysis application server of access services device, comprise: the IP address of searching application server in fire compartment wall this locality.Whether judgement finds the IP address of application server in fire compartment wall this locality.And if the IP address that finds application server in fire compartment wall this locality, request is not sent to dns server, directly call IP address the replying as dns server of the application server finding.
Similarly, if can find the IP address of application server in fire compartment wall this locality, without the request of resolving IP address is sent to dns server, direct IP address corresponding to the application server of search request in DNS buffer memory, if find the IP address corresponding with the application server of asking, directly call the IP address of searching, and whether the IP address that judgement finds is safe IP address.
No matter be to resolve by dns server the IP address obtaining, or the IP address that finds in fire compartment wall this locality, whether the IP address that all needs through fire compartment wall judgement to resolve to obtain safety.
In IP credit database, search and resolve the IP address obtain, judgement resolves whether the IP address obtaining is safe, if judged, to resolve the IP address obtaining be unsafe IP address, this unsafe IP address deleted from response message.
It should be noted that, resolving the IP address obtaining may be one or more, and terminal can have a plurality of IP address conventionally, has a first-selected IP address in a plurality of IP address, and terminal is according to first-selected IP address access application server.
Further, after unsafe IP address is deleted from response message, data processing method also comprises: whether the number that judges the safe IP address in response message is 0.If judging the number of the safe IP address in response message is 0, to terminal, send the response message of disable access.
After being resolved to IP address, unsafe IP address is deleted from response message, unsafe IP address cannot be by terminal perception, and terminal cannot be accessed unsafe IP address naturally, thereby has guaranteed to use the fail safe of terminal access application server.Whether the number that judges the IP address in response message is 0, if judge the number of the IP address in response message, is 0, in response message, there is no safe IP address provision with using, and to terminal, sends the response message of disable access.If the number of the IP address in response message is not 0, sorted according to IP prestige in the IP address of safety, the response message that stores the IP address after sequence is sent to terminal, the IP address that IP prestige is the highest comes in response message front end as first-selected IP address, terminal is after receiving response message, according to first-selected IP address access application server, thereby make terminal security access application server.
By the present invention, first to resolving the IP address search IP prestige obtaining, unsafe IP address is deleted from response message, make the terminal cannot the unsafe IP of perception address, thereby guarantee terminal security access application server, further, after deleting unsafe IP address, the sequence of IP prestige is carried out in the IP address of safety, using the highest IP address of IP prestige as first-selected IP address, for terminal program access, thereby while making to be first-selected IP address in unsafe IP address, after deleting unsafe IP address, application program can also normally be used, utilize said method, not only guarantee the fail safe of terminal access application server, can also when unsafe IP address disable, terminal can also normally use, thereby solved the low problem of the barrier propterty of network-safeguard system in prior art, and then reached the effect of the barrier propterty that improves network-safeguard system.
Fig. 3 be take the schematic diagram of the application P data processing method that is example according to the embodiment of the present invention.
Particularly, take and apply P as example, suppose that application P is used two application servers, be respectively application server A300 and application server B400, two corresponding different IP addresses are A, B.Hypothesize attack person attacks and has controlled application server A300, and just A server is offered the user in S area by dns server as the preferred server of somewhere S.
Terminal 100 in access application P, the access request of fire compartment wall 200 receiving terminals 100, and inquire about the server address of the application P of this terminal 100 requests in the DNS of fire compartment wall 200 buffer memory 600.
If inquire the server address of the application P of these terminal 100 requests in DNS buffer memory 600, fire compartment wall is searched the IP prestige of the server address of application P.If do not inquire the server address of the application P of these terminal 100 requests in DNS buffer memory 600, the request of terminal 100 is sent to dns server 500, request by 500 pairs of terminals 100 of dns server is resolved, and the server address of the application P after resolving is back to fire compartment wall 200.
The server address of the application P that fire compartment wall 200 is inquired about or received is A, B, now querying server address A, B in IP credit database 700, supposing to inquire A is unsafe IP address, A is deleted from response message, and the server address of reservation is B.
Server address in response message is B, B is sent to terminal 100, and terminal 100 is according to access IP address B.If also comprise safe server address C in response message, the server address retaining in response message is B, C, IP prestige according to B, C sorts, for example the prestige of B is greater than the prestige of C, B is come C before, if the IP prestige of the B inquiring, C is identical, according to the order in original response message, arrange.
Server address B, the C retaining in response message is safe IP address, the response message that contains server address B, C can be sent to terminal 100, the server address B that IP prestige is higher offers terminal 100 as first-selected IP address, and in the DNS buffer memory 600 that the server address B retaining in response message, C are kept to fire compartment wall.
After user obtains server address B, can access services device B, thus can use application P.
Utilize said method, when dns resolution server address, the server address that IP prestige is low deleted from response message, make terminal cannot perception malice IP address, improved the whole efficiency of network-safeguard system.In addition, after parsing obtains a plurality of IP address, search and resolve a plurality of IP address obtaining in IP credit database, according to the height of IP prestige, sort, the IP address that IP prestige is high sends to terminal, the high server of IP prestige that terminal access receives.After sequence, changed the first-selected IP address in original response message, not only make terminal normally use application P, can also avoid the unsafe IP of terminal access address, improved the stability of application.
Simultaneously, utilize the DNS buffer memory in fire compartment wall to preserve the IP address that parsing obtains according to terminal request, in the time of need to resolving same request, directly in fire compartment wall, search, without being sent to dns server, resolve, improved and resolved the efficiency of terminal request, thereby improved the operational efficiency of terminal applies.
The data processing equipment that the data processing method of the embodiment of the present invention can provide by the embodiment of the present invention is carried out, the data processing method that the data processing equipment of the embodiment of the present invention also can provide for carrying out the embodiment of the present invention.
The embodiment of the present invention also provides a kind of data processing equipment for network safety prevention.
Fig. 4 is according to the schematic diagram of the data processing equipment of first embodiment of the invention.As shown in the figure, this data processing equipment comprises receiving element 10, resolution unit 20, judging unit 30, delete cells 40 and response unit 50.
Receiving element 10 is for the request of receiving terminal access application server.
User, when using terminal, cannot directly see the IP address of application server, and user sees the domain name that will access, for example service.aaa.com in terminal.If user needs access application, the safeguard such as fire compartment wall, after receiving user's access request, is resolved the domain name service.aaa.com of needs access.
Resolution unit 20 is for the IP address according to request analysis application server.
The IP address of resolving application server comprises and utilizes dns server to resolve IP address, also can in the DNS of fire compartment wall this locality buffer memory, search IP address.The method of utilizing dns server to resolve IP address can be utilized the method for the parsing IP address of dns server routine, because the method for utilizing dns server to resolve IP address is not that the present invention pays close attention to, at this, does not repeat.Utilize the particular content of the DNS cache lookup IP address of fire compartment wall this locality to have in the following embodiments corresponding description.
Judging unit 30 resolves for judging whether the IP address obtaining is unsafe IP address.
Utilize dns server to resolve the IP address obtaining, or in DNS buffer memory, find corresponding IP address, all need the judgement by fire compartment wall, take and determine whether the IP that parsing obtains is unsafe IP address.
In IP credit database, search and resolve the IP address obtaining, the IP prestige corresponding according to each IP address of storing in IP credit database, determines whether the IP address that this parsing obtains is unsafe IP address.
If it is low to find the IP prestige of the IP address that this parsing obtains in IP credit database, determine that resolving the IP address obtaining is unsafe IP address.
Delete cells 40, for resolving the IP address obtain while being unsafe IP address judging, is deleted unsafe IP address from response message.
After unsafe IP address is deleted from response message, terminal cannot the unsafe IP of perception address, therefore, can be good at avoiding the unsafe IP of terminal access address, has increased the fail safe that terminal makes application.
Response unit 50 is for being sent to terminal by the response message of deleting behind unsafe IP address.
After having deleted unsafe IP address, in response message, only included safe IP address, there is no unsafe IP address, therefore, any one IP address in terminal access response message is all safe, can both guarantee that terminal can be used application terminal, and the application server of access security.
If after having deleted unsafe IP address, there is no IP address in response message, return to terminal replying of cannot accessing.
Pass through the embodiment of the present invention, judgement resolves whether the IP address obtaining is unsafe IP address, if it is unsafe judging IP address, unsafe IP address is deleted from response message, and the response message of having deleted unsafe IP address is sent to terminal, make the terminal cannot the unsafe IP of perception address, and the application server that any one the IP address in terminal access response message can both access security.Because terminal can be utilized the safe IP address access application server except unsafe IP address, therefore, when certain application server of this terminal is unsafe server, can also utilize other safe application servers that this terminal can normally be used, improve the robustness of terminal program.
Simultaneously, when resolving the IP address of application server, can directly in DNS buffer memory, inquire about the IP address of application server, if can inquire this IP address, can send the request of resolving application server IP address to dns server, improve the efficiency of inquiry, further improved the efficiency of network protection.
Fig. 5 is according to the schematic diagram of the data processing equipment of second embodiment of the invention.As shown in the figure, this data processing equipment comprises: receiving element 10, resolution unit 20, judging unit 30 and delete cells 40, also comprise sequencing unit 60, message storage unit 70 and local memory cell 80.
Sequencing unit 60, for before the response message behind deletion unsafe IP address is sent to terminal, sorts the safe IP address in the response message of deleting behind unsafe IP address according to IP prestige.
After deleting unsafe IP address, IP prestige corresponding to safe IP address in IP credit database China inquiry response message, and according to the height of IP prestige, sorted in the IP address of safety.
Message storage unit 70 is for being kept at response message by the highest safe IP address of IP prestige.And
Higher owing to coming the IP prestige of IP address above in response message, terminal selects IP address forward in response message to conduct interviews as the IP address of application server conventionally, and the access speed of the higher application server of IP prestige and access stability are all better, therefore, the safe IP address after the height sequence according to IP prestige is kept in response message.
Local memory cell 80 is for preserving safe IP address in fire compartment wall this locality.
In the safe IP address of the local preservation of fire compartment wall, within certain time period, use this terminal, and while accessing this application server, can directly in the buffer memory of fire compartment wall, call corresponding IP address, without being sent to dns server, resolve, not only can guarantee the fail safe of the application server of terminal access, can also improve the protection efficiency of safeguard, improve barrier propterty.
By said method, the IP address that IP prestige is higher sends to terminal as first-selected IP address, for terminal provides more stable and safe application server, not only can guarantee user's access security, can also improve user and experience.
Further, resolution unit 20 comprises and searches module, judge module and transceiver module.
Search module for search the IP address of application server in fire compartment wall this locality.Judge module is for judging the IP address that whether finds application server in fire compartment wall this locality.Transceiver module when searching the IP address less than application server in fire compartment wall this locality, sends to dns server by request, and receives the IP address that dns server is resolved the application server obtaining.
There is DNS buffer memory fire compartment wall this locality, in DNS buffer memory, can store the IP address of application server, when resolving the IP address of terminal request access, first in DNS buffer memory, search the IP address corresponding with the application server of asking, if searched in the DNS of fire compartment wall buffer memory less than IP address corresponding to the application server with request, the request of this parsing application server IP address is sent to dns server, by dns server, resolve the IP address corresponding with application server, after dns server is resolved and is obtained the IP address corresponding with application server, the IP address that parsing is obtained returns to fire compartment wall, fire compartment wall receives whether the IP address of searching after parsing behind the IP address after parsing is safe IP address.
Further, resolution unit 20 comprises: search module for search the IP address of application server in fire compartment wall this locality.Judge module is for judging the IP address that whether finds application server in fire compartment wall this locality.And calling module is when finding the IP address of application server in fire compartment wall this locality, request is not sent to dns server, directly calls IP address the replying as dns server of the application server finding.
Similarly, if can find the IP address of application server in fire compartment wall this locality, without the request of resolving IP address is sent to dns server, direct IP address corresponding to the application server of search request in DNS buffer memory, if find the IP address corresponding with the application server of asking, directly call the IP address of searching, and whether the IP address that judgement finds is safe IP address.
No matter be to resolve by dns server the IP address obtaining, or the IP address that finds in fire compartment wall this locality, whether the IP address that all needs through fire compartment wall judgement to resolve to obtain safety.
In IP credit database, search and resolve the IP address obtain, judgement resolves whether the IP address obtaining is safe, if judged, to resolve the IP address obtaining be unsafe IP address, this unsafe IP address deleted from response message.
It should be noted that, resolving the IP address obtaining may be one or more, and terminal can have a plurality of IP address conventionally, has a first-selected IP address in a plurality of IP address, and terminal is according to first-selected IP address access application server.
Further, this data processing equipment also comprises message judging unit and transmitting element.
Message judging unit for by unsafe IP address after response message is deleted, judge whether the number of the safe IP address in response message is 0.
Transmitting element, for being in the number of judging the safe IP address of response message, sends the response message of disable access at 0 o'clock to terminal.
After being resolved to IP address, unsafe IP address is deleted from response message, unsafe IP address cannot be by terminal perception, and terminal cannot be accessed unsafe IP address naturally, thereby has guaranteed to use the fail safe of terminal access application server.Whether the number that judges the IP address in response message is 0, if judge the number of the IP address in response message, is 0, in response message, there is no safe IP address provision with using, and to terminal, sends the response message of disable access.If the number of the IP address in response message is not 0, sorted according to IP prestige in the IP address of safety, the response message that stores the IP address after sequence is sent to terminal, the IP address that IP prestige is the highest comes in response message front end as first-selected IP address, terminal is after receiving response message, according to first-selected IP address access application server, thereby make terminal security access application server.
By the present invention, first to resolving the IP address search IP prestige obtaining, unsafe IP address is deleted from response message, make the terminal cannot the unsafe IP of perception address, thereby guarantee terminal security access application server, further, after deleting unsafe IP address, the sequence of IP prestige is carried out in the IP address of safety, using the highest IP address of IP prestige as first-selected IP address, for terminal program access, thereby while making to be first-selected IP address in unsafe IP address, after deleting unsafe IP address, application program can also normally be used, utilize said method, not only guarantee the fail safe of terminal access application server, can also when unsafe IP address disable, terminal can also normally use, thereby solved the low problem of the barrier propterty of network-safeguard system in prior art, and then reached the effect of the barrier propterty that improves network-safeguard system.
It should be noted that, in the step shown in the flow chart of accompanying drawing, can in the computer system such as one group of computer executable instructions, carry out, and, although there is shown logical order in flow process, but in some cases, can carry out shown or described step with the order being different from herein.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. for a data processing method for network safety prevention, it is characterized in that, comprising:
The request of receiving terminal access application server;
According to described request, resolve the IP address of described application server;
Judgement resolves whether the IP address obtaining is unsafe IP address;
If judging and resolving the IP address obtaining is unsafe IP address, described unsafe IP address is deleted from response message; And
The described response message of deleting behind described unsafe IP address is sent to described terminal.
2. data processing method according to claim 1, is characterized in that, before the described response message behind deletion described unsafe IP address is sent to described terminal, described data processing method also comprises:
Sorted according to IP prestige in safe IP address in the described response message of deleting behind described unsafe IP address;
Order according to the described IP prestige after sequence is kept at safe IP address in described response message; And
In the local described safe IP address of preserving of fire compartment wall.
3. data processing method according to claim 1, is characterized in that, according to the IP address of application server described in the request analysis of described access services device, comprises:
In fire compartment wall this locality, search the IP address of described application server;
Whether judgement finds the IP address of described application server in described fire compartment wall this locality; And
If search the IP address less than described application server in described fire compartment wall this locality, described request is sent to dns server, and receive the IP address that described dns server is resolved the described application server obtaining.
4. data processing method according to claim 1, is characterized in that, according to the IP address of application server described in the request analysis of described access services device, comprises:
In fire compartment wall this locality, search the IP address of described application server;
Whether judgement finds the IP address of described application server in described fire compartment wall this locality; And
If find the IP address of described application server in described fire compartment wall this locality, described request is not sent to dns server, directly call IP address the replying as described dns server of the described application server finding.
5. data processing method according to claim 1, is characterized in that, after described unsafe IP address is deleted from response message, described data processing method also comprises:
Whether the number that judges the safe IP address in described response message is 0;
If judging the number of the safe IP address in described response message is 0, to described terminal, send the response message of disable access.
6. for a data processing equipment for intranet security protection, it is characterized in that,
Receiving element, for the request of receiving terminal access application server;
Resolution unit, for resolving the IP address of described application server according to described request;
Judging unit, resolves for judging whether the IP address obtaining is unsafe IP address;
Delete cells for resolving the IP address obtain while being unsafe IP address judging, is deleted described unsafe IP address from response message; And
Response unit, for being sent to described terminal by the described response message of deleting behind described unsafe IP address.
7. data processing equipment according to claim 6, is characterized in that, described data processing equipment also comprises:
Sequencing unit, for before the described response message behind deletion described unsafe IP address is sent to described terminal, sorts the safe IP address in the described response message of deleting behind described unsafe IP address according to IP prestige;
Message storage unit, for being kept at described response message by the highest safe IP address of described IP prestige; And
Local memory cell, for preserving described safe IP address in fire compartment wall this locality.
8. data processing equipment according to claim 6, is characterized in that, described resolution unit comprises:
Search module, for search the IP address of described application server in fire compartment wall this locality;
Judge module, for judging the IP address that whether finds described application server in described fire compartment wall this locality; And
Transceiver module, when searching the IP address less than described application server in described fire compartment wall this locality, sends to dns server by described request, and receives the IP address that described dns server is resolved the described application server obtaining.
9. data processing equipment according to claim 6, is characterized in that, described resolution unit comprises:
Search module, for search the IP address of described application server in fire compartment wall this locality;
Judge module, for judging the IP address that whether finds described application server in described fire compartment wall this locality; And
Calling module, when finding the IP address of described application server in described fire compartment wall this locality, does not send to dns server by described request, directly calls IP address the replying as described dns server of the described application server finding.
10. data processing equipment according to claim 6, is characterized in that, described data processing equipment also comprises:
Message judging unit, for by described unsafe IP address after response message is deleted, judge whether the number of the safe IP address in described response message is 0;
Transmitting element, is 0 o'clock for the number judging the safe IP address of described response message, sends the response message of disable access to described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751667.0A CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751667.0A CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103685318A true CN103685318A (en) | 2014-03-26 |
| CN103685318B CN103685318B (en) | 2017-09-12 |
Family
ID=50321632
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310751667.0A Active CN103685318B (en) | 2013-12-31 | 2013-12-31 | Data processing method and device for network safety prevention |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103685318B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135187A (en) * | 2016-02-29 | 2017-09-05 | 阿里巴巴集团控股有限公司 | Preventing control method, the apparatus and system of network attack |
| CN108667783A (en) * | 2017-04-01 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of Accurate Interception methods, devices and systems for IP address |
| CN110266684A (en) * | 2019-06-19 | 2019-09-20 | 北京天融信网络安全技术有限公司 | A kind of domain name system security means of defence and device |
| CN113542292A (en) * | 2021-07-21 | 2021-10-22 | 江南信安(北京)科技有限公司 | Intranet safety protection method and system based on DNS and IP credit data |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| US20060112176A1 (en) * | 2000-07-19 | 2006-05-25 | Liu Zaide E | Domain name resolution using a distributed DNS network |
| US20070180090A1 (en) * | 2006-02-01 | 2007-08-02 | Simplicita Software, Inc. | Dns traffic switch |
| CN101227467A (en) * | 2008-01-08 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method for managing black list |
| US20090064332A1 (en) * | 2007-04-04 | 2009-03-05 | Phillip Andrew Porras | Method and apparatus for generating highly predictive blacklists |
| CN101815104A (en) * | 2010-03-19 | 2010-08-25 | 中兴通讯股份有限公司 | Network protocol address feedback method and domain name resolution server |
| CN102571738A (en) * | 2010-12-08 | 2012-07-11 | 中国电信股份有限公司 | Intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and system thereof |
| CN102891794A (en) * | 2011-07-22 | 2013-01-23 | 华为技术有限公司 | Data packet transmission control method and gateway device |
| CN103269389A (en) * | 2013-06-03 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for detecting and repairing malicious DNS setting |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
-
2013
- 2013-12-31 CN CN201310751667.0A patent/CN103685318B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060112176A1 (en) * | 2000-07-19 | 2006-05-25 | Liu Zaide E | Domain name resolution using a distributed DNS network |
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| US20070180090A1 (en) * | 2006-02-01 | 2007-08-02 | Simplicita Software, Inc. | Dns traffic switch |
| US20090064332A1 (en) * | 2007-04-04 | 2009-03-05 | Phillip Andrew Porras | Method and apparatus for generating highly predictive blacklists |
| CN101227467A (en) * | 2008-01-08 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method for managing black list |
| CN101815104A (en) * | 2010-03-19 | 2010-08-25 | 中兴通讯股份有限公司 | Network protocol address feedback method and domain name resolution server |
| CN102571738A (en) * | 2010-12-08 | 2012-07-11 | 中国电信股份有限公司 | Intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and system thereof |
| CN102891794A (en) * | 2011-07-22 | 2013-01-23 | 华为技术有限公司 | Data packet transmission control method and gateway device |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
| CN103269389A (en) * | 2013-06-03 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for detecting and repairing malicious DNS setting |
Non-Patent Citations (1)
| Title |
|---|
| 雷葆华等: "《CDN技术详解》", 30 June 2012 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135187A (en) * | 2016-02-29 | 2017-09-05 | 阿里巴巴集团控股有限公司 | Preventing control method, the apparatus and system of network attack |
| WO2017148263A1 (en) * | 2016-02-29 | 2017-09-08 | 阿里巴巴集团控股有限公司 | Prevention and control method, apparatus and system for network attack |
| CN108667783A (en) * | 2017-04-01 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of Accurate Interception methods, devices and systems for IP address |
| CN108667783B (en) * | 2017-04-01 | 2019-05-17 | 北京数安鑫云信息技术有限公司 | A kind of Accurate Interception methods, devices and systems for IP address |
| CN110266684A (en) * | 2019-06-19 | 2019-09-20 | 北京天融信网络安全技术有限公司 | A kind of domain name system security means of defence and device |
| CN113542292A (en) * | 2021-07-21 | 2021-10-22 | 江南信安(北京)科技有限公司 | Intranet safety protection method and system based on DNS and IP credit data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103685318B (en) | 2017-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10594728B2 (en) | Detection of domain name system hijacking | |
| CN103825895B (en) | A kind of information processing method and electronic equipment | |
| US9325560B2 (en) | Method, device and system for providing web page content according to user ranking | |
| CN105162768B (en) | The method and device of detection fishing Wi-Fi Hotspot | |
| EP2924941B1 (en) | Method and device for preventing service illegal access | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| CN103957201A (en) | Method, device and system for processing domain name information based on DNS | |
| US9021085B1 (en) | Method and system for web filtering | |
| CN102638448A (en) | Method for judging phishing websites based on non-content analysis | |
| CN107342913B (en) | Detection method and device for CDN node | |
| CN108156270B (en) | Domain name request processing method and device | |
| CN110198332B (en) | Scheduling method and device for content distribution network node and storage medium | |
| CN109246078B (en) | Data interaction method and server | |
| CN110769080B (en) | Domain name resolution method, related product and computer readable storage medium | |
| US20170171147A1 (en) | Method and electronic device for implementing domain name system | |
| CN103685318A (en) | Data processing method and device for protecting network security | |
| CN105915621A (en) | Data access method and pretreatment server | |
| CN106550056A (en) | A kind of domain name analytic method and device | |
| CN103581351A (en) | Method and device for having access to network | |
| CN109660552A (en) | A kind of Web defence method combining address jump and WAF technology | |
| JP2018520422A (en) | Method and device for querying short-range objects | |
| CN110708309A (en) | Anti-crawler system and method | |
| CN102594846A (en) | IP (Internet Protocol) header information based shared access management algorithm and system | |
| CN104144170A (en) | URL filtering method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: SHANSHI NETWORK COMMUNICATION TECHNOLOGY CO., LTD. Address before: 215163 3rd Floor, 7th Building, High-tech Software Park, 78 Keling Road, Suzhou Science and Technology City, Jiangsu Province Patentee before: HILLSTONE NETWORKS |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220119 Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: Shanshi Netcom Communication Technology Co.,Ltd. Patentee after: Jingyi Zhiyuan (Wuhan) Information Technology Co., Ltd Address before: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee before: Shanshi Netcom Communication Technology Co.,Ltd. |