Recent network security events for DNS servers

A recent incident about DNS 1 Anhui Province network paralysis 3 hours may be hacker attack: Link 10th 7 o'clock in the evening Xu, a large-scale network of abnormal swept Anhui province, until the evening 10 o'clock, the network to resume unobstructed. During the course of network games, chat tools, such as normal use, only open the page when the slow, and finally can only show "you specify the Web page is not accessible!" "Telecom said the machine fault, experts believe that the possibility of a larger hacker attack." Mr. Quine, of the Network Information Management Center in Anhui province, said that "machine failure" in general would not cause massive network paralysis. The main cause of the network paralysis is that DNS is attacked and the network is overloaded. "DNS function is to resolve the domain name, so that visitors to access to the URL, once the DNS paralysis, will cause the Web site can not be accessed." Hackers simply send a large number of packets to DNS, which can easily paralyze them. Overloading the network is more normal, can also cause Web pages can not log on, but by restarting the device or using the backup device can easily solve the problem. In the event of a massive network paralysis, Mr Quine argues that hacking is more likely. According to the "Hefei Evening News" 2 computer non-toxic five horses, access to hao123 navigation sites such as automatic jump to malicious navigation sites (such as www.77191.com,www.17392.com, etc.), after a simple test of the vast majority of well-known Web site navigation sites will be jumped to the malicious navigation site. Recent cases have begun to increase. It seems that the new rogue software into the system will tamper with the user's computer default DNS server settings, will he point to the establishment of the DNS server, the malicious DNS server is the purpose of the normal navigation site to resolve the domain name to malicious IP, while shielding well-known anti-virus manufacturers. I tested several well-known security vendors website, found that Duba official website can not complete the analysis is actually malicious DNS server malicious shielding duba.net resolution. 498) this.width=498, ' OnMouseWheel = ' javascript:return big (This) ' Class=blogimg border=0 src= ' http://images.51cto.com /files/uploadimg/20100913/1057280.jpg "small=" 0 "> Two DNS: more relevant please click http://hi.baidu.com/fuxudong/blog/item/ 95c727ce770b4134b700c877.html we all know, when we are surfing the Internet, usually input is the web site such as www.baidu.com, and computer network computers can only be identified with each other through IP address. We want to Baidu, we can in IE Address bar input www.baidu.com URL Access, can also directly input IP 220.181.6.18 access, obviously remember IP address than remember the URL is much more difficult, so there is DNS silently in the computer backstage hard to translate the URL into IP address. Purple we just have to remember that the URL can be normal access to the site once the DNS server has failed, then we will appear clearly can dial the Internet, but is unable to visit the site, sometimes more interesting is to be able to QQ but not online. More serious is the normal DNS server address by virus Trojan rogue software tampering. The computer is only mechanized to convert a URL to a specific IP for access, can not verify that the IP is not safe. So rogue software can hao123.com resolution to malicious navigation site, and theft Trojan can be resolved to a phishing website. So unknowingly in the rogue was stolen number you may not be shady.