Shulou(Shulou.com)06/01 Report--

Service provider hijacking can be roughly divided into two ways:

1. The way DNS is forced to parse

2. 302 jump of access request.

But both of these methods can be detected.

Iis7 website monitoring

Check whether the domain name is walled, DNS pollution detection, website opening speed detection, website hijacking and so on.

DNS forced resolution is to direct user traffic to the cache server by modifying the operator's local DNS record. The way it works is as follows:

User initiates access request through domain name

Request for resolution through local DNS

Operator DNS sets a mandatory resolution policy; that is, all requests for the domain name are resolved to a pre-written server

Interactive access from end users to hijacked servers

If the hijacked server has the required access content, it returns the response directly to the user; if not, it goes to the origin server to synchronize the content.

The way of jumping is mainly different from that of DNS forced parsing in the way of drainage. Content cache is to analyze and determine which content can be hijacked by monitoring the traffic at the exit of the network. Then initiate a 302 hop reply to the hijacked memory to guide the user to get the content. It needs to perform port mirroring or splitter processing on the uplink request traffic. It can be understood as copying a copy of upstream traffic information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.