Internet Anti-spoofing System
● Solution Overview
This is a solution alerting and managing phishing URLs, and is called “Internet anti-spoofing system” for short.
This system is deployed on the network side of a carrier. When the system is used with Tencent Security, it loads the malicious URL database that is the most complete in the industry, compares and queries all URLs that users access, filters requests of accessing malicious URLs, and pushes police authoritative reminder pages; or directly intercepts the access and pushes real-time notification messages, thus effectively safeguarding people's property and security.
● Technical Principle
1.When a user access a URL, the DPI device obtains flow of the user access request.
2.The anti-spoofing gateway parses and compares the URL with that in a database.
3.If the URL is matched with a malicious URL, a redirection request is sent to the user. Upon receiving the request, the user terminal accesses the material server.
4.The preset alert page authorized by the policy department is shown to the user.
● Typical Deployment
The frontend processing system obtains uplink traffic of port 80 in bypass mode through an optical splitter or a parser, analyzes the online behavior of users, and processes the accesses to malicious URLs in real time to intercept the accesses. The interception messages are sent to the users through the pushing service reinjection port.
In a fixed network, the frontend devices are deployed on the egress port side of the MAN or provincial network. In the 4G network, the frontend devices are deployed in the core equipment room to obtain flows of the S1-U, S11, S6a, S1-MME, and S5/8 links through splitters and provide the notification packet reinjection port in the Gi port direction of the SAE gateway.
● Success Case
By the end of 2018, the anti-spoofing system of Wuhan GREENET has been deployed and brought online in Guangdong, Anhui, Inner Mongolia, Chongqing, and Sichuan, and the number of network fraud cases has been controlled effectively.