CN106211161B - Equipment countercheck method and device - Google Patents

Equipment countercheck method and device Download PDF

Info

Publication number
CN106211161B
CN106211161B CN201610482055.XA CN201610482055A CN106211161B CN 106211161 B CN106211161 B CN 106211161B CN 201610482055 A CN201610482055 A CN 201610482055A CN 106211161 B CN106211161 B CN 106211161B
Authority
CN
China
Prior art keywords
equipment
reversed
execution
parameters
copied
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610482055.XA
Other languages
Chinese (zh)
Other versions
CN106211161A (en
Inventor
廖亮
刘志君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610482055.XA priority Critical patent/CN106211161B/en
Publication of CN106211161A publication Critical patent/CN106211161A/en
Application granted granted Critical
Publication of CN106211161B publication Critical patent/CN106211161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Abstract

The embodiment of the invention disclosesA device counter-control method and a device are provided, which are applied to an access controller, and the method comprises the following steps: monitoring detection messages fed back by Access Points (AP) in each Virtual Security Domain (VSD), and generating equipment information of wireless equipment according to the detection messages, wherein the equipment information comprises equipment parameters; determining a device to be countered from the wireless device according to the configured countermaking strategy and the device information; the equipment to be reversed is reversed through executing equipment, wherein the executing equipment is the top N which is sorted from large to small based on the equipment parameters of the equipment to be reversed1An AP, the N1Is a positive integer. By applying the embodiment of the invention, the equipment counter effect is improved.

Description

Equipment countercheck method and device
Technical Field
The invention relates to the technical field of network security, in particular to a device counter-control method and device.
Background
As shown in fig. 1, the WLAN includes at least one Access Controller (AC), each AC is responsible for managing wireless connections of devices in at least one VSD (Virtual Security Domain), where the VSDs may overlap, each AC downloads at least one AP (Access Point) (the AP includes a probe AP and a normal AP), the APs downloaded by the AC are distributed in each VSD, the normal AP provides wireless Access service for the client, and the probe AP performs tasks such as detection and countercheck of each device in the local VSD.
In order to ensure the security of the client accessing the WLAN, the process of countering illegal devices such as illegal APs and illegal clients accessing the WLAN includes:
1. each detection AP scans wireless equipment in a radio frequency range of the detection AP, and reports scanned equipment information to an AC in communication connection with the detection AP;
2. after receiving the wireless device information, the AC classifies the devices according to the device information and a classification strategy preset in the VSD1 to which the detection AP belongs to generate a device type information table;
3. when a counter policy corresponding to the VSD1 is recorded in the AC and the device type information table of the VSD1 includes the counter device type in the counter policy, a counter list is issued to the probe AP in the VSD1, and if the counter list includes the information of the device F, the device F is a device to be counter-controlled, and the probe AP performs counter-control on the device F to cut off the wireless connection of the device F. If a device F is on the edge of the VSD1 and only the counter-measure for the corresponding device F is configured within the VSD1, there is a problem in that the counter-measure for the device F by the probe AP within the VSD1 is poor.
Disclosure of Invention
The embodiment of the invention discloses a device counter-control method and a device, which aim to improve the counter-control effect of the device.
In order to achieve the above object, an embodiment of the present invention discloses an apparatus counter-control method, which is applied to an access controller, and the method includes:
monitoring detection messages fed back by Access Points (AP) in each Virtual Security Domain (VSD), and generating equipment information of wireless equipment according to the detection messages, wherein the equipment information comprises equipment parameters;
determining a device to be countered from the wireless device according to the configured countermaking strategy and the device information;
the equipment to be reversed is reversed through executing equipment, wherein the executing equipment is the top N which is sorted from large to small based on the equipment parameters of the equipment to be reversed1An AP, the N1Is a positive integer.
In one implementation manner of the present invention, the device parameters include: receiving a signal strength indicator (RSSI) value and a time parameter;
before the device to be reversed is reversed by the executing device, the method further comprises:
sequencing the APs according to the equipment parameters of the equipment to be countermade;
selecting the top N from large to small according to the sequencing result of the RSSI values2An AP, the N2Is a positive integer;
selecting the top N from large to small according to the sequencing result of the time parameters3An AP, the N3Is a positive integer;
from N2AP and N3AP, determining N1And (4) an AP.
In an implementation manner of the present invention, the performing, by an executing device, a copy of the device to be copied includes:
issuing a copy list corresponding to the device to be copied to an execution device;
and when the time length of issuing the copy list corresponding to the equipment to be copied exceeds first preset time, clearing the copy list corresponding to the equipment to be copied in the execution equipment.
In an implementation manner of the present invention, after issuing the copy list to the execution device, the method further includes:
and when the detection message corresponding to the equipment to be reversed and fed back by the execution equipment is not received within second preset time, clearing a reverse list corresponding to the equipment to be reversed in the execution equipment.
In one implementation manner of the present invention, the AP includes a probe AP and a normal AP, wherein a resource occupancy rate of the normal AP is lower than a preset threshold.
The invention also provides a device for equipment countercheck, which is applied to the access controller, and the device comprises:
the monitoring unit is used for monitoring detection messages fed back by the access points AP in each virtual security domain VSD and generating equipment information of the wireless equipment according to the detection messages, wherein the equipment information comprises equipment parameters;
a determining unit, configured to determine a device to be controlled from the wireless device according to the configured control policy and the device information;
a copy unit, configured to copy the device to be copied through an execution device, where the execution device is the top N sorted from large to small based on device parameters of the device to be copied1An AP, the N1Is a positive integer.
In one implementation manner of the present invention, the device parameters include: receiving a signal strength indicator (RSSI) value and a time parameter;
the device, still include:
a selection unit for selecting the equipment parameter according to the equipment to be controlledSequencing the APs; selecting the top N from large to small according to the sequencing result of the RSSI values2An AP, the N2Is a positive integer; selecting the top N from large to small according to the sequencing result of the time parameters3An AP, the N3Is a positive integer; from N2AP and N3AP, determining N1And (4) an AP.
In one implementation of the present invention, the countering unit includes:
the issuing module is used for issuing a copy list corresponding to the device to be copied to the execution device;
and the clearing module is used for clearing the reverse list corresponding to the equipment to be reversed in the execution equipment when the time for issuing the reverse list corresponding to the equipment to be reversed exceeds first preset time.
In an implementation manner of the present invention, the clearing module is further configured to:
and when the detection message corresponding to the equipment to be reversed and fed back by the execution equipment is not received within second preset time, clearing a reverse list corresponding to the equipment to be reversed in the execution equipment.
In one implementation manner of the present invention, the AP includes a probe AP and a normal AP, wherein a resource occupancy rate of the normal AP is lower than a preset threshold.
As can be seen from the above, in the embodiment of the present invention, after the AC determines the device to be controlled, according to the device information, the top N in the descending order of the device parameters corresponding to the device to be controlled is selected by the AC1And the AP is used as an execution device and is used for copying the device to be copied through the selected execution device. The AP for executing the reverse control is considered from the whole network, the AP with the best reverse control effect on the equipment to be subjected to the reverse control can be selected, and the reverse control effect of the equipment is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a WLAN network in the background art;
fig. 2 is a schematic flow chart of an apparatus reverse control method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a WLAN network according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus reaction device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present invention will be described in detail below with reference to specific examples.
Referring to fig. 2, fig. 2 is a schematic flowchart of a device counter-control method according to an embodiment of the present invention, where the method is applied to an access controller, and includes:
s201: monitoring detection messages fed back by the AP in each VSD, and generating equipment information of the wireless equipment according to the detection messages;
here, the detecting the message may include: RSSI (received Signal Strength Indicator) and device identification; the device information generated according to the detection packet may include: RSSI values, time parameters, device identification, and the like. The RSSI value, the time parameter, and the like may be collectively referred to as device parameters, and the device parameters may be used to evaluate how effective the AP performs the device countermeasure.
The device identification may include: one or more of a Media Access Control (MAC) address, an Internet Protocol (IP) address, and the like of the wireless device. When the wireless device is subjected to the copy-back, the corresponding device to be copied can be found according to the device identifier of the device to be copied, and the copy-back is carried out.
In one implementation of the invention, the APs within each VSD may be at preset time intervals T1Scanning wireless equipment in a radio frequency range, and reporting a detection message aiming at the wireless equipment to an AC (access controller) by the AP every time the AP scans the wireless equipment; in addition, after scanning the wireless device, the AP may also follow the preset time interval T2And reporting the detection messages aiming at all the scanned wireless devices to the AC. Suppose, a predetermined time interval T1Is 1s, a preset time interval T2Is 10s, AP1At 10:00:01, wireless device D is scanned1Then AP1Can be directed to D1Sends the detection message to AC, AP is in 10:00:021Scan to the wireless device D2Then AP1Will then be directed to D2The detection message is sent to the AC, so that the AC can obtain the information of the wireless equipment in time; in addition, AP1The wireless device may be scanned every 1s, if D is scanned between 10:00:01 and 10:00:101、D2And D3Then it can be for D at 10:00:101、D2And D3The detection message is sent to the AC instead of being reported once every time of scanning, so that the workload of the AP is reduced.
After receiving the detection packet for the wireless device fed back by the AP, the AC may generate device information for each wireless device in combination with the time of receiving the detection packet.
It should be noted that the AP may be a probe AP, and in the VSD, the probe AP is configured to detect the wireless device and report a detection message for the wireless device to the AC, and may also receive a counter list issued by the AC, and counter-control the device to be counter-controlled according to the counter list, but the probe AP does not forward the data message. In addition, under the condition that the resource in the VSD is left relatively large, the ordinary AP performing data packet forwarding may also have a function of device copy, that is, the ordinary AP may receive a copy list issued by the AC, and copy the device to be copied according to the copy list, so that the ordinary AP has a function of detecting the AP. For example, when the system resource occupancy of the ordinary AP is lower than a preset resource threshold (e.g., CPU occupancy of the ordinary AP, etc.), it is determined that the resource remaining of the ordinary AP is large, so as to notify the ordinary AP to also detect the wireless device in the VSD where the ordinary AP is located, and periodically report a detection message to the AC. When the AC receives the detection message of the normal AP, the processing is the same as that of the probe AP, and will not be described here. And when the system resource occupation of the common AP is higher than a preset resource threshold value, the AP is informed not to detect and report.
S202: determining equipment to be subjected to the countercheck from the wireless equipment according to the configured countercheck strategy and the equipment information;
in an implementation manner of the present invention, the wireless device in the network includes an AP, a client, and the like, and based on the configured countering policy, the device to be countering may be: one or more of an external AP, a potential external AP, an AP with wrong configuration, a potential authorized AP, a forbidden AP (Rogue AP), an AP with undetermined classification, a potential Rogue AP, an unauthorized client, a client with wrong association, and a client with undetermined classification.
After the AC generates the device information of the wireless device, the wireless device is classified according to the classification strategy, and a device type information table is generated.
And after the AC classifies the wireless equipment, the equipment to be copied is determined according to the copy strategy corresponding to the VSD and the equipment type information of the wireless equipment.
In one implementation of the invention, the configured countering policies for each VSD in the AC can be different, and different devices to be countering can be determined according to the countering policies of different VSDs, e.g., wireless device F can be determined to be a device to be countering according to the configured countering policy for the first VSD, but when the configured countering policy for the second VSD is used, it can be determined that wireless device F is not a device to be countering.
In a WLAN (Wireless local area network), each wireless device has roaming properties, i.e. one wireless device can only be VSD at the current time1AP-in detects, perhaps the next moment VSD1Cannot detect the wireless device, and the VSD2The AP in the system can detect the wireless device, in addition, a plurality of VSDs can all detect one wireless device, if the wireless device is determined to be a device to be copied in at least two VSDs according to a copy-back strategy, one VSD can be selected from the VSDs corresponding to the device to be copied, and the wireless device can be copied. Such as: and determining the VSD where the AP with the maximum RSSI value of the device to be reversed is located as the VSD for executing the reversing strategy of the device to be reversed. Therefore, the problem that network resources are wasted due to the fact that the devices to be reversed are reversed simultaneously in the VSDs is avoided.
S203: and the equipment to be reversed is reversed through the execution equipment.
The RSSI value and the time parameter in the equipment parameters are important parameters for evaluating the quality of the effect of the AP on executing the equipment countermeasure, and the larger the RSSI value is, the better the effect of the AP corresponding to the RSSI value on the wireless equipment countermeasure is; the greater the time parameter (i.e., the more recent the time detected), the more accurately the location of the wireless device at the present stage can be represented, thereby better countering. The time parameter may be a time when the AC receives the device information fed back by the AP, a time when the AP detects the device F, and the like. In practical applications, the APs may be ranked based on multiple device parameters, or the APs may be ranked based on only one device parameter.
By combining the equipment parameters, the equipment parameters of the equipment to be counterfeited can be sorted from large to small, and the top N is determined1The AP is taken as an executive device, namely, the executive device is the top N ordered from large to small based on the device parameters of the device to be controlled1AP, here, N1Is a positive integer. Specifically, the process of determining the executing device may include:
s01, sequencing the APs according to the equipment parameters of the equipment to be countered;
specifically, the APs are sorted according to the RSSI values, and the APs are sorted according to the time parameters.
S02, selecting the top N from big to small according to the sorting result of the RSSI values2AP, N2Is a positive integer;
to ensure the effect of countering the equipment to be countering, N2A value not less than 2 may be set.
Suppose, N2For 2, the AP1 has an RSSI value of 54 for the device to be reverted, AP2RSSI value of equipment to be reversed is 48, AP3RSSI value of the device to be reversed is 64, 64>54>48, the AP1 and the AP3 may be selected to copy the device to be copied.
S03, selecting the top N from big to small according to the sorting result of the time parameters3AP, N3Is a positive integer;
the AP with the maximum RSSI value of the device to be controlled can acquire the information of the device to be controlled earlier, and because the wireless device has roaming property, the AP may not detect the device to be controlled at the current moment or the RSSI value of the device to be controlled is reduced, at the moment, in order to ensure the effect of controlling the device to be controlled, N3A value not less than 1 may be set.
It is noted that S1 may be executed before S2, after S2, or simultaneously with S2, and S1 and S2 have no fixed execution order. N is a radical of2AP and N3There may be the same AP in one AP, e.g., AP1Not only the AP with the maximum RSSI value of the equipment to be controlled but also the AP corresponding to the latest time parameter, so N2AP and N3All of them include the AP1
S04, Slave N2AP and N3AP, determining N1And (4) an AP.
In particular, it can be selected from N2AP and N3Randomly selecting N from AP1An AP; the RSSI value and the time parameter can also be integrated to sequence the APs, and the top N is selected from large to small1And (4) an AP. N is a radical of1、N2And N3The size relationship between the two is to satisfy N2+N3≥N1
It is worth mentioning that N1The APs may be included in each VSD.
After the execution device is determined, the AC may issue a copy list corresponding to the device to be copied to the execution device, and the execution device copies the device to be copied according to the copy list corresponding to the device to be copied.
In an implementation manner of the present invention, after the AC issues the copy list corresponding to the device to be copied to the execution device, if the AC can also receive the detection packet for the device to be copied, this may be understood as: the device to be subjected to the reverse control is not successfully controlled all the time, and the reverse control effect of the execution device on the device to be subjected to the reverse control is poor.
In this case, a time (a first preset time) may be preset on the AC, and if the duration of issuing the copy list corresponding to the device to be copied by the AC exceeds the first preset time, and the AC can also receive the detection message for the device to be copied, which is fed back by the AP, the copy list corresponding to the device to be copied in the execution device is cleared, specifically,
s11, the AC sends a deleting instruction to the execution equipment;
and S12, the execution equipment deletes the copy list corresponding to the equipment to be copied according to the deletion instruction.
Therefore, the situation that the useless reverse list occupies the storage space of the execution equipment and influences the working efficiency of the execution equipment is effectively avoided, and meanwhile, the situation that the execution equipment continuously reverses the reverse equipment to be treated according to the reverse list and wastes network resources is avoided.
In an implementation manner of the present invention, after the copy list corresponding to the device to be copied in the execution device is cleared, a new execution device may be determined again, and the device to be copied is copied through the new execution device.
In another implementation manner of the present invention, a second preset time may be preset on the AC, after the AC issues the copy list corresponding to the device to be copied to the execution device, if the detection message for the device to be copied sent by the AP in each VSD is not received within the second preset time period, it indicates that the device to be copied is successfully copied, and the AC may issue a deletion instruction to the execution device to instruct the execution device to delete the copy list corresponding to the device to be copied, so as to avoid that the copy list corresponding to the device to be copied that has been successfully copied occupies a storage space of the execution device and affects the working efficiency of the execution device.
The process of the plant reaction is described below in connection with an example.
Suppose, as shown in FIG. 3, that the AC is responsible for managing 3 VSDs, one VSD for each1、VSD2And VSD3At the VSD1Including 3 probe APs are: sounding APs1Sounding AP2And sounding the AP3Detecting AP1Sounding AP2And sounding the AP34 wireless devices D can be detected1、D2、D3And D4And the 4 wireless devices are all devices to be controlled reversely, and in addition, the VSD2Including 1 sounding AP4,VSD3Including 1 sounding AP5,AP4And AP5All can detect D2And D3The RSSI value of each probe AP for each wireless device is shown in table 1.
TABLE 1
Sounding APs1 Sounding APs2 Sounding APs3 Sounding APs4 Sounding APs5
D1 65 34 63 0 0
D2 55 49 72 75 41
D3 68 74 47 59 80
D4 69 57 32 0 0
The time parameter (time in minutes and seconds) of the detection message received by the AC from each wireless device is shown in table 2.
TABLE 2
Sounding APs1 Sounding APs2 Sounding APs3 Sounding APs4 Sounding APs5
D1 10:00:07 10:00:01 10:00:04 0 0
D2 10:00:03 10:00:07 10:00:03 10:00:02 10:00:02
D3 10:00:04 10:00:05 10:00:07 10:00:03 10:00:01
D4 10:00:02 10:00:06 10:00:07 0 0
Suppose, N1Is 3, N2Is 2, N3Is 1, with D1For example, the AP pairs D are probed according to each of Table 11RSSI value of, for D1The sequencing result of the RSSI values is as follows: 34<63<65, the ordering result of the APs is: sounding APs2<Sounding APs3<Sounding APs1Then 2 APs may be selected as: sounding APs1And AP3(ii) a From each sounding AP pair D in Table 21Time parameter of D1The sequencing result of the time parameters is as follows: 10:00:01<10:00:04<10:00:07, the ordering result of the AP is: sounding APs2<Sounding APs3<Sounding APs1Then 1 AP can be selected as: sounding APs1(ii) a Thus selecting the pair D1The 3 APs (executing devices) that perform the reverse are: sounding APs1And sounding the AP3
In addition, by combining the RSSI value of each probe AP to the wireless device in table 1 and the time parameter of the AC receiving the detection packet of each wireless device in table 2, it can be determined that:
the 3 APs that reverse D2 are: probe AP2, probe AP3, and probe AP 4;
the 3 APs that reverse D3 are: probe AP2, probe AP3, and probe AP 5;
the 3 APs that reverse D4 are: probe AP1, probe AP2, and probe AP 3.
In this case, a reply list for each probe AP is generated, and the reply list includes the magnitude of the RSSI value of the probe AP for each wireless device, as shown in tables 3 to 7.
TABLE 3
Sounding APs1
D1 65
D4 69
TABLE 4
Sounding APs2
D2 49
D3 74
D4 57
TABLE 5
Sounding APs3
D1 63
D2 72
D3 47
D4 32
TABLE 6
Sounding APs4
D2 75
TABLE 7
Sounding APs5
D3 80
And issuing each reverse list to the corresponding detection AP, and reversing the equipment to be reversed by the detection AP according to the obtained reverse list.
By applying the above embodiments, after the AC determines the device to be reversed, the first N in the order of the device parameters corresponding to the device to be reversed from large to small is selected according to the device information1And the AP is used as an execution device and is used for copying the device to be copied through the selected execution device. The AP for executing the reverse control is considered from the whole network, the AP with the best reverse control effect on the equipment to be subjected to the reverse control can be selected, and the reverse control effect of the equipment is further improved.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an apparatus reversing device provided in an embodiment of the present invention, applied to an AC, where the apparatus includes:
a monitoring unit 401, configured to monitor a detection packet fed back by an access point AP in each virtual security domain VSD, and generate device information of a wireless device according to the detection packet, where the device information includes device parameters;
a determining unit 402, configured to determine a device to be controlled from the wireless device according to the configured control policy and the device information;
a copy unit 403, configured to copy the device to be copied through an execution device, where the execution device is the top N sorted from large to small based on the device parameters of the device to be copied1An AP, the N1Is a positive integer.
In one implementation manner of the present invention, the device parameters include: RSSI values and time parameters;
the device countering apparatus may further include:
a selecting unit (not shown in fig. 4) configured to sort the APs according to the device parameters of the device to be controlled; selecting the top N from large to small according to the sequencing result of the RSSI values2An AP, the N2Is a positive integer; selecting the top N from large to small according to the sequencing result of the time parameters3An AP, the N3Is a positive integer; from N2AP and N3AP, determining N1And (4) an AP.
In an implementation manner of the present invention, the countering unit 403 may include:
an issuing module (not shown in fig. 4) configured to issue a copy list corresponding to the device to be copied to the execution device;
a clearing module (not shown in fig. 4) configured to clear the copy list corresponding to the device to be copied in the execution device when a duration of the next copy list corresponding to the device to be copied exceeds a first preset time.
In an implementation manner of the present invention, the clearing module may be further configured to:
and when the detection message corresponding to the equipment to be reversed and fed back by the execution equipment is not received within second preset time, clearing a reverse list corresponding to the equipment to be reversed in the execution equipment.
It should be noted that the AP may include a sounding AP and a normal AP, where the normal AP is lower than a preset resource threshold.
By applying the above embodiments, after the AC determines the device to be reversed, the first N in the order of the device parameters corresponding to the device to be reversed from large to small is selected according to the device information1And the AP is used as an execution device and is used for copying the device to be copied through the selected execution device. The AP which performs the reverse control is considered from the whole network, and the AP which has the best reverse control effect on the device to be subjected to the reverse control can be selectedAP, and then the equipment counter-braking effect is improved.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
Those skilled in the art will appreciate that all or part of the steps in the above method embodiments may be implemented by a program to instruct relevant hardware to perform the steps, and the program may be stored in a computer-readable storage medium, which is referred to herein as a storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. A device counter-control method is applied to an access controller, and is characterized by comprising the following steps:
monitoring a detection message fed back by an access point AP in each virtual security domain VSD, and generating equipment information of the wireless equipment according to the detection message, wherein the equipment information comprises equipment parameters which comprise: receiving a signal strength indicator (RSSI) value and a time parameter;
determining a device to be countered from the wireless device according to the configured countermaking strategy and the device information;
the equipment to be reversed is reversed through executing equipment, wherein the executing equipment is the top N which is sorted from large to small based on the equipment parameters of the equipment to be reversed1An AP, the N1Is a positive integer.
2. The method of claim 1, wherein prior to countering the device to be countering by an executing device, the method further comprises:
sequencing the APs according to the equipment parameters of the equipment to be countermade;
selecting the top N from large to small according to the sequencing result of the RSSI values2An AP, the N2Is a positive integer;
selecting the top N from large to small according to the sequencing result of the time parameters3An AP, the N3Is a positive integer;
from N2AP and N3AP, determining N1And (4) an AP.
3. The method of claim 1, wherein said countering the device to be countering by an executing device comprises:
issuing a copy list corresponding to the device to be copied to an execution device;
and when the time length of issuing the copy list corresponding to the equipment to be copied exceeds first preset time, clearing the copy list corresponding to the equipment to be copied in the execution equipment.
4. The method of claim 3, wherein after issuing the anti-copy list to the executing device, further comprising:
and when the detection message corresponding to the equipment to be reversed and fed back by the execution equipment is not received within second preset time, clearing a reverse list corresponding to the equipment to be reversed in the execution equipment.
5. The method according to any of claims 1-4, wherein the AP comprises a probe AP and a normal AP, and wherein the resource occupancy of the normal AP is below a preset threshold.
6. An apparatus for countering a device, applied to an access controller, the apparatus comprising:
the monitoring unit is used for monitoring detection messages fed back by access points AP in each virtual security domain VSD, and generating equipment information of the wireless equipment according to the detection messages, wherein the equipment information comprises equipment parameters which include: receiving a signal strength indicator (RSSI) value and a time parameter;
a determining unit, configured to determine a device to be controlled from the wireless device according to the configured control policy and the device information;
a copy unit, configured to copy the device to be copied through an execution device, where the execution device is the top N sorted from large to small based on device parameters of the device to be copied1An AP, the N1Is a positive integer.
7. The apparatus of claim 6, further comprising:
the selection unit is used for sequencing the APs according to the equipment parameters of the equipment to be controlled; selecting the top N from large to small according to the sequencing result of the RSSI values2An AP, the N2Is a positive integer; selecting the top N from large to small according to the sequencing result of the time parameters3An AP, the N3Is a positive integer; from N2AP and N3AP, determining N1And (4) an AP.
8. The apparatus of claim 6, wherein the counter unit comprises:
the issuing module is used for issuing a copy list corresponding to the device to be copied to the execution device;
and the clearing module is used for clearing the reverse list corresponding to the equipment to be reversed in the execution equipment when the time for issuing the reverse list corresponding to the equipment to be reversed exceeds first preset time.
9. The apparatus of claim 8, wherein the purge module is further configured to:
and when the detection message corresponding to the equipment to be reversed and fed back by the execution equipment is not received within second preset time, clearing a reverse list corresponding to the equipment to be reversed in the execution equipment.
10. The apparatus according to any one of claims 6-9, wherein the AP comprises a probe AP and a normal AP, and wherein the resource occupancy of the normal AP is below a preset threshold.
CN201610482055.XA 2016-06-23 2016-06-23 Equipment countercheck method and device Active CN106211161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610482055.XA CN106211161B (en) 2016-06-23 2016-06-23 Equipment countercheck method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610482055.XA CN106211161B (en) 2016-06-23 2016-06-23 Equipment countercheck method and device

Publications (2)

Publication Number Publication Date
CN106211161A CN106211161A (en) 2016-12-07
CN106211161B true CN106211161B (en) 2021-04-02

Family

ID=57461267

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610482055.XA Active CN106211161B (en) 2016-06-23 2016-06-23 Equipment countercheck method and device

Country Status (1)

Country Link
CN (1) CN106211161B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235322B (en) * 2017-12-28 2021-06-29 新华三技术有限公司 Reverse control method and device for wireless equipment
CN109195142B (en) * 2018-08-27 2021-07-13 惠州Tcl移动通信有限公司 NFC data transmission detection method of mobile terminal, mobile terminal and storage medium
CN113630780B (en) * 2021-08-11 2024-04-16 迈普通信技术股份有限公司 Countering method for illegal wireless access point

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996893A (en) * 2006-12-25 2007-07-11 杭州华为三康技术有限公司 Method, device and system for monitoring illegal access point in the wireless LAN
EP2469903A1 (en) * 2010-12-22 2012-06-27 British Telecommunications public limited company Wireless configuration
CN102821465A (en) * 2012-09-07 2012-12-12 哈尔滨工业大学 WLAN (Wireless Local Area Network) indoor positioning method based on subregion information entropy gain
CN103067922A (en) * 2013-01-24 2013-04-24 中兴通讯股份有限公司 Method and system for preventing illegal access point in wireless local area network
CN103561405A (en) * 2013-10-23 2014-02-05 杭州华三通信技术有限公司 Method and device for countering Rogue AP
CN104333862A (en) * 2013-07-22 2015-02-04 中国科学院信息工程研究所 Fine granularity management and control method for wireless local area network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833824B (en) * 2012-08-30 2014-12-24 福建星网锐捷网络有限公司 Access method and device for wireless local area network and network equipment
CN103391546B (en) * 2013-07-12 2017-03-15 杭州华三通信技术有限公司 A kind of wireless attack detection and defence installation and its method
US10432636B2 (en) * 2013-12-04 2019-10-01 Extreme Networks, Inc. Securing mDNS in enterprise networks
CN103916816B (en) * 2014-03-25 2017-07-28 深圳市宏电技术股份有限公司 A kind of radio switch-in method and access controller
CN104486765A (en) * 2014-12-22 2015-04-01 上海斐讯数据通信技术有限公司 Wireless intrusion detecting system and detecting method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1996893A (en) * 2006-12-25 2007-07-11 杭州华为三康技术有限公司 Method, device and system for monitoring illegal access point in the wireless LAN
EP2469903A1 (en) * 2010-12-22 2012-06-27 British Telecommunications public limited company Wireless configuration
CN102821465A (en) * 2012-09-07 2012-12-12 哈尔滨工业大学 WLAN (Wireless Local Area Network) indoor positioning method based on subregion information entropy gain
CN103067922A (en) * 2013-01-24 2013-04-24 中兴通讯股份有限公司 Method and system for preventing illegal access point in wireless local area network
CN104333862A (en) * 2013-07-22 2015-02-04 中国科学院信息工程研究所 Fine granularity management and control method for wireless local area network
CN103561405A (en) * 2013-10-23 2014-02-05 杭州华三通信技术有限公司 Method and device for countering Rogue AP

Also Published As

Publication number Publication date
CN106211161A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
US10863358B2 (en) Threat index based WLAN security and quality of service
CN106211161B (en) Equipment countercheck method and device
CN100544279C (en) The method of monitoring illegal access point, equipment and system in the WLAN (wireless local area network)
US20190018965A1 (en) Compliance Management in a Local Network
Villamarín-Salomón et al. Bayesian bot detection based on DNS traffic similarity
US6963978B1 (en) Distributed system and method for conducting a comprehensive search for malicious code in software
US8166138B2 (en) Network evaluation grid techniques
US9332029B1 (en) System and method for malware detection in a distributed network of computer nodes
WO2013185483A1 (en) Method for processing a signature rule, server and intrusion prevention system
CN1871571A (en) Network traffic management by a virus/worm monitor in a distributed network
CN106658509B (en) Method and equipment for countering illegal wireless access point and wireless local area network
CN104349325A (en) Method and device for monitoring pseudo wireless APs (access points)
CN104683965A (en) Interception method and equipment for spam short messages of pseudo base station
CN104883410A (en) Network transmission method and network transmission device
CN108901025A (en) A kind of rogue access point counter method and counter equipment
CN108235322B (en) Reverse control method and device for wireless equipment
CN107548065B (en) Method and device for determining detection equipment, access controller and storage medium
CN104796388B (en) A kind of method that the network equipment is scanned, relevant apparatus and system
US20070008098A1 (en) Method and architecture for online classification-based intrusion alert correlation
CN103780589A (en) Virus prompting method, client-terminal device and server
Yan et al. Unwanted content control via trust management in pervasive social networking
US11057769B2 (en) Detecting unauthorized access to a wireless network
JP5901840B2 (en) Intelligent wireless intrusion prevention system and sensor using cloud sensor network
CN112105029B (en) Method and device for countering illegal device
WO2022125625A1 (en) Detecting anomalies on a controller area network bus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310053 Hangzhou science and Technology Industrial Park, high tech Industrial Development Zone, Zhejiang Province, No. six and road, No. 310

Applicant before: Huasan Communication Technology Co., Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant