CN106790169A - The means of defence and device of scanning device scanning - Google Patents
The means of defence and device of scanning device scanning Download PDFInfo
- Publication number
- CN106790169A CN106790169A CN201611248778.XA CN201611248778A CN106790169A CN 106790169 A CN106790169 A CN 106790169A CN 201611248778 A CN201611248778 A CN 201611248778A CN 106790169 A CN106790169 A CN 106790169A
- Authority
- CN
- China
- Prior art keywords
- camouflage
- page
- link
- scanning
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a kind of means of defence and device of scanning device scanning, and methods described is applied to WEB service end, can include:Receive the accessing page request that targeted customer sends;If the page link that the accessing page request is accessed is default camouflage link, the camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;The camouflage page is returned to the targeted customer, is protected with the illegal vulnerability scanning to the scanning device for the WEB service end.The method provided using the application, can effectively improve the practicality of the scanning for suppressing vulnerability scanning equipment, be more effectively prevented from hacker and attacked by the leak for scanning.
Description
Technical field
The application is related to computer communication field, more particularly to the means of defence and device that scanning device is scanned.
Background technology
With the fast development of network security technology, Hole Detection technology is all played at aspects such as daily risk managements focuses on
The effect wanted.For example, conventional scanning device can carry out vulnerability scanning to server or Web system, leak is found, and
Reparations of the Shi Jinhang for leak.
However, some hackers can also utilize scanning device, vulnerability scanning is carried out to above-mentioned server or Web system, obtained
The leak in the server or Web system is taken, to be attacked.Therefore, how such vulnerability scanning equipment is effectively suppressed
Scanning just turn into ground urgently to be resolved hurrily problem.
The content of the invention
In view of this, the application provides a kind of means of defence and device of scanning device scanning, is used to effectively improve suppression
The practicality of the scanning of vulnerability scanning equipment processed, is more effectively prevented from hacker and is attacked by the leak for scanning.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the application, there is provided a kind of means of defence of scanning device scanning, methods described is applied to WEB
Service end, methods described includes:
Receive the accessing page request that targeted customer sends;
If the page link that the accessing page request is accessed is default camouflage link, generate for the camouflage
The camouflage page of link;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;Institute
Stating the camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
The camouflage page is returned to the targeted customer, the non-of the WEB service end is directed to the scanning device
Method vulnerability scanning is protected.
According to the second aspect of the application, there is provided a kind of protector of scanning device scanning, described device is applied to WEB
Service end, described device includes:
Receiving unit, the accessing page request for receiving targeted customer's transmission;
Generation unit, if being default camouflage link for the page link that the accessing page request is accessed,
The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just
Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit, for returning to the camouflage page to the targeted customer, with to the scanning device for described
The illegal vulnerability scanning at WEB service end is protected.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends
Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with
The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just
Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh
Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end
Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just
Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding
The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited
After asking camouflage link, substantial amounts of camouflage link is just continuously obtained, so that the reptile module of device scan equipment
Cause system crash because huge camouflage link is received, it is impossible to proceed work or sweep time more than expected
Sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to real leaky page
The scanning in face so that the real leak for scanning is very low.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set
The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
Brief description of the drawings
Fig. 1 is a kind of schematic diagram of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one;
Fig. 2 is a kind of flow chart of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one;
Fig. 3 is a kind of the hard of the protector place equipment of scanning device scanning shown in the exemplary embodiment of the application one
Part structure chart;
Fig. 4 is a kind of block diagram of the protector of scanning device scanning shown in the exemplary embodiment of the application one.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in implementation method do not represent all implementation methods consistent with the application.Conversely, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application.
" one kind ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps
May be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from
In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
With the fast development of network security technology, Hole Detection technology is all played at aspects such as daily risk managements focuses on
The effect wanted.For example, conventional scanning device can carry out vulnerability scanning to server or Web system, leak is found, and
Reparations of the Shi Jinhang for leak.
However, some hackers can also utilize scanning device, vulnerability scanning is carried out to above-mentioned server or Web system, obtained
The leak in the server or Web system is taken, to be attacked.
Some correlation techniques propose solution regarding to the issue above, and solution is as follows:
The solution of correlation technique 1:WEB server can extract being produced in scanning process for different scanning devices
Scanning fingerprint, such as head fields, required parameter value etc..By the scanning fingerprint for extracting, scanning device is identified, then
Forbid the access of the scanning device local.
However, the scanning fingerprint technique of scanning device is technology disclosed in a kind of comparing.Hacker generally also can be by various
Customized methods hide the scanning fingerprint, or even are disguised oneself as normal browser with the request for sending scanning device
Request so that WEB server None- identified goes out scanning device, so that the practicality of the method is poor.
The solution of correlation technique 2:The hiding link for hiding label is added in the page of targeted customer's request, to this
After the label of the link of addition is hidden, because normal users " can't see " link, so the chain can't be accessed
Connect.And for scanning device, the hiding link is visible.Now, scanning device can access the hiding link.When
WEB server detect the hiding link it is accessed when, it may be determined that access the targeted customer of the hiding link for scanning device,
Now can be by the IP address write-access blacklist of the scanning device, to prevent the scanning device from continuing to local visit
Ask.
However, the label by hiding link, the link is set to sightless to the normal users of Non-scanning mode equipment
Link is hidden, the hidden method is relatively simple.Scanning device can be by checking the DOM node of the hiding link, to such
Method is taken precautions against.
In sum, the total problem of above two method is exactly poor practicality, it is difficult to be set to effectively suppressing scanning
The standby access to WEB server.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends
Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with
The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just
Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh
Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end
Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just
Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding
The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited
After asking camouflage link, substantial amounts of camouflage link is just continuously obtained, so that the reptile module of device scan equipment
Cause system crash because huge camouflage link is received, it is impossible to proceed work or sweep time more than expected
Sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to real leaky page
The scanning in face so that the real leak for scanning is very low.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set
The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
In order to more fully understand the means of defence of the scanning device that the application is proposed, the work below to vulnerability scanners is former
Reason is simply introduced.
Scanning device can typically include a highly important module, be exactly webcrawler module.Webcrawler module is
One automatic capture program of webpage.Under normal circumstances, webcrawler module captures the webpage of starting link first, and then this is risen
The begin webpage of link is crawled, and analyzes URL addresses on the webpage, the URL addresses that analysis obtains then is crawled again corresponding
Webpage, then analyzes and crawls again again, so as to obtain the URL tree at target WEB service end.
The URL tree that scanning device is grabbed according to webcrawler module is analyzed and scans, so that it is determined that the WEB service
The leak at end.
As can be seen here, the integrality of the URL at the WEB service end that webcrawler module was collected, can directly affect scanning
The detection coverage rate of instrument.Therefore, the webcrawler module of scanning device can be crawled to an almost all of link of webpage.
The webcrawler module that the means of defence of the scanning device that the application is proposed is namely based on scanning device crawls URL tree
Mode and be related to, its target is that, when webcrawler module crawls URL tree, is returned to webcrawler module a large amount of
Camouflage link so that scanning device cannot be scanned normally.
Referring to Fig. 1, a kind of signal of the means of defence of scanning device scanning shown in the exemplary embodiment of Fig. 1 the application one
Figure.
After reptile module crawls the camouflage to be linked, scanning device can access camouflage link.When the inspection of WEB service end
Measure after targeted customer accesses the link, it may be determined that the targeted customer is scanning device.Now, WEB service end can give birth to automatically
The corresponding camouflage page is linked into the camouflage, and includes being linked to the camouflage that next stage pretends subpage frame on the camouflage page
Link.
After scanning device accesses camouflage link, substantial amounts of camouflage link will be continuously obtained, so as to set
The reptile module of standby scanning device causes system crash because huge camouflage link is received, it is impossible to proceed work or
Person's sweep time exceedes expected sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning
Scanning of the equipment to the real leaky page so that the real leak for scanning is very low.
The specific implementation of the means of defence of the scanning device for being proposed to the application below, is described in detail.
Referring to Fig. 2, Fig. 2 is a kind of stream of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one
Cheng Tu.Methods described is applied to WEB service end, and methods described can specifically include step as follows:
Step 201:Receive the accessing page request that targeted customer sends;
Step 202:If the page link that the accessing page request is accessed is default camouflage link, pin is generated
To the camouflage page of camouflage link;Wherein, the camouflage link is pre-set to the normal users for Non-scanning mode equipment
It is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Step 203:The camouflage page is returned to the targeted customer, is taken for the WEB with to the scanning device
The illegal vulnerability scanning at business end is protected.
Wherein, above-mentioned WEB service end, refers to web server cluster.
Above-mentioned camouflage link, refers to the link of necessary being on the page that non-targeted user is accessed.But in WEB service
The link of the automatic addition in end.Camouflage link is invisible for the normal users of Non-scanning mode equipment, and visible to scanning device, because
This camouflage link can also have the effect of the normal users for distinguishing scanning device and Non-scanning mode equipment.
In the embodiment of the present application, WEB service end can receive the accessing page request of targeted customer's transmission.Receiving mesh
After the accessing page request that mark user sends, WEB service end may determine that whether the accessing page request is to be used for the target
The first accessing page request at family.
If the accessing page request is directed to the first accessing page request of the targeted customer, WEB service end can be
Camouflage link is added in the page that the targeted customer is asked.
In order that the normal users for obtaining Non-scanning mode equipment will not receive WEB service end and return because camouflage link is accessed
The occurrence of accidental injury of the substantial amounts of camouflage page for returning.WEB service end can be hidden to camouflage link so that the puppet
Dress link is arranged to invisible for the normal users of Non-scanning mode equipment.
In a kind of optional implementation, in the page that WEB service end can be asked this added to targeted customer
Camouflage link corresponding DOM node and be hidden so that camouflage link is invisible to the normal users of Non-scanning mode equipment.
Certainly, WEB service end can also be hidden using other method according to actual conditions to camouflage link, be made
Obtain camouflage link invisible to the normal users of Non-scanning mode equipment.Herein, repeat no more.
Camouflage link is added in the page that targeted customer is asked and camouflage link set for Non-scanning mode
After the hiding operation of standby normal users, the page can be back to targeted customer by WEB service end.
If the targeted customer is scanning device, the webcrawler module of the scanning device can crawl the chain on the page
Connect, and link to crawling conducts interviews, and is crawled with the link for carrying out follow-up.
Because camouflage link is arranged to invisible for the normal users of Non-scanning mode equipment, so WEB service end exists
After receiving for the follow-up access request of the targeted customer, the link of the page that the access request can be accessed whether be
It is normal users that the camouflage chain fetches the differentiation targeted customer, or scanning device.
If the link of the page that the follow-up access request of the targeted customer is accessed is not for the default camouflage link,
Then WEB service end can determine that the targeted customer for normal user, then returns to its page asked to the normal user.
If the default camouflage that is linked as the page that the follow-up access request of the targeted customer is accessed is linked,
WEB service end can determine that the targeted customer is scanning device.Now, WEB service end can be generated for camouflage link
The camouflage page, and the camouflage page is back to scanning device.
Due to including being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page, so the net of scanning device
Network reptile module can crawl the camouflage link of next stage camouflage subpage frame, and to the camouflage link of next stage camouflage subpage frame
Conduct interviews.
WEB service end receive scanning device for next stage camouflage subpage frame camouflage link access request when,
Then can automatic regeneration link corresponding next stage into the camouflage with next stage camouflage subpage frame and pretends subpage frame, and by next stage
Camouflage subpage frame is back to scanning device.
Because next stage camouflage subpage frame includes being linked to the link that three-level pretends subpage frame, so scanning device
Webcrawler module can crawl the camouflage link of three-level camouflage subpage frame, and the camouflage chain that the three-level pretends subpage frame is tapped into
Row is accessed.
By that analogy, scanning device will can continuously crawl substantial amounts of camouflage link, so that scanning sets
Standby reptile module causes system crash because huge camouflage link is received, it is impossible to when proceeding work or scanning
Between exceed expected sweep time.
Referring to Fig. 1, in the embodiment of the present application, the camouflage page of the above-mentioned every one-level for automatically generating can also include camouflage
The link of the leak page, and pretend the leak page and include camouflage leak.
Scanning device can be carried out after the link for crawling the camouflage leak page to the link of the camouflage leak page
Access.
Link when conducting interviews of the scanning device to the camouflage leak page, WEB service are detected once WEB service end
End can automatically generate leak response corresponding with the leak type on the camouflage leak page, then by this camouflage leak response
Scanning device is returned to, so that scanning device obtains camouflage leak.
Because the vulnerability information carried in camouflage leak response is not the real vulnerability information in WEB service end, so
Scanning device can't be impacted when the attack for the camouflage leak is carried out to WEB service end to WEB service end, because
This can also effectively be suppressed hacker and be attacked by the leak for scanning.
It should be noted that the camouflage leak is not the leak of necessary being on WEB service end, but pretend out
Leak, the camouflage leak can inject SQL leaks, XSS leaks etc., it not limited specifically herein, simply right
It carries out exemplary explanation.
Additionally, for the more quick scanning behavior for supporting containment scanning device, in the embodiment of the present application, WEB service end
If when detecting targeted customer and accessing the above-mentioned camouflage of any level and link, could also be by the IP address write-access of the targeted customer
Blacklist, forbids the targeted customer to local access.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends
Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with
The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just
Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh
Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end
Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just
Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding
The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited
Ask the camouflage link after, just continuously obtain it is substantial amounts of camouflage link so that the reptile module of device scan equipment because
Receive huge camouflage link and cause system crash, it is impossible to proceed work or sweep time exceedes expected scanning
Time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to the real leaky page
Scanning so that the real leak for scanning is very low.
Further, since if WEB service end detected targeted customer when accessing the above-mentioned camouflage of any level and linking, could also be by
The IP address write-access blacklist of the targeted customer, forbids the targeted customer to local access, so that more quick supporting is held back
Scanning device processed to local scanning behavior.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set
The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
Embodiment with the means of defence that aforementioned scanning devices are scanned is corresponding, present invention also provides scanning device scanning
Protector embodiment.
The embodiment of the protector of the application scanning device scanning can be applied on WEB service end.Device embodiment
Can be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one
Device on individual logical meaning, is by corresponding calculating in nonvolatile memory by the processor at WEB service end where it
Machine programmed instruction runs what is formed in reading internal memory.From for hardware view, as shown in figure 3, for the application scanning device is swept
A kind of hardware structure diagram at WEB service end where the protector retouched, except the processor shown in Fig. 3, internal memory, network go out to connect
Mouthful and nonvolatile memory outside, the actual work(of WEB service end in embodiment where device generally according to the equipment
Can, other hardware can also be included, this is repeated no more.
Fig. 4 is refer to, Fig. 4 is a kind of protector of scanning device scanning shown in the exemplary embodiment of the application one
Block diagram.Described device is applied to WEB service end, and described device includes:
Receiving unit 410, the accessing page request for receiving targeted customer's transmission;
Generation unit 420, if being default camouflage link for the page link that the accessing page request is accessed,
The camouflage page that then generation is linked for the camouflage;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment
Normal users are invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit 430, for returning to the camouflage page to the targeted customer, institute is directed to the scanning device
The illegal vulnerability scanning for stating WEB service end is protected.
In a kind of optional implementation, described device also includes:
Adding device 440, if the accessing page request for receiving is for the first of the targeted customer
Accessing page request, then add the camouflage link in the page that the targeted customer is asked.
In another optional implementation, described device also includes:
Setting unit 450, is set to for Non-scanning mode equipment just for will link corresponding DOM node with the camouflage
Conventional family is invisible.
In another optional implementation, the camouflage page also includes the link of the camouflage leak page;Wherein, institute
State the camouflage leak page and include camouflage leak;
The generation unit 420, if it is for described to be additionally operable to the page link that the accessing page request accessed
Pretend the link of the leak page, then generate camouflage leak response corresponding with the camouflage leak page;
The returning unit 430, is additionally operable to for the camouflage leak response to be back to the targeted customer.
In another optional implementation, described device also includes:
Writing unit 460, if pretending link described in any level for detecting the targeted customer and accessing, by the target
The IP address write-access blacklist of user.
The function of unit and the implementation process of effect correspond to step in specifically referring to the above method in said apparatus
Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.Device embodiment described above is only schematical, wherein described as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, is not used to limit the application, all essences in the application
Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.
Claims (10)
1. the means of defence that a kind of scanning device is scanned, it is characterised in that methods described is applied to WEB service end, methods described
Including:
Receive the accessing page request that targeted customer sends;
If the page link that the accessing page request is accessed is default camouflage link, generation is for camouflage link
The camouflage page;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;The puppet
The dress page includes being linked to the camouflage link of next stage camouflage subpage frame;
The camouflage page is returned to the targeted customer, to be directed to the illegal leakage at the WEB service end to the scanning device
Hole scanning is protected.
2. method according to claim 1, it is characterised in that methods described also includes:
If the accessing page request for receiving is the first accessing page request for the targeted customer, in the mesh
The camouflage link is added in the page that mark user is asked.
3. method according to claim 2, it is characterised in that methods described also includes:
By with it is described camouflage link corresponding DOM node be set to be directed to Non-scanning mode equipment normal users it is invisible.
4. method according to claim 1, it is characterised in that the camouflage page also includes the chain of the camouflage leak page
Connect;Wherein, the camouflage leak page includes camouflage leak;
Methods described also includes:
If the page link that the accessing page request is accessed be for it is described camouflage the leak page link, generation with
The corresponding camouflage leak response of the camouflage leak page;
The camouflage leak response is back to the targeted customer.
5. method according to claim 1, it is characterised in that methods described also includes:
If detecting the targeted customer and accessing and pretend link described in any level, by the IP address write-access of the targeted customer
Blacklist.
6. the protector that a kind of scanning device is scanned, it is characterised in that described device is applied to WEB service end, described device
Including:
Receiving unit, the accessing page request for receiving targeted customer's transmission;
Generation unit, if being default camouflage link for the page link that the accessing page request is accessed, generates
For the camouflage page of camouflage link;Wherein, the camouflage link is pre-set to just commonly using for Non-scanning mode equipment
Family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit, for returning to the camouflage page to the targeted customer, takes with to the scanning device for the WEB
The illegal vulnerability scanning at business end is protected.
7. device according to claim 6, it is characterised in that described device also includes:
Adding device, if the accessing page request for receiving is the first page access for the targeted customer
Request, then add the camouflage link in the page that the targeted customer is asked.
8. device according to claim 7, it is characterised in that described device also includes:
Setting unit, for the normal users that corresponding DOM node is set to be directed to Non-scanning mode equipment will to be linked with the camouflage
It is invisible.
9. device according to claim 6, it is characterised in that the camouflage page also includes the chain of the camouflage leak page
Connect;Wherein, the camouflage leak page includes camouflage leak;
The generation unit, if it is for the camouflage leak to be additionally operable to the page link that the accessing page request accessed
The link of the page, then generate camouflage leak response corresponding with the camouflage leak page;
The returning unit, is additionally operable to for the camouflage leak response to be back to the targeted customer.
10. device according to claim 6, it is characterised in that described device also includes:
Writing unit, if pretending link described in any level for detecting the targeted customer and accessing, by the targeted customer's
IP address write-access blacklist.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248778.XA CN106790169B (en) | 2016-12-29 | 2016-12-29 | Protection method and device for scanning of scanning equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248778.XA CN106790169B (en) | 2016-12-29 | 2016-12-29 | Protection method and device for scanning of scanning equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106790169A true CN106790169A (en) | 2017-05-31 |
CN106790169B CN106790169B (en) | 2020-06-09 |
Family
ID=58927612
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611248778.XA Active CN106790169B (en) | 2016-12-29 | 2016-12-29 | Protection method and device for scanning of scanning equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790169B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108038218A (en) * | 2017-12-22 | 2018-05-15 | 联想(北京)有限公司 | A kind of distributed reptile method, electronic equipment and server |
CN111586005A (en) * | 2020-04-29 | 2020-08-25 | 杭州迪普科技股份有限公司 | Scanner scanning behavior identification method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350822A (en) * | 2008-09-08 | 2009-01-21 | 南开大学 | Method for discovering and tracing Internet malevolence code |
CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
US20110231510A1 (en) * | 2000-09-25 | 2011-09-22 | Yevgeny Korsunsky | Processing data flows with a data flow processor |
CN102685081A (en) * | 2011-03-17 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Webpage request safe processing method and system |
US8443076B2 (en) * | 2009-12-17 | 2013-05-14 | At&T Intellectual Property I, L.P. | Prefix hijacking detection device and methods thereof |
CN104144164A (en) * | 2014-08-06 | 2014-11-12 | 武汉安问科技发展有限责任公司 | Extension defense method based on network intrusion |
CN105871845A (en) * | 2016-03-31 | 2016-08-17 | 深圳市深信服电子科技有限公司 | Method and device for detecting Web vulnerability scanning behavior |
CN105871775A (en) * | 2015-01-19 | 2016-08-17 | 中国移动通信集团公司 | Security protection method and DPMA protection model |
-
2016
- 2016-12-29 CN CN201611248778.XA patent/CN106790169B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110231510A1 (en) * | 2000-09-25 | 2011-09-22 | Yevgeny Korsunsky | Processing data flows with a data flow processor |
CN101350822A (en) * | 2008-09-08 | 2009-01-21 | 南开大学 | Method for discovering and tracing Internet malevolence code |
US8443076B2 (en) * | 2009-12-17 | 2013-05-14 | At&T Intellectual Property I, L.P. | Prefix hijacking detection device and methods thereof |
CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
CN102685081A (en) * | 2011-03-17 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Webpage request safe processing method and system |
CN104144164A (en) * | 2014-08-06 | 2014-11-12 | 武汉安问科技发展有限责任公司 | Extension defense method based on network intrusion |
CN105871775A (en) * | 2015-01-19 | 2016-08-17 | 中国移动通信集团公司 | Security protection method and DPMA protection model |
CN105871845A (en) * | 2016-03-31 | 2016-08-17 | 深圳市深信服电子科技有限公司 | Method and device for detecting Web vulnerability scanning behavior |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108038218A (en) * | 2017-12-22 | 2018-05-15 | 联想(北京)有限公司 | A kind of distributed reptile method, electronic equipment and server |
CN108038218B (en) * | 2017-12-22 | 2022-04-22 | 联想(北京)有限公司 | Distributed crawler method, electronic device and server |
CN111586005A (en) * | 2020-04-29 | 2020-08-25 | 杭州迪普科技股份有限公司 | Scanner scanning behavior identification method and device |
CN111586005B (en) * | 2020-04-29 | 2022-12-27 | 杭州迪普科技股份有限公司 | Scanner scanning behavior identification method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106790169B (en) | 2020-06-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Nikiforakis et al. | Privaricator: Deceiving fingerprinters with little white lies | |
US10951636B2 (en) | Dynamic phishing detection methods and apparatus | |
US8347392B2 (en) | Apparatus and method for analyzing and supplementing a program to provide security | |
US9356957B2 (en) | Systems, methods, and media for generating bait information for trap-based defenses | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
US9009829B2 (en) | Methods, systems, and media for baiting inside attackers | |
Musch et al. | Thieves in the browser: Web-based cryptojacking in the wild | |
CN103856471B (en) | cross-site scripting attack monitoring system and method | |
CN107579997A (en) | Wireless network intrusion detection system | |
Kaur et al. | Browser fingerprinting as user tracking technology | |
CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
CN107465702A (en) | Method for early warning and device based on wireless network invasion | |
CN107800686A (en) | A kind of fishing website recognition methods and device | |
Koch | Hidden in the shadow: The dark web-a growing risk for military operations? | |
CN107566401A (en) | The means of defence and device of virtualized environment | |
Sanchez-Rola et al. | Bakingtimer: privacy analysis of server-side request processing time | |
Samarasinghe et al. | On cloaking behaviors of malicious websites | |
CN107509200A (en) | Equipment localization method and device based on wireless network invasion | |
CN106790169A (en) | The means of defence and device of scanning device scanning | |
CN114095264A (en) | High-interaction traceability method, equipment and hardware of honeypot system | |
Roopak et al. | On effectiveness of source code and SSL based features for phishing website detection | |
Baviskar et al. | Protection of web user’s privacy by securing browser from web privacy attacks | |
Seifert | Cost-effective detection of drive-by-download attacks with hybrid client honeypots | |
Xu et al. | Gemini: An emergency line of defense against phishing attacks | |
GEZER | Identification of abnormal DNS traffic with hurst parameter |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |