CN106790169A - The means of defence and device of scanning device scanning - Google Patents

The means of defence and device of scanning device scanning Download PDF

Info

Publication number
CN106790169A
CN106790169A CN201611248778.XA CN201611248778A CN106790169A CN 106790169 A CN106790169 A CN 106790169A CN 201611248778 A CN201611248778 A CN 201611248778A CN 106790169 A CN106790169 A CN 106790169A
Authority
CN
China
Prior art keywords
camouflage
page
link
scanning
leak
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611248778.XA
Other languages
Chinese (zh)
Other versions
CN106790169B (en
Inventor
王树太
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611248778.XA priority Critical patent/CN106790169B/en
Publication of CN106790169A publication Critical patent/CN106790169A/en
Application granted granted Critical
Publication of CN106790169B publication Critical patent/CN106790169B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a kind of means of defence and device of scanning device scanning, and methods described is applied to WEB service end, can include:Receive the accessing page request that targeted customer sends;If the page link that the accessing page request is accessed is default camouflage link, the camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;The camouflage page is returned to the targeted customer, is protected with the illegal vulnerability scanning to the scanning device for the WEB service end.The method provided using the application, can effectively improve the practicality of the scanning for suppressing vulnerability scanning equipment, be more effectively prevented from hacker and attacked by the leak for scanning.

Description

The means of defence and device of scanning device scanning
Technical field
The application is related to computer communication field, more particularly to the means of defence and device that scanning device is scanned.
Background technology
With the fast development of network security technology, Hole Detection technology is all played at aspects such as daily risk managements focuses on The effect wanted.For example, conventional scanning device can carry out vulnerability scanning to server or Web system, leak is found, and Reparations of the Shi Jinhang for leak.
However, some hackers can also utilize scanning device, vulnerability scanning is carried out to above-mentioned server or Web system, obtained The leak in the server or Web system is taken, to be attacked.Therefore, how such vulnerability scanning equipment is effectively suppressed Scanning just turn into ground urgently to be resolved hurrily problem.
The content of the invention
In view of this, the application provides a kind of means of defence and device of scanning device scanning, is used to effectively improve suppression The practicality of the scanning of vulnerability scanning equipment processed, is more effectively prevented from hacker and is attacked by the leak for scanning.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the application, there is provided a kind of means of defence of scanning device scanning, methods described is applied to WEB Service end, methods described includes:
Receive the accessing page request that targeted customer sends;
If the page link that the accessing page request is accessed is default camouflage link, generate for the camouflage The camouflage page of link;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;Institute Stating the camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
The camouflage page is returned to the targeted customer, the non-of the WEB service end is directed to the scanning device Method vulnerability scanning is protected.
According to the second aspect of the application, there is provided a kind of protector of scanning device scanning, described device is applied to WEB Service end, described device includes:
Receiving unit, the accessing page request for receiving targeted customer's transmission;
Generation unit, if being default camouflage link for the page link that the accessing page request is accessed, The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit, for returning to the camouflage page to the targeted customer, with to the scanning device for described The illegal vulnerability scanning at WEB service end is protected.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited After asking camouflage link, substantial amounts of camouflage link is just continuously obtained, so that the reptile module of device scan equipment Cause system crash because huge camouflage link is received, it is impossible to proceed work or sweep time more than expected Sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to real leaky page The scanning in face so that the real leak for scanning is very low.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
Brief description of the drawings
Fig. 1 is a kind of schematic diagram of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one;
Fig. 2 is a kind of flow chart of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one;
Fig. 3 is a kind of the hard of the protector place equipment of scanning device scanning shown in the exemplary embodiment of the application one Part structure chart;
Fig. 4 is a kind of block diagram of the protector of scanning device scanning shown in the exemplary embodiment of the application one.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in implementation method do not represent all implementation methods consistent with the application.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application. " one kind ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps May be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
With the fast development of network security technology, Hole Detection technology is all played at aspects such as daily risk managements focuses on The effect wanted.For example, conventional scanning device can carry out vulnerability scanning to server or Web system, leak is found, and Reparations of the Shi Jinhang for leak.
However, some hackers can also utilize scanning device, vulnerability scanning is carried out to above-mentioned server or Web system, obtained The leak in the server or Web system is taken, to be attacked.
Some correlation techniques propose solution regarding to the issue above, and solution is as follows:
The solution of correlation technique 1:WEB server can extract being produced in scanning process for different scanning devices Scanning fingerprint, such as head fields, required parameter value etc..By the scanning fingerprint for extracting, scanning device is identified, then Forbid the access of the scanning device local.
However, the scanning fingerprint technique of scanning device is technology disclosed in a kind of comparing.Hacker generally also can be by various Customized methods hide the scanning fingerprint, or even are disguised oneself as normal browser with the request for sending scanning device Request so that WEB server None- identified goes out scanning device, so that the practicality of the method is poor.
The solution of correlation technique 2:The hiding link for hiding label is added in the page of targeted customer's request, to this After the label of the link of addition is hidden, because normal users " can't see " link, so the chain can't be accessed Connect.And for scanning device, the hiding link is visible.Now, scanning device can access the hiding link.When WEB server detect the hiding link it is accessed when, it may be determined that access the targeted customer of the hiding link for scanning device, Now can be by the IP address write-access blacklist of the scanning device, to prevent the scanning device from continuing to local visit Ask.
However, the label by hiding link, the link is set to sightless to the normal users of Non-scanning mode equipment Link is hidden, the hidden method is relatively simple.Scanning device can be by checking the DOM node of the hiding link, to such Method is taken precautions against.
In sum, the total problem of above two method is exactly poor practicality, it is difficult to be set to effectively suppressing scanning The standby access to WEB server.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited After asking camouflage link, substantial amounts of camouflage link is just continuously obtained, so that the reptile module of device scan equipment Cause system crash because huge camouflage link is received, it is impossible to proceed work or sweep time more than expected Sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to real leaky page The scanning in face so that the real leak for scanning is very low.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
In order to more fully understand the means of defence of the scanning device that the application is proposed, the work below to vulnerability scanners is former Reason is simply introduced.
Scanning device can typically include a highly important module, be exactly webcrawler module.Webcrawler module is One automatic capture program of webpage.Under normal circumstances, webcrawler module captures the webpage of starting link first, and then this is risen The begin webpage of link is crawled, and analyzes URL addresses on the webpage, the URL addresses that analysis obtains then is crawled again corresponding Webpage, then analyzes and crawls again again, so as to obtain the URL tree at target WEB service end.
The URL tree that scanning device is grabbed according to webcrawler module is analyzed and scans, so that it is determined that the WEB service The leak at end.
As can be seen here, the integrality of the URL at the WEB service end that webcrawler module was collected, can directly affect scanning The detection coverage rate of instrument.Therefore, the webcrawler module of scanning device can be crawled to an almost all of link of webpage.
The webcrawler module that the means of defence of the scanning device that the application is proposed is namely based on scanning device crawls URL tree Mode and be related to, its target is that, when webcrawler module crawls URL tree, is returned to webcrawler module a large amount of Camouflage link so that scanning device cannot be scanned normally.
Referring to Fig. 1, a kind of signal of the means of defence of scanning device scanning shown in the exemplary embodiment of Fig. 1 the application one Figure.
After reptile module crawls the camouflage to be linked, scanning device can access camouflage link.When the inspection of WEB service end Measure after targeted customer accesses the link, it may be determined that the targeted customer is scanning device.Now, WEB service end can give birth to automatically The corresponding camouflage page is linked into the camouflage, and includes being linked to the camouflage that next stage pretends subpage frame on the camouflage page Link.
After scanning device accesses camouflage link, substantial amounts of camouflage link will be continuously obtained, so as to set The reptile module of standby scanning device causes system crash because huge camouflage link is received, it is impossible to proceed work or Person's sweep time exceedes expected sweep time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning Scanning of the equipment to the real leaky page so that the real leak for scanning is very low.
The specific implementation of the means of defence of the scanning device for being proposed to the application below, is described in detail.
Referring to Fig. 2, Fig. 2 is a kind of stream of the means of defence of scanning device scanning shown in the exemplary embodiment of the application one Cheng Tu.Methods described is applied to WEB service end, and methods described can specifically include step as follows:
Step 201:Receive the accessing page request that targeted customer sends;
Step 202:If the page link that the accessing page request is accessed is default camouflage link, pin is generated To the camouflage page of camouflage link;Wherein, the camouflage link is pre-set to the normal users for Non-scanning mode equipment It is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Step 203:The camouflage page is returned to the targeted customer, is taken for the WEB with to the scanning device The illegal vulnerability scanning at business end is protected.
Wherein, above-mentioned WEB service end, refers to web server cluster.
Above-mentioned camouflage link, refers to the link of necessary being on the page that non-targeted user is accessed.But in WEB service The link of the automatic addition in end.Camouflage link is invisible for the normal users of Non-scanning mode equipment, and visible to scanning device, because This camouflage link can also have the effect of the normal users for distinguishing scanning device and Non-scanning mode equipment.
In the embodiment of the present application, WEB service end can receive the accessing page request of targeted customer's transmission.Receiving mesh After the accessing page request that mark user sends, WEB service end may determine that whether the accessing page request is to be used for the target The first accessing page request at family.
If the accessing page request is directed to the first accessing page request of the targeted customer, WEB service end can be Camouflage link is added in the page that the targeted customer is asked.
In order that the normal users for obtaining Non-scanning mode equipment will not receive WEB service end and return because camouflage link is accessed The occurrence of accidental injury of the substantial amounts of camouflage page for returning.WEB service end can be hidden to camouflage link so that the puppet Dress link is arranged to invisible for the normal users of Non-scanning mode equipment.
In a kind of optional implementation, in the page that WEB service end can be asked this added to targeted customer Camouflage link corresponding DOM node and be hidden so that camouflage link is invisible to the normal users of Non-scanning mode equipment.
Certainly, WEB service end can also be hidden using other method according to actual conditions to camouflage link, be made Obtain camouflage link invisible to the normal users of Non-scanning mode equipment.Herein, repeat no more.
Camouflage link is added in the page that targeted customer is asked and camouflage link set for Non-scanning mode After the hiding operation of standby normal users, the page can be back to targeted customer by WEB service end.
If the targeted customer is scanning device, the webcrawler module of the scanning device can crawl the chain on the page Connect, and link to crawling conducts interviews, and is crawled with the link for carrying out follow-up.
Because camouflage link is arranged to invisible for the normal users of Non-scanning mode equipment, so WEB service end exists After receiving for the follow-up access request of the targeted customer, the link of the page that the access request can be accessed whether be It is normal users that the camouflage chain fetches the differentiation targeted customer, or scanning device.
If the link of the page that the follow-up access request of the targeted customer is accessed is not for the default camouflage link, Then WEB service end can determine that the targeted customer for normal user, then returns to its page asked to the normal user.
If the default camouflage that is linked as the page that the follow-up access request of the targeted customer is accessed is linked, WEB service end can determine that the targeted customer is scanning device.Now, WEB service end can be generated for camouflage link The camouflage page, and the camouflage page is back to scanning device.
Due to including being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page, so the net of scanning device Network reptile module can crawl the camouflage link of next stage camouflage subpage frame, and to the camouflage link of next stage camouflage subpage frame Conduct interviews.
WEB service end receive scanning device for next stage camouflage subpage frame camouflage link access request when, Then can automatic regeneration link corresponding next stage into the camouflage with next stage camouflage subpage frame and pretends subpage frame, and by next stage Camouflage subpage frame is back to scanning device.
Because next stage camouflage subpage frame includes being linked to the link that three-level pretends subpage frame, so scanning device Webcrawler module can crawl the camouflage link of three-level camouflage subpage frame, and the camouflage chain that the three-level pretends subpage frame is tapped into Row is accessed.
By that analogy, scanning device will can continuously crawl substantial amounts of camouflage link, so that scanning sets Standby reptile module causes system crash because huge camouflage link is received, it is impossible to when proceeding work or scanning Between exceed expected sweep time.
Referring to Fig. 1, in the embodiment of the present application, the camouflage page of the above-mentioned every one-level for automatically generating can also include camouflage The link of the leak page, and pretend the leak page and include camouflage leak.
Scanning device can be carried out after the link for crawling the camouflage leak page to the link of the camouflage leak page Access.
Link when conducting interviews of the scanning device to the camouflage leak page, WEB service are detected once WEB service end End can automatically generate leak response corresponding with the leak type on the camouflage leak page, then by this camouflage leak response Scanning device is returned to, so that scanning device obtains camouflage leak.
Because the vulnerability information carried in camouflage leak response is not the real vulnerability information in WEB service end, so Scanning device can't be impacted when the attack for the camouflage leak is carried out to WEB service end to WEB service end, because This can also effectively be suppressed hacker and be attacked by the leak for scanning.
It should be noted that the camouflage leak is not the leak of necessary being on WEB service end, but pretend out Leak, the camouflage leak can inject SQL leaks, XSS leaks etc., it not limited specifically herein, simply right It carries out exemplary explanation.
Additionally, for the more quick scanning behavior for supporting containment scanning device, in the embodiment of the present application, WEB service end If when detecting targeted customer and accessing the above-mentioned camouflage of any level and link, could also be by the IP address write-access of the targeted customer Blacklist, forbids the targeted customer to local access.
The application proposes a kind of means of defence of scanning device scanning, and WEB service end receives the page that targeted customer sends Access request.If the page link that the accessing page request is accessed is default camouflage link, the WEB service end can be with The camouflage page of the generation for camouflage link;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment just Conventional family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;And can be to the mesh Mark user returns to the camouflage page, is prevented with the illegal vulnerability scanning to the scanning device for the WEB service end Shield.
On the one hand, because camouflage link is invisible to the normal users of Non-scanning mode equipment, therefore Non-scanning mode equipment is just Conventional family will not be accidentally injured because the link is accessed;
On the other hand, due to access the camouflage link after, WEB service end can automatically generate linked with the camouflage it is corresponding The camouflage page, and include being linked to the camouflage link of next stage camouflage subpage frame on the camouflage page.Once scanning device is visited Ask the camouflage link after, just continuously obtain it is substantial amounts of camouflage link so that the reptile module of device scan equipment because Receive huge camouflage link and cause system crash, it is impossible to proceed work or sweep time exceedes expected scanning Time.Further, since the enormous amount of the camouflage link for scanning, severe jamming scanning device is to the real leaky page Scanning so that the real leak for scanning is very low.
Further, since if WEB service end detected targeted customer when accessing the above-mentioned camouflage of any level and linking, could also be by The IP address write-access blacklist of the targeted customer, forbids the targeted customer to local access, so that more quick supporting is held back Scanning device processed to local scanning behavior.
In sum, using the application scanning device means of defence, can effectively improve suppression vulnerability scanning set The practicality of standby scanning, is more effectively prevented from hacker and is attacked by the leak for scanning.
Embodiment with the means of defence that aforementioned scanning devices are scanned is corresponding, present invention also provides scanning device scanning Protector embodiment.
The embodiment of the protector of the application scanning device scanning can be applied on WEB service end.Device embodiment Can be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one Device on individual logical meaning, is by corresponding calculating in nonvolatile memory by the processor at WEB service end where it Machine programmed instruction runs what is formed in reading internal memory.From for hardware view, as shown in figure 3, for the application scanning device is swept A kind of hardware structure diagram at WEB service end where the protector retouched, except the processor shown in Fig. 3, internal memory, network go out to connect Mouthful and nonvolatile memory outside, the actual work(of WEB service end in embodiment where device generally according to the equipment Can, other hardware can also be included, this is repeated no more.
Fig. 4 is refer to, Fig. 4 is a kind of protector of scanning device scanning shown in the exemplary embodiment of the application one Block diagram.Described device is applied to WEB service end, and described device includes:
Receiving unit 410, the accessing page request for receiving targeted customer's transmission;
Generation unit 420, if being default camouflage link for the page link that the accessing page request is accessed, The camouflage page that then generation is linked for the camouflage;Wherein, the camouflage link is pre-set to for Non-scanning mode equipment Normal users are invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit 430, for returning to the camouflage page to the targeted customer, institute is directed to the scanning device The illegal vulnerability scanning for stating WEB service end is protected.
In a kind of optional implementation, described device also includes:
Adding device 440, if the accessing page request for receiving is for the first of the targeted customer Accessing page request, then add the camouflage link in the page that the targeted customer is asked.
In another optional implementation, described device also includes:
Setting unit 450, is set to for Non-scanning mode equipment just for will link corresponding DOM node with the camouflage Conventional family is invisible.
In another optional implementation, the camouflage page also includes the link of the camouflage leak page;Wherein, institute State the camouflage leak page and include camouflage leak;
The generation unit 420, if it is for described to be additionally operable to the page link that the accessing page request accessed Pretend the link of the leak page, then generate camouflage leak response corresponding with the camouflage leak page;
The returning unit 430, is additionally operable to for the camouflage leak response to be back to the targeted customer.
In another optional implementation, described device also includes:
Writing unit 460, if pretending link described in any level for detecting the targeted customer and accessing, by the target The IP address write-access blacklist of user.
The function of unit and the implementation process of effect correspond to step in specifically referring to the above method in said apparatus Implementation process, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematical, wherein described as separating component The unit of explanation can be or may not be physically separate, and the part shown as unit can be or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Selection some or all of module therein is needed to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, is not used to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.

Claims (10)

1. the means of defence that a kind of scanning device is scanned, it is characterised in that methods described is applied to WEB service end, methods described Including:
Receive the accessing page request that targeted customer sends;
If the page link that the accessing page request is accessed is default camouflage link, generation is for camouflage link The camouflage page;Wherein, the camouflage link is pre-set to invisible for the normal users of Non-scanning mode equipment;The puppet The dress page includes being linked to the camouflage link of next stage camouflage subpage frame;
The camouflage page is returned to the targeted customer, to be directed to the illegal leakage at the WEB service end to the scanning device Hole scanning is protected.
2. method according to claim 1, it is characterised in that methods described also includes:
If the accessing page request for receiving is the first accessing page request for the targeted customer, in the mesh The camouflage link is added in the page that mark user is asked.
3. method according to claim 2, it is characterised in that methods described also includes:
By with it is described camouflage link corresponding DOM node be set to be directed to Non-scanning mode equipment normal users it is invisible.
4. method according to claim 1, it is characterised in that the camouflage page also includes the chain of the camouflage leak page Connect;Wherein, the camouflage leak page includes camouflage leak;
Methods described also includes:
If the page link that the accessing page request is accessed be for it is described camouflage the leak page link, generation with The corresponding camouflage leak response of the camouflage leak page;
The camouflage leak response is back to the targeted customer.
5. method according to claim 1, it is characterised in that methods described also includes:
If detecting the targeted customer and accessing and pretend link described in any level, by the IP address write-access of the targeted customer Blacklist.
6. the protector that a kind of scanning device is scanned, it is characterised in that described device is applied to WEB service end, described device Including:
Receiving unit, the accessing page request for receiving targeted customer's transmission;
Generation unit, if being default camouflage link for the page link that the accessing page request is accessed, generates For the camouflage page of camouflage link;Wherein, the camouflage link is pre-set to just commonly using for Non-scanning mode equipment Family is invisible;The camouflage page includes being linked to the camouflage link of next stage camouflage subpage frame;
Returning unit, for returning to the camouflage page to the targeted customer, takes with to the scanning device for the WEB The illegal vulnerability scanning at business end is protected.
7. device according to claim 6, it is characterised in that described device also includes:
Adding device, if the accessing page request for receiving is the first page access for the targeted customer Request, then add the camouflage link in the page that the targeted customer is asked.
8. device according to claim 7, it is characterised in that described device also includes:
Setting unit, for the normal users that corresponding DOM node is set to be directed to Non-scanning mode equipment will to be linked with the camouflage It is invisible.
9. device according to claim 6, it is characterised in that the camouflage page also includes the chain of the camouflage leak page Connect;Wherein, the camouflage leak page includes camouflage leak;
The generation unit, if it is for the camouflage leak to be additionally operable to the page link that the accessing page request accessed The link of the page, then generate camouflage leak response corresponding with the camouflage leak page;
The returning unit, is additionally operable to for the camouflage leak response to be back to the targeted customer.
10. device according to claim 6, it is characterised in that described device also includes:
Writing unit, if pretending link described in any level for detecting the targeted customer and accessing, by the targeted customer's IP address write-access blacklist.
CN201611248778.XA 2016-12-29 2016-12-29 Protection method and device for scanning of scanning equipment Active CN106790169B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611248778.XA CN106790169B (en) 2016-12-29 2016-12-29 Protection method and device for scanning of scanning equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611248778.XA CN106790169B (en) 2016-12-29 2016-12-29 Protection method and device for scanning of scanning equipment

Publications (2)

Publication Number Publication Date
CN106790169A true CN106790169A (en) 2017-05-31
CN106790169B CN106790169B (en) 2020-06-09

Family

ID=58927612

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611248778.XA Active CN106790169B (en) 2016-12-29 2016-12-29 Protection method and device for scanning of scanning equipment

Country Status (1)

Country Link
CN (1) CN106790169B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108038218A (en) * 2017-12-22 2018-05-15 联想(北京)有限公司 A kind of distributed reptile method, electronic equipment and server
CN111586005A (en) * 2020-04-29 2020-08-25 杭州迪普科技股份有限公司 Scanner scanning behavior identification method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350822A (en) * 2008-09-08 2009-01-21 南开大学 Method for discovering and tracing Internet malevolence code
CN102104601A (en) * 2011-01-14 2011-06-22 无锡市同威科技有限公司 Web vulnerability scanning method and device based on infiltration technology
US20110231510A1 (en) * 2000-09-25 2011-09-22 Yevgeny Korsunsky Processing data flows with a data flow processor
CN102685081A (en) * 2011-03-17 2012-09-19 腾讯科技(深圳)有限公司 Webpage request safe processing method and system
US8443076B2 (en) * 2009-12-17 2013-05-14 At&T Intellectual Property I, L.P. Prefix hijacking detection device and methods thereof
CN104144164A (en) * 2014-08-06 2014-11-12 武汉安问科技发展有限责任公司 Extension defense method based on network intrusion
CN105871845A (en) * 2016-03-31 2016-08-17 深圳市深信服电子科技有限公司 Method and device for detecting Web vulnerability scanning behavior
CN105871775A (en) * 2015-01-19 2016-08-17 中国移动通信集团公司 Security protection method and DPMA protection model

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110231510A1 (en) * 2000-09-25 2011-09-22 Yevgeny Korsunsky Processing data flows with a data flow processor
CN101350822A (en) * 2008-09-08 2009-01-21 南开大学 Method for discovering and tracing Internet malevolence code
US8443076B2 (en) * 2009-12-17 2013-05-14 At&T Intellectual Property I, L.P. Prefix hijacking detection device and methods thereof
CN102104601A (en) * 2011-01-14 2011-06-22 无锡市同威科技有限公司 Web vulnerability scanning method and device based on infiltration technology
CN102685081A (en) * 2011-03-17 2012-09-19 腾讯科技(深圳)有限公司 Webpage request safe processing method and system
CN104144164A (en) * 2014-08-06 2014-11-12 武汉安问科技发展有限责任公司 Extension defense method based on network intrusion
CN105871775A (en) * 2015-01-19 2016-08-17 中国移动通信集团公司 Security protection method and DPMA protection model
CN105871845A (en) * 2016-03-31 2016-08-17 深圳市深信服电子科技有限公司 Method and device for detecting Web vulnerability scanning behavior

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108038218A (en) * 2017-12-22 2018-05-15 联想(北京)有限公司 A kind of distributed reptile method, electronic equipment and server
CN108038218B (en) * 2017-12-22 2022-04-22 联想(北京)有限公司 Distributed crawler method, electronic device and server
CN111586005A (en) * 2020-04-29 2020-08-25 杭州迪普科技股份有限公司 Scanner scanning behavior identification method and device
CN111586005B (en) * 2020-04-29 2022-12-27 杭州迪普科技股份有限公司 Scanner scanning behavior identification method and device

Also Published As

Publication number Publication date
CN106790169B (en) 2020-06-09

Similar Documents

Publication Publication Date Title
Nikiforakis et al. Privaricator: Deceiving fingerprinters with little white lies
US10951636B2 (en) Dynamic phishing detection methods and apparatus
US8347392B2 (en) Apparatus and method for analyzing and supplementing a program to provide security
US9356957B2 (en) Systems, methods, and media for generating bait information for trap-based defenses
CN104301302B (en) Go beyond one's commission attack detection method and device
US9009829B2 (en) Methods, systems, and media for baiting inside attackers
Musch et al. Thieves in the browser: Web-based cryptojacking in the wild
CN103856471B (en) cross-site scripting attack monitoring system and method
CN107579997A (en) Wireless network intrusion detection system
Kaur et al. Browser fingerprinting as user tracking technology
CN106250761B (en) Equipment, device and method for identifying web automation tool
CN107465702A (en) Method for early warning and device based on wireless network invasion
CN107800686A (en) A kind of fishing website recognition methods and device
Koch Hidden in the shadow: The dark web-a growing risk for military operations?
CN107566401A (en) The means of defence and device of virtualized environment
Sanchez-Rola et al. Bakingtimer: privacy analysis of server-side request processing time
Samarasinghe et al. On cloaking behaviors of malicious websites
CN107509200A (en) Equipment localization method and device based on wireless network invasion
CN106790169A (en) The means of defence and device of scanning device scanning
CN114095264A (en) High-interaction traceability method, equipment and hardware of honeypot system
Roopak et al. On effectiveness of source code and SSL based features for phishing website detection
Baviskar et al. Protection of web user’s privacy by securing browser from web privacy attacks
Seifert Cost-effective detection of drive-by-download attacks with hybrid client honeypots
Xu et al. Gemini: An emergency line of defense against phishing attacks
GEZER Identification of abnormal DNS traffic with hurst parameter

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant