CN112118152A - Distributed architecture for realizing rapid scanning of network assets - Google Patents
Distributed architecture for realizing rapid scanning of network assets Download PDFInfo
- Publication number
- CN112118152A CN112118152A CN202010910897.7A CN202010910897A CN112118152A CN 112118152 A CN112118152 A CN 112118152A CN 202010910897 A CN202010910897 A CN 202010910897A CN 112118152 A CN112118152 A CN 112118152A
- Authority
- CN
- China
- Prior art keywords
- scanning
- computing nodes
- distributed architecture
- class
- agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a distributed architecture for realizing rapid scanning of network assets, which comprises a control node and computing nodes, wherein a web server of the control node receives a task request of a user and sends a task to the computing nodes through a message queue server, the computing nodes comprise a first class computing node and a second class computing node, the first class computing node receives the task request through an agent, executes ip survival scanning based on a massscan, returns the surviving ip to the control node through the agent, the second class computing node receives the task request through the agent, executes specific service identification based on nmap, and stores the scanning result into a database. The invention adopts a distributed scheme, can horizontally expand the computing nodes and accelerate the scanning speed.
Description
Technical Field
The invention relates to the field of network asset scanning, in particular to a distributed architecture for realizing rapid network asset scanning.
Background
With the development of internet technology, assets in the network are increased at a double speed, and countries or enterprises need to scan and identify the processes of network assets inside or outside the countries or the enterprises.
However, the existing scanning tool such as massscan is mainly used for survival judgment of network assets and cannot well scan out service types. While nmap can judge that the network assets are alive and identify the service types, the scanning speed is very slow, many ips are not alive, and a large amount of invalid scanning is caused, so that a large amount of time and computing power are wasted. Therefore, it is necessary to provide a distributed architecture for fast scanning of network assets in response to the deficiencies of the prior art.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a distributed architecture for realizing the rapid scanning of network assets, which adopts a distributed scheme, can horizontally expand computing nodes and accelerate the scanning speed.
To achieve the above object, the present invention proposes a distributed architecture for fast scanning of network assets, comprising,
and the web server of the control node receives the task request of the user and sends the task to the computing node through the message queue server.
The computing nodes comprise a first type of computing node and a second type of computing node.
And the first-class computing nodes receive the task request through the agent, execute the ip survival scanning realized based on the masscan, and return the live ip to the control node through the agent.
And the second type of computing nodes receive the task request through the agent, execute specific service identification realized based on the nmap and store the scanning result into the database.
And the database is used for storing the scanning result.
Preferably, the control node and the computing node are deployed on the same host or on a plurality of different hosts.
Preferably, the control node is used for realizing distribution and scheduling of the Web server API and tasks, and the number of the control node is one.
Preferably, the first type of computing node is configured to scan for the survival of the IP and the port.
Preferably, the second class of computing nodes identifies a particular type of asset based on the surviving network assets that have been screened out.
Preferably, the number of the first type of computing node and the second type of computing node is not less than one.
The invention has the following beneficial effects:
by adopting a distributed architecture design scheme, any number of computing nodes can be provided, the horizontal expansion of a scanning mode can be realized, the scanning speed of the network assets is improved, and meanwhile, by adopting a mode of combining scanning tools massscan and nmap, the survival of the network assets can be judged, the service type can be identified, and the scanning speed is accelerated.
Drawings
The present invention will be further described and illustrated with reference to the following drawings.
FIG. 1 is a diagram of the design scheme operation of a distributed architecture implementing fast scanning of network assets.
Detailed Description
The technical solution of the present invention will be more clearly and completely explained by the description of the preferred embodiments of the present invention with reference to the accompanying drawings.
Examples are given.
As shown in fig. 1, the distributed architecture for implementing fast network asset scanning proposed by the present invention includes,
and the web server of the control node receives the task request of the user and sends the task to the computing node through the message queue server.
In this embodiment, after receiving a task request from an administrator, the control node performs task processing and scheduling on the request, and invokes the compute node to perform a live scan of the network assets through an RPC (message queue server).
The computing nodes comprise a first type of computing node and a second type of computing node.
And the first-class computing nodes receive the task request through the agent, execute the ip survival scanning realized based on the masscan, and return the live ip to the control node through the agent.
In this embodiment, the massscan-agent constructs a massscan command and issues the massscan command for scanning. And the massscan-agent acquires the scanning result of the massscan and returns the scanning result to the control node. The control node acquires the surviving network assets of the masscan-agent, and calls the nmap-agent to identify the service type of the network assets through the RPC.
And the second type of computing nodes receive the task request through the agent, execute specific service identification realized based on the nmap and store the scanning result into the database.
In this embodiment, the nmap-agent constructs an nmap scan command and issues the nmap command for scanning. The nmap-agent stores the concrete information of the network assets and the like into a database
And the database is used for storing the scanning result.
As a technical optimization scheme of the invention, the control node and the computing node are deployed on the same host or a plurality of different hosts.
The control node is used for realizing the distribution and the scheduling of the Web server API and the tasks, and the number of the control nodes is one.
The first class of computing nodes is used to scan for the survival of IP and ports.
The second class of computing nodes identifies a specific type of asset based on the surviving network assets that have been screened out.
As a technical optimization scheme of the invention, the number of the first-class computing nodes and the second-class computing nodes is not less than one.
By adopting the technical scheme and utilizing the distributed design scheme, a plurality of computing nodes can be horizontally expanded, and the scanning speed of the network assets is effectively accelerated.
The above detailed description merely describes preferred embodiments of the present invention and does not limit the scope of the invention. Without departing from the spirit and scope of the present invention, it should be understood that various changes, substitutions and alterations can be made herein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents. The scope of the invention is defined by the claims.
Claims (6)
1. A distributed architecture for implementing fast scanning of network assets, characterized by: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the web server of the control node receives a task request of a user and sends a task to the computing node through the message queue server;
the computing nodes comprise a first class of computing nodes and a second class of computing nodes;
the first-class computing nodes receive the task request through the agent, execute ip survival scanning based on a masscan, and return the live ip to the control node through the agent;
the second type of computing nodes receive the task request through the agent, execute specific service identification realized based on nmap and store the scanning result into the database;
a database for storing scan results.
2. The distributed architecture for implementing fast network asset scanning of claim 1, wherein the control nodes and the compute nodes are deployed on the same host or on multiple different hosts.
3. The distributed architecture for implementing fast network asset scanning according to claim 2, wherein the control node is configured to implement distribution and scheduling of Web server APIs and tasks, and the number of the control nodes is one.
4. The distributed architecture for enabling fast scanning for network assets of claim 2 wherein the computing nodes of the first type are configured to scan for survivability of IP and ports.
5. The distributed architecture for enabling rapid scanning of network assets as recited in claim 2, wherein the second class of computing nodes identifies a specific type of asset based on the surviving network assets that have been screened out.
6. The distributed architecture for implementing fast network asset scanning according to claim 1, wherein the number of the first type computing nodes and the second type computing nodes is not less than one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010910897.7A CN112118152A (en) | 2020-09-02 | 2020-09-02 | Distributed architecture for realizing rapid scanning of network assets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010910897.7A CN112118152A (en) | 2020-09-02 | 2020-09-02 | Distributed architecture for realizing rapid scanning of network assets |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112118152A true CN112118152A (en) | 2020-12-22 |
Family
ID=73803954
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010910897.7A Pending CN112118152A (en) | 2020-09-02 | 2020-09-02 | Distributed architecture for realizing rapid scanning of network assets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118152A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244755A (en) * | 2021-12-15 | 2022-03-25 | 北京恒安嘉新安全技术有限公司 | Asset detection method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109951359A (en) * | 2019-03-21 | 2019-06-28 | 北京国舜科技股份有限公司 | The asynchronous scan method of distributed network assets and equipment |
| CN110830467A (en) * | 2019-11-04 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | Network suspicious asset identification method based on fuzzy prediction |
| CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
| WO2020081213A1 (en) * | 2018-10-20 | 2020-04-23 | Walmart Apollo, Llc | Managing access to vulnerability data at scale |
| CN111104677A (en) * | 2019-12-18 | 2020-05-05 | 哈尔滨安天科技集团股份有限公司 | Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification |
-
2020
- 2020-09-02 CN CN202010910897.7A patent/CN112118152A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020081213A1 (en) * | 2018-10-20 | 2020-04-23 | Walmart Apollo, Llc | Managing access to vulnerability data at scale |
| CN109951359A (en) * | 2019-03-21 | 2019-06-28 | 北京国舜科技股份有限公司 | The asynchronous scan method of distributed network assets and equipment |
| CN110830467A (en) * | 2019-11-04 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | Network suspicious asset identification method based on fuzzy prediction |
| CN111104677A (en) * | 2019-12-18 | 2020-05-05 | 哈尔滨安天科技集团股份有限公司 | Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification |
| CN111010405A (en) * | 2019-12-30 | 2020-04-14 | 上海电子信息职业技术学院 | SaaS-based website security monitoring system |
Non-Patent Citations (1)
| Title |
|---|
| 马强等: "《联网工业控制系统主动感知预警技术研究》", 《网络与信息安全》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244755A (en) * | 2021-12-15 | 2022-03-25 | 北京恒安嘉新安全技术有限公司 | Asset detection method, device, equipment and storage medium |
| CN114244755B (en) * | 2021-12-15 | 2023-11-14 | 北京恒安嘉新安全技术有限公司 | Asset detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10698717B2 (en) | Accelerator virtualization method and apparatus, and centralized resource manager | |
| US11928514B2 (en) | Systems and methods providing serverless DNS integration | |
| CN108270676B (en) | Network data processing method and device based on Intel DPDK | |
| CN101242392B (en) | Method, device and system for processing series service message | |
| CN105450618A (en) | Operation method and operation system of big data process through API (Application Programming Interface) server | |
| US20160255045A1 (en) | Distributed dynamic host configuration protocol | |
| WO2016173450A1 (en) | Graphic processing device, resource service device, resource scheduling method and device thereof | |
| CN109802951B (en) | Message forwarding method, device and storage device | |
| US20240048484A1 (en) | Route updating method and user cluster | |
| WO2015149625A1 (en) | Method and system for network element access with multi-instance parallelism | |
| CN104158707A (en) | Method and device of detecting and processing brain split in cluster | |
| CN104301238A (en) | Message processing method, device and system | |
| WO2020206783A1 (en) | Data transmission scheduling method and system | |
| WO2022120806A1 (en) | Multi-cloud distributed messaging method and system for high performance computing | |
| KR20190029486A (en) | Elastic honeynet system and method for managing the same | |
| CN104468805A (en) | Message routing device and method | |
| CN112118152A (en) | Distributed architecture for realizing rapid scanning of network assets | |
| US11537422B2 (en) | Virtual machine migration downtime reduction using a multicast address | |
| CN104618152A (en) | Session table aging method and system | |
| CN105227403A (en) | A kind of OpenStack network flow monitoring method | |
| CN108124022B (en) | Network address translation management method and device | |
| Guo | Aggregating uncertain incast transfers in BCube-like data centers | |
| US11038957B2 (en) | Apparatus and method for efficient, coordinated, distributed execution | |
| CN113259408A (en) | Data transmission method and system | |
| CN100423514C (en) | Data synchronization method in distributed equipment according to address resolution protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201222 |
|
| RJ01 | Rejection of invention patent application after publication |