WO2013091407A1 - Telnet command filter method and network security device and system - Google Patents

Telnet command filter method and network security device and system Download PDF

Info

Publication number
WO2013091407A1
WO2013091407A1 PCT/CN2012/081546 CN2012081546W WO2013091407A1 WO 2013091407 A1 WO2013091407 A1 WO 2013091407A1 CN 2012081546 W CN2012081546 W CN 2012081546W WO 2013091407 A1 WO2013091407 A1 WO 2013091407A1
Authority
WO
WIPO (PCT)
Prior art keywords
command
character
telnet
client
server
Prior art date
Application number
PCT/CN2012/081546
Other languages
French (fr)
Chinese (zh)
Inventor
薛智慧
李世光
蒋武
吴功伟
Original Assignee
华为数字技术(成都)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为数字技术(成都)有限公司 filed Critical 华为数字技术(成都)有限公司
Publication of WO2013091407A1 publication Critical patent/WO2013091407A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet

Abstract

A Telnet command filter method and a network security device and system. The Telnet command filter method comprises: obtaining, from an interaction message between a client and a server, each line of a telnet command sent by the client to the server; identifying content of the Telnet command; and if the identification result indicates that the Telnet command needs to be blocked, performing filter processing on the Telnet command. In the embodiment of the present invention, the network security device can obtain a Telnet command sent by the client to the server, and then can identify content of the Telnet command; once the Telnet command is identified as a command that may affect normal working of the server and needs to be blocked, the network security device can filter out the Telnet command, thereby ensuring reliable operation of the server.

Description

Telnet命令过滤方法、 网络安全设备和系统 本申请要求于 2011 年 12 月 23 日提交中国专利局、 申请号为 201110437645.8、 发明名称为 "Telnet命令过滤方法、 网络安全设备和系统" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  Telnet command filtering method, network security device and system. The application is filed on December 23, 2011, the Chinese Patent Office, the application number is 201110437645.8, and the invention name is "Telnet command filtering method, network security device and system". Priority is hereby incorporated by reference in its entirety. Technical field
本发明实施例涉及网络安全技术领域, 尤其涉及一种 Telnet命令过滤方 法、 网络安全设备和系统。 背景技术  The embodiments of the present invention relate to the field of network security technologies, and in particular, to a Telnet command filtering method, a network security device, and a system. Background technique
Telnet是目前互联网远程登陆服务的标准协议和主要方式,它为用户提供 了在本地客户端上完成远程主机工作的能力。  Telnet is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on local clients.
具体来说, 用户可以在其客户端上安装 Telnet程序, 用户若需要对服务 器进行远程管理时, 则可以启动客户端上的 Telnet程序, 并在该 Telnet程序 中输入需要服务器执行的命令, 这些命令被传输给服务器后即可在服务器上 运行, 对于用户来说, 这些命令就像直接在服务器的控制台上输入一样, 操 作十分方便。 但是, 用户在某些情况下可能存在操作不当, 其通过客户端向 服务器发送的命令, 可能导致服务器崩溃。  Specifically, the user can install the Telnet program on the client. If the user needs to remotely manage the server, the Telnet program on the client can be started, and the commands required by the server are input in the Telnet program. After being transmitted to the server, it can be run on the server. For the user, these commands are just as input directly on the console of the server, which is very convenient. However, the user may be mishandled in some cases, and the commands sent by the client to the server may cause the server to crash.
因此, 在用户通过客户端上的 Telnet程序向服务器发送命令时, 如何保 证服务器的可靠运行, 成为亟待解决的问题。 发明内容  Therefore, when a user sends a command to the server through the Telnet program on the client, how to ensure the reliable operation of the server becomes an urgent problem to be solved. Summary of the invention
本发明实施例提供一种 Te lnet命令过滤方法、 网络安全设备和系统, 以 实现在用户通过客户端上的 Te lnet程序向服务器发送命令时, 保证服务器的 可靠运行。  The embodiment of the invention provides a Telnet command filtering method, a network security device and a system, so as to ensure reliable operation of the server when the user sends a command to the server through the Telnet program on the client.
本发明实施例提供一种 Te lnet命令过滤方法, 包括: 从客户端和服务器的交互报文中, 获取客户端发往服务器的每行 Te lnet 命令; An embodiment of the present invention provides a method for filtering a Telnet command, including: Obtain each line of Telnet commands sent by the client to the server from the client and server interaction messages;
对所述 Te lnet命令的内容进行识别;  Identifying the content of the Telnet command;
若识别结果为所述 Te lnet 命令为需要被阻断的命令, 则对所述 Te lnet 命令进行过滤处理。  If the recognition result is that the Telnet command is a command that needs to be blocked, the Telnet command is filtered.
本发明实施例提供一种网络安全设备, 部署在客户端和服务器之间, 所 述网络安全设备, 包括:  An embodiment of the present invention provides a network security device, which is deployed between a client and a server, and the network security device includes:
命令获取模块, 用于从客户端和服务器的交互报文中, 获取客户端发往 服务器的每行 Te lnet命令;  The command obtaining module is configured to obtain, according to the interaction message between the client and the server, each line of the Nett command sent by the client to the server;
内容识别模块, 用于对所述 Te lnet命令的内容进行识别;  a content identification module, configured to identify content of the Telnet command;
过滤处理模块,用于若识别结果为所述 Te lnet命令为需要被阻断的命令, 则对所述 Te lnet命令进行过滤处理。  The filtering processing module is configured to filter the Telnet command if the telnet command is a command that needs to be blocked.
本发明实施例提供一种网络安全系统, 包括: 依次连接的客户端、 网络 安全设备和服务器, 其中, 所述网络安全设备釆用上述的网络安全设备。  An embodiment of the present invention provides a network security system, including: a client, a network security device, and a server that are sequentially connected, wherein the network security device uses the network security device.
本发明实施例中, 网络安全设备可以获取从客户端发往服务器的每行 Telnet命令, 然后可以对该行 Telnet命令的内容进行识别, 一旦识别该 Telnet 命令为可能影响服务器的正常工作的需要被阻断的命令, 则网络安全设备可 以过滤该 Telnet命令, 从而保证了服务器的可靠运行。 附图说明  In the embodiment of the present invention, the network security device can obtain each line of Telnet commands sent from the client to the server, and then can identify the content of the Telnet command, and once the Telnet command is identified, the need to affect the normal operation of the server is If the command is blocked, the network security device can filter the Telnet command to ensure reliable operation of the server. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下 面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1为本发明 Telnet命令过滤方法实施例一的流程图;  1 is a flowchart of Embodiment 1 of a Telnet command filtering method according to the present invention;
图 2为本发明 Telnet命令过滤方法实施例二的流程图;  2 is a flowchart of Embodiment 2 of a Telnet command filtering method according to the present invention;
图 3为图 2所示方法实施例二所应用的网络架构示意图; 图 4为本发明 Telnet命令过滤方法实施例三的信令流程图; 3 is a schematic diagram of a network architecture applied in Embodiment 2 of the method shown in FIG. 2; 4 is a signaling flowchart of Embodiment 3 of a Telnet command filtering method according to the present invention;
图 5为本发明网络安全设备实施例一的结构示意图;  FIG. 5 is a schematic structural diagram of Embodiment 1 of a network security device according to the present invention;
图 6为本发明网络安全设备实施例二的结构示意图;  6 is a schematic structural diagram of Embodiment 2 of a network security device according to the present invention;
图 7为本发明网络安全设备实施例三的结构示意图;  7 is a schematic structural diagram of Embodiment 3 of a network security device according to the present invention;
图 8为本发明网络安全系统实施例的结构示意图。 具体实施方式  FIG. 8 is a schematic structural diagram of an embodiment of a network security system according to the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本发 明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于 本发明中的实施例, 本领域普通技术人员在没有作出创造性劳动前提下所获 得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图 1为本发明 Telnet命令过滤方法实施例一的流程图, 如图 1所示, 本 实施例的方法可以包括:  1 is a flowchart of Embodiment 1 of a Telnet command filtering method according to the present invention. As shown in FIG. 1, the method in this embodiment may include:
步骤 101、从客户端和服务器的交互报文中, 获取客户端发往服务器的每 行 Telnet命令。  Step 101: Obtain, from the interaction message between the client and the server, a Telnet command sent by the client to the server.
具体来说, 网络安全设备, 例如网关设备或者防火墙可以部署在客户端 和服务器之间, 可以从客户端和服务器的交互报文中, 获取客户端发往服务 器的每行 Telnet命令。 该 Telnet命令即为用户通过安装在客户端上的 Telnet 程序输入的命令。  Specifically, a network security device, such as a gateway device or a firewall, may be deployed between the client and the server, and each row of Telnet commands sent by the client to the server may be obtained from the interaction message between the client and the server. This Telnet command is the command that the user enters through the Telnet program installed on the client.
步骤 102、 对所述 Telnet命令的内容进行识别。  Step 102: Identify content of the Telnet command.
网络安全设备可以对该 Telnet命令的内容进行识别, 从而获知用户需要 让服务器执行的命令。  The network security device can identify the content of the Telnet command to know the commands that the user needs to execute the server.
步骤 103、 若识别结果为所述 Telnet命令为需要被阻断的命令, 则对所述 Telnet命令进行过滤处理。  Step 103: If the Telnet command is a command that needs to be blocked, the Telnet command is filtered.
如果网络安全设备通过识别获知该 Telnet命令为需要被阻断的命令, 则 网络安全设备可以对该 Telnet命令进行过滤处理。 需要说明的是, 该需要被 阻断的命令为预设的可能对服务器的正常工作造成影响的命令, 本领域技术 人员可以根据需要以及网络安全级别自行设定需要被阻断的命令。 If the network security device knows that the Telnet command is a command that needs to be blocked, the network security device may perform filtering processing on the Telnet command. It should be noted that the need to be The blocked command is a preset command that may affect the normal operation of the server. Those skilled in the art can set the command to be blocked according to the needs and the network security level.
本实施例中, 网络安全设备可以获取从客户端发往服务器的每行 Telnet 命令, 然后可以对该 Telnet命令的内容进行识别, 一旦识别该行 Telnet命令 为可能影响服务器的正常工作的需要被阻断的命令, 则网络安全设备可以过 来该 Telnet命令, 从而保证了服务器的可靠运行。  In this embodiment, the network security device can obtain each line of Telnet commands sent from the client to the server, and then can identify the content of the Telnet command. Once the Telnet command is identified, the need to affect the normal operation of the server is blocked. If the command is broken, the network security device can come over the Telnet command to ensure reliable operation of the server.
图 1所示方法实施例中的步骤 101可以釆用两种具体的技术方案实现, 下面将对这两种具体的技术方案进行详细说明。  Step 101 in the method embodiment shown in FIG. 1 can be implemented by using two specific technical solutions. The two specific technical solutions will be described in detail below.
方案一、 修改协商选项  Option 1, modify the negotiation options
在现有技术中, 对于客户端来说, 其默认釆用单字符方式向服务器发送 Telnet命令,也即在客户端与服务器进行选项协商的过程中默认釆用单字符模 式。 以客户端向服务器发送包含 "ABC" 三个字符的 Telnet命令为例来说, 客户端将字符 "A" 发送给网络安全设备, 网络安全设备緩存该字符 "A" 并 将该字符 "A"发送给服务器, 然后客户端可以将 "B"发送给网络安全设备, 网络安全设备再将 "B"发送给服务器。 但是, 由于服务器一般来说具有联想 功能, 一旦服务器接收到包含 "AB" 两个字符的 Telnet命令, 则该服务器可 以联想到包含 "ABC" 三个字符的 Telnet命令, 因此服务器可以执行 "ABC" 这个 Telnet命令。但是,对于网络安全设备来说,其緩存的 Telnet命令为 "AB" , 而 "AB" 这个 Telnet命令可能是允许的命令, "ABC" 这个 Telnet命令可能 就是需要被阻断的命令。 因此, 网络安全设备无法保证服务器的可靠运行。  In the prior art, for the client, the default is to send a Telnet command to the server in a single-character manner, that is, the single-character mode is used by default when the client negotiates with the server. For example, the client sends a Telnet command containing three characters "ABC" to the server. The client sends the character "A" to the network security device, and the network security device caches the character "A" and the character "A". Sent to the server, then the client can send "B" to the network security device, and the network security device sends "B" to the server. However, since the server generally has the Lenovo function, once the server receives the Telnet command containing the two characters "AB", the server can associate the Telnet command containing the three characters "ABC", so the server can execute "ABC". This telnet command. However, for network security devices, the cached Telnet command is "AB", and the "AB" Telnet command may be the allowed command. The "ABC" Telnet command may be the command that needs to be blocked. Therefore, network security devices cannot guarantee reliable operation of the server.
为此, 本方案一中, 在客户端与服务器建立连接后, 在客户端发送命令 报文之前, 网络安全设备可以在客户端与服务器进行选项协商的过程中, 将 默认的单字符模式修改为行模式, 也即客户端在向服务器发送 Telnet命令时 釆用一次一行的方式, 然后网络安全设备可以将协商选项为行模式的指示信 息发送给客户端和服务器。 仍以客户端向服务器发送包含 "ABC" 三个字符 的 Telnet命令为例来说, 客户端在行模式下并非将字符 "A" 或者 "B" 这样 的单字符发送给网络安全设备, 而是在包含 "ABC" 三个字符的 Telnet命令 输入完成后, 再将该 Telnet命令发送给网络安全设备, 因此, 网络安全设备 可以获取完整的 Telnet命令, 从而仅需要对包含该 Telnet命令的报文进行解 析, 即可获知该 Telnet命令的内容, 从而对该 Telnet命令进行可靠过滤, 以 保证服务器的可靠运行。 Therefore, in the first solution, after the client establishes a connection with the server, before the client sends the command message, the network security device can modify the default single-character mode to be in the process of the client and the server performing the option negotiation. In the line mode, that is, the client sends a Telnet command to the server one line at a time, and then the network security device can send the negotiation option to the client mode and the server. For example, the client sends a Telnet command containing the three characters "ABC" to the server. For example, the client does not send a single character such as the character "A" or "B" to the network security device in the line mode. Telnet command with three characters containing "ABC" After the input is complete, the Telnet command is sent to the network security device. Therefore, the network security device can obtain the complete Telnet command, so that only the packet containing the Telnet command needs to be parsed, and the content of the Telnet command can be obtained. Therefore, the Telnet command is reliably filtered to ensure reliable operation of the server.
在具体实现时, 该网络安全设备可以充当代理的角色, 该网络安全设备 可以分别与客户端和服务器建立连接,并且分别与客户端和服务器进行 Telnet 协商选项, 从而使得客户端釆用一次一行的行模式向服务器发送 Telnet命令。  In a specific implementation, the network security device can act as a proxy, and the network security device can establish a connection with the client and the server respectively, and perform Telnet negotiation options with the client and the server respectively, so that the client uses one line at a time. Line mode sends a Telnet command to the server.
方案二、 字符回显比较  Option 2, character echo comparison
在本方案中, 客户端可以仍釆用现有技术中默认的单字符模式向服务器 发送 Telnet命令。  In this scenario, the client can still send Telnet commands to the server using the default single-character mode in the prior art.
网络安全设备可以在客户端与服务器的交互过程中, 对客户端输入的命 令字符和服务器根据该命令字符回显的命令字符进行记录, 并将客户端输入 的命令字符与服务器回显的命令字符进行比对分析, 来还原获取客户端输入 的每行 Telnet命令内容, 从而识别该用户需要服务器执行的 Telnet命令, 进 而对该 Telnet命令进行过滤处理。  The network security device can record the command characters input by the client and the command characters returned by the server according to the command characters during the interaction between the client and the server, and the command characters input by the client and the command characters returned by the server. Performing a comparison analysis to restore the content of each Telnet command input by the client, thereby identifying the Telnet command that the user needs to perform the server, and then filtering the Telnet command.
具体来说, 网络安全设备可以接收客户端输入的第一命令字符并緩存, 将第一命令字符发送给服务器, 并接收服务器根据该第一命令字符回显的第 二命令字符; 网络安全设备可以对第一命令字符和第二命令字符进行比较, 若第二命令字符与第一命令字符相同且均为常规字符, 则说明客户端输入的 该第一命令字符为 Telnet命令中的常规字符, 则网络安全设备可以将第一命 令字符添加在客户端待执行的 Telnet命令的常规字符的尾部; 若第一命令字 符为控制字符且第二命令字符为常规字符, 则说明服务器已经确认了要执行 的具体的 Telnet命令, 因此, 网络安全设备可以将第二命令字符添加在客户 端待执行的 Telnet命令的常规字符的尾部, 并确定服务器已经获知了所需执 行的 Telnet命令; 可选地, 为了能够提高命令识别的准确性, 若第二命令字 符与第一命令字符不同且均为控制字符, 则说明服务器对待执行的 Telnet命 令进行了联想但服务器并未确定要执行的具体的 Telnet命令, 则网络安全设 备可以将第一命令字符和第二命令字符添加在客户端待执行的 Telnet命令的 尾部; 在用户完成 Telnet命令的输入后, 可以通过客户端输入回车字符, 若 网络安全设备识别出此时的第一命令字符为回车字符, 则可以确定用户需要 服务器执行该 Telnet命令, 因此, 网络安全设备提取已緩存的各个字符(即 逐次添加获得的待执行的 Telnet命令)作为还原获取的一行 Telnet命令, 并 可以对还原获取的每行 Telnet命令的内容进行识别, 确定该 Telnet命令中是 否包含所需阻断的命令关键字, 若包含, 则网络安全设备可以将回车字符转 换为非命令字符。 由于服务器不识别非命令字符, 因此, 该非命令字符对于 服务器来说是无效的, 相应地, 服务器将不会执行该 Telnet命令, 从而保证 该服务器的可靠运行。 Specifically, the network security device may receive the first command character input by the client and cache, send the first command character to the server, and receive a second command character that is displayed by the server according to the first command character; the network security device may Comparing the first command character and the second command character. If the second command character is the same as the first command character and is a regular character, the first command character input by the client is a regular character in the Telnet command, The network security device may add the first command character to the end of the regular character of the Telnet command to be executed by the client; if the first command character is a control character and the second command character is a regular character, the server has confirmed that the server has confirmed The specific Telnet command, therefore, the network security device can add the second command character to the end of the regular character of the Telnet command to be executed by the client, and determine that the server has learned the Telnet command to be executed; optionally, in order to Improve the accuracy of command recognition, if the second command character and the first life And control characters are different character, then the Telnet server command execution were treated Lenovo server but not sure you want to perform specific Telnet command, the network security device The first command character and the second command character can be added to the end of the Telnet command to be executed by the client; after the user completes the input of the Telnet command, the enter character can be input through the client, if the network security device recognizes the time The first command character is a carriage return character, and it can be determined that the user needs the server to execute the Telnet command. Therefore, the network security device extracts the cached characters (that is, the Telnet command to be executed sequentially added) as a row of Telnet obtained by the restore. The command can identify the content of each Telnet command obtained by the restore to determine whether the Telnet command contains the command keyword to be blocked. If it is included, the network security device can convert the carriage return character to a non-command character. . Since the server does not recognize non-command characters, the non-command character is invalid for the server. Accordingly, the server will not execute the Telnet command, thereby ensuring reliable operation of the server.
需要说明的是, 在本方案中, 以现有 Telnet命令的组成来说, 常规字符 可以是 a~z这 26个英文字母, 而控制字符可以为 Tab, 空格, 上、 下方向键 对应的操作符等, 而非命令字符可以为 Telnet命令中不会使用的 ' ,、 ':,、 '!, 等字符。 本领域技术人员可以根据普通知识获知所需釆用的常规字符、 控制字符以及非命令字符, 此处不做限定。  It should be noted that, in this solution, in the composition of the existing Telnet command, the regular characters can be 26 letters of a~z, and the control characters can be tab, space, upper and lower direction keys corresponding operations. Characters, etc., instead of command characters, can be used for ' , , ' : , , '! , and so on. A person skilled in the art can know the conventional characters, control characters, and non-command characters that are required to be used according to the general knowledge, which is not limited herein.
图 2为本发明 Telnet命令过滤方法实施例二的流程图, 图 3为图 2所示 方法实施例二所应用的网络架构示意图, 如图 2和 3所示, 本实施例的方法 具体用于实现上述方案一所述的技术方案, 本实施例的方法可以包括:  2 is a flowchart of a second embodiment of a method for filtering a Telnet command according to the present invention. FIG. 3 is a schematic diagram of a network architecture applied to the second embodiment of the method shown in FIG. 2. As shown in FIG. 2 and FIG. The technical solution of the foregoing solution is implemented. The method in this embodiment may include:
步骤 201、 客户端向网络安全设备发送系统报文(以下简称: SYN )。 步骤 202、 网络安全设备向客户端发送系统响应报文(以下简称: SYN ACK )。  Step 201: The client sends a system packet (hereinafter referred to as SYN) to the network security device. Step 202: The network security device sends a system response packet (hereinafter referred to as SYN ACK) to the client.
步骤 203、 客户端向网络安全设备发送响应 ^艮文(以下简称: ACK )。 步骤 201〜步骤 203中, 网络安全设备可以作为代理服务器与客户端进行 三次握手。  Step 203: The client sends a response to the network security device (hereinafter referred to as ACK). In step 201 to step 203, the network security device can perform a three-way handshake with the client as a proxy server.
步骤 204、 网络安全设备向服务器发送 SYN报文。  Step 204: The network security device sends a SYN packet to the server.
步骤 205、 服务器向网络安全设备发送 SYN ACK报文。  Step 205: The server sends a SYN ACK packet to the network security device.
步骤 206、 网络安全设备向服务器发送 ACK报文。 步骤 204〜步骤 206中, 网络安全设备可以作为代理客户端与服务器进行 三次握手。 Step 206: The network security device sends an ACK packet to the server. In steps 204 to 206, the network security device can perform a three-way handshake with the server as a proxy client.
步骤 207、 客户端向网络安全设备发送选项协商请求报文。  Step 207: The client sends an option negotiation request message to the network security device.
在本实施例中, 该选项协商请求报文中未包含行模式选项。  In this embodiment, the line mode option is not included in the option negotiation request message.
具体来说, 客户端在向服务器发送 Telnet命令之前, 需要与服务器进行 选项协商, 即协商 Telnet命令的传送模式是行模式还是单字符模式。 网络安 全设备可以确认该选项协商请求报文中是否包含行模式选项, 例如是否包含 'WILL LINEMODE' 这一选项。 在现有的默认情况下, 该选项协商请求报 文中未包含行模式选项, 即默认以单字符模式传送。  Specifically, before the client sends a Telnet command to the server, it needs to negotiate with the server to negotiate the Telnet command in line mode or single-character mode. The network security device can confirm whether the option negotiation request message contains line mode options, such as whether to include the option 'WILL LINEMODE'. In the existing default case, the option negotiation message does not include the line mode option, which is transmitted by default in single-character mode.
步骤 208、 网络安全设备向客户端和服务器发送选项协商报文。  Step 208: The network security device sends an option negotiation message to the client and the server.
该选项协商报文中包含所述行模式选项。  The line mode option is included in the option negotiation message.
具体来说, 如果网络安全设备确认选项协商请求报文没有 'WILL LINEMODE' 这一选项, 则网络安全设备可以作为代理服务器向客户端回复 一个选项协商报文, 该选项协商报文中可以包含 'WILL LINEMODE' 选项, 以使得客户端获知服务器要求以行模式传输 Telnet命令。  Specifically, if the network security device confirms that the option negotiation request message does not have the option of 'WILL LINEMODE', the network security device can serve as a proxy server to reply an option negotiation message to the client, and the option negotiation message can include The WILL LINEMODE' option causes the client to know that the server is requesting to transfer Telnet commands in line mode.
并且, 网络安全设备可以作为代理客户端向服务器发送选项协商报文, 以使得服务器获知客户端请求以行模式传输 Telnet命令。  Moreover, the network security device can send the option negotiation message to the server as a proxy client, so that the server knows that the client requests to transmit the Telnet command in a row mode.
因此, 在本实施例中, 网络安全设备充当代理的角色, 将客户端和服务 器之间发送 Telnet命令的方式协商为行模式, 即客户端以一次一行的方式发 送 Telnet命令。  Therefore, in this embodiment, the network security device acts as a proxy, and negotiates the manner in which the Telnet command is sent between the client and the server in a row mode, that is, the client sends the Telnet command one line at a time.
步骤 209、网络安全设备接收客户端釆用行模式发送的 Telnet命令的命令 报文。  Step 209: The network security device receives the command message of the Telnet command sent by the client in the line mode.
步骤 210、 网络安全设备对该命令报文解析, 提取 Telnet命令, 将 Telnet 命令的内容与需要被阻断的命令内容集合进行匹配识别, 若 Telnet命令的内 容与命令内容集合中的内容匹配成功, 则丟弃该 Telnet命令。  Step 210: The network security device parses the command packet, extracts the Telnet command, and matches the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command matches the content in the command content set, The Telnet command is discarded.
可替换地, 步骤 210中, 网络安全设备也可以识别该 Telnet命令的内容 中是否包含所需阻断的命令关键字, 如果包含, 则说明该 Telnet命令为需要 被阻断的命令, 因此, 网络安全设备可以将该 Telnet命令丟弃。 Alternatively, in step 210, the network security device may also identify whether the content of the Telnet command includes a command keyword to be blocked, and if so, the Telnet command is required. The blocked command, therefore, the network security device can discard the Telnet command.
本实施例中, 网络安全设备可以作为代理,对客户端向服务器传输 Telnet 命令的模式进行选项协商, 从而使得客户端可以釆用行模式向服务器传输 Telnet命令。 一旦客户端釆用行模式向服务器传输 Telnet命令, 网络安全设备 即可获取完整准确的一行 Telnet命令, 从而可以通过对该 Telnet命令的内容 进行识别, 来阻断可能影响服务器正常工作的 Telnet命令, 进而保证服务器 的可靠运行。  In this embodiment, the network security device can act as a proxy to negotiate options on the mode in which the client transmits the Telnet command to the server, so that the client can transmit the Telnet command to the server in the row mode. Once the client transmits the Telnet command to the server in the line mode, the network security device can obtain a complete and accurate Telnet command, so that the Telnet command can be identified to block the Telnet command that may affect the normal operation of the server. In turn, the server is guaranteed to operate reliably.
图 4为本发明 Telnet命令过滤方法实施例三的信令流程图, 如图 4所示, 本实施例的方法具体用于实现上述方案二所述的技术方案, 本实施例的方法 可以包括:  4 is a signaling flowchart of a method for filtering a Telnet command in the third embodiment of the present invention. As shown in FIG. 4, the method in this embodiment is specifically used to implement the technical solution described in the foregoing solution 2. The method in this embodiment may include:
步骤 401、 客户端与服务器之间进行三次握手。  Step 401: Perform a three-way handshake between the client and the server.
步骤 402、 客户端与服务器进行选项协商。  Step 402: The client and the server perform option negotiation.
在本实施例中, 客户端可以釆用默认的单字符模式向服务器发送 Telnet 命令。  In this embodiment, the client can send a Telnet command to the server using the default single-character mode.
步骤 403、 客户端通过网络安全设备向服务器发送字符 "m" ;  Step 403: The client sends the character "m" to the server through the network security device;
网络安全设备可以在本地緩存该字符 "m"。  The network security device can cache the character "m" locally.
步骤 404、 服务器通过网络安全设备向客户端回显字符 "m"。  Step 404: The server echoes the character "m" to the client through the network security device.
网络安全设备通过比对发现回显的字符 "m" 与客户端之前发送的字符 The network security device finds the echoed character "m" by comparison with the character sent before the client.
"m" 相同, 均为常规字符, 则网络安全设备可以确认该字符 "m" 是用户所 需执行的 Telnet命令中的一个字符, 则此时网络安全设备可以记录该字符"m" is the same, both are regular characters, the network security device can confirm that the character "m" is a character in the Telnet command that the user needs to execute, then the network security device can record the character.
"m"。 "m".
步骤 405、 客户端通过网络安全设备向服务器发送字符 "0" ;  Step 405: The client sends the character "0" to the server through the network security device;
网络安全设备可以在本地緩存该字符 "0"。  The network security device can cache the character "0" locally.
步骤 406、 服务器通过网络安全设备向客户端回显字符 "o"。  Step 406: The server echoes the character "o" to the client through the network security device.
网络安全设备通过比对发现回显的字符 "0"与客户端之前发送的字符 "0" 相同, 均为常规字符, 则网络安全设备可以确认该字符 "0" 是用户所需执行 的 Telnet命令中的一个字符, 则此时网络安全设备可以将该字符 "o" 记录在 字符 "m" 之后, 生成字符 "mo"。 The network security device finds that the echoed character "0" is the same as the character "0" sent by the client before the comparison, which is a regular character. The network security device can confirm that the character "0" is the Telnet command required by the user. One character in , then the network security device can record the character "o" in After the character "m", the character "mo" is generated.
步骤 407、 客户端通过网络安全设备向服务器发送字符 "\t" ;  Step 407: The client sends the character "\t" to the server through the network security device;
客户端在用户按下 Tab键时, 向服务器发送对应的操作符: 字符 "\t"。 网络安全设备可以在本地緩存该字符 "\t"。  When the user presses the Tab key, the client sends the corresponding operator to the server: the character "\t". The network security device can cache the character "\t" locally.
步骤 408、 服务器通过网络安全设备向客户端回显字符 "\a"。  Step 408: The server echoes the character "\a" to the client through the network security device.
网络安全设备通过比对发现回显的字符" \a"与客户端之前发送的字符" \t" 不相同, 且均为控制字符, 则网络安全设备可以获知服务器进行了联想, 且 确定此时服务器并没有确定要执行的具体命令。 此时, 网络安全设备可以将 该字符 "\t\a"记录在 Telnet命令的尾部, 即字符 "o"之后,生成字符 "mo\t\a"。  The network security device finds that the echoed character " \a" is different from the character " \t" sent by the client before the comparison, and both are control characters, then the network security device can learn that the server has been associated, and determine this time. The server did not determine the specific command to execute. At this point, the network security device can record the character "\t\a" at the end of the Telnet command, that is, after the character "o", to generate the character "mo\t\a".
步骤 409、 客户端通过网络安全设备向服务器发送字符 "r" ;  Step 409: The client sends a character "r" to the server through the network security device;
网络安全设备可以在本地緩存该字符 "r"。  The network security device can cache the character "r" locally.
步骤 410、 服务器通过网络安全设备向客户端回显字符 "r"。  Step 410: The server echoes the character "r" to the client through the network security device.
网络安全设备通过比对发现回显的字符 "r"与客户端之前发送的字符 "r" 相同, 且均为常规字符, 则网络安全设备可以确认该字符 "r" 是用户所需执 行的 Telnet命令中的一个字符, 则此时网络安全设备可以将该字符 "r" 记录 在常规字符的尾部, 即记录在 "0" 之后, 生成字符 "mor\t\a"。  The network security device finds that the echoed character "r" is the same as the character "r" sent by the client before the comparison, and both are regular characters. The network security device can confirm that the character "r" is the Telnet required by the user. A character in the command, then the network security device can record the character "r" at the end of the regular character, that is, after "0", and generate the character "mor\t\a".
步骤 411、 客户端通过网络安全设备向服务器发送字符 "\t" ;  Step 411: The client sends the character “\t” to the server through the network security device;
网络安全设备可以在本地緩存该字符 "\t"。  The network security device can cache the character "\t" locally.
步骤 412、 服务器通过网络安全设备向客户端回显字符 "e"。  Step 412: The server echoes the character "e" to the client through the network security device.
网络安全设备通过比对发现回显的字符 "e" 为常规字符, 而客户端之前 发送的字符 "\t" 为且控制字符, 则网络安全设备可以确认服务器已经获知了 用户所需执行的具体命令, 该字符 "e" 是用户所需执行的 Telnet命令中的一 个字符, 则此时网络安全设备可以将该字符 "e" 记录在常规字符的尾部, 即 记录在 "r" 之后, 生成字符 "more\t\a"„  After the network security device finds that the echoed character "e" is a regular character, and the character "\t" sent by the client is a control character, the network security device can confirm that the server has learned the specific execution of the user. Command, the character "e" is a character in the Telnet command that the user needs to execute. At this time, the network security device can record the character "e" at the end of the regular character, that is, after the "r", generate the character. "more\t\a"„
至此, 网络安全设备即可还原获取用户通过客户端输入的 Telnet命令为 "more"。  At this point, the network security device can restore and obtain the Telnet command entered by the user through the client as "more".
步骤 413、 客户端通过网络安全设备向服务器发送回车字符。 此时, 网络安全设备可以获知用户确认执行该 Telnet命令, 此时网络安 全设备可以识别该 Telnet命令 "more" 是否包含所需阻断的命令关键字, 若 包含, 则网络安全设备可以将回车字符转换为非命令字符, 例如转换为 "(", 并将 "(" 发送给服务器, 对于服务器来说, 其为无效命令, 服务器不会执行 Telnet命令 "more"。 Step 413: The client sends a carriage return character to the server through the network security device. At this point, the network security device can learn that the user confirms to execute the Telnet command. At this time, the network security device can recognize whether the Telnet command "more" contains the command keyword to be blocked. If it is included, the network security device can press Enter. Characters are converted to non-command characters, for example converted to "(", and will be "(" sent to the server, for the server, it is an invalid command, the server will not execute the Telnet command "more".
可选地, 网络安全设备还可以将 Telnet命令的内容与需要被阻断的命令 内容集合进行匹配识别, 若 Telnet命令的内容与命令内容集合中的内容匹配 成功, 则说明该 Telnet命令为所需阻断的命令。  Optionally, the network security device may further match the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command matches the content in the command content set, the Telnet command is required. Blocked commands.
本实施例中, 网络安全设备可以在客户端与服务器釆用单字符模式进行 交互的过程中, 通过对交互字符的记录和分析, 还原获取客户端向服务器传 输的每行 Telnet命令, 从而可以通过对该 Telnet命令的内容进行识别, 来阻 断可能影响服务器正常工作的 Telnet命令, 进而保证服务器的可靠运行。  In this embodiment, the network security device can restore each line of Telnet commands transmitted by the client to the server by recording and analyzing the interactive characters during the interaction between the client and the server in the single-character mode. The content of the Telnet command is identified to block Telnet commands that may affect the normal operation of the server, thereby ensuring reliable operation of the server.
图 5为本发明网络安全设备实施例一的结构示意图, 如图 5所示, 本实 施例的网络安全设备可以部署在客户端和服务器之间, 该网络安全设备可以 包括: 命令获取模块 11、 内容识别模块 12 以及过滤处理模块 13 , 其中, 命 令获取模块 11 , 用于从客户端和服务器的交互报文中, 获取客户端发往服务 器的每行 Telnet命令; 内容识别模块 12 , 用于对所述 Telnet命令的内容进行 识别; 过滤处理模块 13 , 用于若识别结果为所述 Telnet命令为需要被阻断的 命令, 则对所述 Telnet命令进行过滤处理。 设备, 本实施例的网络安全设备可以用于执行图 1 所示方法实施例的方法, 其实现原理和技术效果类似, 此处不再赘述。  FIG. 5 is a schematic structural diagram of Embodiment 1 of a network security device according to the present invention. As shown in FIG. 5, the network security device in this embodiment may be deployed between a client and a server, and the network security device may include: a command obtaining module 11 The content identification module 12 and the filtering processing module 13 are configured to: obtain, from the interaction message between the client and the server, each Telnet command sent by the client to the server; the content identification module 12 is configured to The content of the Telnet command is identified. The filtering processing module 13 is configured to filter the Telnet command if the Telnet command is a command that needs to be blocked. The device, the network security device of this embodiment may be used to perform the method of the method embodiment shown in FIG. 1, and the implementation principle and the technical effect are similar, and details are not described herein again.
图 6为本发明网络安全设备实施例二的结构示意图, 如图 6所示, 本实 施例的设备在图 5所示设备的基础上,进一步地,命令获取模块 11可以包括: 选项协商处理单元 111和命令获取单元 112, 其中, 选项协商处理单元 111 , 用于接收所述客户端在发送命令报文之前发送的选项协商请求报文, 所述选 项协商请求报文中未包含行模式选项; 向所述客户端和所述服务器发送选项 协商报文, 所述选项协商报文中包含所述行模式选项; 命令获取单元 11 , 用 于接收所述客户端发送的命令报文, 所述命令报文中包含所述客户端釆用行 模式发送的 Telnet命令, 对所述命令报文进行解析获得每行 Telnet命令; 过 滤处理模块 13 ,具体用于若识别结果为所述 Telnet命令为需要被阻断的命令, 丟弃该 Telnet命令。 Figure 6 is a schematic structural diagram of Embodiment 2 of the network security device of the present invention. As shown in Figure 6, the device in this embodiment is based on the device shown in Figure 5. Further, the command obtaining module 11 may include: an option negotiation processing unit. And the command obtaining unit 112, wherein the option negotiation processing unit 111 is configured to receive an option negotiation request message sent by the client before sending the command message, where the option negotiation request message does not include a line mode option; Send options to the client and the server a negotiation packet, where the option negotiation message includes the line mode option; the command obtaining unit 11 is configured to receive a command message sent by the client, where the command message includes the client usage line The Telnet command sent by the mode is configured to parse the command packet to obtain a Telnet command. The filtering processing module 13 is configured to discard the Telnet command if the Telnet command is a command that needs to be blocked.
具体地,内容识别模块 12,可以包括:存储单元 121和匹配识别单元 122, 其中存储单元 121 , 用于存储需要被阻断的命令内容集合和 /或所需阻断的命 令关键字; 匹配识别单元 122 , 用于将所述 Telnet命令的内容与需要被阻断的 命令内容集合进行匹配识别, 若所述 Telnet命令的内容与需要被阻断的命令 内容集合中的至少一个命令内容相同, 则确定所述 Telnet命令为需要被阻断 的命令; 或者, 判断所述 Telnet命令的内容中是否包含所需阻断的命令关键 字, 若包含所需阻断的命令关键字, 则确定所述 Telnet命令为需要被阻断的 命令。  Specifically, the content identification module 12 may include: a storage unit 121 and a matching identification unit 122, where the storage unit 121 is configured to store a command content set that needs to be blocked and/or a command keyword that needs to be blocked; The unit 122 is configured to match and match the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command is the same as the content of at least one command content in the command content set that needs to be blocked, Determining that the Telnet command is a command that needs to be blocked; or determining whether the content of the Telnet command includes a command keyword to be blocked, and if the command keyword to be blocked is included, determining the Telnet The command is a command that needs to be blocked.
本实施例的网络安全设备可以用于执行图 2 所示方法实施例的方法, 其 实现原理和技术效果类似, 此处不再赘述。  The network security device in this embodiment may be used to perform the method in the method embodiment shown in FIG. 2, and the implementation principle and technical effects are similar, and details are not described herein again.
图 7为本发明网络安全设备实施例三的结构示意图, 如图 7所示, 本实 施例的设备在图 5所示设备的基础上,进一步地,命令获取模块 11可以包括: 字符获取单元 113和命令还原单元 114 , 其中, 字符获取单元 113 , 用于从客 户端向服务器发送的报文中提取客户端输入的第一命令字符并緩存, 将所述 第一命令字符发送给所述服务器, 并从服务器返回的报文中提取所述服务器 根据所述第一命令字符回显的第二命令字符; 命令还原单元 114, 用于若所述 第二命令字符与所述第一命令字符相同且均为常规字符, 则将所述第一命令 字符添加在待执行的 Telnet命令中的常规字符的尾部, 所述待执行的 Telnet 命令的初始内容为空; 若所述第一命令字符为控制字符且所述第二命令字符 为常规字符, 则将所述第二命令字符添加在所述客户端待执行的 Telnet命令 的常规字符的尾部; 若所述第一命令字符为回车字符, 则提取逐次在尾部添 加字符而生成的所述待执行的 Telnet命令作为客户端发往服务器的一行 Telnet 命令。 相应地, 过滤处理模块 13 , 具体用于若识别结果为所述 Telnet命令为 需要被阻断的命令, 将所述回车字符转换为非命令字符, 并将所述非命令字 符发送给所述服务器。 FIG. 7 is a schematic structural diagram of Embodiment 3 of the network security device of the present invention. As shown in FIG. 7, the device in this embodiment is based on the device shown in FIG. 5, and further, the command obtaining module 11 may include: a character acquiring unit 113. And a command recovery unit 114, wherein the character obtaining unit 113 is configured to extract a first command character input by the client from the packet sent by the client to the server, and cache the first command character, and send the first command character to the server. And extracting, from the message returned by the server, the second command character that is sent back by the server according to the first command character; the command restoring unit 114 is configured to: if the second command character is the same as the first command character and If the first command character is a regular character, the first command character is added to the end of the regular character in the Telnet command to be executed, and the initial content of the Telnet command to be executed is null; if the first command character is a control character And the second command character is a regular character, and the second command character is added to the tail of the regular character of the Telnet command to be executed by the client. If the first command character is a carriage return character, extracting the to-be-executed Telnet command generated by adding a character at the end of the sequence as a row of Telnet sent by the client to the server command. Correspondingly, the filtering processing module 13 is specifically configured to: if the recognition result is that the Telnet command is a command that needs to be blocked, convert the carriage return character into a non-command character, and send the non-command character to the server.
命令还原单元 114,还用于若所述第二命令字符与所述第一命令字符不同 且均为控制字符, 则将所述第一命令字符和第二命令字符添加在所述客户端 待执行的 Telnet命令的尾部。  The command restoring unit 114 is further configured to: add the first command character and the second command character to the client to be executed if the second command character is different from the first command character and is a control character The tail of the telnet command.
内容识别模块 12, 具体可以包括: 存储单元 121和匹配识别单元 122 , 其中存储单元 121 , 用于存储需要被阻断的命令内容集合和 /或所需阻断的命 令关键字; 匹配识别单元 122 , 用于将所述 Telnet命令的内容与需要被阻断的 命令内容集合进行匹配识别, 若所述 Telnet命令的内容与需要被阻断的命令 内容集合中的至少一个命令内容相同, 则确定所述 Telnet命令为需要被阻断 的命令; 或者, 识别所述 Telnet命令的内容中是否包含所需阻断的命令关键 字, 若包含所需阻断的命令关键字, 则确定所述 Telnet命令为需要被阻断的 命令。  The content identification module 12 may specifically include: a storage unit 121 and a matching identification unit 122, wherein the storage unit 121 is configured to store a command content set that needs to be blocked and/or a command keyword that needs to be blocked; the matching identification unit 122 And matching, the content of the Telnet command is matched with the command content set that needs to be blocked, and if the content of the Telnet command is the same as the content of at least one command in the command content set that needs to be blocked, determining The Telnet command is a command that needs to be blocked; or, the content of the Telnet command is included in the content of the Telnet command, and if the command keyword to be blocked is included, the Telnet command is determined to be The command that needs to be blocked.
本实施例的网络安全设备可以用于执行图 4 所示方法实施例的方法, 其 实现原理和技术效果类似, 此处不再赘述。  The network security device in this embodiment may be used to perform the method in the method embodiment shown in FIG. 4, and the implementation principle and technical effects are similar, and details are not described herein again.
图 8为本发明网络安全系统实施例的结构示意图, 如图 8所示, 本实施 例的系统可以包括: 依次连接的客户端 1、 网络安全设备 2和服务器 3 ,其中, 网络安全设备 2可以釆用图 5~7中的任一结构, 其对应地可执行图 1~4中任 一方法实施例, 其实现原理和技术效果类似, 此处不再赘述。  FIG. 8 is a schematic structural diagram of an embodiment of a network security system according to the present invention. As shown in FIG. 8, the system in this embodiment may include: a client 1, a network security device 2, and a server 3 connected in sequence, wherein the network security device 2 may </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI>
本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤 可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机可读 取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述 的存储介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程序代码的介 最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其 限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术 人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或 者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技 术方案的本质脱离本发明各实施例技术方案的范围。 A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing storage medium includes: ROM, RAM, magnetic disk or optical disk, etc., which can store various program codes. Finally, the above embodiments are only used to illustrate the technical solution of the present invention. Without limiting it; although the invention has been described in detail with reference to the foregoing embodiments, It should be understood that: the technical solutions described in the foregoing embodiments may be modified, or some of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the essence of the corresponding technical solutions. The scope of the technical solution.

Claims

权 利 要 求 Rights request
1、 一种 Telnet命令过滤方法, 其特征在于, 包括:  A Telnet command filtering method, which is characterized by:
从客户端和服务器的交互报文中, 获取客户端发往服务器的每行 Telnet 命令;  Obtain each line of Telnet commands sent by the client to the server from the client and server interaction messages.
对所述 Telnet命令的内容进行识别;  Identifying the content of the Telnet command;
若识别结果为所述 Telnet命令为需要被阻断的命令, 则对所述 Telnet命 令进行过滤处理。  If the Telnet command is a command that needs to be blocked, the Telnet command is filtered.
2、 根据权利要求 1所述的方法, 其特征在于, 所述从客户端和服务器的 交互报文中, 获取客户端发往服务器的每行 Telnet命令, 包括:  The method according to claim 1, wherein the Telnet command sent by the client to the server is obtained from the interaction message between the client and the server, including:
接收所述客户端在发送命令报文之前发送的选项协商请求报文, 若选项 协商请求报文中未包含行模式选项, 向所述客户端和所述服务器发送选项协 商报文, 所述选项协商报文中包含所述行模式选项;  Receiving an option negotiation request message sent by the client before sending the command message, and if the option negotiation request message does not include the line mode option, sending an option negotiation message to the client and the server, the option The line mode option is included in the negotiation message;
接收所述客户端发送的命令报文, 所述命令报文中包含所述客户端釆用 行模式发送的 Telnet命令, 对所述命令报文进行解析获得每行 Telnet命令; 所述对所述 Telnet命令进行过滤处理, 包括:  Receiving, by the client, a command packet sent by the client, where the command packet includes a Telnet command sent by the client in a row mode, and parsing the command packet to obtain a Telnet command for each line; The Telnet command is used to filter, including:
丟弃所述 Telnet命令。  Discard the Telnet command.
3、 根据权利要求 1所述的方法, 其特征在于, 所述从客户端和服务器的 交互报文中, 获取客户端发往服务器的每行 Telnet命令, 包括:  The method according to claim 1, wherein the Telnet command sent by the client to the server is obtained from the interaction message between the client and the server, including:
从客户端向服务器发送的报文中提取客户端输入的第一命令字符并緩 存, 将所述第一命令字符发送给所述服务器, 并从服务器返回的报文中提取 所述服务器根据所述第一命令字符回显的第二命令字符;  Extracting, by the client, the first command character input by the client, and buffering, sending the first command character to the server, and extracting the server from the message returned by the server according to the The second command character that is echoed by the first command character;
若所述第二命令字符与所述第一命令字符相同且均为常规字符, 则将所 述第一命令字符添加在待执行的 Telnet命令中的常规字符的尾部, 所述待执 行的 Telnet命令的初始内容为空;  If the second command character is the same as the first command character and is a regular character, add the first command character to the end of the regular character in the Telnet command to be executed, and the Telnet command to be executed The initial content is empty;
若所述第一命令字符为控制字符且所述第二命令字符为常规字符, 则将 所述第二命令字符添加在所述客户端待执行的 Telnet命令的常规字符的尾部; 若所述第一命令字符为回车字符, 则提取逐次在尾部添加字符而生成的 所述待执行的 Telnet命令作为客户端发往服务器的一行 Telnet命令; If the first command character is a control character and the second command character is a regular character, adding the second command character to a tail of a regular character of a Telnet command to be executed by the client; And if the first command character is a carriage return character, extracting the to-be-executed Telnet command generated by adding a character at the tail to the Telnet command sent by the client to the server;
所述对所述 Telnet命令进行过滤处理, 包括:  The filtering process of the Telnet command includes:
将所述回车字符转换为非命令字符, 并将所述非命令字符发送给所述服 务器。  Converting the carriage return character to a non-command character and transmitting the non-command character to the server.
4、 根据权利要求 3所述的方法, 其特征在于, 所述提取逐次在尾部添加 字符而生成的所述待执行的 Telnet命令作为客户端发往服务器的一行 Telnet 命令之前, 还包括:  The method according to claim 3, wherein the extracting the Telnet command to be executed after the character is added to the tail is used as a Telnet command sent by the client to the server, and further includes:
若所述第二命令字符与所述第一命令字符不同且均为控制字符, 则将所 述第一命令字符和第二命令字符添加在所述客户端待执行的 Telnet命令的尾 部。  And if the second command character is different from the first command character and is a control character, adding the first command character and the second command character to a tail end of the Telnet command to be executed by the client.
5、根据权利要求 1~4中任一项所述的方法,其特征在于,所述对所述 Telnet 命令的内容进行识别, 包括:  The method according to any one of claims 1 to 4, wherein the identifying the content of the Telnet command comprises:
将所述 Telnet命令的内容与需要被阻断的命令内容集合进行匹配识别, 若所述 Telnet命令的内容与需要被阻断的命令内容集合中的至少一个命令内 容相同, 则确定所述 Telnet命令为需要被阻断的命令; 或者,  And matching the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command is the same as the content of at least one command in the command content set that needs to be blocked, determining the Telnet command. For commands that need to be blocked; or,
判断所述 Telnet命令的内容中是否包含所需阻断的命令关键字, 若包含 所需阻断的命令关键字, 则确定所述 Telnet命令为需要被阻断的命令。  Determining whether the content of the Telnet command includes a command keyword to be blocked, and if the command keyword to be blocked is included, determining that the Telnet command is a command that needs to be blocked.
6、 一种网络安全设备, 其特征在于, 部署在客户端和服务器之间, 所述 网络安全设备, 包括:  A network security device, configured to be deployed between a client and a server, where the network security device includes:
命令获取模块, 用于从客户端和服务器的交互报文中, 获取客户端发往 服务器的每行 Telnet命令;  The command obtaining module is configured to obtain, from the interaction message between the client and the server, a Telnet command sent by the client to the server.
内容识别模块, 用于对所述 Telnet命令的内容进行识别;  a content identification module, configured to identify content of the Telnet command;
过滤处理模块, 用于若识别结果为所述 Telnet命令为需要被阻断的命令, 则对所述 Telnet命令进行过滤处理。  The filtering processing module is configured to filter the Telnet command if the Telnet command is a command that needs to be blocked.
7、 根据权利要求 6所述的网络安全设备, 其特征在于, 所述命令获取模 块, 包括: 选项协商处理单元, 用于接收所述客户端在发送命令报文之前发送的选 项协商请求报文, 所述选项协商请求报文中未包含行模式选项; 向所述客户 端和所述服务器发送选项协商报文, 所述选项协商报文中包含所述行模式选 项; The network security device according to claim 6, wherein the command acquisition module comprises: An option negotiation processing unit, configured to receive an option negotiation request message sent by the client before sending the command message, where the option negotiation request message does not include a line mode option; and send the message to the client and the server Option negotiation message, where the option negotiation message includes the line mode option;
命令获取单元, 用于接收所述客户端发送的命令报文, 所述命令报文中 包含所述客户端釆用行模式发送的 Telnet命令, 对所述命令报文进行解析获 得每行 Telnet命令;  The command obtaining unit is configured to receive a command message sent by the client, where the command message includes a Telnet command sent by the client in a line mode, and the command message is parsed to obtain a Telnet command for each line. ;
所述过滤处理模块, 具体用于若识别结果为所述 Telnet命令为需要被阻 断的命令, 丟弃所述 Telnet命令。  The filtering processing module is specifically configured to discard the Telnet command if the Telnet command is a command that needs to be blocked.
8、 根据权利要求 6所述的网络安全设备, 其特征在于, 命令获取模块, 包括:  The network security device according to claim 6, wherein the command acquisition module comprises:
字符获取单元, 用于从客户端向服务器发送的报文中提取客户端输入的 第一命令字符并緩存, 将所述第一命令字符发送给所述服务器, 并从服务器 返回的报文中提取所述服务器根据所述第一命令字符回显的第二命令字符; 命令还原单元, 用于若所述第二命令字符与所述第一命令字符相同且均 为常规字符, 则将所述第一命令字符添加在待执行的 Telnet命令中的常规字 符的尾部, 所述待执行的 Telnet命令的初始内容为空; 若所述第一命令字符 为控制字符且所述第二命令字符为常规字符, 则将所述第二命令字符添加在 所述客户端待执行的 Telnet命令的常规字符的尾部; 若所述第一命令字符为 回车字符, 则提取逐次在尾部添加字符而生成的所述待执行的 Telnet命令作 为客户端发往服务器的一行 Telnet命令;  a character obtaining unit, configured to extract a first command character input by the client from a message sent by the client to the server, and cache the first command character, and send the first command character to the server, and extract the message returned from the server a second command character that is sent back by the server according to the first command character; a command restore unit, configured to: if the second command character is the same as the first command character and both are regular characters, A command character is added to the end of the regular character in the Telnet command to be executed, and the initial content of the Telnet command to be executed is null; if the first command character is a control character and the second command character is a regular character Adding the second command character to the tail of the regular character of the Telnet command to be executed by the client; if the first command character is a carriage return character, extracting the generated by sequentially adding characters at the tail The Telnet command to be executed serves as a line of Telnet commands sent by the client to the server.
所述过滤处理模块, 用于若识别结果为所述 Telnet命令为需要被阻断的 命令, 将所述回车字符转换为非命令字符, 并将所述非命令字符发送给所述 服务器。  The filtering processing module is configured to: if the recognition result is that the Telnet command is a command that needs to be blocked, convert the carriage return character into a non-command character, and send the non-command character to the server.
9、 根据权利要求 8所述的网络安全设备, 其特征在于,  9. The network security device of claim 8 wherein:
所述命令还原单元, 还用于若所述第二命令字符与所述第一命令字符不 同且均为控制字符, 则将所述第一命令字符和第二命令字符添加在所述客户 端待执行的 Telnet命令的尾部。 The command restoring unit is further configured to add the first command character and the second command character to the client if the second command character is different from the first command character and is a control character The tail of the Telnet command to be executed.
10、 根据权利要求 6~9 中任一项所述的网络安全设备, 其特征在于, 所 述内容识别模块, 包括:  The network security device according to any one of claims 6 to 9, wherein the content identification module comprises:
存储单元, 用于存储需要被阻断的命令内容集合和 /或所需阻断的命令关 键字;  a storage unit, configured to store a set of command content that needs to be blocked and/or a command keyword that needs to be blocked;
匹配识别单元, 用于将所述 Telnet命令的内容与需要被阻断的命令内容 集合进行匹配识别, 若所述 Telnet命令的内容与需要被阻断的命令内容集合 中的至少一个命令内容相同, 则确定所述 Telnet命令为需要被阻断的命令; 或者, 判断所述 Telnet命令的内容中是否包含所需阻断的命令关键字, 若包 含所需阻断的命令关键字, 则确定所述 Telnet命令为需要被阻断的命令。  a matching identification unit, configured to match and match the content of the Telnet command with a command content set that needs to be blocked, if the content of the Telnet command is the same as the content of at least one command in the command content set that needs to be blocked, Determining that the Telnet command is a command that needs to be blocked; or determining whether the content of the Telnet command includes a command keyword to be blocked, and if the command keyword to be blocked is included, determining the The Telnet command is a command that needs to be blocked.
11、 一种网络安全系统, 包括: 依次连接的客户端、 网络安全设备和服 务器, 其特征在于, 所述网络安全设备釆用权利要求 6~10中任一项所述的网 络安全设备。  A network security system, comprising: a client, a network security device, and a server, which are sequentially connected, wherein the network security device uses the network security device according to any one of claims 6 to 10.
PCT/CN2012/081546 2011-12-23 2012-09-18 Telnet command filter method and network security device and system WO2013091407A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110437645.8 2011-12-23
CN201110437645.8A CN102546606B (en) 2011-12-23 2011-12-23 Telnet command filter method, network safety device and network safety system

Publications (1)

Publication Number Publication Date
WO2013091407A1 true WO2013091407A1 (en) 2013-06-27

Family

ID=46352568

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081546 WO2013091407A1 (en) 2011-12-23 2012-09-18 Telnet command filter method and network security device and system

Country Status (2)

Country Link
CN (1) CN102546606B (en)
WO (1) WO2013091407A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973782A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Operation and maintenance operation control system and method based on blacklist command setting
CN103647826B (en) * 2013-12-10 2017-04-12 国家电网公司 Instruction level user permission control method in Telnet mode

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546606B (en) * 2011-12-23 2014-12-31 华为数字技术(成都)有限公司 Telnet command filter method, network safety device and network safety system
CN102857520B (en) * 2012-10-11 2015-09-30 德讯科技股份有限公司 Telnet protocol security access system and method for character terminal
CN111404889B (en) * 2020-03-05 2023-06-09 网宿科技股份有限公司 Audit method and device and client
CN112261048A (en) * 2020-10-22 2021-01-22 广州锦行网络科技有限公司 PuTTY-based real-time blocking method for command line behaviors
CN117688555A (en) * 2024-02-02 2024-03-12 深圳昂楷科技有限公司 Database control method, device, terminal equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070203973A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Fuzzing Requests And Responses Using A Proxy
CN101459660A (en) * 2007-12-13 2009-06-17 国际商业机器公司 Method for integrating multi-threat security service
CN101562603A (en) * 2008-04-17 2009-10-21 北京启明星辰信息技术股份有限公司 Method and system for parsing telnet protocol by echoing
CN102546606A (en) * 2011-12-23 2012-07-04 成都市华为赛门铁克科技有限公司 Telnet command filter method, network safety device and network safety system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070203973A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Fuzzing Requests And Responses Using A Proxy
CN101459660A (en) * 2007-12-13 2009-06-17 国际商业机器公司 Method for integrating multi-threat security service
CN101562603A (en) * 2008-04-17 2009-10-21 北京启明星辰信息技术股份有限公司 Method and system for parsing telnet protocol by echoing
CN102546606A (en) * 2011-12-23 2012-07-04 成都市华为赛门铁克科技有限公司 Telnet command filter method, network safety device and network safety system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647826B (en) * 2013-12-10 2017-04-12 国家电网公司 Instruction level user permission control method in Telnet mode
CN103973782A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Operation and maintenance operation control system and method based on blacklist command setting

Also Published As

Publication number Publication date
CN102546606B (en) 2014-12-31
CN102546606A (en) 2012-07-04

Similar Documents

Publication Publication Date Title
WO2013091407A1 (en) Telnet command filter method and network security device and system
US8935419B2 (en) Filtering device for detecting HTTP request and disconnecting TCP connection
US9251194B2 (en) Automatic data request recovery after session failure
US9055096B2 (en) Apparatus and method for detecting an attack in a computer network
WO2016082371A1 (en) Ssh protocol-based session parsing method and system
US20080184354A1 (en) Single sign-on system, information terminal device, single sign-on server, single sign-on utilization method, storage medium, and data signal
US20110194133A1 (en) Image forming apparatus, control method for the same, and storage medium for program
US20100287270A1 (en) Control proxy apparatus and control proxy method
US10333931B2 (en) Information processing apparatus, control method, and storage medium capable of transition to a power safe mode
JP2012146197A (en) Printing support device, printing system and printing support program
US8763151B2 (en) Mediation processing method, mediation apparatus and system
JP6548445B2 (en) Communication device, communication method and program
US10554723B2 (en) HTTP server, method for controlling the same, and image forming apparatus
JP5328472B2 (en) Network communication apparatus and method and program
CN108924061B (en) Application identification and management method, system and related device
JP2006309642A (en) Protocol conversion device and protocol conversion program
JP2010191848A (en) Communication system, transmitting device, receiving device, and program
WO2016184025A1 (en) Device management method and apparatus
CN115664686A (en) Login method, login device, computer equipment and storage medium
JP4001047B2 (en) Relay device
EP3176986A1 (en) Method, device and system for remote desktop protocol gateway to conduct routing and switching
JP2015049745A (en) Server device, information processing method, and program
JP4985503B2 (en) Communication monitoring device, communication monitoring program, and communication monitoring method
WO2014187354A1 (en) Method, device and system for accessing web server based on mbim
JP5895285B2 (en) Information processing system and information processing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12859537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12859537

Country of ref document: EP

Kind code of ref document: A1