CN101989975A - Distributed method for blocking access of illegal computers - Google Patents
Distributed method for blocking access of illegal computers Download PDFInfo
- Publication number
- CN101989975A CN101989975A CN2009100235006A CN200910023500A CN101989975A CN 101989975 A CN101989975 A CN 101989975A CN 2009100235006 A CN2009100235006 A CN 2009100235006A CN 200910023500 A CN200910023500 A CN 200910023500A CN 101989975 A CN101989975 A CN 101989975A
- Authority
- CN
- China
- Prior art keywords
- blocking
- illegal
- computers
- computer
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention relates to a distributed method for blocking the access of illegal computers. In units, because important data and materials are all stored and transmitted in computers and networks in the units, the phenomenon that illegal external computers access to an intranet to steal important materials and files is easily caused, and then the network information of the illegal computers is obtained in a Hub sharing mode or an exchanger port mapping mode. In the method, a blocking server in a server zone that the computer is located is used for analyzing and comparing network data packets acquired by blocking agency software in a packet sniffing mode to seek the addresses of the illegal and trustless computers, and the blocking agency software sends out a special network data packet to the illegal computers for blocking the illegal computers. The distributed blocking method can accurately find the illegally accessed computers, the delay time of finding is less than 5 seconds, and by adopting a multipoint automatic protection mode, the distributed blocking method breaks through the limitation of a network structure, reduces the load of an exchanger, and can accurately block the illegally accessed computers.
Description
Technical field
The invention belongs to networking technology area, be specifically related to the blocking-up method that a kind of distributed illegal computer inserts.
Technical background
Along with the continuous generation of the inner leakage of a state or party secret, increasing unit recognizes the importance of internal lan and computer security gradually.At present, in the unit of the overwhelming majority, important data and information is all stored and transmission in the computer of section and the network within it, so just very easily causes illegal outer computer to insert Intranet and steals important data and file.So how could find in time the illegal computer that inserts and with itself and Intranet blocking-up, become the more and more safety problem of concern.
Traditional illegal computer inserts the mode that the blocking-up product adopts monitor bypass, promptly obtains the network information of illegal computer by the mode that Hub shares or switch ports themselves shines upon.For this series products, can't accomplish to find accurately and timely and block illegal computer technically, and can not play good effect for the network environment of complexity, its reason is because these products are to be subject to the network equipment and topology of networks, if switch does not have Port Mirroring function or subnetwork packet without the core layer switch, then just be difficult to the data of finding that accurately illegal computer is sent in the network.Moreover, even if found to have illegal computers to invade network, also be difficult to accomplish block in time it.
Summary of the invention
The blocking-up method that the objective of the invention is to provide a kind of distributed illegal computers to insert can't accurately be found the problem that illegal computers is invaded Intranet and blocked in time with what overcome that prior art exists.
The technical scheme that the present invention takes is: the blocking server by computer place server zone is analysed and compared to the network packet that the blocking-up agent software adopts the mode of packet capturing to obtain, search illegal fly-by-night computer address, and send the ad hoc network packet by the blocking-up agent software to illegal computer it is blocked.
The present invention realizes by following step:
Step 1: the blocking-up agent software is installed at the computer of storage significant data, and dispose blocking server and dispose IP trusty address in the mode of network series connection, scheduling mode at blocking server configuration blocking strategy and agent software, blocking strategy is imported or is selected with the form of form, and the scheduling mode of blocking-up agent software is also formulated by strategy.
Step 2: the network interface card of blocking-up agent software computer is set to promiscuous mode, and carries out packet capturing and buffer memory network packet by network interface card in real time;
Step 3: the blocking-up agent software is analyzed packet, extraction source IP and purpose IP and corresponding MAC Address regularly from server acquisition strategy and dispatch command;
Step 4: the strict tabulation with IP address list trusty and MAC Address contrasts, and the blocking-up agent software is therefrom found out illegal fly-by-night computer address, sends the ad hoc network packet it is blocked, and sends warning message to server simultaneously.
Blocking strategy in the described step 2 is perhaps imported the IP address of computer trusty or server for importing IP address or the network segment that need to block.
The scheduling mode of the blocking-up agent software in the described step 2 is to select combined occlusion or independent blocking-up in the page of the management end of blocking server.
Compared with prior art, advantage of the present invention is:
This method uses distributed blocking-up method can find the illegal computer that inserts exactly; the time of delay of finding was less than 5 seconds; original single-point protected mode is changed into multiple spot discretionary protection pattern; broken through the restriction of network configuration; reduced the load of switch; can block the computer of illegal access well, will block success rate and bring up to more than 99%.
Description of drawings
The blocking-up method flow chart that Fig. 1 inserts for the distributed illegal computer of the present invention.
Embodiment
To be described in detail by in host monitor and auditing system, implementing the present invention below.
During enforcement, blocking strategy configuration module and blocking-up proxy module need to be set in host monitor and auditing system, these two modules are jointly finished distributed illegal computers and are inserted block function.
Implementing concrete steps of the present invention is:
(1) at the computer of storage significant data the blocking-up agent software is installed, and is disposed blocking server and dispose IP trusty address in the mode of network series connection, dispose the scheduling mode of blocking strategy and agent software at blocking server:
Be exactly the management end configuration blocking strategy of server in system and the scheduling mode of blocking-up agent software specifically, and at each embedded blocking-up proxy module or software on the computer of host monitor and client end is installed, can dispose specific application server (being IP address or MAC Address) at management end is computer trusty.
The blocking strategy of mentioning is above mainly imported or is selected with the form of form, such as importing IP address or the network segment that to block, perhaps import the IP address of computer trusty or server, so-called IP trusty just refers to that the computer of this IP is not as the blocking-up object;
The scheduling mode of blocking-up agent software also can be formulated by strategy, such as select to unite still independent blocking-up etc. of blocking-up in the page of the management end of blocking server.
(2) network interface card of blocking-up agent software computer is set to promiscuous mode, and carries out packet capturing and buffer memory network packet by network interface card in real time:
The blocking-up agent software moves along with the operation of client-side program, but also isolated operation, and carry out intercepting and grasping of network packet by network interface card in real time, the network packet of simultaneously buffer memory acquisition;
(3) the blocking-up agent software is analyzed packet, extraction source IP and purpose IP and corresponding MAC Address regularly from server acquisition strategy and dispatch command;
(4) the strict tabulation with IP address list trusty and MAC Address contrasts, and the blocking-up agent software is therefrom found out illegal fly-by-night computer address, sends the ad hoc network packet it is blocked, and sends warning message to server simultaneously:
Promptly from system server, obtain the tabulation of IP address list trusty and MAC Address, the IP and the MAC that extract are compared IP trusty address and MAC Address, no matter be source IP or purpose IP, no matter be source MAC or purpose MAC, have only discovery wherein to have at least one therefrom not finding out illegal fly-by-night computer address, just send ad hoc network packet (for example ARP deception bag or TCP reset and wrap) with its blocking-up, and send warning message to server simultaneously, cause gateway personnel's attention.
It should be noted last that: above execution mode is the unrestricted technical scheme of the present invention in order to explanation only, although the present invention is had been described in detail with reference to above-mentioned execution mode, those of ordinary skill in the art is to be understood that: still can make amendment or be equal to replacement the present invention, and any modification that does not break away from the spirit and scope of the present invention is replaced with local, and it all should be encompassed in the claim scope of the present invention.
Claims (4)
1. blocking-up method that distributed illegal computers inserts, it is characterized in that: the blocking server by computer place server zone is analysed and compared to the network packet that the blocking-up agent software adopts the mode of packet capturing to obtain, search illegal fly-by-night computer address, and send the ad hoc network packet by the blocking-up agent software to illegal computers it is blocked.
2. the blocking-up method that a kind of distributed illegal computer according to claim 1 inserts is characterized in that: realize by following step:
Step 1: the blocking-up agent software is installed at the computer of storage significant data, and dispose blocking server and dispose IP trusty address in the mode of network series connection, scheduling mode at blocking server configuration blocking strategy and agent software, blocking strategy is imported or is selected with the form of form, and the scheduling mode of blocking-up agent software also can be formulated by strategy.
Step 2: the network interface card of blocking-up agent software computer is set to promiscuous mode, and carries out packet capturing and buffer memory network packet by network interface card in real time;
Step 3: the blocking-up agent software is analyzed packet, extraction source IP and purpose IP and corresponding MAC Address regularly from server acquisition strategy and dispatch command;
Step 4: the strict tabulation with IP address list trusty and MAC Address contrasts, and the blocking-up agent software is therefrom found out illegal fly-by-night computer address, sends the ad hoc network packet it is blocked, and sends warning message to server simultaneously.
3. the blocking-up method that a kind of distributed illegal computer according to claim 2 inserts, it is characterized in that: the blocking strategy in the described step 2 is perhaps imported the IP address of computer trusty or server for importing the IP address or the network segment that need block.
4. the blocking-up method that inserts of a kind of distributed illegal computers according to claim 2 is characterized in that: the scheduling mode of the blocking-up agent software in the described step 2 is for selecting combined occlusion or independent blocking-up in the page of the management end of blocking server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100235006A CN101989975A (en) | 2009-08-04 | 2009-08-04 | Distributed method for blocking access of illegal computers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100235006A CN101989975A (en) | 2009-08-04 | 2009-08-04 | Distributed method for blocking access of illegal computers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101989975A true CN101989975A (en) | 2011-03-23 |
Family
ID=43746323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100235006A Pending CN101989975A (en) | 2009-08-04 | 2009-08-04 | Distributed method for blocking access of illegal computers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101989975A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001968A (en) * | 2012-12-14 | 2013-03-27 | 温州电力局 | Network monitoring system and method |
| CN103684902A (en) * | 2012-09-21 | 2014-03-26 | 阿尔特拉公司 | Apparatus and methods for determining latency of a network port |
| WO2017004752A1 (en) * | 2015-07-03 | 2017-01-12 | 马岩 | Meeting content sharing method and system |
| CN108028835A (en) * | 2015-09-10 | 2018-05-11 | 阿尔卡特朗讯 | automatic configuration server and method |
| CN113079178A (en) * | 2021-04-15 | 2021-07-06 | 江苏保旺达软件技术有限公司 | Method, device, equipment and storage medium for identifying illegal external connection of terminal |
| CN114666300A (en) * | 2022-05-20 | 2022-06-24 | 杭州海康威视数字技术股份有限公司 | Multitask-based bidirectional connection blocking method and device and electronic equipment |
-
2009
- 2009-08-04 CN CN2009100235006A patent/CN101989975A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684902A (en) * | 2012-09-21 | 2014-03-26 | 阿尔特拉公司 | Apparatus and methods for determining latency of a network port |
| CN103684902B (en) * | 2012-09-21 | 2018-05-01 | 阿尔特拉公司 | Apparatus and method for the delay for determining the network port |
| CN103001968A (en) * | 2012-12-14 | 2013-03-27 | 温州电力局 | Network monitoring system and method |
| WO2017004752A1 (en) * | 2015-07-03 | 2017-01-12 | 马岩 | Meeting content sharing method and system |
| CN108028835A (en) * | 2015-09-10 | 2018-05-11 | 阿尔卡特朗讯 | automatic configuration server and method |
| US10924507B2 (en) | 2015-09-10 | 2021-02-16 | Alcatel Lucent | Auto configuration server and method |
| CN113079178A (en) * | 2021-04-15 | 2021-07-06 | 江苏保旺达软件技术有限公司 | Method, device, equipment and storage medium for identifying illegal external connection of terminal |
| CN114666300A (en) * | 2022-05-20 | 2022-06-24 | 杭州海康威视数字技术股份有限公司 | Multitask-based bidirectional connection blocking method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9369434B2 (en) | Whitelist-based network switch | |
| CN101841442B (en) | Method for detecting network anomaly in name-address separated network | |
| CN101924757B (en) | Method and system for reviewing Botnet | |
| CN101820383B (en) | Method and device for restricting remote access of switcher | |
| CN101989975A (en) | Distributed method for blocking access of illegal computers | |
| CN102438028A (en) | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server | |
| CN101827081B (en) | Method and system for detecting request safety | |
| CN101951367A (en) | Method for preventing campus network from virus attacks | |
| CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
| CN104410642B (en) | Equipment access cognitive method based on ARP protocol | |
| CN112383573B (en) | Security intrusion playback equipment based on multiple attack stages | |
| CN201571068U (en) | Network system and protection management device | |
| CN102546307B (en) | The method and system realizing proxy arp function is intercepted based on DHCP | |
| Li et al. | Research on sensor-gateway-terminal security mechanism of smart home based on IOT | |
| Mutaher et al. | OPENFLOW CONTROLLER-BASED SDN: SECURITY ISSUES AND COUNTERMEASURES. | |
| CN110581843B (en) | Mimic Web gateway multi-application flow directional distribution method | |
| CN101312465B (en) | Abnormal packet access point discovering method and device | |
| CN201707676U (en) | Virtualized enterprise information management system | |
| Ahmadon et al. | IoT Device Multi-layer Connection Management Mechanism with Blockchain Smart Contracts | |
| US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof | |
| Parashar et al. | Improved deterministic packet marking algorithm | |
| CN102571816B (en) | A kind of method and system preventing neighbor learning attack | |
| KR102246290B1 (en) | Method, apparatus and computer program for network separation of software defined network | |
| TWI258286B (en) | Methods for intrusion detection system (IDS) thwarting and mitigating network attacks | |
| Vijairaghavan et al. | Marking Technique to isolate boundary router and attacker |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110323 |