A kind of radio node blocking system
Technical field
The present invention relates to the radio network technique field, particularly a kind of radio node blocking system.
Background technology
Wi-Fi be a kind of can be with terminals such as PC, handheld devices (such as PDA, mobile phone) with the interconnected technology of wireless mode.Wireless Internet access can be removed the trouble of wiring from, and wireless Wi-Fi technology is comparatively ripe, and increasing enterprises and individuals uses wireless Wi-Fi online.When offering convenience, wireless Internet access also is accompanied by potential safety hazard.Some illegal radio nodes (namely not allowing to access the radio node of this wireless network) are in case access this wireless network, may take the online bandwidth of legitimate correspondence equipment in the network, steal by the sensitive information in the miscellaneous equipment of same WAP (wireless access point) online, perhaps transmission is viral, affects the normal data transfer of legitimate correspondence equipment in the network.Illegal radio node accesses this wireless network dual mode, and a kind of is the networking password that cracks existing WAP (wireless access point) in the network (Access Point, abbreviation AP), signs in to the WAP (wireless access point) online of the password that is cracked.Another kind is privately to open up new WAP (wireless access point), is connected to this wireless network by the WAP (wireless access point) of newly opening up.
In order to prevent illegal wireless access point use Wi-Fi online, the method that usually adopts at present has the interference of white noise full frequency band, allocated channel radio frequency interference and NAV channel to seize attack.It is at the wireless network working frequency range that the white noise full frequency band disturbs, and adopts the noise FM technology to disturb whole wireless network working frequency range, reaches the proper communication of disturbing radio node, plays the effect of blocking-up.The white noise full frequency band disturbs can effectively block illegal radio node, but has also blocked the proper communication of radio node legal in the whole wireless network working frequency range (namely allowing the radio node of this wireless network of access) simultaneously.The allocated channel radio frequency interference, the operation principle that its operation principle and white noise full frequency band disturb is similar, the scope of just disturbing only limits to allocated channel, the radio communication that can guarantee like this other channel can work, but the legal radio node that connects on the disturbed allocated channel also can be blocked.Require radio node in the wireless protocols after detecting the RTS/CTS packet, utilization Duration territory wherein arranges the NAV time of oneself, then begin countdown, until the interior time of NAV exhausts, before time also finishes in NAV, radio node thinks that channel is in busy condition, neither can send out into packet to other radio nodes in the network, also can not attempt monitor channel.The NAV channel is seized to attack and is utilized this theory, forges the numerical value in Duration territory, makes it need time of busy channel greater than normal data packet, affects the quality and performance of network with this, thereby reaches the effect of disturbing radio node communication under the allocated channel.Same, when seizing the illegal wireless node of attacking on the blocking-up allocated channel, also blocked the NAV channel the legal radio node on this channel.
Summary of the invention
Also blocked the deficiency of legal radio node when the object of the invention is to overcome existing blocking-up illegal wireless node in the prior art, a kind of radio node blocking system is provided.System of the present invention realizes blocking the purpose of radio node indirectly by the mode of blocking-up WAP (wireless access point).
In order to realize the foregoing invention purpose, the invention provides following technical scheme:
A kind of radio node blocking system comprises: the packet capture module, for the radio node packet that gathers transmission in wireless network; The radio node analysis module, the radio node information that the radio node packet that gathers for analysis comprises, and set up wireless network topology structure, the WAP (wireless access point) BSSID value that the network type that described radio node information comprises radio node and this radio node connect; The black and white lists judge module is used for the information that wireless network type by judging radio node and contrast radio node information and black and white lists record, and judges whether the WAP (wireless access point) that radio node connects needs to be blocked, and returns judged result; The information that records in the described white list comprises WAP (wireless access point) BSSID value legal in this wireless network; The information that records in the described blacklist comprises the BSSID value of WAP (wireless access point) illegal in the wireless network; WAP (wireless access point) blocking-up module is used for according to judged result, the Authentication packet of the wireless access dot generation blocking-up WAP (wireless access point) that is blocked for needs.
Described white list is stored in the black and white lists judge module, and the information that records in the white list is pre-configured.Described blacklist is stored in the black and white lists judge module, and the information that records in the blacklist can set in advance, also can dynamic appending.Black and white lists judge module real time scan wireless network topology structure is added into the WAP (wireless access point) that newly accesses this wireless network in the blacklist.
Described black and white lists judge module will be judged the type of radio node, then the information that records in wireless access dot information and the black and white lists be compared if not the ad-hoc network; When enabling white list, if radio node information not in white list, is then returned blocking-up expression value to the radio node analysis module, do not block the expression value otherwise return to the radio node analysis module; When enabling blacklist, if the wireless access dot information in blacklist then return blocking-up expression value to the radio node analysis module, is not blocked the expression value otherwise return to the radio node analysis module.
Because the information that records in the white list comprises WAP (wireless access point) title legal in this wireless network, the WAP (wireless access point) of newly opening up is not in white list, by the WAP (wireless access point) title that records in the contrast white list, whether can judge this WAP (wireless access point) is the WAP (wireless access point) of newly opening up, be radio node illegal, that need to be blocked on the WAP (wireless access point) of newly opening up, namely by judging whether WAP (wireless access point) is that emerging judging whether need to be blocked, realize illegal WAP (wireless access point) is blocked.
And the information that records in the blacklist is the suspicious WAP (wireless access point) that judges by the suspicious wireless terminal under network traffics and the access point by before, to the WAP (wireless access point) of newly opening up by with blacklist in Record Comparison, can judge this WAP (wireless access point) and whether should block, realize the WAP (wireless access point) that blocking-up is illegal.The record of blacklist can arrange in advance, also can realize dynamic appending according to the judgement of the suspicious wireless terminal under network traffics and the access point.
Described black and white lists judge module is back to the radio node analysis module with judged result, and whether the radio node analysis module generates the Authentication packet of blocking-up WAP (wireless access point) according to the judged result control WAP (wireless access point) blocking-up module of returning; If what return is blocking-up expression value, then control WAP (wireless access point) blocking-up module and generate several Authentication packets, the WAP (wireless access point) that needs are blocked is verified flood attack.
The source address that described WAP (wireless access point) blocking-up module at first arranges described Authentication packet is MAC Address at random, after the checking flood attack carries out setting-up time, wireless network analysis module scanning wireless network topology structure, if the WAP (wireless access point) that is blocked still has normal network communication data bag, then the source address MAC of Authentication packet is set to the MAC Address of the radio node of communicating by letter with this WAP (wireless access point).
The Duration value of described Authentication packet is set to 0.The Duration(duration) value is set to 0, can reduce the time restriction of access media, avoids the communication of the radio node that do not need to be blocked is impacted.
Described packet capture module adopts zero duplication technology directly to obtain the radio node packet from wireless network card drives.Avoid like this data communication device to cross the process of other system layer of upper strata, so that the crawl wireless data packet is more timely, effectively raise the efficient of radio node packet crawl, that tries one's best has avoided radio node packet packet loss and the situation that can not be acquired.
Described radio node analysis module as the subregion condition, is built into wireless network topology structure with all radio node packets with the MAC Address in the radio node packet.
A kind of radio node blocking-up method comprises step:
(1), the packet capture module is obtained the radio node packet of transmission in wireless network;
(2), the radio node information that comprises in the radio node packet of radio node analysis module analysis collection, and according to radio node information architecture wireless network topology structure; Described radio node information comprises the network type of radio node and the BSSID value of the WAP (wireless access point) of this radio node connection;
(3), the black and white lists judge module will at first be judged the type of radio node, if then returning, Ad-hoc type wireless network do not block the expression value, if not ad-hoc type wireless network, then the information that records in radio node information and blacklist or the white list is compared, judge whether the WAP (wireless access point) that radio node connects needs to be blocked;
(4), WAP (wireless access point) blocking-up module generates the Authentication packet of several blocking-up WAP (wireless access point), and the WAP (wireless access point) that needs are blocked is verified flood attack.
In the described step (1), the packet capture module adopts zero duplication technology directly to obtain the radio node packet from wireless network card drives.
In the described step (3), if the black and white lists judge module is enabled white list, judge that then the BSSID value of WAP (wireless access point) is whether in white list, if not in white list then judge that this WAP (wireless access point) need to be blocked, and return blocking-up expression value to the radio node analysis module, otherwise return to the radio node analysis module and not block the expression value, the information that records in the described white list comprises WAP (wireless access point) BSSID value legal in this wireless network.
In the described step (3), enable blacklist if select, whether the BSSID value of then judging WAP (wireless access point) in blacklist, if in blacklist, then returns blocking-up expression value, does not block the expression value otherwise return; The information that records in the described blacklist comprises WAP (wireless access point) BSSID value illegal in this wireless network.
In the described step (4), the source address that described Authentication packet is set is MAC Address at random.
In the described step (4): after the Authentication packet generates setting-up time, the scanning wireless network topology structure, if the WAP (wireless access point) that is blocked still is present in the wireless network topology structure, and have radio node to communicate with, then the source address MAC of Authentication packet is set to the MAC Address of the radio node of communicating by letter with this WAP (wireless access point).
In the described step (4): the Duration value that the Authentication packet is set is set to 0.The Duration(duration) value is set to 0, can reduce the time restriction of access media, avoids the communication of the radio node that do not need to be blocked is impacted.
Compared with prior art, beneficial effect of the present invention:
1, judges by the contrast of black and white lists judge module, the radio node analysis module can go out WAP (wireless access point) and the pre-set WAP (wireless access point) that needs blocking-up that need to be blocked, newly open up by automatic analysis, by the illegal WAP (wireless access point) of direct blocking-up, illegal wireless node on this WAP (wireless access point) that indirectly achieves a butt joint is blocked, ensured complete network, ensured that simultaneously other legal radio nodes can not be blocked in the network.
2, after the Authentication packet generates setting-up time, if scanning the WAP (wireless access point) that need to be blocked still exists, then adjust the source address of Authentication packet, can effectively block WAP (wireless access point), and can the communication of other WAP (wireless access point) in this channel not impacted.
3, for Duration(duration of Authentication packet of blocking-up WAP (wireless access point)) value is set to 0, reduced the time restriction of access media, namely reduce the time to channel occupancy, do not need to have guaranteed communicating by letter between the legal portable terminal that is blocked and the WAP (wireless access point).
Description of drawings:
Fig. 1 is radio node blocking system structural representation block diagram among the embodiment.
Fig. 2 is for realizing the flow chart of the method for radio node blocking-up by radio node blocking system among the embodiment.
Fig. 3 (a) is the wireless network topology structure schematic diagram based on the basic type wireless network.
Fig. 3 (b) is the wireless network topology structure schematic diagram based on the Ad-hoc wireless network.
Reference numeral: 100-WAP (wireless access point), 200-radio node.
Embodiment
The present invention is described in further detail below in conjunction with test example and embodiment.But this should be interpreted as that the scope of the above-mentioned theme of the present invention only limits to following embodiment, all technology that realizes based on content of the present invention all belong to scope of the present invention.
Radio node blocking system of the present invention is used for the illegal wireless node of blocking-up access of radio network, and described illegal wireless node refers to not allow to access the radio node of this wireless network.
With reference to figure 1, a kind of radio node blocking system that present embodiment is enumerated comprises the packet capture module, is used for gathering the radio node packet of transmission in wireless network; The radio node analysis module, the radio node information that the radio node packet that gathers for analysis comprises, and set up wireless network topology structure, described radio node information comprises the network type of radio node and the BSSID value of the WAP (wireless access point) of this radio node connection; The black and white lists judge module for the information that records by contrasting radio node information and blacklist or white list, is judged whether WAP (wireless access point) needs to be blocked, and is returned judged result; Described white list is stored in the black and white lists judge module, and sets in advance, and the information that records in the white list comprises the BSSID value of WAP (wireless access point) legal in this wireless network; Described blacklist is stored in the black and white lists judge module, and the information that records in the blacklist can set in advance, also can dynamic appending.Black and white lists judge module real time scan wireless network topology structure is added into the WAP (wireless access point) that newly accesses this wireless network in the blacklist.The information that records in the blacklist comprises the BSSID value of WAP (wireless access point) illegal in this wireless network; WAP (wireless access point) blocking-up module is used for generating the Authentication packet of blocking WAP (wireless access point).
Radio node packet capture module adopts zero duplication technology, and (zero duplication technology namely is by reducing or eliminating the operation of important traffic path effects speed, reduce operating system overhead and the Protocol processing overhead of transfer of data, thereby Effective Raise communication performance, realize the method for high speed data transfer), directly from driving, wireless network card obtains the radio node packet, avoid data communication device to cross the process of other system layer of upper strata, so that the crawl wireless data packet is more timely, effectively raise the efficient of radio node packet crawl, that tries one's best has avoided the wireless several sections of situation that can not be acquired according to wrapping packet loss.
Comprise MAC(Media Access Control in the frame head of described radio node packet, medium access control) address, the radio node analysis module as the subregion condition, is built into wireless network topology structure with all radio node packets with MAC Address.The wireless network analysis module whenever analyzes a radio node packet, corresponding radio node communication to black and white lists will be contrasted module.The black and white lists judge module is judged first the type of this radio node, if the ad-hoc network type, representing does not have WAP (wireless access point) in this network, returns and does not block the expression value, such as binary zero.Then the information that records in radio node information and blacklist or the white list is compared if not the ad-hoc network, whether judge in blacklist or white list by judging radio node information whether radio node needs to be blocked.Can certainly not carry out network type judges, because there is not WAP (wireless access point) in the ad-hoc network, the radio node that can not come indirect to be connected with this WAP (wireless access point) by blocking WAP (wireless access point) namely, can not blocked this radio node even do not carry out the network type judgement.The black and white lists judge module is judged when whether radio node needs to be blocked can only be enabled white list or blacklist, and namely white list and blacklist can not be activated simultaneously.If enable white list, judge that then radio node information is whether in white list, if radio node information is not in white list, the BSSID value that is the WAP (wireless access point) that comprises in the radio node information is not recorded in the white list, judge that then the WAP (wireless access point) that comprises in the radio node information need to be blocked, and return blocking-up expression value to the radio node analysis module, such as binary one.If the WAP (wireless access point) BSSID value record that comprises in the radio node information in white list, judges then that the WAP (wireless access point) that comprises in the radio node information does not need to be blocked, and returns to the radio node analysis module and does not block the expression value, such as binary zero.If enable blacklist, judge that then radio node information is whether in blacklist, if radio node information is in blacklist, be that the BSSID value record of WAP (wireless access point) in the radio node information is in blacklist, judge that then the WAP (wireless access point) that comprises in the radio node information need to be blocked, and return blocking-up expression value to the radio node analysis module, such as binary one.If the WAP (wireless access point) BSSID value that comprises in the radio node information not in blacklist, judges then that the WAP (wireless access point) that comprises in the radio node information does not need to be blocked, and returns to the radio node analysis module and does not block the expression value, such as binary zero.The radio node analysis module contrasts the judged result that module returns with black and white lists and transfers to WAP (wireless access point) blocking-up module.
WAP (wireless access point) blocking-up module determines whether to generate the Authentication packet of blocking-up WAP (wireless access point) according to judged result.WAP (wireless access point) blocking-up module is verified flood attack for the WAP (wireless access point) that needs are blocked, namely generate the Authentication packet of a large amount of blocking-up WAP (wireless access point), so that processing, this WAP (wireless access point) do not come, and cause this WAP (wireless access point) to collapse, to such an extent as to this WAP (wireless access point) can't provide normal service and resource access, reach the effect of blocking-up WAP (wireless access point), and then indirectly reach the blocking-up radio node and access the purpose of this wireless network by this WAP (wireless access point), and can the communication of other WAP (wireless access point) in this channel not impacted.Duration value in the Authentication packet is set to 0, and source address is set to MAC Address at random, helps like this to block faster WAP (wireless access point).(for example 10 minutes a period of time of setting, can send out suitably according to different wireless access point devices and adjust) the checking flood attack after, wireless network analysis module scanning wireless network topology structure, if find that in wireless network topology structure the WAP (wireless access point) that is blocked still exists, namely this WAP (wireless access point) and other radio node are still carrying out proper communication, and the source address MAC in the Authentication packet that then sends is set to the MAC Address of the radio node of communicating by letter with this WAP (wireless access point).By adjusting the source address of Authentication packet, even having carried out MAC, this WAP (wireless access point) filters setting, also can be blocked, effectively block the illegal wireless access point of newly opening up, namely effective guarantee the illegal wireless node access this wireless network.
With reference to figure 2, the invention also discloses a kind of radio node blocking-up method, comprise step:
S101: the packet capture module is obtained the radio node packet of transmission in wireless network.
In this step, the packet capture module adopts zero duplication technology directly to obtain the radio node packet from wireless network card drives.
S102: the radio node information that comprises in the radio node packet of radio node analysis module analysis collection, and according to radio node information architecture wireless network topology structure; Described radio node information comprises the network type of radio node, the BSSID value of the WAP (wireless access point) that the MAC Address of radio node and this radio node access.
S103: black and white lists contrast module compares the information that records in radio node information and blacklist or the white list, judges whether the WAP (wireless access point) in the radio node information needs to be blocked.
In this step, carry out judging first the network type of radio node, if the ad-hoc network type then returns and do not block the expression value, such as binary zero before the contrast of blacklist or white list.Then the information that records in radio node information and blacklist or the white list is compared if not the ad-hoc network.
In this step, if enable white list, if radio node information is not in white list, judge that then the WAP (wireless access point) that comprises in the radio node information need to be blocked, and return blocking-up expression value to the radio node analysis module, otherwise judge that the WAP (wireless access point) that comprises in the radio node information does not need to be blocked, and returns to the radio node analysis module and does not block the expression value.
In this step, if enable blacklist, if radio node information is in blacklist, judge that then WAP (wireless access point) needs blocking-up, and return blocking-up expression value to the radio node analysis module, otherwise judge that the WAP (wireless access point) that comprises in the radio node information does not need to be blocked, and returns to the radio node analysis module and does not block the expression value.Described white list sets in advance, and the information that records in the white list comprises the BSSID value of WAP (wireless access point) legal in this wireless network; Described blacklist both can set in advance also, and capable of dynamic adds, black and white lists judge module real time scan wireless network topology structure, the WAP (wireless access point) that newly accesses this wireless network is added in the blacklist, and the information that records in the blacklist comprises the BSSID value of WAP (wireless access point) illegal in this wireless network.
S104: WAP (wireless access point) blocking-up module generates the Authentication packet of several blocking-up WAP (wireless access point), and the WAP (wireless access point) that needs are blocked is verified flood attack.
In this step, the Duration value in the Authentication packet is set to 0, and source address is set to MAC Address at random, helps like this to block faster WAP (wireless access point).(for example 10 minutes a period of time of setting, can send out suitably according to different wireless access point devices and adjust) the checking flood attack after, wireless network analysis module scanning wireless network topology structure, if find that in wireless network topology structure the WAP (wireless access point) that is blocked still exists, namely this WAP (wireless access point) and other radio node are still carrying out proper communication, and the source address MAC in the Authentication packet that then sends is set to the MAC Address of the radio node of communicating by letter with this WAP (wireless access point).