A kind of radio node blocking system
Technical field
The present invention relates to radio network technique field, particularly a kind of radio node blocking system.
Background technology
Wi-Fi is the technology that the terminals such as PC, handheld device (as PDA, mobile phone) can wirelessly be connected to each other by one.Wireless Internet access can remove the trouble of wiring from, and wireless Wi-Fi technology is comparatively ripe, and increasing enterprises and individuals uses wireless Wi-Fi to surf the Net.Get online without being tethered to a cable while offering convenience also along with potential safety hazard.Some illegal radio nodes (namely not allowing the radio node accessing this wireless network) are once access this wireless network, the online bandwidth of legitimate correspondence equipment in network may be taken, steal the sensitive information in the miscellaneous equipment of being surfed the Net by same WAP (wireless access point), or transmission virus, affects the normal data transfer of legitimate correspondence equipment in network.Illegal radio node accesses this wireless network two kinds of modes, and one cracks the networking password of existing WAP (wireless access point) in network (Access Point, abbreviation AP), signs in the WAP (wireless access point) online of the password that is cracked.Another kind privately opens up new WAP (wireless access point), is connected to this wireless network by the WAP (wireless access point) of newly opening up.
In order to prevent illegal wireless access point use Wi-Fi online, the method usually adopted at present has the interference of white noise full frequency band, allocated channel radio frequency interference and NAV channel to seize attack.The interference of white noise full frequency band is at wireless network working frequency range, adopts noise FM technology to disturb whole wireless network working frequency range, reaches the proper communication of interference radio node, play the effect of blocking-up.The interference of white noise full frequency band can effectively block illegal radio node, but has also blocked the proper communication of radio node (namely allowing the radio node of this wireless network of access) legal in whole wireless network working frequency range simultaneously.Allocated channel radio frequency interference, the operation principle that its operation principle and white noise full frequency band disturb is similar, just the scope of interference is only limitted to allocated channel, can ensure that the radio communication of other channel can normally work like this, but the legal radio node that disturbed allocated channel connects also can be blocked.Require in wireless protocols that radio node is after detecting RTS/CTS packet, utilize Duration territory wherein that the NAV time of oneself is set, then countdown is started, until in NAV the time exhaust, before in NAV, the time also do not terminate, radio node thinks that channel is in busy condition, both can not send out into packet to other radio nodes in network, and also can not attempt monitor channel.NAV channel is seized attack and is utilized this theoretical, forges the numerical value in Duration territory, the time making it be greater than normal data packet to need busy channel, affects the quality and performance of network with this, thus the effect of radio node communication under reaching interference allocated channel.Same, NAV channel has also blocked the legal radio node on this channel while seizing the illegal wireless node attacked and block on allocated channel.
Summary of the invention
Also blocked the deficiency of legal radio node while the object of the invention is to overcome blocking-up illegal wireless node existing in prior art, a kind of radio node blocking system is provided.Present system realizes by the mode blocking WAP (wireless access point) the object blocking radio node indirectly.
In order to realize foregoing invention object, the invention provides following technical scheme:
A kind of radio node blocking system, comprising: packet capture module, for gathering the radio node packet of transmission in wireless network; Radio node analysis module, for analyzing the radio node information comprised in the radio node packet of collection, and set up wireless network topology structure, the WAP (wireless access point) BSSID value that the network type that described radio node information comprises radio node is connected with this radio node; Black and white lists judge module, for the wireless network type by judging radio node with contrast the information recorded in radio node information and black and white lists, judging that WAP (wireless access point) that radio node connects is the need of being blocked, and returning judged result; The information recorded in described white list comprises WAP (wireless access point) BSSID value legal in this wireless network; The information recorded in described blacklist comprises the BSSID value of WAP (wireless access point) illegal in wireless network; WAP (wireless access point) blocks module, for according to judged result, blocks the Authentication packet of WAP (wireless access point) for the wireless access dot generation needing to be blocked.
Described white list is stored in black and white lists judge module, and the information recorded in white list is pre-configured.Described blacklist is stored in black and white lists judge module, and the information recorded in blacklist can pre-set, and also can dynamically add.Black and white lists judge module real time scan wireless network topology structure, is added into the WAP (wireless access point) newly accessing this wireless network in blacklist.
Described black and white lists judge module judges to the type of radio node, then the information recorded in wireless access dot information and black and white lists is contrasted if not ad-hoc network; When enabling white list, if radio node information is not in white list, then return blocking-up representative value to radio node analysis module, otherwise return to radio node analysis module and do not block representative value; When enabling blacklist, if wireless access dot information is in blacklist, return blocking-up representative value to radio node analysis module, otherwise return to radio node analysis module and do not block representative value.
Because the information recorded in white list comprises wireless access point names legal in this wireless network, the WAP (wireless access point) of newly opening up is not in white list, by the wireless access point names recorded in contrast white list, can judge whether this WAP (wireless access point) is the WAP (wireless access point) of newly opening up, it the WAP (wireless access point) of newly opening up is illegal, that needs are blocked radio node, namely by judging that whether WAP (wireless access point) is emergingly judge whether that needs are blocked, realize blocking illegal WAP (wireless access point).
And the information recorded in blacklist is the suspicious WAP (wireless access point) judged by the suspicious wireless terminal under previously passed network traffics and access point, to the WAP (wireless access point) of newly opening up by with Record Comparison in blacklist, can judge whether this WAP (wireless access point) should block, realize blocking illegal WAP (wireless access point).The record of blacklist can be arranged in advance, also can realize dynamically adding according to the judgement of the suspicious wireless terminal under network traffics and access point.
Judged result is back to radio node analysis module by described black and white lists judge module, and radio node analysis module controls WAP (wireless access point) according to the judged result returned and blocks the Authentication packet whether module generates blocking-up WAP (wireless access point); If what return is block representative value, then controls WAP (wireless access point) and block several Authentication packets of CMOS macro cell, carrying out checking flood attack to needing the WAP (wireless access point) be blocked.
The source address that first described WAP (wireless access point) blocking-up module arranges described Authentication packet is random MAC Address, after checking flood attack carries out setting-up time, wireless network analysis module scans wireless network topology structure, if the WAP (wireless access point) be blocked still has normal network communication data bag, then the source address MAC of Authentication packet is set to the MAC Address of the radio node communicated with this WAP (wireless access point).
The Duration value of described Authentication packet is set to 0.By the Duration(duration) value is set to 0, and can reduce the time restriction of access media, avoid impacting the communication of the radio node not needing to be blocked.
Described packet capture module adopts zero duplication technology directly from wireless network card drives, to obtain radio node packet.Avoid data by the process of other system layer of upper strata like this, make to capture wireless data packet more timely, effectively raise the efficiency that radio node packet captures, that tries one's best avoids radio node packet packet loss and the situation that can not be acquired.
All radio node packets, using the MAC Address in radio node packet as subregion condition, are built into wireless network topology structure by described radio node analysis module.
A kind of radio node blocking-up method, comprises step:
(1), packet capture module obtains the radio node packet of transmission in wireless network;
(2), the radio node information that comprises in the radio node packet of radio node analysis module analysis collection, and according to radio node information architecture wireless network topology structure; The BSSID value of the WAP (wireless access point) that the network type that described radio node information comprises radio node is connected with this radio node;
(3), first black and white lists judge module will judge the type of radio node, if Ad-hoc type wireless network then returns do not block representative value, if not ad-hoc type wireless network, then the information recorded in radio node information and blacklist or white list being contrasted, judging that WAP (wireless access point) that radio node connects is the need of being blocked;
(4), WAP (wireless access point) blocks CMOS macro cell several blocks the Authentication packet of WAP (wireless access point), carries out checking flood attack to needing the WAP (wireless access point) be blocked.
In described step (1), packet capture module adopts zero duplication technology directly from wireless network card drives, to obtain radio node packet.
In described step (3), if black and white lists judge module enables white list, then judge that the BSSID value of WAP (wireless access point) is whether in white list, if not in white list, judge that this WAP (wireless access point) needs to be blocked, and return blocking-up representative value to radio node analysis module, otherwise return to radio node analysis module and do not block representative value, the information recorded in described white list comprises WAP (wireless access point) BSSID value legal in this wireless network.
In described step (3), enable blacklist if selected, then judge that the BSSID value of WAP (wireless access point) is whether in blacklist, if in blacklist, then returns blocking-up representative value, otherwise return and do not block representative value; The information recorded in described blacklist comprises WAP (wireless access point) BSSID value illegal in this wireless network.
In described step (4), the source address arranging described Authentication packet is random MAC Address.
In described step (4): after Authentication packet generates setting-up time, scanning wireless network topology structure, if the WAP (wireless access point) be blocked still is present in wireless network topology structure, and have radio node to communicate with, then the source address MAC of Authentication packet is set to the MAC Address of the radio node communicated with this WAP (wireless access point).
In described step (4): the Duration value arranging Authentication packet is set to 0.By the Duration(duration) value is set to 0, and can reduce the time restriction of access media, avoid impacting the communication of the radio node not needing to be blocked.
Compared with prior art, beneficial effect of the present invention:
1, judged by the contrast of black and white lists judge module, radio node analysis module can automatic analysis go out to need to be blocked, WAP (wireless access point) that the WAP (wireless access point) of newly opening up and pre-set needs block, by directly blocking illegal WAP (wireless access point), the illegal wireless node indirectly achieved a butt joint in this WAP (wireless access point) blocks, ensure that network is complete, ensured that in network, other legal radio nodes can not be blocked simultaneously.
2, after Authentication packet generates setting-up time, the WAP (wireless access point) be blocked is needed still to exist if scanned, then adjust the source address of Authentication packet, effectively can block WAP (wireless access point), and can not impact the communication of other WAP (wireless access point) in this channel.
3, the Duration(duration blocked in the Authentication packet of WAP (wireless access point) will be used for) value is set to 0, decrease the time restriction of access media, namely decrease the time to channel occupancy, ensure that the communication between proper mobile terminal and WAP (wireless access point) not needing to be blocked.
Accompanying drawing illustrates:
Fig. 1 is radio node blocking system structural schematic block diagram in embodiment.
Fig. 2 is the flow chart being realized the method that radio node blocks by radio node blocking system in embodiment.
Fig. 3 (a) is the wireless network topology structure schematic diagram based on basic type wireless network.
Fig. 3 (b) is the wireless network topology structure schematic diagram based on Ad-hoc wireless network.
Reference numeral: 100-WAP (wireless access point), 200-radio node.
Embodiment
Below in conjunction with test example and embodiment, the present invention is described in further detail.But this should be interpreted as that the scope of the above-mentioned theme of the present invention is only limitted to following embodiment, all technology realized based on content of the present invention all belong to scope of the present invention.
Radio node blocking system of the present invention is for blocking the illegal wireless node in access of radio network, and described illegal wireless node refers to the radio node not allowing to access this wireless network.
With reference to figure 1, a kind of radio node blocking system that the present embodiment is enumerated, comprises packet capture module, for gathering the radio node packet of transmission in wireless network; Radio node analysis module, for analyzing the radio node information comprised in the radio node packet of collection, and set up wireless network topology structure, the BSSID value of the WAP (wireless access point) that the network type that described radio node information comprises radio node is connected with this radio node; Black and white lists judge module, for the information by recording in contrast radio node information and blacklist or white list, judging that WAP (wireless access point) is the need of being blocked, and returning judged result; Described white list is stored in black and white lists judge module, and pre-sets, and the information recorded in white list comprises the BSSID value of WAP (wireless access point) legal in this wireless network; Described blacklist is stored in black and white lists judge module, and the information recorded in blacklist can pre-set, and also can dynamically add.Black and white lists judge module real time scan wireless network topology structure, is added into the WAP (wireless access point) newly accessing this wireless network in blacklist.The information recorded in blacklist comprises the BSSID value of WAP (wireless access point) illegal in this wireless network; WAP (wireless access point) blocks module, for generating the Authentication packet blocking WAP (wireless access point).
Radio node packet capture module adopts zero duplication technology, and (namely zero duplication technology is the operation by reducing or eliminating important traffic path effects speed, reduce operating system overhead and the Protocol processing overhead of transfer of data, thus effectively improve communication performance, realize the method for high speed data transfer), directly from wireless network card drives, obtain radio node packet, avoid data by the process of other system layer of upper strata, make to capture wireless data packet more timely, effectively raise the efficiency that radio node packet captures, as far as possible avoid the situation that wireless several sections of point can not be acquired according to bag packet loss.
MAC(Media Access Control is comprised, medium access control in the frame head of described radio node packet) address, all radio node packets, using MAC Address as subregion condition, are built into wireless network topology structure by radio node analysis module.Wireless network analysis module often analyzes a radio node packet, corresponding radio node information transmission will be contrasted module to black and white lists.Black and white lists judge module first judges the type of this radio node, if ad-hoc network type, represents in this network do not have WAP (wireless access point), returns and do not block representative value, as binary zero.Then the information recorded in radio node information and blacklist or white list is contrasted if not ad-hoc network, by judging whether radio node information judges in blacklist or white list that radio node is the need of being blocked.Network type judgement can not certainly be carried out, because there is not WAP (wireless access point) in ad-hoc network, the radio node that indirect is connected with this WAP (wireless access point) is not carried out, even if that is, do not carry out network type judgement can not block this radio node by blocking WAP (wireless access point).Black and white lists judge module judges that radio node can only enable white list or blacklist the need of when being blocked, and namely white list and blacklist can not be activated simultaneously.If enable white list, then judge radio node information whether in white list, if radio node information is not in white list, the BSSID value of the WAP (wireless access point) namely comprised in radio node information is not recorded in white list, then judge that the WAP (wireless access point) needs comprised in radio node information are blocked, and return blocking-up representative value, as binary one to radio node analysis module.If the WAP (wireless access point) BSSID value record comprised in radio node information is in white list, then judges that the WAP (wireless access point) comprised in radio node information does not need to be blocked, return to radio node analysis module and do not block representative value, as binary zero.If enable blacklist, then judge radio node information whether in blacklist, if radio node information is in blacklist, namely in radio node information the BSSID value record of WAP (wireless access point) in blacklist, then judge that the WAP (wireless access point) needs comprised in radio node information are blocked, and return blocking-up representative value, as binary one to radio node analysis module.If the WAP (wireless access point) BSSID value comprised in radio node information is not in blacklist, then judges that the WAP (wireless access point) comprised in radio node information does not need to be blocked, return to radio node analysis module and do not block representative value, as binary zero.Black and white lists is contrasted judged result that module returns and transfers to WAP (wireless access point) and block module by radio node analysis module.
WAP (wireless access point) blocks module according to judged result, determines whether generate the Authentication packet blocking WAP (wireless access point).WAP (wireless access point) blocks module and carries out checking flood attack for needing the WAP (wireless access point) be blocked, namely a large amount of Authentication packet blocking WAP (wireless access point) is generated, do not come to make this WAP (wireless access point) process, and cause this WAP (wireless access point) to collapse, to such an extent as to this WAP (wireless access point) cannot provide normal service and resource access, reach the effect blocking WAP (wireless access point), and then indirectly reach blocking-up radio node accesses this wireless network object by this WAP (wireless access point), and can not impact the communication of other WAP (wireless access point) in this channel.Duration value in Authentication packet is set to 0, and source address is set to random MAC Address, contributes to like this blocking WAP (wireless access point) faster.Carry out (the such as 10 minutes a period of time set, can send out according to different wireless access point devices and suitably adjust) checking flood attack after, wireless network analysis module scans wireless network topology structure, if find that in wireless network topology structure the WAP (wireless access point) be blocked still exists, namely this WAP (wireless access point) and other radio node are still carrying out proper communication, then the source address MAC in the Authentication packet of transmission is set to the MAC Address of the radio node communicated with this WAP (wireless access point).By the source address of adjustment Authentication packet, even if this WAP (wireless access point) has carried out MAC filter setting, also can be blocked, effectively block the illegal wireless access point newly opened up, namely effective has ensured that illegal wireless node accesses this wireless network.
With reference to figure 2, the invention also discloses a kind of radio node blocking-up method, comprise step:
S101: packet capture module obtains the radio node packet of transmission in wireless network.
In this step, packet capture module adopts zero duplication technology directly from wireless network card drives, to obtain radio node packet.
S102: the radio node information comprised in the radio node packet of radio node analysis module analysis collection, and according to radio node information architecture wireless network topology structure; Described radio node information comprises the network type of radio node, the BSSID value of the WAP (wireless access point) that the MAC Address of radio node and this radio node access.
S103: the information recorded in radio node information and blacklist or white list contrasts by black and white lists contrast module, judges that WAP (wireless access point) in radio node information is the need of being blocked.
In this step, before carrying out blacklist or white list contrast, first judge the network type of radio node, if ad-hoc network type, then return and do not block representative value, as binary zero.Then the information recorded in radio node information and blacklist or white list is contrasted if not ad-hoc network.
In this step, if enable white list, if radio node information is not in white list, then judge that the WAP (wireless access point) needs comprised in radio node information are blocked, and return blocking-up representative value to radio node analysis module, otherwise judge that the WAP (wireless access point) comprised in radio node information does not need to be blocked, return to radio node analysis module and do not block representative value.
In this step, if enable blacklist, if radio node information is in blacklist, then judge that WAP (wireless access point) needs to block, and return blocking-up representative value to radio node analysis module, otherwise judge that the WAP (wireless access point) comprised in radio node information does not need to be blocked, return to radio node analysis module and do not block representative value.Described white list pre-sets, and the information recorded in white list comprises the BSSID value of WAP (wireless access point) legal in this wireless network; Described blacklist both can pre-set also dynamic to be added, black and white lists judge module real time scan wireless network topology structure, be added in blacklist by the WAP (wireless access point) newly accessing this wireless network, the information recorded in blacklist comprises the BSSID value of WAP (wireless access point) illegal in this wireless network.
S104: WAP (wireless access point) blocks the Authentication packet of several blocking-up WAP (wireless access point) of CMOS macro cell, carries out checking flood attack to needing the WAP (wireless access point) be blocked.
In this step, the Duration value in Authentication packet is set to 0, and source address is set to random MAC Address, contributes to like this blocking WAP (wireless access point) faster.Carry out (the such as 10 minutes a period of time set, can send out according to different wireless access point devices and suitably adjust) checking flood attack after, wireless network analysis module scans wireless network topology structure, if find that in wireless network topology structure the WAP (wireless access point) be blocked still exists, namely this WAP (wireless access point) and other radio node are still carrying out proper communication, then the source address MAC in the Authentication packet of transmission is set to the MAC Address of the radio node communicated with this WAP (wireless access point).