CN103209411B - The method and apparatus that wireless network anti-counterfeiting accesses - Google Patents
The method and apparatus that wireless network anti-counterfeiting accesses Download PDFInfo
- Publication number
- CN103209411B CN103209411B CN201210013876.0A CN201210013876A CN103209411B CN 103209411 B CN103209411 B CN 103209411B CN 201210013876 A CN201210013876 A CN 201210013876A CN 103209411 B CN103209411 B CN 103209411B
- Authority
- CN
- China
- Prior art keywords
- frame
- authentication
- judge
- management
- frames
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention discloses a kind of method that wireless network anti-counterfeiting accesses, and comprises the steps: to receive the radio frames that wireless terminal sends;Judge that described radio frames is Frame or management frame;Described data frame packet contains data content, and described management frame is used for setting up wireless connections;If described radio frames is Frame, then judge the legitimacy of described Frame according to communications records;If described radio frames is management frame, then according to the content the most legal legitimacy that judge manage frame corresponding with management event comprised in management frame;When described Frame or management frame are the most illegal, then received radio frames are abandoned, otherwise described radio frames is processed accordingly.Additionally, be also disclosed a kind of should device in aforementioned manners.Said method and device can prevent unwarranted terminal from accessing wireless network access point to a certain extent.
Description
[technical field]
The present invention relates to radio communication, especially relate to the method and apparatus that a kind of wireless network anti-counterfeiting accesses.
[background technology]
Apply more and more ripe in the product along with wireless traffic, network security is more and more important.Access nothing
Authentication mode during gauze network includes open system authentication and shared key authentication.Wherein open system authentication
Process includes: wireless terminal sends request, nothing to WAP (Access Point, AP) to be associated
Line access point differentiates response to this request.In this authentication mode, as long as there being a correct SSID (Service
Set Identifier, service set) can certification pass through, access wireless network.
There is such a in the wireless network to attack, invader obtains SSID by some illegal means, logical
Cross eavesdropping and obtain the MAC Address of the subscriber computer authorized, then revise the MAC Address of oneself, with
Access network or attack.
[summary of the invention]
Based on this, it is necessary to provide a kind of and be prevented from unwarranted terminal and access wireless network access point
The method that wireless network anti-counterfeiting accesses.
Additionally, also provide for the device that a kind of wireless network anti-counterfeiting accesses.
A kind of method that wireless network anti-counterfeiting accesses, comprises the steps: to receive the nothing that wireless terminal sends
Line frame;Judge that described radio frames is Frame or management frame;Described data frame packet contains data content, described
Management frame is used for setting up wireless connections;If described radio frames is Frame, then judge described according to communications records
The legitimacy of Frame;If described radio frames be management frame, then according to management frame in comprise with management event
The most legal legitimacy judging to manage frame of corresponding content;When described Frame or management frame are the most illegal
Time, then received radio frames is abandoned, otherwise described radio frames is processed accordingly.
Preferably, it is judged that described radio frames is that the step of Frame or management frame includes: to definition frame type
Data bit be identified.
Preferably, the step of the described legitimacy judging Frame according to communications records specifically includes: judge institute
State whether the numbering of the sequence in Frame exceedes judgment threshold with the difference of sequence numbering during previous communication, if
It is then to abandon this Frame, otherwise Frame is transferred to corresponding Frame handling process.
Preferably, described judge according to the content corresponding with management event comprised in management frame is the most legal
The step of the legitimacy of management frame includes authentication frame, de-authentication frames and goes at least one in disassociation frame to enter
Row judges.
Preferably, the described step judging authentication frame includes: judge the MAC comprised in this authentication frame
Address associates the most, the most then abandon this authentication frame, otherwise this authentication frame be used for certification and set up pass
Connection.
Preferably, the described step judging de-authentication frames includes: judge to comprise in de-authentication frames is former
Because code is the most illegal, the most then abandon this de-authentication frames, otherwise this de-authentication frames is used for certification behaviour
Make.
Preferably, the described step to going disassociation frame to judge includes: judge to go to comprise in disassociation frame is former
Because code is the most illegal, the most then abandons this and remove disassociation frame, otherwise go disassociation frame to be used for association behaviour this
Make.
Preferably, also including: judge away from whether call duration time last time exceedes Preset Time, if not having, then will
Management frame abandons.
The device that a kind of wireless network anti-counterfeiting accesses, including: data reception module, receive wireless terminal and send out
The radio frames sent, and judge that described radio frames is Frame or management frame;Frame anti-counterfeiting module, root
Judge the legitimacy of described Frame according to communications records, when described Frame is illegal, Frame abandoned,
Otherwise Frame is processed accordingly;Management frame anti-counterfeiting module, according to management frame in comprise with pipe
The most legal legitimacy judging to manage frame of content that director's part is corresponding, when described management frame is illegal,
Management frame is abandoned, otherwise management frame is processed accordingly.
Preferably, described Frame anti-counterfeiting module specifically for: described management frame anti-counterfeiting module is specifically used
In: judge that the MAC Address comprised in authentication frame associates the most, the most then abandon this authentication frame, otherwise
This authentication frame is used for certification and sets up association;Judge that the reason-code comprised in de-authentication frames is the most illegal,
The most then abandon this de-authentication frames, otherwise this de-authentication frames is used for authentication operation;Judge to remove disassociation frame
In the reason-code that comprises the most illegal, the most then abandon this and remove disassociation frame, otherwise go disassociation frame to use this
Operation associated in going.
Said method and device, by making a distinction Frame and management frame, simultaneously to Frame and management
Frame is respectively provided with different decision conditions, illegal terminal is sent by various forms carry out palming off wireless
Frame is screened, it is possible to prevent unwarranted terminal from accessing wireless network access point to a certain extent.
[accompanying drawing explanation]
Fig. 1 is the method flow diagram of the wireless network anti-counterfeiting access of an embodiment;
Fig. 2 is the apparatus module figure of the wireless network anti-counterfeiting access of an embodiment.
[detailed description of the invention]
As it is shown in figure 1, be the method flow diagram of the wireless network anti-counterfeiting access of an embodiment.The method bag
Include following steps.
S101: receive the radio frames that wireless terminal sends.Number mutual between wireless terminal and WAP
According to this presented in frame, owing to being radio communication, these frames are referred to as radio frames.One radio frames bag
Containing a string binary numeral determining length, binary numeral represents different implications in different positions.Nothing
Line frame includes polytype, main two classes that can be divided into, and a class is the Frame comprising data content, separately
One class is the management frame for setting up wireless connections.Wherein management frame includes again authentication frame, de-authentication frames, goes
Disassociation frame etc..
S102: judge that described radio frames is Frame or management frame.If described radio frames is Frame, then
Perform step S103.If described radio frames is management frame, then perform step S105.Can be in radio frames
The type of defined location definition radio frames, such as in 2 types defining frames of a string binary numeral,
These 2 can be 00,01,10 and 11 respectively, can define the most altogether the radio frames of 4 types.
After receiving radio frames, the data bit of definition frame type is identified getting final product the type of judgment frame.This enforcement
In example, owing to having only to judge two kinds of radio frames, therefore can only enter by 1 binary data bit
Row is distinguished.Certainly, for management frame, in addition it is also necessary to increase extra data bit further types of to define
Frame.When, after the type of judgment frame, processing accordingly.
S103: judge whether the sequence in described Frame numbers the difference with sequence numbering during previous communication
More than 32, the most then perform step S104, otherwise terminate this flow process, Frame is transferred to corresponding number
According to frame handling process.
In wireless communication procedure, chunk data is divided into a lot of small block data, then first-class plus data
For determining that the additional information of this small block data is to send.Wherein additional information just comprises the sequence of this small block data
Column number, owing to each small block data might not be received according to the order sent out, thus according to sequence
Small block data could be reduced to whole chunk data by column number.
In this step, it is judged that twice adjacent reception to the sequence numbering of Frame whether differ more than 32 and come really
Given data frame is the most legal.If not within 32, then it represents that the association between data is more weak, it is likely to
The Frame of personation.The judgment threshold 32 of this difference can according to circumstances be adjusted, to abandon true number
Reach preferably to balance according between frame and strick precaution personation Frame.
This step is a kind of method of legitimacy judging described Frame according to communications records, i.e. according to before
The Frame of communication and the correlation degree of this Frame judge.
S104: abandon this Frame.The Frame that will be deemed as personation abandons.
S105: judge whether this management frame is authentication frame, the most then perform step S106, otherwise perform step
Rapid S107.When radio frames is for management frame, determine whether whether it is authentication frame, it is judged that method can synchronize
Rapid S102.Authentication frame is for carrying out the pipe of authentication before wireless terminal associates with WAP foundation
Reason frame.Authentication frame generally comprises the MAC Address of the mobile terminal sending this authentication frame.
S106: judge that the MAC Address comprised in this authentication frame associates the most, the most then perform step
S111;Otherwise terminate this flow process, authentication frame is carried out respective handling.WAP can safeguard a pass
The list of connection website, comprises the MAC Address of each website in this list.If the station that WAP is safeguarded
Point list does not comprise the MAC Address of the authentication frame sended over, then shows that this authentication frame is used to set up
Association, then terminate this flow process, be used for setting up association by authentication frame.If list comprises in authentication frame
MAC Address, then illustrate this MAC be personation because a website associated will not be recognized again
Demonstrate,prove and associate, therefore this authentication frame can be abandoned.
S107: judge whether this management frame is de-authentication frames, the most then perform step S109, otherwise perform
Step S108.De-authentication frames is used to the authentication relation between releasing wireless terminal and WAP
Management frame.
S108: judge that this management frame whether for removing disassociation frame, the most then performs step S109, otherwise terminates
This flow process, will go disassociation frame to carry out respective handling.Going disassociation frame to be used to notify access point, work station will
Leave the management frame of network.
S109: judge that reason-code is the most illegal, the most then perform step S111, otherwise perform step S110.
It is de-authentication frames or when removing disassociation frame when managing frame, is directed to cancel association and cancel the operation of certification, all needs
Recipient to be notified cancels association or cancels the reason of certification.In the present embodiment, cancel association or cancel certification
Reason reason-code represent.As shown in the table, list some common reason-codes and it is corresponding
Implication.
Reason-code | Implication |
0 | Retain |
1 | Not specified |
2 | Authentication is invalid before |
6 | The frame type or the subtype that receive from the work station of not yet certification are incorrect |
7 | The frame type or the subtype that receive from the work station not yet associated are incorrect |
9 | Association or re-association was required before authentication completes |
The implication of the reason-code listed in upper table all cannot represent correct cancelling certification or cancel the former of association
Cause, can not go disassociation frame or de-authentication frames correctly perform association or remove authentication operation with this, can define
For illegal reason-code.When reason-code belongs to above-mentioned illegal reason-code, then by this de-authentication frames
Or go disassociation frame to abandon.Otherwise can go association according to reason-code accordingly or remove authentication operation.
According to the content corresponding with management event that comprise in management frame whether above-mentioned steps S105 to S109 be
The legal legitimacy judging to manage frame.Management frame includes authentication frame, de-authentication frames and removes disassociation frame, pipe
Director's part corresponds to MAC Address the most respectively, de-authentication frames and the reason generation going disassociation frame to comprise
Whether Correct cancels the reason that certification associates with cancellation to code.
And the judgement of above-mentioned three kinds of management frames can take at least one and carry out, and judgement order is also not necessarily limited to
The present embodiment, and can be adjusted.
S110: whether judging distance communicated more than 10 seconds last time, the most then terminate this flow process;Otherwise hold
Row step S111.For reason-code legal go disassociation frame or de-authentication frames, if having communication in 10 seconds
Record, then regard as the attack frame of personation by go disassociation frame or the de-authentication frames that receive, abandoned.10
Time second is Preset Time, can according to circumstances difference be adjusted.
S111: abandon this management frame.According to above-mentioned steps, it is judged to for meeting corresponding decision condition
The management frame of personation frame, all makees discard processing.
As in figure 2 it is shown, be the device of the wireless network anti-counterfeiting access of an embodiment.This device is mainly used in
WAP, it includes data reception module 100, Frame anti-counterfeiting module 200 and the management anti-vacation of frame
Emit module 300.
Data reception module 100 is for receiving the radio frames that wireless terminal sends, and judges that described radio frames is
Frame still manages frame.
Frame anti-counterfeiting module 200 judges the legitimacy of described Frame according to communications records, when described number
According to frame illegal time, Frame is abandoned, otherwise Frame is processed accordingly.
Specially judge whether the sequence in described Frame numbers the difference with sequence numbering during previous communication
More than 32, if not within 32, then it represents that the association between data is more weak, it is likely to the data of personation
Frame.The judgment threshold 32 of this difference can according to circumstances be adjusted, to abandon truthful data frame and strick precaution
Reach preferably to balance between personation Frame.
Whether management frame anti-counterfeiting module 300 closes according to the content corresponding with management event comprised in management frame
Method judges to manage the legitimacy of frame, when described management frame is illegal, is abandoned by management frame, otherwise to pipe
Reason frame processes accordingly.
Management frame anti-counterfeiting module 300 is used for authentication frame, de-authentication frames and goes disassociation frame to judge.
Specifically include:
Judge that the MAC Address comprised in authentication frame associates the most, the most then abandon this authentication frame, otherwise
This authentication frame is used for certification and sets up association;
Judge that the reason-code comprised in de-authentication frames is the most illegal, the most then abandon this de-authentication frames, no
Then this de-authentication frames is used for authentication operation;
Judge to go the reason-code comprised in disassociation frame the most illegal, the most then abandon this and remove disassociation frame, no
Then by this, to go disassociation frame to be used for operation associated.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed,
But therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that, for this area
Those of ordinary skill for, without departing from the inventive concept of the premise, it is also possible to make some deformation and
Improving, these broadly fall into protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended
Claim is as the criterion.
Claims (5)
1. the method that wireless network anti-counterfeiting accesses, comprises the steps:
Receive the radio frames that wireless terminal sends;
Judge that described radio frames is Frame or management frame;Described data frame packet contains data content, described pipe
Reason frame is used for setting up wireless connections;
If described radio frames is Frame, then judge the legitimacy of described Frame according to communications records;
If described radio frames is management frame, according to the content corresponding with management event comprised in management frame it is then
The no legal legitimacy judging to manage frame;
When described Frame or management frame are illegal, then received radio frames is abandoned, otherwise to institute
State radio frames to process accordingly;
Described judge to manage frame according to the content corresponding with management event comprised in management frame is the most legal
The step of legitimacy includes authentication frame, de-authentication frames and goes at least one in disassociation frame to judge;
Wherein:
The described step judging authentication frame includes:
Judge that the MAC Address comprised in this authentication frame associates the most, the most then abandon this authentication frame, no
Then this authentication frame it is used for certification and sets up association;
The described step judging de-authentication frames includes:
Judge that the reason-code comprised in de-authentication frames is the most illegal, the most then abandon this de-authentication frames, no
Then this de-authentication frames is used for authentication operation;
The described step to going disassociation frame to judge includes:
Judge to go the reason-code comprised in disassociation frame the most illegal, the most then abandon this and remove disassociation frame, no
Then by this, to go disassociation frame to be used for operation associated.
2. the method that wireless network anti-counterfeiting as claimed in claim 1 accesses, it is characterised in that judge institute
State the step that radio frames is Frame or management frame to include: the data bit of definition frame type is identified.
3. the method that wireless network anti-counterfeiting as claimed in claim 1 accesses, it is characterised in that described
Judge that according to communications records the step of the legitimacy of Frame specifically includes:
Judge whether the difference that the numbering of the sequence in described Frame is numbered with sequence during previous communication exceedes to sentence
Disconnected threshold value, the most then abandon this Frame, Frame otherwise transferred to corresponding Frame handling process.
4. the method that wireless network anti-counterfeiting as claimed in claim 1 accesses, it is characterised in that also include:
Judging away from whether call duration time last time exceedes Preset Time, if not having, then management frame being abandoned.
5. the device that wireless network anti-counterfeiting accesses, including:
Data reception module, receives the radio frames that wireless terminal sends, and judges that described radio frames is Frame
Still frame is managed;
Frame anti-counterfeiting module, judges the legitimacy of described Frame according to communications records, when described data
When frame is illegal, Frame is abandoned, otherwise Frame is processed accordingly;
Management frame anti-counterfeiting module, the most legal according to the content corresponding with management event comprised in management frame
Judge to manage the legitimacy of frame, when described management frame is illegal, management frame is abandoned, otherwise to management
Frame processes accordingly;
Described management frame anti-counterfeiting module specifically for:
Judge that the MAC Address comprised in authentication frame associates the most, the most then abandon this authentication frame, otherwise
This authentication frame is used for certification and sets up association;
Judge that the reason-code comprised in de-authentication frames is the most illegal, the most then abandon this de-authentication frames, no
Then this de-authentication frames is used for authentication operation;
Judge to go the reason-code comprised in disassociation frame the most illegal, the most then abandon this and remove disassociation frame, no
Then by this, to go disassociation frame to be used for operation associated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210013876.0A CN103209411B (en) | 2012-01-17 | 2012-01-17 | The method and apparatus that wireless network anti-counterfeiting accesses |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210013876.0A CN103209411B (en) | 2012-01-17 | 2012-01-17 | The method and apparatus that wireless network anti-counterfeiting accesses |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103209411A CN103209411A (en) | 2013-07-17 |
CN103209411B true CN103209411B (en) | 2016-08-24 |
Family
ID=48756466
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210013876.0A Active CN103209411B (en) | 2012-01-17 | 2012-01-17 | The method and apparatus that wireless network anti-counterfeiting accesses |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103209411B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9578458B2 (en) * | 2013-07-19 | 2017-02-21 | Intel Corporation | Identification of rogue access points |
CN104219699A (en) * | 2014-09-17 | 2014-12-17 | 成都开能科技发展有限公司 | Method for treating different data frames in AP system |
CN104243490B (en) * | 2014-09-30 | 2017-12-22 | 北京金山安全软件有限公司 | Method and device for identifying pseudo wireless network access point and mobile terminal |
CN105635185A (en) * | 2016-03-25 | 2016-06-01 | 珠海网博信息科技股份有限公司 | Method and device for preventing sniffing under WIFI environment |
CN106231598A (en) * | 2016-07-28 | 2016-12-14 | 北京坤腾畅联科技有限公司 | Wireless network attack immunization method based on frame detection and terminal unit |
CN108833384B (en) * | 2018-05-31 | 2021-03-12 | 奇安信科技集团股份有限公司 | Method and system for identifying counterfeit electronic devices |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101114948A (en) * | 2006-07-26 | 2008-01-30 | 鸿富锦精密工业(深圳)有限公司 | Client terminal and connection detecting method |
CN101217805A (en) * | 2008-01-21 | 2008-07-09 | 中兴通讯股份有限公司 | A wireless LAN access control method |
CN101645817A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | Wireless network access system and method thereof for preventing illegal user from malicious access |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4763819B2 (en) * | 2009-05-22 | 2011-08-31 | 株式会社バッファロー | Wireless LAN access point device and fraud management frame detection method |
-
2012
- 2012-01-17 CN CN201210013876.0A patent/CN103209411B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101114948A (en) * | 2006-07-26 | 2008-01-30 | 鸿富锦精密工业(深圳)有限公司 | Client terminal and connection detecting method |
CN101217805A (en) * | 2008-01-21 | 2008-07-09 | 中兴通讯股份有限公司 | A wireless LAN access control method |
CN101645817A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | Wireless network access system and method thereof for preventing illegal user from malicious access |
Also Published As
Publication number | Publication date |
---|---|
CN103209411A (en) | 2013-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103209411B (en) | The method and apparatus that wireless network anti-counterfeiting accesses | |
JP7234342B2 (en) | Method, system, and computer-readable medium for time-distance security measures for downstream roaming subscribers utilizing Diameter edge agents | |
US8010083B2 (en) | Detection of cloned identifiers in communication systems | |
CN105722090A (en) | Control method and device for automatically identifying pseudo base station | |
ATE398903T1 (en) | METHOD AND RADIO COMMUNICATION NETWORK FOR DETECTING THE PRESENCE OF FRAUDULENT PARTICIPANT IDENTITY MODULES | |
CN103249040B (en) | Method and device for wireless access authentication | |
CN104243472A (en) | Network with MAC table overflow protection | |
CN100536474C (en) | Method and equipment for preventing network attack by using address analytic protocol | |
CN1682198A (en) | Mobile ad-hoc network with intrusion detection features and related methods | |
CN107769914A (en) | Protect the method and the network equipment of data transmission security | |
CN103686651A (en) | Emergency call based authentication method, device and system | |
CN1973516B (en) | Method of and system for storage of I-WLAN temporary indentities | |
CN104378369A (en) | Wireless flooding attack prevention method | |
CN102752756A (en) | Method and device for preventing surfing the Internet by privately connecting wireless access point (AP) | |
CN101674557A (en) | Method and device for detecting whether missed calls are valid or not | |
CN103067916A (en) | System and method of wireless mobile terminal blocking | |
KR101039092B1 (en) | Method for protecting and isolating host in internet protocol version 6 network | |
CN101754210A (en) | Method and system for authenticating home base station equipment | |
CN101505478B (en) | Method, apparatus and system for filtering packets | |
JP4690423B2 (en) | Core network method and apparatus | |
CN100574214C (en) | The implementation method of protection mobile network resource | |
CN101778364A (en) | System and method for discovering and governing behaviors of copying SIM cards of mobile phones by adopting forced login | |
CN101431754B (en) | Method for preventing clone terminal access | |
CN101827359A (en) | System and method for discovering and handling illegally copied SIM cards | |
CN107969004A (en) | Networked system, networking method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |