CN104410633A - Method and device for security scanning of anti-concurrent server - Google Patents
Method and device for security scanning of anti-concurrent server Download PDFInfo
- Publication number
- CN104410633A CN104410633A CN201410699492.8A CN201410699492A CN104410633A CN 104410633 A CN104410633 A CN 104410633A CN 201410699492 A CN201410699492 A CN 201410699492A CN 104410633 A CN104410633 A CN 104410633A
- Authority
- CN
- China
- Prior art keywords
- scanned
- domain name
- server
- logon data
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method and a device for security scanning of an anti-concurrent server, and belongs to the technical field of network security. The method includes acquiring login information of multiple users; acquiring login data corresponding to the users and domain name ranges applicable to the login data according to the login information; determining a specific domain name of a to-be-scanned request which is a request sent to a to-be-scanned server; performing security scanning on the to-be-scanned server according to the specific domain name, the login data and the domain name ranges applicable to the login data. Scanning is performed on the basis of the specific domain name of the to-be-scanned server, the login data and the domain name ranges applicable to the login data, so that limitation of an anti-concurrent mechanism can be bypassed by means of simultaneous access of the multiple users when the to-be-scanned server is the anti-concurrent server, the objective of accessing the anti-concurrent server repeatedly within unit time is achieved, and scanning speed is increased.
Description
Technical field
The present invention relates to technical field of network security, particularly a kind of method and device anti-concurrent server being carried out to security sweep.
Background technology
Anti-concurrent server, the same user of general restriction only can access once within the unit interval.Web (network) security scanners is the program that a class can detect Local or Remote Host Security weakness automatically, it carries out security sweep by the request to be scanned of mailing to anti-concurrent server to anti-concurrent server, can find the security breaches that anti-concurrent server exists accurately.
In prior art, web security scanners, in order to normally scan anti-concurrent server, scans with the sweep speed of a request in the unit interval usually.Also namely, web security sweep sends a request to be scanned to anti-concurrent server within a unit interval, and receives the packet of anti-concurrent server feedback, detects the relevant interface sweeping anti-concurrent server whether there is security vulnerabilities according to this packet.
Realizing in process of the present invention, inventor finds that prior art at least exists following problem:
Because the speed of asking with the unit interval one scans, so cause sweep time long, scan efficiency is lower.
Summary of the invention
In order to solve the problem of prior art, embodiments provide a kind of method and the device that anti-concurrent server are carried out to security sweep.Described technical scheme is as follows:
On the one hand, provide a kind of method of anti-concurrent server being carried out to security sweep, described method comprises:
Obtain the log-on message of multiple user;
According to each log-on message, obtain the domain name scope that logon data corresponding to described multiple user and described logon data are suitable for;
Determine the designated domain name of request to be scanned, described request to be scanned is for mailing to the request of server to be scanned;
According to the domain name scope that described designated domain name, described logon data and described logon data are suitable for, security sweep is carried out to described server to be scanned.
Alternatively, the described domain name scope be suitable for according to described designated domain name, described logon data and described logon data, security sweep is carried out to described server to be scanned, comprising:
Judge whether described designated domain name is included within the scope of the applicable domain name of described logon data;
If described designated domain name is included within the scope of the applicable domain name of described logon data, then first kind scanning is carried out to described server to be scanned;
If described designated domain name is not included within the scope of the applicable domain name of described logon data, then according to the domain name scope that described logon data and described logon data are suitable for, Second Type scanning is carried out to described server to be scanned.
Alternatively, the described domain name scope be suitable for according to described logon data and described logon data, before carrying out Second Type scanning to described server to be scanned, described method also comprises:
Within the unit interval, access described server present count contents to be scanned, obtain a preset number return data bag;
Judge that whether the content of a described preset number return data bag is inconsistent;
If the content of a described preset number return data bag is inconsistent, then determine that described server to be scanned is anti-concurrent server, perform the described domain name scope be suitable for according to described logon data and described logon data, described server to be scanned is carried out to the step of Second Type scanning.
Alternatively, the described domain name scope be suitable for according to described logon data and described logon data, Second Type scanning is carried out to described server to be scanned, comprising:
The logon data of described request to be scanned is replaced with respectively logon data corresponding to described multiple user, obtain multiple new scan request, described new scan request comprises the logon data of a user in described multiple user;
Within the unit interval, described multiple new scan request is sent to described server to be scanned.
Alternatively, described first kind scanning is carried out to described request to be scanned, comprising:
The repeatedly access request same user initiated within the unit interval is sent to described server to be scanned, and described access request obtains according to described request to be scanned.
On the other hand, provide a kind of device anti-concurrent server being carried out to security sweep, described device comprises:
First information acquisition module, for obtaining the log-on message of multiple user;
Second data obtaining module, for according to each log-on message, obtains the domain name scope that logon data corresponding to described multiple user and described logon data are suitable for;
Designated domain name determination module, for determining the designated domain name of request to be scanned, described request to be scanned is for mailing to the request of server to be scanned;
Security sweep module, for the domain name scope be suitable for according to described designated domain name, described logon data and described logon data, carries out security sweep to described server to be scanned.
Alternatively, described security sweep module, comprising:
Judging unit, for judging whether described designated domain name is included within the scope of the applicable domain name of described logon data;
First security sweep unit, during for being included in when described designated domain name within the scope of the applicable domain name of described logon data, carries out first kind scanning to described server to be scanned;
Second scanning element, during for not being included in when described designated domain name within the scope of the applicable domain name of described logon data, according to the domain name scope that described logon data and described logon data are suitable for, carries out Second Type scanning to described server to be scanned.
Alternatively, described device also comprises:
Access modules, for accessing described server present count contents to be scanned within the unit interval, obtains a preset number return data bag;
Packet judge module, whether inconsistent for judging the content of a described preset number return data bag;
Described second scanning element, inconsistent for the content when a described preset number return data bag, determine that described server to be scanned is anti-concurrent server, perform the described domain name scope be suitable for according to described logon data and described logon data, described server to be scanned is carried out to the step of Second Type scanning.
Alternatively, described second scanning element, for the logon data of described request to be scanned is replaced with logon data corresponding to described multiple user respectively, obtain multiple new scan request, described new scan request comprises the logon data of a user in described multiple user; Within the unit interval, described multiple new scan request is sent to described server to be scanned.
Alternatively, described first scanning element, the repeatedly access request for same user being initiated within the unit interval is sent to described server to be scanned, and described access request obtains according to described request to be scanned.
The beneficial effect that the technical scheme that the embodiment of the present invention provides is brought is:
After the log-on message obtaining multiple user, according to each log-on message, obtain the domain name scope that logon data corresponding to multiple user and logon data are suitable for, afterwards, determine the designated domain name of request to be scanned, and according to designated domain name, the domain name scope that logon data and logon data are suitable for, treat scanning server and carry out security sweep, due to when treating scanning server and scanning, based on the designated domain name of server to be scanned, the domain name scope that logon data and logon data are suitable for scans, so when server to be scanned is anti-concurrent server, multiple user can be utilized to access to walk around the restriction of anti-concurrent mechanism simultaneously, thus reach the object of accessing repeatedly anti-concurrent server in the unit interval, and then improve sweep speed.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of implementation environment schematic diagram anti-concurrent server being carried out to security sweep that the embodiment of the present invention provides;
Fig. 2 is a kind of method flow diagram anti-concurrent server being carried out to security sweep that the embodiment of the present invention provides;
Fig. 3 is a kind of method flow diagram anti-concurrent server being carried out to security sweep that the embodiment of the present invention provides;
Fig. 4 is a kind of log-on message of providing of the embodiment of the present invention and logon data and the corresponding relation schematic diagram being suitable for domain name scope;
Fig. 5 be the embodiment of the present invention provide the first treat the schematic diagram that scanning server carries out security sweep;
Fig. 6 is that the second that the embodiment of the present invention provides treats the schematic diagram that scanning server carries out security sweep;
Fig. 7 is a kind of structural representation anti-concurrent server being carried out to the device of security sweep that the embodiment of the present invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Before in detail explanation is explained to the embodiment of the present invention, first the implementation environment of the embodiment of the present invention is introduced.See Fig. 1, the equipment of the present invention's design comprises net safety construction equipment and server to be scanned.Wherein, Network Security Device specifically can be net safety construction equipment; Server to be scanned both can be anti-concurrent server and non-anti-concurrent server.Wherein, anti-concurrent server generally limits same user and only can access once within the unit interval, and also namely same user only can send an access request to anti-concurrent server within the unit interval.If user repeatedly sends access request to anti-concurrent server within this unit interval, so anti-concurrent server only responds the access request that first time sends, and the access request of follow-up transmission, anti-concurrent server all will not respond.When net safety construction equipment carries out security sweep to anti-concurrent server, constantly need send request to anti-concurrent server, to carry out safety test to the relevant interface of anti-concurrent server; And net safety construction equipment is after the packet receiving anti-concurrent server feedback, by analyzing packet content, thus obtain the sensitive information such as OS Type, exploitation port, the service that provides of anti-concurrent server, and then determine whether anti-concurrent server exists security breaches.The present invention utilizes multiple user to access to walk around the restriction of anti-concurrent mechanism simultaneously, thus reaches the object of accessing repeatedly anti-concurrent server in the unit interval, and then improves sweep speed, refers to following embodiment.
Fig. 2 is a kind of method flow diagram anti-concurrent server being carried out to security sweep that the embodiment of the present invention provides.See Fig. 2, the method flow that the embodiment of the present invention provides comprises:
201, the log-on message of multiple user is obtained.
202, according to each log-on message, the domain name scope that logon data corresponding to multiple user and logon data are suitable for is obtained.
203, determine the designated domain name of request to be scanned, request to be scanned is for mailing to the request of server to be scanned.
204, according to the domain name scope that designated domain name, logon data and logon data are suitable for, treat scanning server and carry out security sweep.
The method that the embodiment of the present invention provides, after the log-on message obtaining multiple user, according to each log-on message, obtains the domain name scope that logon data corresponding to multiple user and logon data are suitable for, afterwards, determine the designated domain name of request to be scanned, and according to designated domain name, the domain name scope that logon data and logon data are suitable for, treat scanning server and carry out security sweep, due to when treating scanning server and scanning, based on the designated domain name of server to be scanned, the domain name scope that logon data and logon data are suitable for scans, so when server to be scanned is anti-concurrent server, multiple user can be utilized to access to walk around the restriction of anti-concurrent mechanism simultaneously, thus reach the object of accessing repeatedly anti-concurrent server in the unit interval, and then improve sweep speed.
Alternatively, according to the domain name scope that designated domain name, logon data and logon data are suitable for, treat scanning server and carry out security sweep, comprising:
Judge whether designated domain name is included within the scope of the applicable domain name of logon data;
If designated domain name is included within the scope of the applicable domain name of logon data, then treats scanning server and carry out first kind scanning;
If designated domain name is not included within the scope of the applicable domain name of logon data, then according to the domain name scope that logon data and logon data are suitable for, treats scanning server and carry out Second Type scanning.
Alternatively, according to the domain name scope that logon data and logon data are suitable for, treat before scanning server carries out Second Type scanning, the method also comprises:
Within the unit interval, access server present count contents to be scanned, obtain a preset number return data bag;
Judge that whether the content of a preset number return data bag is inconsistent;
If the content of a preset number return data bag is inconsistent, then determine that server to be scanned is anti-concurrent server, perform the domain name scope be suitable for according to logon data and logon data, treat the step that scanning server carries out Second Type scanning.
Alternatively, according to the domain name scope that logon data and logon data are suitable for, treat scanning server and carry out Second Type scanning, comprising:
The logon data of request to be scanned is replaced with respectively logon data corresponding to multiple user, obtain multiple new scan request, new scan request comprises the logon data of a user in multiple user;
Within the unit interval, multiple new scan request is sent to server to be scanned.
Alternatively, treat scan request and carry out first kind scanning, comprising:
The repeatedly access request same user initiated within the unit interval is sent to server to be scanned, and access request obtains according to request to be scanned.
Above-mentioned all alternatives, all can form optional embodiment of the present invention according to combining arbitrarily, this is no longer going to repeat them.
Fig. 3 is a kind of method flow diagram anti-concurrent server being carried out to security sweep that the embodiment of the present invention provides.The executive agent of the method is net safety construction equipment, and see Fig. 3, the method flow that the embodiment of the present invention provides comprises:
301, net safety construction equipment obtains the log-on message of multiple user.
Wherein, log-on message includes but not limited to user name and login password, and the embodiment of the present invention does not specifically limit the content that log-on message comprises.Net safety construction equipment can be web security scanners.Certainly, net safety construction equipment, except the above-mentioned type, also can be other types, and the embodiment of the present invention does not specifically limit this.The embodiment of the present invention only for net safety construction equipment for web security scanners is illustrated.
When obtaining the log-on message of multiple user, web security scanners can from server to be scanned for store user login information storage medium obtain.Such as, from the storage medium such as internal memory or buffer memory of server to be scanned, obtain the log-on message of multiple user.Certainly, except the mode of above-mentioned acquisition log-on message, also other obtain manners can be taked.Such as, intercept and capture the registration request that user mails to server to be scanned, obtain the user login information in registration request.The mode of the embodiment of the present invention to the log-on message obtaining user does not specifically limit equally.
302, net safety construction equipment is according to each log-on message, obtains the domain name scope that logon data corresponding to multiple user and logon data are suitable for.
Wherein, logon data refers to the login Cookie of user.Wherein, log in Cookie and generated by server to be scanned, be generally enciphered data, for distinguishing user identity, carrying out session tracking.
In addition, for user, its log-on message arranged can be used for logging in multiple different server usually.Such as, user is when sending registration request to different servers, and each registration request comprises same log-on message.Give one example, user, when log-in instant communication class is applied and when logging in game class applies, uses same log-on message, and the domain name of the application of instant messaging class and game class application correspondence is obviously inconsistent.So the logon data domain name scope that also correspondence one is applicable that each user is corresponding.
In embodiments of the present invention, owing to storing the domain name scope that logon data corresponding to each user and logon data are suitable in server to be scanned respectively, so after the log-on message obtaining multiple user, the login interface of server to be scanned can be called, obtain the domain name scope that logon data corresponding to the log-on message of multiple user and logon data use.After getting the domain name scope that logon data and logon data use, for the ease of putting the relation between domain name scope three that the log-on message of user, logon data and logon data be suitable in order, mapping table as shown in Figure 4 can be generated.
Certainly, except the mode of the domain name scope that the logon data corresponding except the multiple user of above-mentioned acquisition and logon data are suitable for, also can take other obtain manners, the embodiment of the present invention does not specifically limit this.
303, net safety construction equipment determines the designated domain name of request to be scanned, and request to be scanned is for mailing to the request of server to be scanned.
In embodiments of the present invention, request to be scanned is the request that web security scanners mails to server to be scanned.Wherein, request to be scanned can be HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) request, can comprise the content such as network address of the logon data (log in Cookie) of user, server to be scanned in this request, the embodiment of the present invention is treated the content that the type of scan request and request to be scanned comprise and is not all specifically limited.
In addition, designated domain name refers to the second level domain of request to be scanned.Second level domain refers to the domain name under TLD.Second level domain is the penultimate part of domain name.Give one example, abc.com is top-level domain, then www.abc.com is second level domain, and bbs.abc.com is second level domain, and tieba.abc.com is second level domain.Wherein, the designated domain name of request to be scanned comes from the network address of server to be scanned.
304, net safety construction equipment judges whether designated domain name is included within the scope of the applicable domain name of logon data; If designated domain name is included within the scope of the applicable domain name of logon data, then perform step 305; If designated domain name is not included within the scope of the applicable domain name of logon data, then perform step 306.
In embodiments of the present invention, when judging whether designated domain name is included within the scope of the applicable domain name of logon data, following manner can be taked to realize:
Determine the whole domain names comprised within the scope of the domain name that logon data is suitable for, judge that whether the designated domain name of request to be scanned is consistent with any one domain name in whole domain name; If the designated domain name of request to be scanned is consistent with any one domain name in whole domain name, then judge that the domain name of request to be scanned is included within the scope of the domain name of logon data use.If any one domain name in the designated domain name of request to be scanned and whole domain name is all inconsistent, then judge that the domain name of request to be scanned is not included within the scope of the domain name that logon data uses.
Certainly, except taking above-mentioned judgment mode and judging, also can take other judgment modes, the embodiment of the present invention does not specifically limit this.In addition, after determining that designated domain name is included in the applicable domain name scope of logon data, determine that server to be scanned is non-anti-concurrent server, perform following step 305, treat scanning server and carry out first kind scanning; After determining that designated domain name is not included in the applicable domain name scope of logon data, perform following step 306 and step 307, Second Type scanning is carried out to anti-concurrent server.
305, net safety construction equipment determines that server to be scanned is non-anti-concurrent server, treats scanning server and carries out first kind scanning.
In embodiments of the present invention, non-anti-concurrent server does not limit the access times of same user within the unit interval.So, when server to be scanned be non-anti-concurrent server scan time, web security server can be treated scanning server and carry out first kind scanning, also i.e. normal scan.When treating scanning server and carrying out first kind scanning, following manner can be taked to realize:
The repeatedly access request same user initiated within the unit interval is sent to server to be scanned, and this access request obtains according to described request to be scanned.
See Fig. 5, web security scanners when treating scanning server and carrying out first kind scanning, within the unit interval, send n access request to server to be scanned.Wherein, the concrete numerical value of n can be 10 20 etc., and the embodiment of the present invention does not specifically limit this.Wherein, the content that n access request comprises is all consistent, and n access request obtains according to request to be scanned.Wherein, the content logging in Cookie in each access request is all consistent.Host:xx.com represents the network address of server to be scanned.GET/xx.do? a=xx HTTP/1.1 shows that this access request is HTTP request.
306, net safety construction equipment accesses server present count contents to be scanned within the unit interval, obtains a preset number return data bag; Judge that whether the content of a preset number return data bag is inconsistent; If the content of a preset number return data bag is inconsistent, then perform step 307.
In embodiments of the present invention, if when judging that in above-mentioned steps 304 designated domain name is not included within the scope of the applicable domain name of logon data, then can't determine that server to be scanned is anti-concurrent server, also must perform and access server present count contents to be scanned within the unit interval, and judge that whether server to be scanned is the step of anti-concurrent server according to return data bag.
Wherein, preset number specifically can be 2.Certainly, preset data, except above-mentioned numerical value, also can be other numerical value.Such as, 3 or 4 etc., the size of the embodiment of the present invention to preset number does not specifically limit.
For preset number for 2, then send 2 access request in web security scanners to server to be scanned, after also namely accessing server to be scanned 2 times, wait for returning results of server to be scanned.Wherein, the logon data that 2 access request comprise needs consistent.Receiving server to be scanned respectively to the return data bag of above-mentioned 2 access request.Judge that whether the content that these two return data bags comprise is inconsistent; If the content that these two return data bags comprise is inconsistent, then determine that server to be scanned is anti-concurrent server; If the content that these two return datas comprise is consistent, then determine that server to be scanned is non-anti-concurrent server.After determining that server to be scanned is non-anti-concurrent server, treat scanning server according to the method shown in above-mentioned steps 305 and carry out first kind scanning, repeat no more herein.
307, net safety construction equipment determines that server to be scanned is anti-concurrent server, according to the domain name scope that logon data and logon data are suitable for, treats scanning server and carries out Second Type scanning.
In embodiments of the present invention, after determining that according to above-mentioned steps 306 server to be scanned is non-anti-concurrent server, the domain name scope that can be suitable for according to logon data and logon data is treated scanning server and is carried out Second Type scanning.When treating scanning server and carrying out Second Type scanning, following manner can be taked to realize:
The logon data of request to be scanned is replaced with respectively logon data corresponding to multiple user, obtain multiple new scan request, new scan request comprises the logon data of a user in multiple user; Within the unit interval, multiple new scan request is sent to server to be scanned.
Certainly, except above-mentioned scan mode, other modes also can be taked to scan anti-concurrent request, and the embodiment of the present invention does not specifically limit this.
With the logon data of request to be scanned for Cookie:username=aa; Osinfo=bb ..., logon data corresponding to multiple user is respectively Cookie:username=xx1; Osinfo=yy1 ..., Cookie:username=xx2; Osinfo=yy2 ..., until Cookie:username=xxn; Osinfo=yyn ..., after the logon data of request to be scanned is replaced with logon data corresponding to multiple user respectively, such as can be comprised logon data Cookie:username=xx1; Osinfo=yy1 ... new scan request, Cookie:username=xx1; Osinfo=yy1 ... new scan request, until Cookie:username=xx1; Osinfo=yy1 ... new scan request.After obtaining new scan request, as shown in Figure 6, multiple new scan request is sent to server to be scanned.Wherein, in new scan request except comprising logon data, also comprise the network address of server to be scanned and the request type (such as, HTTP request) of new scan request, the embodiment of the present invention does not specifically limit newly scanning the content comprised.
It should be noted that, when server to be scanned is anti-concurrent server, be limited to the restriction of anti-concurrent mechanism, web security scanners only may have access to server to be scanned 1 time within the unit interval, and the method taking the embodiment of the present invention to provide, web security scanners may have access within the unit interval server to be scanned 10 times, 100 times even more, thus significantly improve sweep speed.No matter scan for the first kind, or Second Type scanning, web security scanners to after server to be scanned in transmission scan request, by the return data bag of server to be scanned received, all can be treated scanning server and whether there is potential safety hazard or leak judges.
The method that the embodiment of the present invention provides, after the log-on message obtaining multiple user, according to each log-on message, obtains the domain name scope that logon data corresponding to multiple user and logon data are suitable for, afterwards, determine the designated domain name of request to be scanned, and according to designated domain name, the domain name scope that logon data and logon data are suitable for, treat scanning server and carry out security sweep, due to when treating scanning server and scanning, based on the designated domain name of server to be scanned, the domain name scope that logon data and logon data are suitable for scans, so when server to be scanned is anti-concurrent server, multiple user can be utilized to access to walk around the restriction of anti-concurrent mechanism simultaneously, thus reach the object of accessing repeatedly anti-concurrent server in the unit interval, and then improve sweep speed.
A kind of device anti-concurrent server being carried out to security sweep that Fig. 7 embodiment of the present invention provides.See Fig. 7, this device comprises: first information acquisition module 701, second data obtaining module 702, designated domain name determination module 703, security sweep module 704.
Wherein, first information acquisition module 701, for obtaining the log-on message of multiple user; Second data obtaining module 702 is connected with first information acquisition module 701, for according to each log-on message, obtains the domain name scope that logon data corresponding to multiple user and logon data are suitable for; Designated domain name determination module 703 is connected with the second data obtaining module 702, and for determining the designated domain name of request to be scanned, request to be scanned is for mailing to the request of server to be scanned; Security sweep module 704 is connected with designated domain name determination module 703, for the domain name scope be suitable for according to designated domain name, logon data and logon data, treats scanning server and carries out security sweep.
Alternatively, security sweep module, comprising:
Judging unit, for judging whether designated domain name is included within the scope of the applicable domain name of logon data;
First security sweep unit, during for being included in when designated domain name within the scope of the applicable domain name of logon data, treating scanning server and carrying out first kind scanning;
Second scanning element, during for not being included in when designated domain name within the scope of the applicable domain name of logon data, according to the domain name scope that logon data and logon data are suitable for, treating scanning server and carrying out Second Type scanning.
Alternatively, this device also comprises:
Access modules, for accessing server present count contents to be scanned within the unit interval, obtains a preset number return data bag;
Packet judge module, whether inconsistent for judging the content of a preset number return data bag;
Second scanning element, inconsistent for the content when a preset number return data bag, determine that server to be scanned is anti-concurrent server, perform the domain name scope be suitable for according to logon data and logon data, treat the step that scanning server carries out Second Type scanning.
Alternatively, the second scanning element, for the logon data of request to be scanned is replaced with logon data corresponding to multiple user respectively, obtain multiple new scan request, new scan request comprises the logon data of a user in multiple user; Within the unit interval, multiple new scan request is sent to server to be scanned.
Alternatively, the first scanning element, be sent to server to be scanned for the repeatedly access request same user initiated within the unit interval, access request obtains according to request to be scanned.
The device that the embodiment of the present invention provides, after the log-on message obtaining multiple user, according to each log-on message, obtains the domain name scope that logon data corresponding to multiple user and logon data are suitable for, afterwards, determine the designated domain name of request to be scanned, and according to designated domain name, the domain name scope that logon data and logon data are suitable for, treat scanning server and carry out security sweep, due to when treating scanning server and scanning, based on the designated domain name of server to be scanned, the domain name scope that logon data and logon data are suitable for scans, so when server to be scanned is anti-concurrent server, multiple user can be utilized to access to walk around the restriction of anti-concurrent mechanism simultaneously, thus reach the object of accessing repeatedly anti-concurrent server in the unit interval, and then improve sweep speed.
It should be noted that: what above-described embodiment provided carries out the device of security sweep when carrying out security sweep to anti-concurrent server to anti-concurrent server, only be illustrated with the division of above-mentioned each functional module, in practical application, can distribute as required and by above-mentioned functions and be completed by different functional modules, internal structure by device is divided into different functional modules, to complete all or part of function described above.In addition, what above-described embodiment provided belongs to same design to the device that anti-concurrent server carries out security sweep with the embodiment of the method for anti-concurrent server being carried out to security sweep, and its specific implementation process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. anti-concurrent server is carried out to a method for security sweep, it is characterized in that, described method comprises:
Obtain the log-on message of multiple user;
According to each log-on message, obtain the domain name scope that logon data corresponding to described multiple user and described logon data are suitable for;
Determine the designated domain name of request to be scanned, described request to be scanned is for mailing to the request of server to be scanned;
According to the domain name scope that described designated domain name, described logon data and described logon data are suitable for, security sweep is carried out to described server to be scanned.
2. method according to claim 1, is characterized in that, the described domain name scope be suitable for according to described designated domain name, described logon data and described logon data, carries out security sweep, comprising described server to be scanned:
Judge whether described designated domain name is included within the scope of the applicable domain name of described logon data;
If described designated domain name is included within the scope of the applicable domain name of described logon data, then first kind scanning is carried out to described server to be scanned;
If described designated domain name is not included within the scope of the applicable domain name of described logon data, then according to the domain name scope that described logon data and described logon data are suitable for, Second Type scanning is carried out to described server to be scanned.
3. method according to claim 2, is characterized in that, the described domain name scope be suitable for according to described logon data and described logon data, and before carrying out Second Type scanning to described server to be scanned, described method also comprises:
Within the unit interval, access described server present count contents to be scanned, obtain a preset number return data bag;
Judge that whether the content of a described preset number return data bag is inconsistent;
If the content of a described preset number return data bag is inconsistent, then determine that described server to be scanned is anti-concurrent server, perform the described domain name scope be suitable for according to described logon data and described logon data, described server to be scanned is carried out to the step of Second Type scanning.
4. method according to claim 3, is characterized in that, the described domain name scope be suitable for according to described logon data and described logon data, carries out Second Type scanning, comprising described server to be scanned:
The logon data of described request to be scanned is replaced with respectively logon data corresponding to described multiple user, obtain multiple new scan request, described new scan request comprises the logon data of a user in described multiple user;
Within the unit interval, described multiple new scan request is sent to described server to be scanned.
5. method according to claim 2, is characterized in that, describedly carries out first kind scanning to described request to be scanned, comprising:
The repeatedly access request same user initiated within the unit interval is sent to described server to be scanned, and described access request obtains according to described request to be scanned.
6. anti-concurrent server is carried out to a device for security sweep, it is characterized in that, described device comprises:
First information acquisition module, for obtaining the log-on message of multiple user;
Second data obtaining module, for according to each log-on message, obtains the domain name scope that logon data corresponding to described multiple user and described logon data are suitable for;
Designated domain name determination module, for determining the designated domain name of request to be scanned, described request to be scanned is for mailing to the request of server to be scanned;
Security sweep module, for the domain name scope be suitable for according to described designated domain name, described logon data and described logon data, carries out security sweep to described server to be scanned.
7. device according to claim 6, is characterized in that, described security sweep module, comprising:
Judging unit, for judging whether described designated domain name is included within the scope of the applicable domain name of described logon data;
First security sweep unit, during for being included in when described designated domain name within the scope of the applicable domain name of described logon data, carries out first kind scanning to described server to be scanned;
Second scanning element, during for not being included in when described designated domain name within the scope of the applicable domain name of described logon data, according to the domain name scope that described logon data and described logon data are suitable for, carries out Second Type scanning to described server to be scanned.
8. device according to claim 7, is characterized in that, described device also comprises:
Access modules, for accessing described server present count contents to be scanned within the unit interval, obtains a preset number return data bag;
Packet judge module, whether inconsistent for judging the content of a described preset number return data bag;
Described second scanning element, inconsistent for the content when a described preset number return data bag, determine that described server to be scanned is anti-concurrent server, perform the described domain name scope be suitable for according to described logon data and described logon data, described server to be scanned is carried out to the step of Second Type scanning.
9. device according to claim 8, it is characterized in that, described second scanning element, for the logon data of described request to be scanned is replaced with logon data corresponding to described multiple user respectively, obtain multiple new scan request, described new scan request comprises the logon data of a user in described multiple user; Within the unit interval, described multiple new scan request is sent to described server to be scanned.
10. device according to claim 7, is characterized in that, described first scanning element, and the repeatedly access request for same user being initiated within the unit interval is sent to described server to be scanned, and described access request obtains according to described request to be scanned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699492.8A CN104410633B (en) | 2014-11-26 | 2014-11-26 | The method and device of security sweep is carried out to anti-concurrent server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699492.8A CN104410633B (en) | 2014-11-26 | 2014-11-26 | The method and device of security sweep is carried out to anti-concurrent server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104410633A true CN104410633A (en) | 2015-03-11 |
| CN104410633B CN104410633B (en) | 2018-03-02 |
Family
ID=52648231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410699492.8A Active CN104410633B (en) | 2014-11-26 | 2014-11-26 | The method and device of security sweep is carried out to anti-concurrent server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104410633B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330841A (en) * | 2015-07-02 | 2017-01-11 | 天脉聚源(北京)科技有限公司 | Method and system for supporting multiple domain names |
| CN110572417A (en) * | 2019-10-22 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Method, apparatus, server and storage medium for providing login ticket |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060048214A1 (en) * | 2004-08-24 | 2006-03-02 | Whitehat Security, Inc. | Automated login session extender for use in security analysis systems |
| CN102932370A (en) * | 2012-11-20 | 2013-02-13 | 华为技术有限公司 | Safety scanning method, equipment and system |
| CN103634280A (en) * | 2012-08-23 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Website safety scanning method and apparatus |
| CN103870750A (en) * | 2012-12-12 | 2014-06-18 | 腾讯科技(武汉)有限公司 | Method and device for achieving device safety scanning in browser |
-
2014
- 2014-11-26 CN CN201410699492.8A patent/CN104410633B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060048214A1 (en) * | 2004-08-24 | 2006-03-02 | Whitehat Security, Inc. | Automated login session extender for use in security analysis systems |
| CN103634280A (en) * | 2012-08-23 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Website safety scanning method and apparatus |
| CN102932370A (en) * | 2012-11-20 | 2013-02-13 | 华为技术有限公司 | Safety scanning method, equipment and system |
| CN103870750A (en) * | 2012-12-12 | 2014-06-18 | 腾讯科技(武汉)有限公司 | Method and device for achieving device safety scanning in browser |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330841A (en) * | 2015-07-02 | 2017-01-11 | 天脉聚源(北京)科技有限公司 | Method and system for supporting multiple domain names |
| CN110572417A (en) * | 2019-10-22 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Method, apparatus, server and storage medium for providing login ticket |
| CN110572417B (en) * | 2019-10-22 | 2021-11-09 | 腾讯科技(深圳)有限公司 | Method, apparatus, server and storage medium for providing login ticket |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104410633B (en) | 2018-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107613020B (en) | Equipment management method and device | |
| CN104144419B (en) | Identity authentication method, device and system | |
| US11818228B2 (en) | Establishing user's presence on internal on-premises network over time using network signals | |
| US20160057101A1 (en) | Asset detection system | |
| CN105007581B (en) | A kind of network access authentication method and client | |
| JP6280641B2 (en) | Account login method, device and system | |
| CN103036902B (en) | Log-in control method and system based on Quick Response Code | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN105072123B (en) | A kind of single sign-on under cluster environment exits method and system | |
| CN102882903A (en) | Method and system for acquiring multi-site application information | |
| CN105516171B (en) | Portal keep-alive system and method, Verification System and method based on authentication service cluster | |
| CN106131074B (en) | Local area network resource access method and system | |
| CN110311926A (en) | Application access control method, system and medium | |
| CN105592180B (en) | A kind of method and apparatus of Portal certification | |
| CN107332804A (en) | The detection method and device of webpage leak | |
| CN105791059B (en) | A kind of broadband speed-measuring method, device, system | |
| CN103581201A (en) | Authentication and authorization method and device | |
| CN107070931A (en) | Cloud application data upload/access method, system and cloud proxy server | |
| WO2018072733A1 (en) | Webpage security check method and device | |
| CN104410633A (en) | Method and device for security scanning of anti-concurrent server | |
| CN106411819A (en) | Method and apparatus for recognizing proxy Internet protocol address | |
| CN114257651A (en) | Request response method, device, network equipment and computer readable storage medium | |
| CN109167758A (en) | A kind of message processing method and device | |
| KR20150013858A (en) | A method and a server for evaluating a request for access to content from a server in a computer network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 511446 Guangzhou City, Guangdong Province, Panyu District, South Village, Huambo Business District Wanda Plaza, block B1, floor 28 Applicant after: Guangzhou Huaduo Network Technology Co., Ltd. Address before: 510655, Guangzhou, Whampoa Avenue, No. 2, creative industrial park, building 3-08, Applicant before: Guangzhou Huaduo Network Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |