CN104796388A - Network equipment scanning method and system and related devices - Google Patents
Network equipment scanning method and system and related devices Download PDFInfo
- Publication number
- CN104796388A CN104796388A CN201410027195.9A CN201410027195A CN104796388A CN 104796388 A CN104796388 A CN 104796388A CN 201410027195 A CN201410027195 A CN 201410027195A CN 104796388 A CN104796388 A CN 104796388A
- Authority
- CN
- China
- Prior art keywords
- mark
- network equipment
- intranet
- equipment
- reverse proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a network equipment scanning method and system and related devices. The method comprises that a scanner in the extranet receives a scanning request sent from network equipment in the intranet; the identification of a reverse proxy device corresponding to an intranet identification carried in the scanning request is determined according to the intranet identification and preset correspondence between intranet identification and identification of reverse proxy devices; scanning information including identification of the network equipment is distributed to the determined reverse proxy device at a set time, so that the reverse proxy device is indicated to scan the network equipment corresponding to the network equipment identification; and a scanning result returned after the reverse proxy device scans the network equipment is received. Thus, the network equipment in the intranet can be scanned in the extranet, and the network safety is improved.
Description
Technical field
The present invention relates to network security technology, particularly relate to a kind of method, relevant apparatus and system that the network equipment is scanned.
Background technology
Becoming more and more important and giving prominence to along with security of network and information, scanning technique is as a kind of important safety detection and preventive means, become a research emphasis of information security field at present, especially along with the complexity day by day of network topology structure, scanning demand under different network environments and scanning feature, correspond to different scan methods and scanning system, such as, Chinese Patent Application No. is 201210518355.0, patent name is " distributed network scan task processing method and system ", just provide a kind of distributed network scan task processing method and system.
Particularly, in the disclosure in this patent, mainly send scanning indication information by the first scanning device to the second scanning device, this first scanning device and this second scanning device all can be positioned on different external public networks (i.e. outer net) or internal network (i.e. Intranet) node, follow-uply send inquiry indication information by the first scanning device to the second scanning device, obtain the state that the second scanning device performs network sweep task; Then, the state of network sweep task is performed according to the second scanning device, determine further to resend scanning indication information to the second scanning device, or send inquiry indication information, or send and obtain indication information, and then the monitor and managment realized network sweep task processes, improve the success rate of distributed network scan task process.
From content disclosed in above-mentioned patent application, above-mentioned processing mode carries out scanning and managing concentratedly for network equipment each in the Internet, be only applicable to the security sweep between outer net and outer net or between Intranet and Intranet, but, for some Intranet, its inside does not arrange the scanning device for security sweep, in this case, above-mentioned handling process just cannot be utilized to carry out security sweep to the network equipment in Intranet, and this just causes the fail safe of Intranet lower.
Summary of the invention
Embodiments provide a kind of method, relevant apparatus and system that the network equipment is scanned, existingly cannot carry out to the network equipment in all Intranets the problem that security sweep causes the fail safe of Intranet lower in order to solve.
Based on the problems referred to above, a kind of method scanned the network equipment that the embodiment of the present invention provides, comprising:
Scanning device in outer net receives the scan request that the network equipment in outer net sends, and carries the mark of the described network equipment and the mark of described Intranet in described scan request;
According to the mark of the Intranet of carrying in the scan request received, and the corresponding relation of the mark of Intranet preset and the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request;
Issue the scanning information of the mark carrying the described network equipment to the reverse proxy equipment of the mark correspondence determined according to setting-up time, to indicate the network equipment of described reverse proxy equipment to the mark correspondence of the described network equipment carried in described scanning information to scan, described reverse proxy equipment is between described outer net and described Intranet;
The scanning result returned after receiving the network equipment described in described reverse proxy device scan.
A kind of scanning device that the embodiment of the present invention provides, this scanning device is arranged in outer net, comprising:
Receiver module, the scan request that the network equipment for receiving in Intranet sends, carries the mark of the described network equipment and the mark of described Intranet in described scan request; And the scanning result returned after receiving the network equipment described in reverse proxy device scan;
Determination module, for the mark according to the Intranet of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request;
Issue module, for according to the reverse proxy equipment of setting-up time to the mark correspondence determined, issue the scanning information of the mark carrying the described network equipment, to indicate the network equipment of described reverse proxy equipment to the mark correspondence of the described network equipment carried in described scanning information to scan, described reverse proxy equipment is between described outer net and described Intranet.
A kind of method scanned the network equipment that the embodiment of the present invention provides, comprising:
Reverse proxy equipment receives the scanning information carrying the mark of the network equipment that the scanning device in outer net issues according to setting-up time, described scanning information is for described scanning device is after the scan request receiving the mark carrying Intranet belonging to the described network equipment of network equipment transmission corresponding to described network device identity and the mark of the described network equipment, according to the mark of the Intranet of carrying in described scan request, with the corresponding relation of the Intranet mark preset with the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request, issue during mark for described reverse proxy equipment, and described reverse proxy equipment is belonging to described outer net and the described network equipment between Intranet,
The network equipment of the mark correspondence of the network equipment carried in described scanning information is scanned, and scanning result is reported described scanning device.
The embodiment of the present invention provides a kind of reverse proxy equipment, comprising:
Receiver module, for the scanning information carrying network device identity that the scanning device received in outer net issues according to setting-up time, described scanning information is for described scanning device is after the scan request receiving the mark carrying Intranet belonging to the described network equipment of network equipment transmission corresponding to described network device identity and the mark of the described network equipment, according to the mark of the Intranet of carrying in described scan request, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request, issue during mark for described reverse proxy equipment, described reverse proxy equipment is belonging to described outer net and the described network equipment between Intranet,
Scan module, the network equipment for the mark correspondence to the network equipment carried in described scanning information scans;
Reporting module, the scanning result for being performed by described scan module reports described scanning device.
The embodiment of the present invention provides a kind of system scanned the network equipment, comprises at least one network equipment at least one Intranet, the scanning device in outer net and at least one reverse proxy equipment, the corresponding reverse proxy equipment of each Intranet, wherein,
Each network equipment, for when needing security sweep separately, sending scan request to described scanning device, carrying the mark of map network equipment and the mark of corresponding Intranet in each scan request;
Described scanning device, for receiving the scan request that the network equipment sends, and according to the mark of the Intranet of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request; Issue the scanning information of the mark carrying map network equipment to the reverse proxy equipment of the mark correspondence determined according to setting-up time, the network equipment of the mark correspondence of the network equipment carried in the scanning information received to indicate corresponding reverse proxy equipment interconnection scans; The scanning result returned after receiving corresponding reverse proxy device scan map network equipment;
Each reverse proxy equipment, between described outer net and each self-corresponding Intranet, for receiving the scanning information carrying the mark of the network equipment in corresponding Intranet that described scanning device issues according to setting-up time, and after the network equipment of the mark correspondence of the network equipment carried in described scanning information is scanned, scanning result is reported described scanning device.
The beneficial effect of the embodiment of the present invention comprises:
A kind of method, relevant apparatus and system that the network equipment is scanned that the embodiment of the present invention provides, in the method taking scanning device as executive agent, the scan request that the network equipment that the scanning device being arranged in outer net receives Intranet sends, carries the mark of the network equipment and the mark of Intranet in this scan request; Then, according to the mark of the Intranet of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in scan request, and according to the reverse proxy equipment of setting-up time to the mark correspondence determined, issue the scanning information of the mark carrying the network equipment, scan with the network equipment indicating reverse proxy equipment corresponding to the network device identity carried in scanning information; Finally, the scanning result returned after receiving the reverse proxy device scan network equipment.
In embodiments of the present invention, for when there is no related scans equipment in Intranet, the network equipment in Intranet is when self needing to carry out security sweep, initiatively can send scan request to the scanning device in outer net, and not only carry self identification in this request, also carry the mark of Intranet belonging to self, like this, follow-up by the reverse proxy equipment realization scanning to self of the scanning device in outer net by correspondence, aforementioned this scan mode, not only avoid the mark of the network equipment in Intranet and occur overlapping problem, expand the sweep limits of the network equipment in Intranet, also improve the fail safe of Intranet, there is good applicability.
Accompanying drawing explanation
One of flow chart to the method that the network equipment scans that Fig. 1 provides for the embodiment of the present invention;
The flow chart two to the method that the network equipment scans that Fig. 2 provides for the embodiment of the present invention;
The scanning device that Fig. 3 provides for the embodiment of the present invention, structural representation mutual between reverse proxy equipment and the network equipment;
The structural representation of the scanning device that Fig. 4 provides for the embodiment of the present invention;
The structural representation of the reverse proxy equipment that Fig. 5 provides for the embodiment of the present invention;
The structural representation to the system that the network equipment scans that Fig. 6 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with Figure of description, a kind of embodiment to method, relevant apparatus and system that the network equipment scans that the embodiment of the present invention provides is described.
A kind of method scanned the network equipment that the embodiment of the present invention provides, as shown in Figure 1, take scanning device as executive agent, specifically comprises the following steps:
S11: the scanning device in outer net receives the scan request that the network equipment in Intranet sends;
, in above-mentioned scan request, not only carry the mark of the network equipment here, also carry the mark of Intranet, occur coincidence phenomenon to avoid the mark of the network equipment;
S12: according to the mark of the Intranet of carrying in the scan request received, and the corresponding relation of the mark of Intranet preset and the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in scan request;
S13: according to the reverse proxy equipment of setting-up time to the mark correspondence determined, issue the scanning information of the mark carrying the network equipment, scans to indicate the network equipment of reverse proxy equipment to the mark correspondence of the network equipment carried in scanning information;
Here, above-mentioned reverse proxy equipment is in fact between outer net and Intranet, and this reverse proxy equipment is generally Reverse Proxy;
S14: the scanning result returned after receiving the reverse proxy device scan network equipment.
Preferably, in above-mentioned steps S11, above-mentioned scanning device can be specially scanning server, and the mark of above-mentioned Intranet can be the private IP address of Intranet, such as, be the private IP address of 172 network segments; The mark of the above-mentioned network equipment can be the private IP address of the network equipment, specifically can according to belonging to the network equipment Intranet distribute private ip classification determine, be such as 192.168.*.* or be 10.*.*.*.Here, that supposes above-mentioned Intranet is designated 172.16.2.4, and that supposes the above-mentioned network equipment is designated 192.168.6.3, and so, in fact above-mentioned scan request carries 172.16.2.4 and 192.168.6.3.
It should be noted that, why the embodiment of the present invention had both carried the mark of the network equipment in scan request, also carry the mark of Intranet, mainly in order to avoid the generation of the mark coincidence phenomenon of the network equipment, can by the network equipment scope scanned in Intranet to expand.
Preferably, in above-mentioned steps S12, the corresponding relation of the mark of Intranet and the mark (usually adopting the form of outer net IP address) of anti-agent equipment is stored in advance in scanning device side, such as present in the form of a list (as shown in table 1 below), so, scanning device can determine according to this corresponding relation the anti-agent equipment that above-mentioned Intranet is corresponding, so that this reverse proxy equipment of follow-up instruction performs scan operation to this network equipment.Such as, that suppose to carry in above-mentioned scan request is 172.16.2.4 and 192.168.6.3, so, can learn that this Intranet is Intranet 3 from following table 1, and the reverse proxy equipment of Intranet 3 correspondence is REV_PROXY3, that is, rear extended meeting is operated the network equipment execution related scans in 192.168.6.3 by REV_PROXY3.
Table 1
It should be noted that, in embodiments of the present invention, the corresponding relation of the mark of Intranet and the mark of anti-agent equipment is why stored in scanning device side, mainly because, outer net residing for scanning device directly cannot access Intranet, in this case, if outer net needs to scan the network equipment in Intranet, the reverse proxy equipment (i.e. Reverse Proxy) be arranged between outer net and Intranet can only be relied on, namely reverse proxy equipment possesses the function can accessing Intranet, it plays the effect of agency service between outer net and Intranet.
Particularly; in above-mentioned steps S13; for scanning device; if it receives the scan request that the multiple network equipments belonged in same Intranet send simultaneously; so; after determining the reverse proxy equipment that Intranet is corresponding; usually can the scan task corresponding to these network equipments dispatch; namely the order that these network equipments are scanned is adjusted; then issue relevant scanning information according to setting-up time to reverse proxy equipment successively, according to relevant scanning information, scan operation is performed to corresponding network equipment to indicate reverse proxy equipment.Here, above-mentioned setting-up time can carry out value according to the actual demand of the network equipment, and such as, setting-up time is 30 seconds, certainly, can also be other numerical value.
Such as, suppose the scan request that scanning device receives the network equipment 1 in Intranet 1 and the network equipment 2 simultaneously and sends, in this case, determine if follow-up and perform scan operation by reverse proxy equipment 1, so, scanning device can indicate reverse proxy equipment 1 pair of network equipment 1 to perform related scans operation after the setting-up time of first interval, and then after the above-mentioned setting-up time in interval, instruction reverse proxy equipment 1 pair of network equipment 2 performs related scans operation; Certainly, scanning device also can first indicate reverse proxy equipment 1 first to perform related scans operation to the network equipment 2.
In addition, in above-mentioned steps S13, for above-mentioned reverse proxy equipment, its this locality stores the mark of each network equipment in the corresponding mark of Intranet and the Intranet of correspondence in advance, like this, after receiving the scanning information that scanning device sends, know and which network equipment to perform scan operation for.
Particularly, in above-mentioned steps S14, after scanning device receives the scanning result of reverse proxy equipment feedback, can process according to the security breaches of related scans result to the network equipment.
The embodiment of the present invention provides a kind of method scanned the network equipment, as shown in Figure 2, with reverse proxy equipment for executive agent, specifically comprises the steps:
S21: reverse proxy equipment receives the scanning information carrying the mark of the network equipment that the scanning device in outer net issues according to setting-up time;
Here, above-mentioned scanning information for scanning device receive that the network equipment corresponding to network device identity send carry the scan request of the mark of Intranet belonging to the network equipment and the mark of the network equipment after, according to the mark of the Intranet of carrying in scan request, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in scan request, issue during mark for reverse proxy equipment, and, reverse proxy equipment is actually belonging to outer net and the network equipment between Intranet,
S22: the network equipment of the mark correspondence of the network equipment carried in scanning information is scanned, and scanning result is reported scanning device.
It should be noted that, in this method, the value of above-mentioned setting-up time can with above-mentioned be executive agent with scanning device time value mode identical, and the setting of the mark of Intranet belonging to the mark of the above-mentioned network equipment and the above-mentioned network equipment, also with above-mentioned be executive agent with scanning device time setting means identical, describe in detail no longer one by one at this.
Below in conjunction with following specific embodiment, what provide the embodiment of the present invention is described in detail to the method that the network equipment scans:
As shown in Figure 3, the scanning device 311 supposing in outer net 31 receives main frame 321 in Intranet 32 and main frame 322 simultaneously, and the scan request that main frame 331 in Intranet 33 and main frame 332 send over, carry the IP address of Intranet belonging to each from host and the private IP address of main frame in each scan request; Suppose the corresponding reverse proxy equipment 34 of Intranet 32, the corresponding reverse proxy equipment 35 of Intranet 33; Suppose that above-mentioned setting-up time is 30 seconds.
So, for scanning device 311, after receiving these scan request, the mark of the affiliated separately Intranet of carrying in the scan request of meeting respectively according to the transmission of main frame 321, main frame 322, main frame 331 and main frame 332, namely according to the mark of Intranet 32 and Intranet 33, what determine Intranet 32 correspondence is reverse proxy equipment 34, Intranet 33 correspondence be reverse proxy equipment 35.
Then, the scan task of main frame 321 and main frame 322 correspondence is dispatched, suppose that scheduling result first performs related scans operation to main frame 321, then performs related scans task to main frame 322; Meanwhile, also the scan task of main frame 331 and main frame 332 correspondence is dispatched, suppose that scheduling result first performs related scans task to main frame 332, and then related scans task is performed to main frame 331.
Further, in this case, the scanning information of main frame 321 and main frame 332 correspondence can be handed down to reverse proxy equipment 34 and reverse proxy equipment 35 at interval after 30 seconds by scanning device 311 respectively, scanned by reverse proxy equipment 34 pairs of main frames 321, scanned by reverse proxy equipment 34 pairs of main frames 32, like this, the relevant scanning information being handed down to relevant reverse agent equipment until interval by 30 seconds after, more respectively the scanning information of main frame 322 and main frame 331 correspondence is handed down to reverse proxy equipment 34; Finally, receive the related scans result of reverse proxy equipment 34 and reverse proxy equipment 35 feedback respectively, namely complete the scanning of outer net to the network equipment in Intranet.
Based on same inventive concept, the embodiment of the present invention additionally provides the relevant apparatus corresponding with the method scanned the network equipment and system, the principle of dealing with problems due to these devices and system is similar to the aforementioned scan method based on reverse proxy, therefore the enforcement of these devices and system see the enforcement of preceding method, can repeat part and repeats no more.
The embodiment of the present invention provides a kind of scanning device, and this scanning device is arranged in outer net, as shown in Figure 4, specifically comprises:
Receiver module 41, for receiving the scan request that the network equipment sends; And the scanning result returned after receiving the reverse proxy device scan network equipment;
Here, the mark of the network equipment and the mark of Intranet is carried in above-mentioned scan request; And the scanning result returned after receiving the reverse proxy device scan network equipment;
Determination module 42, for the mark according to the Intranet of carrying in the scan request received, and the corresponding relation of the mark of Intranet preset and the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in scan request;
Issue module 43, for according to the reverse proxy equipment of setting-up time to the mark correspondence determined, issue the scanning information of the mark carrying the network equipment, the network equipment of instruction reverse proxy equipment to the mark correspondence of the network equipment carried in scanning information scans.
Preferably, the private IP address being designated the network equipment of the network equipment carried in the scan request that above-mentioned receiver module 41 receives, the private IP address being designated Intranet of the Intranet of carrying.
The embodiment of the present invention provides a kind of reverse proxy equipment, as shown in Figure 5, specifically comprises:
Receiver module 51, the scanning information carrying the mark of the network equipment that the scanning device for receiving in outer net issues according to setting-up time;
Here, above-mentioned scan task information for scanning device receive the network equipment mark correspondence the network equipment send carry the scan request of the mark of Intranet belonging to the network equipment and the mark of the network equipment after, according to the mark of the Intranet of carrying in scan request, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the Intranet mark correspondence of carrying in scan request, issue during mark for reverse proxy equipment, and reverse proxy equipment is belonging to outer net and the network equipment between Intranet;
Scan module 52, the network equipment for the mark correspondence to the network equipment carried in scanning information scans;
Reporting module 53, reports scanning device for the scanning result performed by scan module 52.
Preferably, the private IP address being designated the network equipment of the network equipment carried in the scanning information that above-mentioned receiver module 51 receives, and the scanning information that receiver module 51 receives is the private IP address of scanning device according to Intranet belonging to the network equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in scan request, issue during mark for reverse proxy equipment.
The embodiment of the present invention also provides a kind of system scanned the network equipment, as shown in Figure 6, comprise at least one network equipment 611 (two network equipments in two Intranets are only shown in Fig. 6) at least one Intranet 61, the scanning device 621 in outer net 62 and at least one reverse proxy equipment 63 (in Fig. 6 the corresponding reverse proxy equipment showing two Intranet 61 correspondences), the corresponding reverse proxy equipment 63 of each Intranet 61, wherein
Each network equipment 611, for when needing security sweep separately, sends scan request to scanning device 621;
Here, the mark of map network equipment 611 and the mark of corresponding Intranet 61 is all carried in each scan request;
Scanning device 621, for receiving the scan request that the network equipment 611 sends, and according to the mark of the Intranet 61 of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment 63 of the mark correspondence of the Intranet 61 of carrying in scan request; Issue the scanning information of the mark carrying map network equipment 611 according to setting-up time to the reverse proxy equipment 63 that each mark determined is corresponding, scan to indicate the network equipment 611 of corresponding reverse proxy equipment 63 to the mark correspondence of the network equipment 611 carried in the scanning information received; Receive the scanning result returned after corresponding reverse proxy equipment 63 scans map network equipment 611;
Each reverse proxy equipment 63, between outer net 62 and each self-corresponding Intranet 61, for receiving the scanning information carrying the mark of the network equipment 611 in corresponding Intranet 61 that scanning device 621 issues according to setting-up time, and after the network equipment 611 of the mark correspondence of the network equipment 611 carried in scanning information is scanned, scanning result is reported scanning device.
Preferably, each network equipment 611 be designated its private IP address; Each Intranet be designated its private IP address.
In embodiments of the present invention, for when there is no related scans equipment in Intranet, the network equipment in Intranet is when self needing to carry out security sweep, initiatively can send related scans request to the scanning device in outer net, and carry the mark of self identification and Intranet belonging to self in this request simultaneously, like this, follow-up by the reverse proxy equipment realization scanning to self of the scanning device in outer net by correspondence, aforementioned this scan mode, not only avoid the mark of the network equipment in Intranet and occur overlapping problem, expand the sweep limits of the network equipment in Intranet, also improve the fail safe of Intranet, there is good applicability.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. to the method that the network equipment scans, it is characterized in that, comprising:
Scanning device in outer net receives the scan request that the network equipment in Intranet sends, and carries the mark of the described network equipment and the mark of described Intranet in described scan request;
According to the mark of the Intranet of carrying in the scan request received, and the corresponding relation of the mark of Intranet preset and the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request;
Issue the scanning information of the mark carrying the described network equipment to the reverse proxy equipment of the mark correspondence determined according to setting-up time, to indicate the network equipment of described reverse proxy equipment to the mark correspondence of the described network equipment carried in described scanning information to scan, described reverse proxy equipment is between described outer net and described Intranet;
The scanning result returned after receiving the network equipment described in described reverse proxy device scan.
2. the method for claim 1, is characterized in that, the private IP address being designated the described network equipment of the described network equipment; And the private IP address being designated described Intranet of described Intranet.
3. a scanning device, is characterized in that, described scanning device is arranged in outer net, comprising:
Receiver module, the scan request that the network equipment for receiving in Intranet sends, carries the mark of the described network equipment and the mark of described Intranet in described scan request; And the scanning result returned after receiving the network equipment described in reverse proxy device scan;
Determination module, for the mark according to the Intranet of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request;
Issue module, for according to the reverse proxy equipment of setting-up time to the mark correspondence determined, issue the scanning information of the mark carrying the described network equipment, to indicate the network equipment of described reverse proxy equipment to the mark correspondence of the described network equipment carried in described scanning information to scan, described reverse proxy equipment is between described outer net and described Intranet.
4. scanning device as claimed in claim 3, it is characterized in that, the private IP address being designated the described network equipment of the described network equipment carried in the scan request that described receiver module receives, the private IP address being designated described Intranet of Intranet belonging to the described network equipment carried.
5. to the method that the network equipment scans, it is characterized in that, comprising:
Reverse proxy equipment receives the scanning information carrying the mark of the network equipment that the scanning device in outer net issues according to setting-up time, described scanning information is for described scanning device is after the scan request receiving the mark carrying Intranet belonging to the described network equipment of network equipment transmission corresponding to described network device identity and the mark of the described network equipment, according to the mark of the Intranet of carrying in described scan request, with the corresponding relation of the Intranet mark preset with the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request, issue during mark for described reverse proxy equipment, and described reverse proxy equipment is belonging to described outer net and the described network equipment between Intranet,
The network equipment of the mark correspondence of the network equipment carried in described scanning information is scanned, and scanning result is reported described scanning device.
6. method as claimed in claim 5, is characterized in that, the private IP address being designated the described network equipment of the described network equipment; And the private IP address being designated Intranet belonging to the described network equipment of Intranet belonging to the described network equipment.
7. a reverse proxy equipment, is characterized in that, comprising:
Receiver module, for the scanning information carrying network device identity that the scanning device received in outer net issues according to setting-up time, described scanning information is for described scanning device is after the scan request receiving the mark carrying Intranet belonging to the described network equipment of network equipment transmission corresponding to described network device identity and the mark of the described network equipment, according to the mark of the Intranet of carrying in described scan request, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request, issue during mark for described reverse proxy equipment, described reverse proxy equipment is belonging to described outer net and the described network equipment between Intranet,
Scan module, the network equipment for the mark correspondence to the network equipment carried in described scanning information scans;
Reporting module, the scanning result for being performed by described scan module reports described scanning device.
8. reverse proxy equipment as claimed in claim 7, it is characterized in that, the private IP address being designated the described network equipment of the network equipment carried in the scanning information that described receiver module receives, and the scanning information that described receiver module receives is the private IP address of described scanning device according to Intranet belonging to the described network equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request, issue during mark for described reverse proxy equipment.
9. to the system that the network equipment scans, it is characterized in that, comprise at least one network equipment at least one Intranet, the scanning device in outer net and at least one reverse proxy equipment, the corresponding reverse proxy equipment of each Intranet, wherein,
Each network equipment, for when needing security sweep separately, sending scan request to described scanning device, carrying the mark of map network equipment and the mark of corresponding Intranet in each scan request;
Described scanning device, for receiving the scan request that the network equipment sends, and according to the mark of the Intranet of carrying in the scan request received, with the mark of Intranet preset and the corresponding relation of the mark of reverse proxy equipment, determine the mark of the reverse proxy equipment of the mark correspondence of the Intranet of carrying in described scan request; Issue the scanning information of the mark carrying map network equipment to the reverse proxy equipment of the mark correspondence determined according to setting-up time, the network equipment of the mark correspondence of the network equipment carried in the scanning information received to indicate corresponding reverse proxy equipment interconnection scans; The scanning result returned after receiving corresponding reverse proxy device scan map network equipment;
Each reverse proxy equipment, between described outer net and each self-corresponding Intranet, for receiving the scanning information carrying the mark of the network equipment in corresponding Intranet that described scanning device issues according to setting-up time, and after the network equipment of the mark correspondence of the network equipment carried in described scanning information is scanned, scanning result is reported described scanning device.
10. system as claimed in claim 9, is characterized in that, the private IP address being designated described each network equipment of described each network equipment; And the private IP address being designated described each Intranet of described each Intranet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410027195.9A CN104796388B (en) | 2014-01-21 | 2014-01-21 | A kind of method that the network equipment is scanned, relevant apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410027195.9A CN104796388B (en) | 2014-01-21 | 2014-01-21 | A kind of method that the network equipment is scanned, relevant apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104796388A true CN104796388A (en) | 2015-07-22 |
| CN104796388B CN104796388B (en) | 2018-10-12 |
Family
ID=53560901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410027195.9A Active CN104796388B (en) | 2014-01-21 | 2014-01-21 | A kind of method that the network equipment is scanned, relevant apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796388B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534172A (en) * | 2016-12-07 | 2017-03-22 | 北京数字观星科技有限公司 | Intranet remote scanning system and method thereof for scanning intranet |
| CN106559391A (en) * | 2015-09-28 | 2017-04-05 | 中国移动通信集团公司 | A kind of method and device of vulnerability scanning |
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN115022257A (en) * | 2022-06-22 | 2022-09-06 | 绿盟科技集团股份有限公司 | Equipment scanning method and device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020162026A1 (en) * | 2001-02-06 | 2002-10-31 | Michael Neuman | Apparatus and method for providing secure network communication |
| CN101064736A (en) * | 2006-04-30 | 2007-10-31 | 飞塔信息科技(北京)有限公司 | Computer network risk assessment device and method thereof |
| CN101399786A (en) * | 2007-09-29 | 2009-04-01 | 华为技术有限公司 | Method, apparatus and system for network safe transmission |
| CN101414927A (en) * | 2008-11-20 | 2009-04-22 | 浙江大学 | Alarm and response system for inner-mesh network aggression detection |
| CN101605134A (en) * | 2009-06-30 | 2009-12-16 | 成都市华为赛门铁克科技有限公司 | Network security scan method, Apparatus and system |
| CN101951597A (en) * | 2010-08-13 | 2011-01-19 | 北京邮电大学 | Method, device and system for communicating among different types of networks |
| CN102821137A (en) * | 2012-07-06 | 2012-12-12 | 北京奇虎科技有限公司 | Website safety detection method and website safety detection system |
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
-
2014
- 2014-01-21 CN CN201410027195.9A patent/CN104796388B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020162026A1 (en) * | 2001-02-06 | 2002-10-31 | Michael Neuman | Apparatus and method for providing secure network communication |
| CN101064736A (en) * | 2006-04-30 | 2007-10-31 | 飞塔信息科技(北京)有限公司 | Computer network risk assessment device and method thereof |
| CN101399786A (en) * | 2007-09-29 | 2009-04-01 | 华为技术有限公司 | Method, apparatus and system for network safe transmission |
| CN101414927A (en) * | 2008-11-20 | 2009-04-22 | 浙江大学 | Alarm and response system for inner-mesh network aggression detection |
| CN101605134A (en) * | 2009-06-30 | 2009-12-16 | 成都市华为赛门铁克科技有限公司 | Network security scan method, Apparatus and system |
| CN101951597A (en) * | 2010-08-13 | 2011-01-19 | 北京邮电大学 | Method, device and system for communicating among different types of networks |
| CN102821137A (en) * | 2012-07-06 | 2012-12-12 | 北京奇虎科技有限公司 | Website safety detection method and website safety detection system |
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559391A (en) * | 2015-09-28 | 2017-04-05 | 中国移动通信集团公司 | A kind of method and device of vulnerability scanning |
| CN106559391B (en) * | 2015-09-28 | 2021-01-01 | 中国移动通信集团公司 | Vulnerability scanning method and device |
| CN106534172A (en) * | 2016-12-07 | 2017-03-22 | 北京数字观星科技有限公司 | Intranet remote scanning system and method thereof for scanning intranet |
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN115022257A (en) * | 2022-06-22 | 2022-09-06 | 绿盟科技集团股份有限公司 | Equipment scanning method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104796388B (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9219644B2 (en) | Automated configuration of new racks and other computing assets in a data center | |
| EP3169018B1 (en) | Method and device for establishing performance measurement task and processing performance measurement result | |
| CN104811462B (en) | A kind of access gateway reorientation method and access gateway | |
| CN101594376B (en) | Method and corresponding device for registering CIM provider to CIMOM | |
| CN105207867A (en) | Equipment connecting method and equipment connecting device | |
| CN104867263A (en) | Camera positioning alarm method and system | |
| CN105991600A (en) | Identity authentication and apparatus, server and terminal | |
| CN103259699B (en) | Method of testing, system and client and service end | |
| CN104796388A (en) | Network equipment scanning method and system and related devices | |
| CN104301140A (en) | Service request responding method, device and system | |
| CN104125215A (en) | Website domain name hijacking detection method and system | |
| CN112020862B (en) | Method, system, and computer-readable storage medium for identifying devices on a remote network | |
| CN104506370A (en) | Management method and management device for non-network-management system | |
| CN108574673A (en) | ARP message aggression detection method and device applied to gateway | |
| CN102891851A (en) | Access control method, equipment and system of virtual desktop | |
| US20160294465A1 (en) | Information collection system, relay terminal, control method for relay terminal to connect to center system, sensor terminal, and control method for sensor terminal to connect to center system | |
| CN104023001A (en) | Method for AC equipment to forward unauthorized message information | |
| CN106161461A (en) | A kind of processing method and processing device of ARP message | |
| US9401840B2 (en) | Quality check identifying source of service issue | |
| CN104506405A (en) | Method and device for cross-domain access | |
| CN107645727B (en) | Method and device for testing base station | |
| CN105721231A (en) | Service quality sensing detection method and service quality sensing detection device | |
| CN101605032A (en) | A kind of method and system of controlling website visiting | |
| CN106230729A (en) | The method and apparatus that a kind of network appliance address is noticed | |
| CN105025028A (en) | IP black hole discovering method based on flow analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |