Summary of the invention
The object of the embodiment of the present invention is to provide a kind of anti-method and router rubbing net, and when not affecting normal users and using wireless network, monitoring is in real time rubbed net behavior and to be processed rubbing net behavior in time.
The embodiment of the present invention provide a kind of anti-rub net method and router be achieved in that
An anti-method of rubbing net, comprising:
In response to the authentication request of subscriber equipment, add up the number of times of described user equipment authority identification failure;
Judge the number of times of described failed authentication and the relation presetting the first frequency threshold value, and according to the result judged, connection handling is in limited time taked to described subscriber equipment;
Judge the number of times of described failed authentication and the relation presetting the second frequency threshold value, and take to forbid connection handling to described subscriber equipment according to the result judged, described second frequency threshold value is greater than described first frequency threshold value.
The anti-router rubbing net, comprising:
Number of times statistic unit, for the authentication request in response to subscriber equipment, adds up the number of times of described user equipment authority identification failure;
First judging unit, for judging the number of times of described failed authentication and the relation presetting the first frequency threshold value, and takes connection handling in limited time according to the result judged to described subscriber equipment;
Second judging unit, for judging the number of times of described failed authentication and the relation presetting the second frequency threshold value, and take to forbid connection handling to described subscriber equipment according to the result judged, described second frequency threshold value is greater than described first frequency threshold value.
A kind of anti-method and the router rubbing net that the embodiment of the present invention provides, adopts the mode of breakpoint certification, the number of times of counting user device authentication failure.When the number of times of user equipment authority identification failure reaches predetermined threshold value, can take to it process connecting or forbid connection in limited time.As long as the embodiment of the present invention provide a kind of anti-rub net method and router just can monitor rubbing net behavior when router start shooting, ensure that the real-time of preventing rubbing net.In addition, rub net behavior for Brute Force, can process it in time, that has stopped Brute Force rubs net behavior.
With reference to explanation hereinafter and accompanying drawing, disclose in detail particular implementation of the present invention, specifying principle of the present invention can adopted mode.Should be appreciated that, thus embodiments of the present invention are not restricted in scope.In the spirit of claims and the scope of clause, embodiments of the present invention comprise many changes, amendment and are equal to.
The feature described for a kind of execution mode and/or illustrate can use in one or more other execution mode in same or similar mode, combined with the feature in other execution mode, or substitutes the feature in other execution mode.
Should emphasize, term " comprises/comprises " existence referring to feature, one integral piece, step or assembly when using herein, but does not get rid of the existence or additional of one or more further feature, one integral piece, step or assembly.
Embodiment
Technical scheme in the present invention is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, should belong to the scope of protection of the invention.
A kind of anti-method flow diagram rubbing net that Fig. 1 provides for the embodiment of the present invention.Although hereafter describe flow process to comprise the multiple operations occurred with particular order, but should have a clear understanding of, these processes can comprise more or less operation, and these operations can sequentially perform or executed in parallel (such as using parallel processor or multi-thread environment).As shown in Figure 1, described method can comprise:
S1: in response to the authentication request of subscriber equipment, adds up the number of times of described user equipment authority identification failure.
Brute Force is carried out often within a certain period of time to the password of wireless network, by attempting different password combination, thus by correct password authentification out.Crack in pattern at such, the router often to wireless network sends authentication request continually, till authentication request is passed through.The embodiment of the present invention can for the mode of this Brute Force, adopt breakpoint authentication function, connection restriction is carried out to the subscriber equipment sending authentication request, thus normal subscriber equipment and the subscriber equipment of attempting carrying out Brute Force can be identified, and the subscriber equipment of attempting carrying out Brute Force is processed accordingly.
The embodiment of the present invention can add the hardware module of breakpoint certification on the basis of existing router, also in existing router, the function of breakpoint certification can be realized by the mode of software program, the embodiment of the present invention does not limit this, and those skilled in the art can adopt conventional means to carry out the realization of hardware circuit or the realization of software program.
When subscriber equipment sends authentication request to router, the mark of this subscriber equipment and the authentication password of this subscriber equipment in described authentication request, can be comprised.After described router receives described authentication request, described authentication password can be analyzed whether identical with the standard cipher preset, if the same can set up wireless connections with described subscriber equipment.In embodiments of the present invention, after router receives the authentication request of subscriber equipment, in response to this authentication request, the number of times of described user equipment authority identification failure can be added up.Follow-uply just according to the number of times of described failed authentication, described subscriber equipment can be processed accordingly.Particularly, router, after receiving described authentication request, can extract the mark of described subscriber equipment from described authentication request.The mark of described subscriber equipment such as can comprise the MAC Address, MEI, ESN, SN, SIM card information, UIM card information, usim card information etc. of this subscriber equipment.Described mark can represent described subscriber equipment in a network uniquely.Like this, this authentication request, after receiving authentication request, just can associate with the subscriber equipment sending this authentication request, and add up the number of times of this user equipment authority identification failure by router, like this, just the number of times of failed authentication can be associated with the mark of subscriber equipment.The MAC Address of such as subscriber equipment is 01:0A:02:0B:03:0C, this subscriber equipment sets up wireless connections at trial and router, in the process sending authentication request, just the number of times of this user equipment authority identification failure can be added up, and the number of times of statistics is associated with 01:0A:02:0B:03:0C, so just can know the number of times of each user equipment authority identification failure in real time.Meanwhile, router can also record the time of each failed authentication, thus can set up the such incidence relation of the MAC Address-frequency of failure-Time To Failure.
S2: judge the number of times of described failed authentication and the relation presetting the first frequency threshold value, and according to the result judged, connection handling is in limited time taked to described subscriber equipment.
In embodiments of the present invention, can pre-set the first frequency threshold value, this is preset the first frequency threshold value and can be arranged according to actual conditions by the manager of router.This presets the tolerance that the first frequency threshold value can represent failed authentication, when the failed authentication number of times that certain subscriber equipment of router statistics is corresponding reaches described default first frequency threshold value, just can think that this subscriber equipment exists the possibility of Brute Force behavior.If in order to the success rate strictly controlling Brute Force password, so just described first frequency threshold value of presetting can be set to lower numerical value, such as 10 times.This just shows when the number of times of user equipment authority identification failure reaches 10 times, just can think that this subscriber equipment carries out Brute Force behavior.
In embodiments of the present invention, when the number of times of the described failed authentication added up reaches default first frequency threshold value, just can carry out connection handling in limited time to the subscriber equipment sending authentication request.Described connection handling in limited time can for refusing the authentication request of described subscriber equipment in the first preset duration.Router can be avoided like this to process the authentication request of this subscriber equipment continually and the situation causing router load too high.In practical application scene, described first preset duration can be pre-set by the manager of router equally, such as, can be set to 1 minute.So when the number of times of user equipment authority identification failure reaches default first frequency threshold value, just can refuse the authentication request of this subscriber equipment in 1 minute.Particularly, described router can carry out timing by inner timer, in the authentication request that 1 minute this subscriber equipment of inner shield is sent.After 1 minute, router just can continue the authentication request receiving this subscriber equipment.
In embodiments of the present invention, default number threshold value and the second preset duration for the third time can also be set according to actual conditions.Number threshold value can be greater than and describedly preset the first frequency threshold value described third time, and described second preset duration also can be greater than described first preset duration.Such as described to preset the first frequency threshold value can be 10 times, and described first preset duration is 1 minute, so described default third time number threshold value can be just 30 times, described second preset duration can be 5 minutes.Like this, after the first preset duration, router is on the basis of presetting the first frequency threshold value, continue the failed authentication number of times that the described subscriber equipment of statistics is corresponding, when the accumulative failed authentication number of times of this subscriber equipment reaches default third time number threshold value, just can continue to carry out connection handling in limited time to described subscriber equipment, in the second preset duration, namely refuse the authentication request of described subscriber equipment.Same, can also arrange the preset duration of more frequency threshold value and correspondence, these can be pre-set by the manager of router in concrete practical application.
S3: judge the number of times of described failed authentication and the relation presetting the second frequency threshold value, and take to forbid connection handling to described subscriber equipment according to the result judged, described second frequency threshold value is greater than described first frequency threshold value.
Take in limited time after connection handling at the subscriber equipment too high to failed authentication number of times, after preset duration has been crossed, described subscriber equipment still routers can initiate authentication request, like this or routers can form and affect.Therefore, the embodiment of the present invention can arrange default second frequency threshold value, when the failed authentication number of times of certain subscriber equipment reaches described default second frequency threshold value, just described subscriber equipment can be added the blacklist of router, take to forbid connection handling to this subscriber equipment.Like this, all authentication request of this subscriber equipment all can not be routed device response.In embody rule scene, described second frequency threshold value of presetting can be set to high value, such as, can be 50 times, that is, when the failed authentication number of times that certain subscriber equipment is accumulative reaches 50 times, just this subscriber equipment can be added blacklist, refuse all authentication request of this subscriber equipment.Like this, when the subscriber equipment of Brute Force password is being attempted, unsuccessfully after 50 times, being just routed device and being added into blacklist, so just thoroughly can stop the Brute Force behavior of this subscriber equipment.
In a preferred embodiment, after subscriber equipment is taked to forbid connection handling, the authentication information of described subscriber equipment can be sent to monitoring server.The server that described monitoring server can control for router administration person, this server can be notebook computer, intelligent mobile phone terminal or panel computer etc.Router administration person can install the application program be associated with this router on monitoring server, thus can check authentication information in the application.Described authentication information at least comprises the MAC Address of described subscriber equipment and the number of times of failed authentication, can also comprise the time of each failed authentication and add the time of blacklist.
Therefore a kind of anti-method of rubbing net that the embodiment of the present invention provides, adopts the mode of breakpoint certification, the number of times of counting user device authentication failure.When the number of times of user equipment authority identification failure reaches predetermined threshold value, can take to it process connecting or forbid connection in limited time.As long as the embodiment of the present invention provide a kind of anti-rub net method and router just can monitor rubbing net behavior when router start shooting, ensure that the real-time of preventing rubbing net.In addition, rub net behavior for Brute Force, can process it in time, that has stopped Brute Force rubs net behavior.
The embodiment of the present invention also provides a kind of anti-router rubbing net.A kind of anti-functional block diagram of rubbing the router of net that Fig. 2 provides for the embodiment of the present invention.As shown in Figure 2, described router comprises:
Number of times statistic unit 100, for the authentication request in response to subscriber equipment, adds up the number of times of described user equipment authority identification failure;
First judging unit 200, for judging the number of times of described failed authentication and the relation presetting the first frequency threshold value, and takes connection handling in limited time according to the result judged to described subscriber equipment;
Second judging unit 300, for judging the number of times of described failed authentication and the relation presetting the second frequency threshold value, and take to forbid connection handling to described subscriber equipment according to the result judged, described second frequency threshold value is greater than described first frequency threshold value.
In a preferred embodiment, described number of times statistic unit 100 specifically comprises:
Marker extraction module, for the authentication request in response to subscriber equipment, extracts the mark of described subscriber equipment from described authentication request, and the mark of described subscriber equipment at least comprises the MAC Address of described subscriber equipment;
Relating module, for adding up the number of times of described user equipment authority identification failure, and associates the mark of the number of times of described failed authentication with described subscriber equipment.
In another preferred embodiment of the present invention, described first judging unit 200 specifically can comprise:
First timing module, for when the number of times of the described failed authentication added up reaches default first frequency threshold value, refuses the authentication request of described subscriber equipment in the first preset duration.
In another preferred embodiment of the present invention, described router also comprises:
3rd judging unit, during for reaching default third time number threshold value when the number of times of the described failed authentication added up, the authentication request of described subscriber equipment is refused in the second preset duration, wherein, number threshold value was greater than described first frequency threshold value and was less than described second frequency threshold value described third time, and described second preset duration is greater than described first preset duration.
In another preferred embodiment of the present invention, after described second judging unit 300, described router also comprises:
Authentication information sending unit, for the authentication information of described subscriber equipment is sent to monitoring server, described authentication information at least comprises the MAC Address of described subscriber equipment and the number of times of failed authentication.
The specific implementation process of each functional module above-mentioned is consistent with step S1 to S3, just repeats no more here.
Therefore a kind of anti-router rubbing net that the embodiment of the present invention provides, adopts the mode of breakpoint certification, the number of times of counting user device authentication failure.When the number of times of user equipment authority identification failure reaches predetermined threshold value, can take to it process connecting or forbid connection in limited time.As long as the embodiment of the present invention provide a kind of anti-rub net method and router just can monitor rubbing net behavior when router start shooting, ensure that the real-time of preventing rubbing net.In addition, rub net behavior for Brute Force, can process it in time, that has stopped Brute Force rubs net behavior.
In this manual, the adjective that such as the first and second grades are so only may be used for an element or action and another element or action to distinguish, and without requiring or imply this relation or the order of any reality.When environment allows, should not be construed as one that is confined in only element, parts or step with reference to element or parts or step (s), and can be one or more etc. in element, parts or step.
With the object described, those skilled in the art are supplied to the description of various execution mode of the present invention above.It is not intended to is exhaustive or is not intended to the present invention to be limited to single disclosed execution mode.As mentioned above, of the present invention various substitute and change will be apparent for above-mentioned technology one of ordinary skill in the art.Therefore, although specifically discuss the execution mode of some alternatives, other execution mode will be apparent, or those skilled in the art relatively easily draw.This society loving-kindness is intended to be included in that of the present invention all that this had discussed substitute, amendment and change, and drops on other execution mode in the spirit and scope of above-mentioned application.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
The present invention can be used in numerous general or special purpose computing system environments or configuration.Such as: personal computer, server computer, handheld device or portable set, laptop device, multicomputer system, system, set top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer, the distributed computing environment (DCE) comprising above any system or equipment etc. based on microprocessor.
The present invention can describe in the general context of computer executable instructions, such as program module.Usually, program module comprises the routine, program, object, assembly, data structure etc. that perform particular task or realize particular abstract data type.Also can put into practice the present invention in a distributed computing environment, in these distributed computing environment (DCE), be executed the task by the remote processing devices be connected by communication network.In a distributed computing environment, program module can be arranged in the local and remote computer-readable storage medium comprising memory device.
Although depict the present invention by embodiment, those of ordinary skill in the art know, the present invention has many distortion and change and do not depart from spirit of the present invention, and the claim appended by wishing comprises these distortion and change and do not depart from spirit of the present invention.