Invention content
The embodiment of the present invention is designed to provide a kind of method and router of anti-loiter network, makes not influencing normal users
In the case of with wireless network, loiter network behavior is monitored in real time and loiter network behavior is handled in time.
What the method and router of a kind of anti-loiter network provided in an embodiment of the present invention were realized in:
A kind of method of anti-loiter network, including:
In response to the authentication request of user equipment, the number of the user equipment authority identification failure is counted;
Judge the relationship of the number and default first frequency threshold value of the failed authentication, and according to the result of judgement to described
User equipment takes connection processing in limited time;
Judge the relationship of the number and default second frequency threshold value of the failed authentication, and according to the result of judgement to described
User equipment, which is taken, forbids connection processing, and second frequency threshold value is more than first frequency threshold value.
A kind of router of anti-loiter network, including:
Number statistic unit counts the user equipment authority identification failure for the authentication request in response to user equipment
Number;
First judging unit, the relationship of number and default first frequency threshold value for judging the failed authentication, and root
It is judged that result connection processing in limited time is taken to the user equipment;
Second judgment unit, the relationship of number and default second frequency threshold value for judging the failed authentication, and root
It is judged that result the user equipment taken forbid connection processing, second frequency threshold value is more than first number threshold
Value.
The method and router of a kind of anti-loiter network provided in an embodiment of the present invention, by the way of breakpoint certification, statistics is used
The number of family device authentication failure.When the number of user equipment authority identification failure reaches predetermined threshold value, it can be taken and connect in limited time
Connect or forbid the processing of connection.As long as the method and router of a kind of anti-loiter network provided in an embodiment of the present invention are opened in router
Loiter network behavior can be monitored in the case of machine, ensure that the real-time of anti-loiter network.In addition, for the loiter network of Brute Force
Behavior can in time be handled it, prevent the loiter network behavior of Brute Force.
With reference to following description and accompanying drawings, only certain exemplary embodiments of this invention is disclosed in detail, specifies the original of the present invention
Reason can be in a manner of adopted.It should be understood that embodiments of the present invention are not so limited in range.In appended power
In the range of the spirit and terms that profit requires, embodiments of the present invention include many changes, modifications and are equal.
The feature for describing and/or showing for a kind of embodiment can be in a manner of same or similar one or more
It is used in a other embodiment, it is combined with the feature in other embodiment, or substitute the feature in other embodiment.
It should be emphasized that term "comprises/comprising" refers to the presence of feature, one integral piece, step or component when being used herein, but simultaneously
It is not excluded for the presence or additional of one or more other features, one integral piece, step or component.
Specific implementation mode
In order to make those skilled in the art more fully understand the technical solution in the present invention, below in conjunction with of the invention real
The attached drawing in example is applied, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described implementation
Example is only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, this field is common
All other embodiment that technical staff is obtained without making creative work, should all belong to protection of the present invention
Range.
Fig. 1 is a kind of method flow diagram of anti-loiter network provided in an embodiment of the present invention.Although be described below flow include with
Multiple operations that particular order occurs, but it should be clearly understood that these processes may include more or fewer operations, these
Operation sequentially can be executed or be executed parallel (such as using parallel processor or multi-thread environment).As shown in Figure 1, the method
May include:
S1:In response to the authentication request of user equipment, the number of the user equipment authority identification failure is counted.
Brute Force is carried out often within a certain period of time to the password of wireless network, by attempting different cipher code sets
It closes, to come out correct password authentification.Pattern is cracked such, often continually to the router of wireless network
Authentication request is sent, until authentication request by until.The embodiment of the present invention can be directed to the mode of the Brute Force, use
Breakpoint authentication function, the user equipment to sending authentication request is attached limitation, so as to identify that normal user sets
User equipment that is standby and attempting to carry out Brute Force, and the user equipment for attempting to carry out Brute Force is handled accordingly.
The embodiment of the present invention can add the hardware module of breakpoint certification on the basis of existing router, can also be
Realize that the function of breakpoint certification, the embodiment of the present invention do not limit this in existing router by way of software program
Fixed, those skilled in the art may be used conventional means and carry out the realization of hardware circuit or the realization of software program.
May include the mark of the user equipment in the authentication request when user equipment sends authentication request to router
The verification password of knowledge and the user equipment.After the router receives the authentication request, the verification password can be analyzed
It is whether identical as preset standard cipher, it can if the same establish and be wirelessly connected with the user equipment.Of the invention real
It applies in example, after router receives the authentication request of user equipment, can count the user in response to the authentication request and set
The number of standby failed authentication.Subsequently the user equipment can accordingly be located according to the number of the failed authentication
Reason.Specifically, router can extract the user equipment after receiving the authentication request from the authentication request
Mark.The mark of the user equipment for example may include the MAC Address of the user equipment, MEI, ESN, SN, SIM card information,
UIM card informations, usim card information etc..The mark can uniquely indicate the user equipment in a network.In this way, router
After receiving authentication request, the authentication request and the user equipment for sending the authentication request can be associated, and unite
The number for counting user equipment authority identification failure, in this way, the mark of the number of failed authentication and user equipment can be closed
Connection.Such as the MAC Address of user equipment is 01:0A:02:0B:03:0C, the user equipment are being attempted to establish wirelessly with router
Connection can count the number of the user equipment authority identification unsuccessfully, and by the number of statistics during sending authentication request
With 01:0A:02:0B:03:0C is associated, and can know the number of each user equipment authority identification failure in real time in this way.Together
When, router can also record the time of each failed authentication, so as to establish the MAC Address-frequency of failure-Time To Failure this
The incidence relation of sample.
S2:Judge the relationship of the number and default first frequency threshold value of the failed authentication, and according to the result pair of judgement
The user equipment takes connection processing in limited time.
In embodiments of the present invention, the first frequency threshold value can be pre-set, which can be by road
It is configured according to actual conditions by the manager of device.Default first frequency threshold value can indicate the tolerance of failed authentication,
It, can when the corresponding failed authentication number of some user equipment of router statistics reaches default first frequency threshold value
Thinking the user equipment, there are the possibility of Brute Force behavior.If in order to strictly control the success rate of Brute Force password, that
It can set default first frequency threshold value to lower numerical value, such as 10 times.This is indicated that when user equipment reflects
When the number of power failure reaches 10 times, it can think that the user equipment is carrying out Brute Force behavior.
In embodiments of the present invention, when the number of the failed authentication of statistics reaches default first frequency threshold value, just
Connection processing in limited time can be carried out to the user equipment for sending authentication request.The connection processing in limited time can be default first
The authentication request of the refusal user equipment in duration.The authentication of the user equipment can be continually handled to avoid router in this way
The situation asked and cause router load excessively high.In practical application scene, first preset duration equally can be by road
It is pre-set, such as could be provided as 1 minute by the manager of device.So when the number of user equipment authority identification failure reaches
When default first frequency threshold value, the authentication request of the user equipment can be refused in 1 minute.Specifically, the router
Timing can be carried out by internal timer, in the authentication request that 1 minute inner shield user equipment is sent.After 1 minute,
Router can continue to the authentication request of the user equipment.
In embodiments of the present invention, when can also be default according to the default third frequency threshold value of actual conditions setting and second
It is long.The third frequency threshold value can be more than default first frequency threshold value, and second preset duration can also be more than institute
State the first preset duration.Such as default first frequency threshold value can be 10 times, first preset duration is 1 minute, that
The default third frequency threshold value can be with for 30 times, second preset duration can be 5 minutes.In this way, it is pre- to work as first
If after duration, router continues to count the corresponding authentication mistake of the user equipment on the basis of default first frequency threshold value
Number is lost, when the accumulative failed authentication number of the user equipment reaches default third frequency threshold value, can be continued to described
User equipment carries out connection processing in limited time, that is, refuses the authentication request of the user equipment in the second preset duration.Together
Sample, more frequency threshold values and corresponding preset duration can also be set, these can in specific practical application by
The manager of router pre-sets.
S3:Judge the relationship of the number and default second frequency threshold value of the failed authentication, and according to the result pair of judgement
The user equipment, which is taken, forbids connection processing, and second frequency threshold value is more than first frequency threshold value.
After taking connection processing in limited time to the excessively high user equipment of failed authentication number, after preset duration has been crossed,
The user equipment remains able to initiate authentication request to router, in this way or can constitute influence to router.Therefore, this hair
Default second frequency threshold value can be arranged in bright embodiment, when the failed authentication number of certain user equipment reaches described default second
When number threshold value, the user equipment can be added to the blacklist of router, which is taken and forbids connection processing.
In this way, all authentication requests of the user equipment will not be responded by router.In concrete application scene, described default second
Frequency threshold value could be provided as high value, such as can be 50 times, that is to say, that when the failed authentication that certain user equipment adds up
When number reaches 50 times, which can be added blacklist, refuse all authentication requests of the user equipment.In this way,
When Brute Force password user equipment attempt failure 50 times after, blacklist will be added by router, in this way can
Thoroughly prevent the Brute Force behavior of the user equipment.
In a preferred embodiment, when user equipment is taken forbid connection processing after, can be by the user
The authentication information of equipment is sent to monitoring server.The service that the monitoring server can be controlled by router administration person
Device, the server can be laptop, intelligent mobile phone terminal or tablet computer etc..Router administration person can monitor
Application program associated with the router is installed, so as to check authentication information in the application on server.It is described
Authentication information includes at least the number of the MAC Address and failed authentication of the user equipment, can also include each failed authentication
Time and be added blacklist time.
Therefore a kind of method of anti-loiter network provided in an embodiment of the present invention, by the way of breakpoint certification, statistics is used
The number of family device authentication failure.When the number of user equipment authority identification failure reaches predetermined threshold value, it can be taken and connect in limited time
Connect or forbid the processing of connection.As long as the method and router of a kind of anti-loiter network provided in an embodiment of the present invention are opened in router
Loiter network behavior can be monitored in the case of machine, ensure that the real-time of anti-loiter network.In addition, for the loiter network of Brute Force
Behavior can in time be handled it, prevent the loiter network behavior of Brute Force.
The embodiment of the present invention also provides a kind of router of anti-loiter network.Fig. 2, which is that one kind provided in an embodiment of the present invention is anti-, to be rubbed
The functional block diagram of the router of net.As shown in Fig. 2, the router includes:
Number statistic unit 100 counts the user equipment authority identification failure for the authentication request in response to user equipment
Number;
First judging unit 200, the relationship of number and default first frequency threshold value for judging the failed authentication, and
Connection processing in limited time is taken to the user equipment according to the result of judgement;
Second judgment unit 300, the relationship of number and default second frequency threshold value for judging the failed authentication, and
The user equipment is taken according to the result of judgement and forbids connection processing, second frequency threshold value is more than first number
Threshold value.
In a preferred embodiment, the number statistic unit 100 specifically includes:
Marker extraction module extracts the use for the authentication request in response to user equipment from the authentication request
The mark of family equipment, the mark of the user equipment include at least the MAC Address of the user equipment;
Relating module, the number for counting user equipment authority identification failure, and by the number of the failed authentication with
The mark of the user equipment is associated.
In another preferred embodiment of the present invention, first judging unit 200 can specifically include:
First timing module, for when the number of the failed authentication of statistics reaches default first frequency threshold value,
The authentication request of the refusal user equipment in first preset duration.
In another preferred embodiment of the present invention, the router further includes:
Third judging unit, for when the number of the failed authentication of statistics reaches default third frequency threshold value,
The authentication request of the refusal user equipment in second preset duration, wherein the third frequency threshold value is more than the first time
It counts threshold value and is less than second frequency threshold value, second preset duration is more than first preset duration.
In another preferred embodiment of the present invention, after the second judgment unit 300, the router further includes:
Authentication information sending unit, for the authentication information of the user equipment to be sent to monitoring server, the mirror
Weigh the number that information includes at least the MAC Address and failed authentication of the user equipment.
It is consistent in the specific implementation process and step S1 to S3 of above-mentioned each function module, it just repeats no more here.
Therefore a kind of router of anti-loiter network provided in an embodiment of the present invention, by the way of breakpoint certification, statistics
The number of user equipment authority identification failure.When the number of user equipment authority identification failure reaches predetermined threshold value, it can be taken in limited time
Connect or forbid the processing of connection.As long as the method and router of a kind of anti-loiter network provided in an embodiment of the present invention are in router
Loiter network behavior can be monitored in the case of booting, ensure that the real-time of anti-loiter network.In addition, rubbing for Brute Force
Net behavior can in time be handled it, prevent the loiter network behavior of Brute Force.
In the present specification, the first and second equal such adjectives can be only used for by an element or action with
Another element or action distinguish, without requiring or implying any actual this relationship or sequence.Allow in environment
In the case of, one in only element, component or step is should not be interpreted as limited to reference to element or component or step (s), and
Can be one or more of element, component or step etc..
Those skilled in the art are supplied to the purpose described to the description of the various embodiments of the present invention above.It is not
It is intended to exhaustive or is not intended to and limits the invention to single disclosed embodiment.As described above, the present invention's is various
It substitutes and variation will be apparent for above-mentioned technology one of ordinary skill in the art.Therefore, although specifically begging for
Some alternative embodiments are discussed, but other embodiment will be apparent or those skilled in the art are opposite
It is easy to obtain.The application is intended to be included in all replacements, modification and the variation of the present invention that this has been crossed by discussion, and falls
Other embodiment in the spirit and scope of above-mentioned application.
Each embodiment in this specification is described in a progressive manner, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so description is fairly simple, related place is referring to embodiment of the method
Part explanation.
The present invention can be used in numerous general or special purpose computing system environments or configuration.Such as:Personal computer, clothes
Business device computer, handheld device or portable device, laptop device, multicomputer system, microprocessor-based system, set
Top box, programmable consumer-elcetronics devices, network PC, minicomputer, mainframe computer including any of the above system or equipment
Distributed computing environment etc..
The present invention can describe in the general context of computer-executable instructions executed by a computer, such as program
Module.Usually, program module includes routines performing specific tasks or implementing specific abstract data types, program, object, group
Part, data structure etc..The present invention can also be put into practice in a distributed computing environment, in these distributed computing environments, by
Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with
In the local and remote computer storage media including storage device.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention there are many deformation and
Change the spirit without departing from the present invention, it is desirable to which the attached claims include these deformations and change without departing from the present invention's
Spirit.