CN105721472A - Port security check method, device and system - Google Patents
Port security check method, device and system Download PDFInfo
- Publication number
- CN105721472A CN105721472A CN201610099256.1A CN201610099256A CN105721472A CN 105721472 A CN105721472 A CN 105721472A CN 201610099256 A CN201610099256 A CN 201610099256A CN 105721472 A CN105721472 A CN 105721472A
- Authority
- CN
- China
- Prior art keywords
- port
- cracked
- address
- queue
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a port security check method executed in a server. A mapping relationship of ports and services as a port mapping table is stored in the server. The port security check method comprises the following steps of: receiving an IP address segment to be cracked transmitted by calculation equipment to generate a plurality of IP addresses to be cracked; generating a port list to be scanned according to the port mapping table; scanning the port of each IP address in the plurality of IP addresses to be cracked according to the port list, and determining that the port is the port to be cracked of the IP address if the port is an open port; associating the IP address with the corresponding port to be cracked so as to generate a first queue; inquiring services respectively corresponding to the plurality of ports to be cracked from the port mapping table; associating a user name and a password by invoking a user name dictionary and a password dictionary so as to generate a second queue; and cracking passwords of services corresponding to various ports to be cracked of various IP addresses in the first queue by using the second queue through an enumerative method. The invention further provides a corresponding device and system.
Description
Technical field
The present invention relates to internet security technical field, especially a kind of port security inspection method, device and system.
Background technology
By destination computing device is carried out TCP, assailant just can obtain the port that IP address is open, these open ports general have its fixing corresponding with service, such as 22 ports corresponding be the Ssh under Linux and Telnet, 80 ports corresponding be Web application, 1433 ports corresponding be Mssql database service, thus, assailant just obtains corresponding service by open port, and then uses user name password dictionary that identified service is carried out password Brute Force.
Therefore, how enterprise security personnel ensure that port security is the problem needing solution badly.The Advanced Mailbox Password Recovery of common miniport service, for instance Hydra, is the violence Advanced Mailbox Password Recovery under Linux, almost supports the online password cracking of institute's protocols having.Enterprise security personnel can detect the safety of port by Hydra instrument.But, the single port of single ip address once can only be carried out explosion by Hydra.Therefore, when enterprise security personnel are in the face of the situation of the corresponding multiple ports in IP address and each IP address of up to ten thousand grades, use Hydra can produce into the substantial amounts of duplication of labour, cause seriously consuming time.It addition, the port of Hydra cannot configure, for instance, when port corresponding for Ssh service is set to 22022 by give tacit consent to 22 by user, if using the Ssh parameter of Hydra to carry out decryption, acquiescence may also be 22 ports, cracking result will be affected.Therefore, when server in the face of guarding against a little, Hydra just cannot use, it is impossible to accurately detects port whether safety.
Therefore, it is necessary to a kind of quick and comprehensive port security checks scheme, on the one hand, can the password cracking of up to ten thousand grades of IP addresses of batch processing and multiple port;On the other hand, it is achieved the configurability of port and corresponding with service, situation about cannot crack with flexible reply use Hydra instrument.
Summary of the invention
For this, the present invention provides a kind of port security inspection method, device and system, to try hard to solve or at least alleviate Problems existing above.
According to an aspect of the present invention, a kind of port security inspection method is provided, method carries out at server, prestore the mapping relations of port and service in the server, as port mapping table, method includes step: receives the IP address field to be cracked transmitted by computing equipment, generates multiple IP address to be cracked;The port list to scan is generated according to port mapping table;To each IP address in multiple IP addresses to be cracked, according to port list, the port of this IP address to be cracked is scanned, if this port is open port, then confirms the port to be cracked that this port is this IP address to be cracked;Associate IP address to be cracked and corresponding port to be cracked, generate the first queue;The service that multiple ports to be cracked are corresponding respectively is inquired about to port mapping table;Call user name dictionary with password dictionary to associate username and password, generate the second queue;And utilize enumeration methodology the second queue to crack the password of the respectively port corresponding with service each to be cracked of IP address to be cracked in the first queue.
Alternatively, in the port security inspection method according to the present invention, include according to the step that port is scanned by port list: call the TCP instrument port to IP address to be cracked each in port list and be scanned, to determine whether this port opens under this IP address to be cracked.
Alternatively, in the port security inspection method according to the present invention, further comprise the steps of: the port to be cracked by the IP address to be cracked in the first queue and association after generating the step of the first queue and be sent to computing equipment, in order to its display.
Alternatively, in the port security inspection method according to the present invention, further comprise the steps of: receive by computing equipment transmit when cracking order, it is judged that crack whether order is that a key cracks order;If a key cracks order, then open multithreading, utilize enumeration methodology the second queue to crack the password of multiple port corresponding with service to be cracked simultaneously;And if not a key cracks order, then open single-threaded, utilize enumeration methodology the second queue to crack the password of port corresponding with service to be cracked.
Alternatively, in the port security inspection method according to the present invention, user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.
Alternatively, in the port security inspection method according to the present invention, further comprise the steps of: the password sending IP address to be cracked and corresponding port to be cracked and its corresponding with service to computing equipment, its display crack result.
According to a further aspect in the invention, a kind of port security is provided to check device, this device is arranged in server, server is suitable to prestore the mapping relations of port and service, as port mapping table, device includes: interface unit, is suitable to receive the IP address field to be cracked transmitted by computing equipment, obtains multiple IP address to be cracked;List generation unit, is suitable to generate, according to port mapping table, the port list to scan;First processing unit, is suitable to, to the IP address each to be cracked in multiple IP addresses to be cracked, according to port list, the port of this IP address to be cracked is scanned, is further adapted for the port to be cracked that the results verification port according to judging unit is this IP address to be cracked;Judging unit, is suitable to judge whether the port of the first processing unit scanning is open port;Queue generates unit, is suitable to associate IP address to be cracked and corresponding port to be cracked, generates the first queue, be further adapted for calling user name dictionary with password dictionary to associate username and password, generate the second queue;Query unit, is suitable to inquire about, to port mapping table, the service that multiple ports to be cracked are corresponding respectively;And second processing unit, be suitable to the password utilizing enumeration methodology the second queue to crack the respectively port corresponding with service each to be cracked of IP address to be cracked in the first queue.
Alternatively, check that in device, the first processing unit is suitable to call the TCP instrument port to IP address to be cracked each in port list and is scanned, in order to determined whether this port opens by judging unit in the port security according to the present invention.
Alternatively, check that in device, interface unit is further adapted for associating port to be cracked, the IP address to be cracked in the first queue is sent to computing equipment in the port security according to the present invention, in order to its display.
Alternatively, checking in device in the port security according to the present invention, interface unit is further adapted for receiving and is cracked order by what computing equipment transmitted;Judging unit is further adapted for judgement and cracks whether order is that a key cracks order;And second processing unit be further adapted for crack order be a key crack order time, open multithreading, utilize enumeration methodology the second queue crack simultaneously multiple wait crack port corresponding with service password and crack order be not a key crack order time, open single-threaded, utilize enumeration methodology the second queue to crack the password of port corresponding with service to be cracked.
Alternatively, checking in device in the port security according to the present invention, user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.
Alternatively, checking in device in the port security according to the present invention, interface unit is further adapted for the password sending IP address to be cracked and port to be cracked and its corresponding with service to computing equipment, its display crack result.
According to another aspect of the invention, provide a kind of port security and check system, system includes: computing equipment, it is adapted to respond to user's input, send IP address field to be cracked and crack order to server, be further adapted for receiving the IP address to be cracked sent by server and port to be cracked and the password of corresponding with service cracked and show;And server, there is port security as above and check device.
As seen from the above technical solution, in the present invention, server receives multiple IP address fields, when performing a key and cracking order, adopting multiple threads logic, batch cracks the password of multiple port corresponding with service of multiple IP address field, improves the efficiency of password cracking, avoid the duplication of labour, and then improve the efficiency that port security checks.
Further, by associating port to be cracked and corresponding with service, generate port mapping table, compensate for and use the deficiency that can only crack port default service during Hydra instrument decryption, achieve the configurable of port and service, Security Officer just can tackle the allocation problem of port and service flexibly, to promote the effectiveness that port security checks.
Accompanying drawing explanation
In order to realize above-mentioned and relevant purpose; herein in conjunction with as explained below and accompanying drawing, some illustrative aspect is described; these aspects indicate the various modes that can put into practice principles disclosed herein, and all aspects and equivalence aspect thereof are intended to fall under in the scope of theme required for protection.Reading detailed description below in conjunction with the drawings, above-mentioned and other purpose, feature and the advantage of the disclosure will be apparent from.Throughout the disclosure, identical accompanying drawing labelling generally refers to identical parts or element.
Fig. 1 illustrates that port security checks the schematic diagram of system 100 according to an embodiment of the invention;
Fig. 2 illustrates the flow chart of port security inspection method 200 according to an embodiment of the invention;
Fig. 3 illustrates the interface schematic diagram showing IP address to be cracked and corresponding with service on computing equipment 120;
Fig. 4 illustrates on computing equipment that on 120, display cracks the interface schematic diagram of miniport service cryptographic results;And
Fig. 5 illustrates that port security checks the schematic diagram of device 500 according to an embodiment of the invention.
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here.On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 1 is that port security checks the schematic diagram of system 100 according to an embodiment of the invention.With reference to Fig. 1, except other assemblies, this system 100 includes server 110, computing equipment 120 and network 130.In other embodiments, can there is assembly less, additional or different within system 100.Specifically, although depict only a computing equipment 120 and a server 110, but can there are other computing equipment/client or servers of being connected to network 130.
Server 110 can provide application related service, the social networking of such as application integration or data collection and analysis.Although server 110 is depicted as single entity, but the function of server 110 can be dispersed in multiple computing equipment, computing cluster or data center, and the assembly of server 110 may reside within multiple geographical position.
Server 110 is communicated by network 130 and multiple computing equipments 120.Network 130 can include any combination of standard communication techniques well known in the art and agreement.For example, it is possible to by such as Ethernet, 802.11, CDMA, 3G, 4G or numeral subscriber's line (DSL) such chained technology communicated by network 130.Network 130 can support multiple networking protocol, including HTML (Hypertext Markup Language) (HTTP), transmission control protocol/Internet Protocol (TCP/IP) or file transfer protocol (FTP), and any data transmitted by network 130 can utilize such as Transport Layer Security (TLS), security socket layer (SSL) and internet protocol secure (IPsec) such technology to be encrypted.
Computing equipment 120 it is described in detail below and server 110 cracks the interaction of password of miniport service.
Fig. 2 illustrates the flow chart of port security inspection method 200 according to an embodiment of the invention.As in figure 2 it is shown, the method 200 starts from step S210.In step S210, server 110 receives the IP address field to be cracked transmitted by computing equipment 120, generates multiple IP address to be cracked.According to the embodiment of the present invention, enterprise security personnel can at the IP address that computing equipment 120 input to crack or IP address field, such as input the network segment: 10.168.9.1/24 and 10.168.10.1/24, the two network segment is sent to server 110 by computing equipment 120, the two IP address field amounts to 508 IP addresses, all as IP address to be cracked.
Subsequently in step S220, generate the port list to scan according to port mapping table.
According to the embodiment of the present invention, server 110 prestores the mapping relations of port and service, as port mapping table.Should be noted that, in port mapping table, except default service corresponding to some ports (such as, what Web application that what what 22 ports were corresponding the is Ssh under Linux and Telnet, 80 ports were corresponding is, 1433 ports were corresponding is Mssql database service) outward, according to enterprise's own situation, the mapping relations of port and service can also be custom-configured.
As shown in the table, give some mapping relations of port mapping table.
| Port | Service |
| 21 | ftp |
| 22022 | ssh |
| 23 | telnet |
| 161 | snmp |
| 27017 | mongodb1 |
| 28017 | mongodb1 |
| 1433 | mssql |
| 3306 | mysql |
| 5432 | postgres |
| 875 | rsync |
| 445 | Smb |
| 8080 | tomcat |
| 5900 | vnc0 |
| 5901 | vnc1 |
From upper table it will be seen that generally acquiescence 22 ports corresponding be ssh service, in the present embodiment, for preventing from being scanned easily by outside this open port, ssh is serviced corresponding ports and is set as 22022.
Server 110 is by inquiring about " port " field in port mapping table, it is determined that the port list that scan.
Subsequently in step S230, to the IP address each to be cracked in the IP address multiple to be cracked in step S210, according to port list, the port of this IP address to be cracked is scanned, if port is open port, then confirms the port to be cracked that this port is this IP address to be cracked.Specifically, call the TCP instrument Nmap port to IP address to be cracked each in port list and be scanned, to determine whether this port opens under the IP address that this is to be cracked, export IP address to be cracked and corresponding open port.According to embodiments of the invention, server 110 is by sending instruction:
Nmap.exe-sT-P0–pT:portlistip
Call Nmap port list is scanned.
Subsequently in step S240, export result according to the scanning of step S230, associate IP address to be cracked and corresponding open port (namely port to be cracked), generate the first queue iportQueue.To input IP address field: 10.168.9.1/24 and 10.168.10.1/24, the first team now generated is classified as:
IportQueue={10.168.9.2:22022,10.168.9.71:22022,10.168.10 .25:1433 ... }.
When generating the first queue iportQueue, server 110 is by the element in the first queue, and namely IP address to be cracked and port to be cracked associated with it, be sent to computing equipment 120, in order to its display.As Fig. 3 illustrates the interface schematic diagram showing IP address to be cracked and corresponding with service on computing equipment 120.
Subsequently in step s 250, again inquire about, to port mapping table, the service that multiple ports to be cracked are corresponding respectively.Such as, inquiry obtains the corresponding ssh service of port 22022 to be cracked.
Subsequently in step S260, call user name dictionary with password dictionary to associate username and password, generate the second queue accountQueue.According to embodiments of the invention, user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.
Such as, conventional user name includes: root, guest, mysql, oracle, test, user.
Conventional password includes: 123,123123,111111,666666,888888,123456,12345678,!#,!# $ %^,!# $ %^&*, abc, test.
It addition, also can according to the self-defined password of practical situation, such as: autohome, Autohome!#, 1qaz2wsx.
Associate above-mentioned username and password, say, that each user name will with all of cipher code set unification time so that the second queue can contain the combination of all username and passwords, with this second queue generated for:
AccountQueue={root:123, root:123123 ..., guest:123, guest:123123 ....
Here, adopt queue storage IP address and port and username and password, mainly consider that queue is the memory mechanism of first in first out, for instance in the first queue iportQueue, when to obtain the data of iportQueue, first " 10.168.9.2:22022 " will be taken away.
Subsequently in step S270, enumeration methodology the second queue is utilized to crack the password of the respectively port corresponding with service each to be cracked of IP address to be cracked in the first queue.
As shown in Figure 3, corresponding every record all can have corresponding " explosion " action, also can show " a key explosion " bottom interface, and user selects service to be cracked on computing equipment 120, computing equipment 120 transmits and cracks order to server 110, server 110 perform.
According to embodiments of the invention, if user clicks " a key explosion ", so computing equipment 120 just sends a key and cracks order to server 110, now server 110 opens multithreading, utilizing enumeration methodology the second queue to crack the password of multiple port corresponding with service to be cracked, port to be cracked now is exactly that being needed in the first queue cracks port simultaneously.It is to say, server 110 batch processing port all of to be cracked, for each port to be cracked, attempt successively with the user name password combination in the second queue, until cracking successfully.
Such as, for the first queue iportQueue generated in step S240, according to first in first out, thread 1 can first take out first data " 10.168.9.2:22022 " in the first queue, attempt successively cracking under the 10.168.9.2 of IP address with the user name password combination in the second queue, the password of port 22022 corresponding with service.Meanwhile, thread 2 takes out second data " 10.168.9.71:22022 ", attempts successively cracking under the 10.168.9.71 of IP address with the user name password combination in the second queue, the password of port 22022 corresponding with service.The like.
Now, according to the port mapping table prestored, what server 110 just can obtain port 22022 correspondence is ssh service, so when cracking service password, the problem that can only crack default port service during with regard to solving and using Hydra instrument, it is achieved that port and service configurable.
For the password cracking Ssh and Mssql service, need when cracking use java code to carry out enumerating connection and attempt, and judge that whether the user name password combination used is successful according to returning, it is achieved code is as follows:
If the service that all IP address to be cracked is corresponding need not once be cracked, then user can click certain IP address to be cracked record and crack one by one, as shown in Figure 3.Server 110 receives and cracks order, and according to one embodiment of present invention, this cracks and can comprise IP address to be cracked and port to be cracked in this record in order, and server 110 is opened single-threaded, cracks the password of this port corresponding with service to be cracked.Similarly, or mode is enumerated in employing, for the port to crack, attempts successively with the user name password combination in the second queue, until cracking successfully.
When cracking successfully, server 110 sends the password of IP address to be cracked and corresponding port to be cracked and its corresponding with service to computing equipment 120, its display crack result, as shown in Figure 4.Enterprise security personnel crack result according to this, take corresponding measure, for instance amendment security code, to improve the safety of enterprise web site.
According to the solution of the present invention, user can input multiple IP address field on computing equipment 120, server 110 performs a key when cracking order, adopt multiple threads logic, batch cracks the password of multiple port corresponding with service of multiple IP address field, improve the efficiency of password cracking, it is to avoid the duplication of labour.
Further, port to be cracked and corresponding with service is associated by port mapping table, port and corresponding with service is made to can configure in data base, can read, compensate for and use the deficiency that can only crack port default service during Hydra instrument decryption, achieve the configurable of port and service, to promote the effectiveness that port security checks.
Correspondingly, Fig. 5 illustrates that port security checks the schematic diagram of device 500 according to an embodiment of the invention.This device 500 is arranged in server 110, and server 110 is suitable to prestore the mapping relations of port and service, as port mapping table.Such as following table, give the few examples of port mapping table.
Device 500 includes: interface unit 510, list generation unit the 520, first processing unit 530, judging unit 540, queue generate unit 550, query unit 560 and the second processing unit 570.
Interface unit 510 is suitable to receive the IP address field to be cracked transmitted by computing equipment 120, obtains multiple IP address to be cracked.Miniport service password cracking scheme according to the present invention, server 110 can crack the password of multiple miniport service of multiple IP address field in batches.
List generation unit 520 is suitable to generate, according to port mapping table, the port list to scan.
First processing unit 530 is suitable to, to the IP address each to be cracked in multiple IP addresses to be cracked, according to port list, the port of this IP address to be cracked is scanned.According to one embodiment of present invention, the first processing unit 530 is suitable to call the TCP instrument port to IP address to be cracked each in port list and is scanned.
Judging unit 540 is suitable to judge whether the port of the first processing unit 530 scanning is open port, if open port, then returns and informs the first processing unit 530 coupled thereto.
First processing unit 530 is further adapted for the port to be cracked that this open port of results verification according to judging unit 540 return is this IP address to be cracked.According to a kind of implementation, an IP address to be cracked may corresponding multiple ports to be cracked.
Queue generates unit 550 and is suitable to associate IP address to be cracked and corresponding port to be cracked, and generates the first queue iportQueue, is further adapted for calling user name dictionary with password dictionary to associate username and password, generates the second queue accountQueue.According to embodiments of the invention, user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.About the associated description of the first queue iportQueue and the second queue accountQueue, referring to content above.
Interface unit 510 is further adapted for the IP address to be cracked of the port to be cracked in the first queue and association is sent to computing equipment 120, in order to its display, and display schematic diagram is as shown in Figure 3.
Query unit 560 is suitable to again inquire about the service that multiple port to be cracked is corresponding respectively to port mapping table.
Second processing unit 570 is suitable to utilize enumeration methodology the second queue accountQueue password cracking the respectively port corresponding with service each to be cracked of IP address to be cracked in the first queue iportQueue.
According to one embodiment of present invention, interface unit 510 is further adapted for receiving and is cracked order by what computing equipment 120 transmitted, and notifies judging unit 540.
Whether judging unit 540 to crack order be that a key cracks order, and notify the second processing unit 570 if being further adapted for judgement.
Second processing unit 570 be further adapted for crack order be a key crack order time, open multithreading, utilize enumeration methodology the second queue accountQueue to crack the password of multiple port corresponding with service to be cracked simultaneously;Be also suitably for crack order be not a key crack order time, open single-threaded, utilize enumeration methodology to crack the password of port corresponding with service to be cracked with the second queue accountQueue.Second processing unit 570, by enumerating the mode of trial, obtains correct user name password.
When cracking successfully, the second processing unit 570 notification interface unit 510.Interface unit 510 is suitable to the password sending IP address to be cracked and port to be cracked and its corresponding with service to computing equipment 120, its display crack result, as shown in Figure 4.
It is to be understood that, one or more in order to what simplify that the disclosure helping understands in each inventive aspect, herein above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes.But, the method for the disclosure should be construed to and reflect an intention that namely the present invention for required protection requires than the feature more features being expressly recited in each claim.More precisely, as the following claims reflect, inventive aspect is in that all features less than single embodiment disclosed above.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself as the independent embodiment of the present invention.
The module of the equipment that those skilled in the art are to be understood that in example disclosed herein or unit or assembly can be arranged in equipment as depicted in this embodiment, or alternatively can be positioned in one or more equipment different from the equipment in this example.Module in aforementioned exemplary can be combined as a module or be segmented into multiple submodule in addition.
Those skilled in the art are appreciated that, it is possible to carry out the module in the equipment in embodiment adaptively changing and they being arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit excludes each other, it is possible to adopt any combination that all processes or the unit of all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment are combined.Unless expressly stated otherwise, each feature disclosed in this specification (including adjoint claim, summary and accompanying drawing) can be replaced by the alternative features providing purpose identical, equivalent or similar.
A6, method as according to any one of A1-5, further comprise the steps of: the password sending IP address to be cracked and corresponding port to be cracked and its corresponding with service to computing equipment, its display crack result.
B11, device as according to any one of B7-10, wherein user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.B12, device as according to any one of B7-11, wherein, interface unit is further adapted for the password sending IP address to be cracked and port to be cracked and its corresponding with service to computing equipment, its display crack result.
In addition, those skilled in the art it will be appreciated that, although embodiments more described herein include some feature included in other embodiments rather than further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can mode use in any combination.
Additionally, some in described embodiment be described as at this can by the processor of computer system or the method implemented by other device performing described function or the combination of method element.Therefore, the processor with the necessary instruction for implementing described method or method element is formed for implementing the method or the device of method element.Additionally, the element described herein of device embodiment is the example of following device: this device is for implementing the function performed by the element of the purpose in order to implement this invention.
As used in this, unless specifically stated so, use ordinal number " first ", " second ", " the 3rd " etc. to describe plain objects and be merely representative of the different instances relating to similar object, and be not intended to imply the object being so described must have the time upper, spatially, sequence aspect or in any other manner to definite sequence.
Although the embodiment according to limited quantity describes the present invention, but benefits from above description, those skilled in the art understand, in the scope of the present invention thus described, it can be envisaged that other embodiments.Additionally, it should be noted that the language used in this specification is primarily to purpose that is readable and that instruct and selects, rather than select to explain or limit the theme of the present invention.Therefore, when not necessarily departing from the scope of the appended claims and spirit, many modifications and changes will be apparent from for those skilled in the art.For the scope of the present invention, disclosing that the present invention is done is illustrative and not restrictive, and it is intended that the scope of the present invention be defined by the claims appended hereto.
Claims (10)
1. a port security inspection method, described method carries out at server, prestores the mapping relations of port and service in described server, and as port mapping table, described method includes step:
Receive the IP address field to be cracked transmitted by computing equipment, generate multiple IP address to be cracked;
The port list to scan is generated according to described port mapping table;
To each IP address in the plurality of IP address to be cracked, according to port list, the port of this IP address to be cracked is scanned, if this port is open port, then confirms the port to be cracked that this port is this IP address to be cracked;
Associate IP address to be cracked and corresponding port to be cracked, generate the first queue;
The service that the plurality of port to be cracked is corresponding respectively is inquired about to port mapping table;
Call user name dictionary with password dictionary to associate username and password, generate the second queue;And
Enumeration methodology the second queue is utilized to crack the password of the respectively port corresponding with service each to be cracked of IP address to be cracked in described first queue.
2. the method for claim 1, the step wherein according to port list, port being scanned includes:
Call the TCP instrument port to IP address to be cracked each in port list to be scanned, to determine whether this port opens under this IP address to be cracked.
3. method as claimed in claim 1 or 2, further comprises the steps of: after the step of wherein said generation the first queue
The port to be cracked of the IP address to be cracked in described first queue and association is sent to computing equipment, in order to its display.
4. the method as according to any one of claim 1-3, described method further comprises the steps of:
Receive by described computing equipment transmit when cracking order, it is judged that described in crack whether order is that a key cracks order;
If a key cracks order, then open multithreading, utilize enumeration methodology the second queue to crack the password of multiple port corresponding with service to be cracked simultaneously;And
If not a key cracks order, then open single-threaded, utilize enumeration methodology the second queue to crack the password of port corresponding with service to be cracked.
5. the method as according to any one of claim 1-4, wherein, described user name dictionary and password dictionary include the username and password commonly used and self-defining username and password.
6. port security checks a device, and described device is arranged in server, and described server is suitable to prestore the mapping relations of port and service, and as port mapping table, described device includes:
Interface unit, is suitable to receive the IP address field to be cracked transmitted by computing equipment, obtains multiple IP address to be cracked;
List generation unit, is suitable to generate, according to port mapping table, the port list to scan;
First processing unit, be suitable to the IP address each to be cracked in the plurality of IP address to be cracked, according to port list, the port of this IP address to be cracked is scanned, is further adapted for the port to be cracked that port according to the results verification of judging unit is this IP address to be cracked;
Judging unit, is suitable to judge whether the port of described first processing unit scanning is open port;
Queue generates unit, is suitable to associate IP address to be cracked and corresponding port to be cracked, generates the first queue, be further adapted for calling user name dictionary with password dictionary to associate username and password, generate the second queue;
Query unit, is suitable to inquire about, to port mapping table, the service that multiple ports to be cracked are corresponding respectively;And
Second processing unit, is suitable to the password utilizing enumeration methodology the second queue to crack the respectively port corresponding with service each to be cracked of IP address to be cracked in described first queue.
7. device as claimed in claim 6, wherein,
Described first processing unit is suitable to call the TCP instrument port to IP address to be cracked each in port list and is scanned, in order to determined whether this port opens by described judging unit.
8. device as claimed in claims 6 or 7, wherein,
Described interface unit is further adapted for associating port to be cracked, the IP address to be cracked in described first queue is sent to computing equipment, in order to its display.
9. the device as according to any one of claim 6-8, wherein,
Described interface unit is further adapted for receiving and is cracked order by what described computing equipment transmitted;
Described judging unit is further adapted for described in judgement and cracks whether order is that a key cracks order;And
Described second processing unit be further adapted for described crack order be a key crack order time, open multithreading, utilize enumeration methodology the second queue crack simultaneously multiple wait crack port corresponding with service password and described crack order be not a key crack order time, open single-threaded, utilize enumeration methodology the second queue to crack the password of port corresponding with service to be cracked.
10. port security checks a system, and described system includes:
Computing equipment, is adapted to respond to user's input, sends IP address field to be cracked and cracks order to server, is further adapted for receiving the IP address to be cracked sent by server and port to be cracked and the password of corresponding with service cracked and shows;And
Server, has the port security as according to any one of claim 6-9 and checks device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610099256.1A CN105721472A (en) | 2016-02-23 | 2016-02-23 | Port security check method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610099256.1A CN105721472A (en) | 2016-02-23 | 2016-02-23 | Port security check method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105721472A true CN105721472A (en) | 2016-06-29 |
Family
ID=56156922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610099256.1A Pending CN105721472A (en) | 2016-02-23 | 2016-02-23 | Port security check method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105721472A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN108574681A (en) * | 2017-03-13 | 2018-09-25 | 贵州白山云科技有限公司 | A kind of server intelligent scanning method and device |
| CN109039812A (en) * | 2018-07-20 | 2018-12-18 | 深圳前海微众银行股份有限公司 | port detecting method, system and computer readable storage medium |
| CN110505236A (en) * | 2019-09-02 | 2019-11-26 | 杭州安恒信息技术股份有限公司 | The recognition methods and system of digital signage device |
| CN110519289A (en) * | 2019-09-02 | 2019-11-29 | 杭州安恒信息技术股份有限公司 | Weak passwurd detection method and device based on industrial control system |
| CN110708292A (en) * | 2019-09-11 | 2020-01-17 | 光通天下网络科技股份有限公司 | IP processing method, device, medium and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006134269A1 (en) * | 2005-06-14 | 2006-12-21 | Patrice Guichard | Data and a computer system protecting method and device |
| CN103400077A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | Penetration testing method based on BackTrack |
| CN104009881A (en) * | 2013-02-27 | 2014-08-27 | 广东电网公司信息中心 | Method and device for system penetration testing |
| CN104751047A (en) * | 2013-12-31 | 2015-07-01 | 北京新媒传信科技有限公司 | Weak password scanning method and device |
| CN105141449A (en) * | 2015-07-28 | 2015-12-09 | 中标软件有限公司 | Addition method and device for monitoring configuration |
-
2016
- 2016-02-23 CN CN201610099256.1A patent/CN105721472A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006134269A1 (en) * | 2005-06-14 | 2006-12-21 | Patrice Guichard | Data and a computer system protecting method and device |
| CN104009881A (en) * | 2013-02-27 | 2014-08-27 | 广东电网公司信息中心 | Method and device for system penetration testing |
| CN103400077A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | Penetration testing method based on BackTrack |
| CN104751047A (en) * | 2013-12-31 | 2015-07-01 | 北京新媒传信科技有限公司 | Weak password scanning method and device |
| CN105141449A (en) * | 2015-07-28 | 2015-12-09 | 中标软件有限公司 | Addition method and device for monitoring configuration |
Non-Patent Citations (1)
| Title |
|---|
| 爱博科研究室: "《Windows XP实用技巧365》", 31 August 2005 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108574681A (en) * | 2017-03-13 | 2018-09-25 | 贵州白山云科技有限公司 | A kind of server intelligent scanning method and device |
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN109039812A (en) * | 2018-07-20 | 2018-12-18 | 深圳前海微众银行股份有限公司 | port detecting method, system and computer readable storage medium |
| CN110505236A (en) * | 2019-09-02 | 2019-11-26 | 杭州安恒信息技术股份有限公司 | The recognition methods and system of digital signage device |
| CN110519289A (en) * | 2019-09-02 | 2019-11-29 | 杭州安恒信息技术股份有限公司 | Weak passwurd detection method and device based on industrial control system |
| CN110519289B (en) * | 2019-09-02 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Weak password detection method and device based on industrial control system |
| CN110505236B (en) * | 2019-09-02 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Method and system for identifying digital signage device |
| CN110708292A (en) * | 2019-09-11 | 2020-01-17 | 光通天下网络科技股份有限公司 | IP processing method, device, medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105721472A (en) | Port security check method, device and system | |
| US10270758B2 (en) | Login method, server, and login system | |
| US9544278B2 (en) | Using domain name system security extensions in a mixed-mode environment | |
| US9325732B1 (en) | Computer security threat sharing | |
| US11070580B1 (en) | Vulnerability scanning method, server and system | |
| US9530016B1 (en) | Using source taint analysis to reduce false positives in an advanced persistent threat (APT) protection solution | |
| US7895319B2 (en) | Variable DNS responses based on client identity | |
| US9130937B1 (en) | Validating network communications | |
| US20160036845A1 (en) | System for detecting the presence of rogue domain name service providers through passive monitoring | |
| US20120255022A1 (en) | Systems and methods for determining vulnerability to session stealing | |
| US20130254870A1 (en) | Detecting and Thwarting Browser-Based Network Intrusion Attacks By a Virtual Machine Monitoring System, Apparatus, and Method | |
| US11108803B2 (en) | Determining security vulnerabilities in application programming interfaces | |
| JP2016514313A (en) | Responding to security attacks based on deception | |
| CA2895522A1 (en) | System and method for monitoring data in a client environment | |
| JP2006526221A (en) | Apparatus and method for detecting network vulnerability and evaluating compliance | |
| CN110247894B (en) | Method and device for identifying fake handle server | |
| CN110933092A (en) | JWT (just-in-one wt) based single sign-on realization method and device | |
| CN107105033A (en) | Cloud application access method, cloud proxy server and cloud application access system | |
| CN105099707A (en) | Offline authentication method, server and system | |
| CN107070931A (en) | Cloud application data upload/access method, system and cloud proxy server | |
| CN114500054B (en) | Service access method, service access device, electronic device, and storage medium | |
| GB2543952A (en) | Advanced local-network threat response | |
| CN105450592A (en) | Safety verification method and device, server and terminal | |
| Gupta et al. | Prevention of cross-site scripting vulnerabilities using dynamic hash generation technique on the server side | |
| WO2019026172A1 (en) | Security diagnostic device and security diagnostic method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160629 |