CN105792216B - Wireless fishing based on certification accesses point detecting method - Google Patents
Wireless fishing based on certification accesses point detecting method Download PDFInfo
- Publication number
- CN105792216B CN105792216B CN201610329754.0A CN201610329754A CN105792216B CN 105792216 B CN105792216 B CN 105792216B CN 201610329754 A CN201610329754 A CN 201610329754A CN 105792216 B CN105792216 B CN 105792216B
- Authority
- CN
- China
- Prior art keywords
- client
- certificate server
- access point
- routing node
- node information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of wireless fishing access point detecting method based on certification, set up the certificate server of the routing node information database for storing all legal wireless access point in a network first, then certificate server is according to the certification request of client, routing node information in the routing node information and date library of client is subjected to matching certification, finally client is sent by matching authentication result, the present invention, which can be realized, to be connected, that is, is looked into, with practicability, cost is relatively low, it can effectively identify wireless fishing access point, reduce detection and processing cost, regular traffic flow in network is not influenced.
Description
Technical field
The present invention relates to a kind of technology of network safety filed, specifically a kind of wireless fishing access based on certification
Point detecting method.
Background technique
As wireless access point (AP) is in the large scale deployment of city public place, wireless access point of going fishing becomes wireless network
Seriously threatening in network.Wireless fishing access-point attacks refer to that attacker sets up the wireless access point of a camouflage in public
That is fishing access point, setting and the identical service set of true AP (SSID), so that victim accidentally connects wireless fishing
Access point further carries out snatching password and personal sensitive information etc. is attacked.Wireless fishing access point is defined as illegal
Access point, it is not to be arranged by WLAN operator or manager.Under normal conditions, attacker connects host equipment into conjunction
Method authorization, guarantee fishing access point flow can be forwarded on internet, victim can normally surf the Internet be detectable it is different
Often, the fishing access point of the open counterfeit true AP configuration of the equipment such as wireless network card is recycled.From network topology, attacker's frame
If wireless network be WLAN operator or manager setting wireless network a subnet.
Wireless fishing access point is difficult to be tracked discovery, because its starting and closing have sudden and randomness, they
It is also very short to obtain target duration.Meanwhile wireless fishing access point is the springboard of other many wireless attacks.It is existing
The detection technique of wireless fishing access point, is mainly based upon the detection technique of wireless side, but enterprise-level deployed with devices and maintenance
Cost is all costly, is difficult to large scale deployment in public places.
After searching and discovering the prior art, Chinese patent literature CN102984707A, publication date are 2013 years 03
Months 20 days, the identification and processing method of access point of going fishing in a kind of wireless network are disclosed, the wireless network includes wireless
Controller and the multiple wireless aps connecting with wireless controller, the identification and processing method include: that each wireless aps scan
The environmental information of itself, and scanning result information is uploaded to wireless controller, wireless controller is sentenced according to scanning result information
With the presence or absence of fishing access point in current wireless aps of breaking, if so, carrying out corresponding processing according to the type of fishing access point.But
Technology setting is complicated, occupies a large amount of system resources.Specifically: first, the technology needs to configure wireless controlled for each wireless aps
Device processed, networking and maintenance cost are high, and deployment difficulty is big.Second, the time of occurrence of access point of going fishing in wireless network, place have
It is greatly uncertain, and attack that the duration is short, however the technology is needed in the environment for covering legal any wireless network services
It is interior to carry out comprehensive, round-the-clock scanning, great unnecessary consumption is caused to system resource.Third, going fishing in wireless network
The condition of success attack first is that aggrieved client is in wireless aps of the signal strength better than legal authorization of fishing access point
In environment, attacker often selects to set up to go fishing in the place of the wireless aps signal strength of legal authorization slightly weak (or no signal) to connect
The effective scanning of access point, wireless aps itself is limited in scope, and cannot generally cover except its wireless signal active strength range, should
There may be identification blind areas for technology.
Summary of the invention
The present invention In view of the above shortcomings of the prior art, proposes a kind of wireless fishing access point detection based on certification
Method.
The present invention is achieved by the following technical solutions:
The present invention sets up the routing node information database for storing all legal wireless access point in a network first
Certificate server, then certificate server is according to the certification request of client, by the routing node information and date of client
Routing node information in library carries out matching certification, finally sends client for matching authentication result.
The routing node information includes the IP address and its quantity that message reaches certificate server node experienced.
The certificate server is set to the same level-one network structure level or upper level network structure of wireless access point
Level.
The routing node information of the client is to decide through consultation that format is transmitted to certificate server.
Pass through HTTPS connection between the client and certificate server.
Technical effect
Compared with prior art, the present invention, which can be realized, connects, that is, looks into, and has practicability, cost is relatively low, can be effective
It identifies wireless fishing access point, reduces detection and processing cost, do not influence regular traffic flow in network.
Detailed description of the invention
Fig. 1 is inventive network topological diagram;
Fig. 2 is wireless fishing access point detection schematic diagram;
In figure: 1 certificate server, 2 Legitimate access points, 3 fishing access points, 4 clients.
Specific embodiment
It elaborates below to the embodiment of the present invention, the present embodiment carries out under the premise of the technical scheme of the present invention
Implement, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to following implementation
Example.
Embodiment 1
In the present embodiment, the routing node information for storing all legal wireless access point is set up in a network first
The certificate server 1 of database, then certificate server 1 is according to the certification request of client 4, by the routing node of client 4
Routing node information in information and date library carries out matching certification, finally sends client 4 for matching authentication result.It is described
Routing node information include message reach the node experienced of certificate server 1 IP address and its quantity.
Certificate server 1 is disposed in a wlan, using the client 4 for being connected to Legitimate access points 2 and is connected to fishing and is connect
Both clients 4 of access point 3 data message reaches the difference of the routing node information of certificate server 1, identifies use for user
Whether the current connected wireless access point in family is illegal fishing access point 3.
As shown in Figure 1, certificate server 1 is arranged on the same level-one network structure level of Legitimate access points 2.It is connected to fishing
Message transmitted by the client 4 of fish access point 3 reach certificate server 1 the number through node be more than normally without attack situation
, fishing access point 3 is used as a Dominator, and IP address also has obvious characteristic.Attacker is setting up the AP that goes fishing, often
It needs that offensive host equipment is first connected into legal AP in environment, guarantees that victim can visit after access point 3 is gone fishing in connection
It asks internet, is reconfigured the open fishing access point 3 of the equipment such as the wireless network card being connected on attack host.
Detection fishing access point 3 specifically includes the following steps:
1) certificate server 1 receives the connection request of each client 4, and by the interaction of special packet so that client
4, which have the ability, knows that text of itself transmitting messages reaches the routing node information of certificate server 1.Tracking under Windows operating system
Routing (Tracert) is exactly a for routing the utility program of tracking, can determine what IP data packet access target was taken
Path.
As shown in Fig. 2, there is fishing access point 3 and a rogue attacks host being attached thereto in figure.Certificate server 1
Database in by decide through consultation format storage record, such as two-dimensional array form:This routing node information
The as information of Legitimate access points 2 has certainty and uniqueness.
2) certificate server 1 receives the certification request of client 4, client 4 by previous step obtain in the routing node known believe
Breath is to decide through consultation that format submits to certificate server 1.
3) certificate server 1 matches whole records in routing node information and date library that client 4 is submitted
Certification, the wireless access point that Authentication Client 4 currently connects if matching authenticates successfully is Legitimate access points, is otherwise arranged
For suspicious access point i.e. fishing access point 3.Authentication result is fed back to client 4 by certificate server 1, decides whether to break by user
Open the wireless access point currently connected.To prevent intercepting and capturing of the fishing access point 3 to client 4 and 1 interaction message of certificate server
With distort, client 4 and certificate server 1 connect transmission information by HTTPS.
The client 4 access Legitimate access points 2 then its by the routing section for deciding through consultation that format (two-dimensional array form) is sent
Putting information isIt is consistent with the information in the database of certificate server 1, it is authenticated to match the backward visitor
4 feedback informations of family end, that is, wireless access point is Legitimate access points.The access fishing of the client 4 access point 3 then APP in client 4
It is by the routing node information for deciding through consultation that format (two-dimensional array form) is sentWherein hop count increases
It is more, and there is abnormal IP, it cannot match with the routing node information in certificate server 1, then to 4 feedback information of client
I.e. the wireless access point is fishing access point 3.
Compared with prior art, the present invention, which can be realized, connects, that is, looks into, and has practicability, lower deployment cost is lower, can
The effectively wireless fishing access point of identification, reduces detection and processing cost, does not influence regular traffic flow in network.
Claims (1)
1. a kind of wireless fishing based on certification accesses point detecting method, which is characterized in that set up in a network for depositing first
The certificate server of the routing node information database of all legal wireless access point is stored up, then certificate server is according to client
Certification request, the routing node information in the routing node information and date library of client is subjected to matching certification, finally will
Matching authentication result is sent to client;The routing node information includes that message reaches certificate server node experienced
IP address and its quantity;
The certificate server is set to the same level-one network structure level or upper level network structure level of wireless access point;
The routing node information of the client is to decide through consultation that format is transmitted to certificate server;
Pass through HTTPS connection between the client and certificate server;
Described decides through consultation that format is two-dimensional array format;
The detection method, specifically includes the following steps:
1) certificate server receives the connection request of each client, and by the interaction of special packet so that client is had the ability
Know that text of itself transmitting messages reaches the routing node information of certificate server;
By two-dimensional array form storage record in the database of the certificate server, there is certainty and uniqueness;
2) certificate server receives the certification request of client, client by previous step obtain in the routing node information known to decide through consultation
Format submits to certificate server;
3) whole records in routing node information and date library that client is submitted are carried out matching certification by certificate server, such as
It is Legitimate access points that fruit matching, which authenticates successfully the wireless access point that then Authentication Client currently connects, is otherwise classified as suspicious connect
Access point i.e. fishing access point;Authentication result is fed back to client by certificate server, is decided whether to disconnect current connection by user
Wireless access point;For prevent fishing access point to the intercepting and capturing of client and certificate server interaction message with distort, client
Transmission information is connected by HTTPS with certificate server;
When the client access Legitimate access points then press the routing node information and authentication service of two-dimensional array form transmission
Information in the database of device is consistent, and the authenticated client feedback information, that is, wireless access point backward that matches is legal access
Point;
When the APP on client access fishing access point then client presses the routing node information that two-dimensional array form is sent
Middle hop count increases, and abnormal IP occurs, cannot match with the routing node information in certificate server, then to the client
Holding the feedback information i.e. wireless access point is fishing access point.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610329754.0A CN105792216B (en) | 2016-05-18 | 2016-05-18 | Wireless fishing based on certification accesses point detecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610329754.0A CN105792216B (en) | 2016-05-18 | 2016-05-18 | Wireless fishing based on certification accesses point detecting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105792216A CN105792216A (en) | 2016-07-20 |
| CN105792216B true CN105792216B (en) | 2019-08-02 |
Family
ID=56380127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610329754.0A Active CN105792216B (en) | 2016-05-18 | 2016-05-18 | Wireless fishing based on certification accesses point detecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105792216B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789939B (en) * | 2016-11-29 | 2019-04-26 | 中国银联股份有限公司 | A kind of detection method for phishing site and device |
| CN106961683B (en) * | 2017-03-21 | 2021-07-02 | 金华市智甄通信设备有限公司 | Method and system for detecting illegal AP and discoverer AP |
| CN107529165B (en) * | 2017-10-11 | 2019-09-13 | 北京大学 | The recognition methods of wireless access points legitimacy under a kind of Campus Net |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN104243490A (en) * | 2014-09-30 | 2014-12-24 | 北京金山安全软件有限公司 | Method and device for identifying pseudo wireless network access point and mobile terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9467459B2 (en) * | 2013-03-15 | 2016-10-11 | Aruba Networks, Inc. | System and method for detection of rogue routers in a computing network |
-
2016
- 2016-05-18 CN CN201610329754.0A patent/CN105792216B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN104243490A (en) * | 2014-09-30 | 2014-12-24 | 北京金山安全软件有限公司 | Method and device for identifying pseudo wireless network access point and mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| A Novel Approach for Rogue Access Point Detection on the Client-Side;Somayeh Nikbakhsh等;《2012 26th International Conference on Advanced Information Networking and Applications Workshops》;20120329;第686页第1栏倒数第6行-第687页第1栏第43行 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105792216A (en) | 2016-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2008207926B2 (en) | Correlation and analysis of entity attributes | |
| US9009321B2 (en) | Multi-dimensional reputation scoring | |
| US9544272B2 (en) | Detecting image spam | |
| US8179798B2 (en) | Reputation based connection throttling | |
| Verba et al. | Idaho national laboratory supervisory control and data acquisition intrusion detection system (SCADA IDS) | |
| AU2008207924B2 (en) | Web reputation scoring | |
| CN105681272B (en) | The detection of mobile terminal fishing WiFi a kind of and resist method | |
| CN105792216B (en) | Wireless fishing based on certification accesses point detecting method | |
| US20220263846A1 (en) | METHODS FOR DETECTING A CYBERATTACK ON AN ELECTRONIC DEVICE, METHOD FOR OBTAINING A SUPERVISED RANDOM FOREST MODEL FOR DETECTING A DDoS ATTACK OR A BRUTE FORCE ATTACK, AND ELECTRONIC DEVICE CONFIGURED TO DETECT A CYBERATTACK ON ITSELF | |
| Jeremiah | Intrusion detection system to enhance network security using raspberry pi honeypot in kali linux | |
| AU2003241523A1 (en) | System and method for managing wireless network activity | |
| CN111405548B (en) | Fishing wifi detection method and device | |
| US8724506B2 (en) | Detecting double attachment between a wired network and at least one wireless network | |
| Lu et al. | Client-side evil twin attacks detection using statistical characteristics of 802.11 data frames | |
| RU2703329C1 (en) | Method of detecting unauthorized use of network devices of limited functionality from a local network and preventing distributed network attacks from them | |
| Letsoalo et al. | Survey of Media Access Control address spoofing attacks detection and prevention techniques in wireless networks | |
| Nigam et al. | Man-in-the-middle-attack and proposed algorithm for detection | |
| Kalangi et al. | A hybrid IP trace back mechanism to pinpoint the attacker | |
| Helling | Home network security | |
| Vennam et al. | A Comprehensive Analysis of Fog Layer and Man in the Middle Attacks in IoT Networks | |
| CN113596022A (en) | Apparatus and method for identifying malicious sources within a network | |
| OLADIPO et al. | A Secure Wireless Intrusion Detection System (JBWIDS) | |
| KR20100075055A (en) | System for sharing information of irc and http botnet and method thereof | |
| Khairnar et al. | Survey: Raspberry PI Techniques and Applications | |
| Marchette et al. | Network Monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |