CN106507363B - A method of discovery fishing access point - Google Patents
A method of discovery fishing access point Download PDFInfo
- Publication number
- CN106507363B CN106507363B CN201710010929.6A CN201710010929A CN106507363B CN 106507363 B CN106507363 B CN 106507363B CN 201710010929 A CN201710010929 A CN 201710010929A CN 106507363 B CN106507363 B CN 106507363B
- Authority
- CN
- China
- Prior art keywords
- access point
- message
- fishing
- wireless
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of method of discovery fishing access point, for quickly finding the fishing wireless access point in WLAN, comprising: collect the message in WLAN;Obtain the message characteristic information of message;Collect statistics information;Information comparative analysis;Judgement fishing access point.The present invention can quickly have found the fishing wireless access point in WLAN, the safety of effective protection custom system.User terminal only needs wireless probe to can be detected fishing access point, not only save the cost but also convenient for covering the all-network environment of user by the way that multiple wireless probes are arranged.Detection can be realized by the server for sending message to detection fishing access point in user terminal, convenient to use.In addition, server end accurately determines access point of going fishing by Multiple detection.Also, the present invention can intuitively show radio related information and fishing access point.Detection efficiency of the invention and precision are high, and effect is good.
Description
Technical field
The present invention relates to computer network field more particularly to a kind of methods of discovery fishing access point.
Background technique
With the high speed development of computer technology and network communication technology, computer network is answered extensively every field
With the working efficiency of people being greatly improved, so that clothing, food, lodging and transportion -- basic necessities of life become more convenient.People at earth both ends pass through interconnection
Net can exchange each other's needs.But while internet brings huge interests, offender by fishing access point come
User account information and fund are stolen, brings huge loss to the normal users using network.Due to Internet communication speed
Fastly, even if firewall software and antivirus software quantity are various, however it remains loophole enables offender to utilize these softwares
Loophole attacked.In the prior art, the safety of whole system is often only protected by firewall, as long as hacker is logical in this way
It crosses trick user and accesses fishing access point, user inputs the account information of oneself, and offender can be believed by the account of user
Normally login system is ceased, to bypass firewall.Utilize the basic principle of fishing access point fishing are as follows: in the nothing of legal arrangement
In line local area network (WLAN), legal wireless access subscriber (STA) sends out probe requests thereby;Fishing access point echo probe is asked
It asks;It lures that normal accessing user (STA) is linked on the fishing access point into, realizes access network function;Flow passes through the fishing
When access point, which intercepts and captures customer flow to steal the user information;It is real even by user as attack entrance
Existing illegal objective.The prior art does not propose the technical solution of detection fishing access point, can only be by modifying legal accessing user
(STA) network harm to avoid fishing access point is configured.And legal accessing user (STA) configuration is modified, on the one hand increase and uses
The workload at family;On the other hand, it for ordinary user, has no ability to judge whether wireless access point (AP) is fishing access point
And modify configuration.
Obviously there is an urgent need in the art to a kind of sides of a discovery fishing access point that drawbacks described above can be overcome easily operated
Method.
Summary of the invention
It is an object of the present invention to provide a kind of method of discovery fishing access point, can quickly find in WLAN
Fishing wireless access point, the safety of effective protection custom system.
The present invention provides a kind of method of discovery fishing access point, for quickly finding that the fishing in WLAN is wireless
Access point, comprising:
The message in WLAN is collected, by cancelling verification of the IEEE802.11 protocol suite to message data link layer
Function collects message, also,
The message characteristic information of message is obtained, to believe according to message characteristic information come the wireless correlation in collection network environment
Breath, wherein
Message characteristic information includes BSSID the and SSID information of message;
Collect statistics information unites to the message characteristic information of all messages in current wireless Local Area Network network environment
Meter;
Information comparative analysis, according to from the BSSID of Wireless LAN is laid come the BSSID of matching message,
And according to the SSID from laying Wireless LAN come the SSID of matching message, also,
BSSID and the SSID of the BSSID mismatch of laying Wireless LAN and/or message and laying certainly certainly when message
When the SSID of Wireless LAN is mismatched, output sends the information of the illegal wireless access point of message;
Judgement fishing access point, receives the information of illegal wireless access point, to test respectively illegal wireless access point
Card, to export fishing access point, wherein
Fishing access point be verify can not by illegal wireless access point.
It is preferred that method provided by the invention, wherein further include:
The filtering packets before collect statistics information, according to message format classification and filtering packets, to filter out data message.
It is preferred that method provided by the invention, wherein judge that fishing access point includes:
Compare the information and the preset information from laying wireless access point of illegal wireless access point, to detect wireless access
Whether the message that point is sent includes non-from the BSSID for laying Wireless LAN;
When message includes the non-BSSID for laying Wireless LAN certainly, corresponding access point is detected, and exports the first detection
As a result, wherein
If the message that corresponding access point is sent includes from the SSID for laying Wireless LAN or as probe requests thereby becomes
The SSID of message is changed, then it is fishing access point that the first testing result, which is corresponding access point,.
It is preferred that method provided by the invention, wherein judge that fishing access point includes:
Detect wireless access point SSID whether be from lay Wireless LAN SSID, also,
When wireless access point send message include from lay Wireless LAN SSID when, detection messages whether include
The non-gateway address from laying, and export the second testing result, wherein
When message includes the non-gateway address laid certainly, the second testing result is that corresponding access point is fishing access point.
It is preferred that method provided by the invention, wherein judge that fishing access point includes:
Detection property message is sent to wireless access point by wireless client or wireless probe, and exports third detection knot
Fruit, wherein
When that can not receive detection property message from the network internal laid, third testing result is that corresponding access point is fishing
Access point.
It is preferred that method provided by the invention, wherein judgement fishing access point further include:
Before sending detection property message, constructs and inputs detection property message, wherein
Detection property message is the message that there is detection to identify voluntarily constructed according to user demand.
It is preferred that method provided by the invention, wherein sending detection property message includes:
Detection property message is sent to wireless probe, also,
Detection property message is sent to wireless access point by wireless probe, to detect whether corresponding wireless access point is fishing
Fish access point.
It is preferred that method provided by the invention, further includes:
After access point is gone fishing in judgement, fishing access point alarm receives the characteristic information of fishing access point, will accordingly go fishing
The characteristic information of access point is sent to nothing by the way of short message alarm, mail alarm, sound alarm and/or system interface prompt
The administrator of line local area network, to remind administrator manually to check fishing access point, wherein
Characteristic information includes the characteristic information of MAC Address, signal strength, radio band, working channel and associated terminal.
It is preferred that method provided by the invention, wherein filtering packets include:
Real-time reception message;
Keyword in the keyword of matching message and default message table;
By keyword in message table and corresponding type of message come the keyword in matching message, to identify message
Type of message, wherein type of message includes management class message, control class message and data message.
It is preferred that method provided by the invention, further includes:
The characteristic information that Wireless LAN is preset before information comparative analysis, by data-interface from the network of user terminal
It is obtained from the characteristic information for laying Wireless LAN or wireless local area is laid by network administrator's typing by input module certainly
The characteristic information of network, wherein
Characteristic information from laying Wireless LAN includes from the BSSID for laying Wireless LAN and laying wirelessly certainly
The SSID information of local area network.
A kind of method of discovery fishing access point provided by the invention, user terminal only need wireless probe to can be detected fishing to connect
Access point, not only save the cost but also convenient for covering the all-network environment of user by the way that multiple wireless probes are arranged.User terminal
Detection can be realized by the server for sending message to detection fishing access point, it is convenient to use.In addition, server end is logical
It crosses Multiple detection and accurately determines access point of going fishing.Also, the present invention can intuitively show radio related information and fishing access
Point.Detection efficiency of the invention and precision are high, and effect is good.The present invention greatly improves the safety of WLAN, no matter right
Enterprise information security still has promotion to the information security of personal user.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only used for solving
Release design of the invention.
Fig. 1 is a kind of step flow chart of the method for discovery fishing access point of the present invention;
Fig. 2 is that a kind of network of the method for discovery fishing access point of the present invention disposes connection schematic diagram;
Fig. 3 is a kind of schematic block diagram of the method for discovery fishing access point of the present invention.
Appended drawing reference summarizes:
1, network 2, gateway 3, router
4, server 5, fishing access point 6, non-fishing access point
7, from the wireless probe 8 of laying access point, the wireless probe of transmission detection property message
9, computer 10, mobile phone 11, input module
12, output module 13, analysis module 14, the first packet forwarding module
15, the second packet forwarding module 16, wireless probe
Specific embodiment
Hereinafter, a kind of embodiment of the method for discovery fishing access point of the invention is described with reference to the accompanying drawings.
The embodiment recorded herein is specific specific embodiment of the invention, for illustrating design of the invention,
Be it is explanatory and illustrative, should not be construed as the limitation to embodiment of the present invention and the scope of the invention.Except what is recorded herein
Outside embodiment, those skilled in the art can also based on the claim of this application book and specification disclosure of that using aobvious and
The other technical solutions being clear to, these technical solutions include the embodiment recorded herein is made it is any it is obvious replacement and
The technical solution of modification.
The attached drawing of this specification is schematic diagram, aids in illustrating design of the invention, it is schematically indicated the shape of each section
And its correlation.
Referring to Fig. 1, a kind of method of discovery fishing access point proposed by the present invention, for quickly finding in WLAN
Fishing wireless access point, comprising:
Step S1: collecting the message in WLAN, by cancelling IEEE802.11 protocol suite to message data link
The verifying function of layer collects message, also,
The message characteristic information of message is obtained, to collect radio frequency ring in Wireless LAN 1 according to message characteristic information
The information in border, wherein
Message characteristic information includes BSSID the and SSID information of message;
Step S2: collect statistics information counts message characteristic information, to count current wireless Local Area Network network 1
The message characteristic information of all messages in environment;
Step S3: information comparative analysis, according to from the BSSID of Wireless LAN is laid come the BSSID of matching message,
And according to the SSID from laying Wireless LAN come the SSID of matching message, also,
BSSID and the SSID of the BSSID mismatch of laying Wireless LAN and/or message and laying certainly certainly when message
When the SSID of Wireless LAN is mismatched, output sends the information of the illegal wireless access point of message;
Step S4: judgement fishing access point 5 receives the information of illegal wireless access point, to access respectively to illegal wireless
Point is verified, to export the characteristic information of fishing access point 5, wherein
Fishing access point 5 be verify can not by illegal wireless access point.
In the present embodiment, referring to fig. 2, wireless probe 16 can be set in user terminal.Packet forwarding module, analysis module
13, input module 11 and output module 12 are arranged in server end.Server end can be set one or more by network 1
Server 4 interconnected.Radio related information can also include radio band and working channel, associated terminal.Detection fishing
By being wirelessly or non-wirelessly sequentially connected router 3, gateway 2 and network 1, the other end passes through nothing for one end of the server 4 of access point 5
Line wired is sequentially connected router 3 and wireless probe 16, wherein router 3 and wireless probe 16 can be multiple.From laying
The wireless probe 7 of access point and the wireless probe 8 for sending detection property message can also be separately provided.Pass through between wireless probe 16
Wirelessly or non-wirelessly network 1 is connected with each other.Between wireless probe 16 and smart machine can also by being wirelessly or non-wirelessly connected with each other,
Wherein, smart machine can be computer 9 or mobile phone 10.
Referring to Fig. 3, in step sl, radio related information can be sended and received by wireless probe 16.Wireless probe
16 can be set in user terminal, wherein user terminal can be smart machine, wireless probe 16 be connected by smart machine, to connect
Receive and send radio related information.Radio related information includes message and message characteristic information, can also include radio band and
Working channel, associated terminal.The first packet forwarding module 14 is provided on user terminal, for receiving radio related information and inspection
The property surveyed message, and forwarding radio related information and detection property message.In this way only by the first packet forwarding module 14 and
Two packet forwarding module 15 send and receive the data between user terminal and server end, it is easy to accomplish, facilitate batch production.
A plurality of clients connect server end by network 1, wherein server end can be set one or more and pass through
The server 4 interconnected of network 1.Input module 11, the second packet forwarding module 15, analysis module are provided on server end
13 and output module 12, wherein analysis module 13 includes that wireless access point authentication module interconnected and fishing access point 5 are sentenced
Disconnected module, for summarizing the radio related information of the wireless access point in radio related information, and comparison Wireless LAN 1
With it is preset from lay Wireless LAN wireless access point radio related information, with judge access point whether be fishing connect
Access point 5 simultaneously exports analysis result.
In step s 2, collect statistics information can be realized by input module 11, wherein input module 11 is for defeated
Enter the radio related information from the wireless access point for laying Wireless LAN, and building detection property message.
In step s3, information comparative analysis can be realized by wireless access point authentication module.Wireless access is examined item by item
Card module can match the radio related information of the wireless access point in Wireless LAN 1 and the nothing from laying Wireless LAN
The radio related information of line access point, and then detect and export illegal wireless access point and corresponding radio related information.
In step s 4, judge that fishing access point 5 can be by 5 judgment module of fishing access point of analysis module 13 come real
It is existing, wherein fishing 5 judgment module of access point connects wireless access point authentication module, can be according to illegal wireless access point and corresponding
Radio related information, and then illegal wireless access point is verified respectively, and export fishing access point 5, wherein output fishes
Fish access point 5 can be realized by output module 12.Output module 12, linking parsing module 13, for receive analysis as a result,
And result is analyzed in display and output.
The method for the data-interface that input module 11 provides can voluntarily go design to realize with manufacturer, the network management of user network 1
Generally have from BSSID the and SSID data for laying Wireless LAN in data, this data-interface can be with network management data
Docking.Network management data can be sent to analysis module 13 by input module 11, with output fishing access point 5.Make so each
Producer can come to increase the flexibility used using the present invention in their own needs.
Wireless probe 16 is to forward mould by the message of packet forwarding module and server end in probe after obtaining information
Block realizes the transmission of information, and analysis module 13 gets the information that probe reports in server 4.Wireless probe 16 obtains all
It is 802.11 frames, the packet header of these frames has BSSID, SSID required for wireless telecommunications, analyzes according to 802.11 framing methods
Module 13 goes reverse resolution removing that BSSID, SSID in message can be obtained.It is easy to produce in batches in this way, service efficiency is efficient
Fruit is good.
Probe messages can voluntarily go to construct by the producer of LAN safety guard system, for example, by using 802.11 agreements
Standard management message, source address is legal wireless client, destination address is gateway 2, BSSID is detected wireless access
The BSSID of point, information element ID can be set in the specifying information inside message, and to retain serial number 43, (standard management message is taken less than
The 43-49 of reservation), field contents be filled with " Fishing AP Probe ".The realization for constructing specific message can be according to producer
Demand realize, as long as having detection mark is conducive to detection.Each producer is enabled to come in their own needs in this way
Using the present invention, the flexibility used is increased.
One side user terminal only needs wireless probe 16 to can be detected fishing access point 5 in this way, not only save the cost but also just
In 1 environment of all-network for covering user by the multiple wireless probes 16 of setting;Another aspect wireless probe 16 passes through transmission
Detection can be realized in the server 4 of message to detection fishing access point 5, convenient to use;In addition, the analysis mould of server end
Block 13 accurately determines access point 5 of going fishing by Multiple detection;Furthermore, input module 11 facilitates user according to oneself 1 environment of network
The case where set data, using flexible effect is good;Also, output module 12 can intuitively show radio related information and fishing
Fish access point 5, wherein output module 12 can be printer, display and smart machine.Detection efficiency of the invention is high, essence
Degree is high, and effect is good.The present invention greatly improves the safety of WLAN, no matter uses to enterprise information security or to individual
The information security at family has promotion.
The present embodiment is it is further preferred that provide a method, wherein further include: it is filtered before collect statistics information
Message, according to message format classification and filtering packets, to filter out data message.
In the present embodiment, filtering packets can pass through the filtering module of connection wireless probe 16.Filtering module receives nothing
The radio related information and filtering packets of the collection of line probe 16 simultaneously export non-data message to wireless probe 16.Wireless probe
16 only non-data messages after forward filtering.
The non-data message in Wireless LAN 1 is only analyzed in this way, without the data message of analysing terminal user, in turn
Protect the privacy of the user of user terminal.
The present embodiment is it is further preferred that provide a method, wherein judges that fishing access point 5 includes:
Compare the information and the preset information from laying wireless access point of illegal wireless access point, to detect whether being non-
From the wireless access point of the BSSID of laying.
When wireless access point is the wireless access point of the non-BSSID from laying, corresponding access point is detected, and export first
Testing result, wherein
If corresponding access point has from the SSID for laying Wireless LAN or converts SSID with probe requests thereby, the
One testing result is that corresponding access point is fishing access point 5.
In the present embodiment, fishing 5 judgment module of access point includes first detection module, wherein first detection module inspection
It surveys corresponding access point and exports the first testing result, and judged according to the first testing result and export fishing access point 5.
The present embodiment is it is further preferred that provide a method, wherein judgement fishing access point 5 further include:
Detect wireless access point SSID whether be from lay Wireless LAN SSID, also,
When the SSID of wireless access point is from the SSID for laying Wireless LAN, detect wireless access point SSID pairs
Whether the target MAC (Media Access Control) address for the message answered is non-from 2 address of gateway laid, and exports the second testing result, wherein
When the target MAC (Media Access Control) address of the corresponding message of the SSID of wireless access point is non-2 address of gateway laid certainly, second
Testing result is that corresponding access point is fishing access point 5.
In the present embodiment, fishing 5 judgment module of access point includes the second detection module, wherein the inspection of the second detection module
It surveys corresponding access point and exports the second testing result, and judged according to the second testing result and export fishing access point 5.
The present embodiment is it is further preferred that provide a method, wherein judgement fishing access point 5 further include:
Detection property message is sent to wireless access point by wireless client, and exports third testing result, wherein
When that can not receive detection property message from inside the network 1 laid, third testing result is that corresponding access point is to fish
Fish access point 5.
In the present embodiment, fishing 5 judgment module of access point includes third detection module, wherein the inspection of third detection module
It surveys corresponding access point and exports third testing result, and judged according to third testing result and export fishing access point 5.If
The delay of network 1 leads to detection property message loss, and third detection module, which can be delayed, retransmits detection property message.
Analysis module 13 exports fishing access by first detection module, the second detection module and third detection module respectively
Point 5.Three re-detections for passing through first detection module, the second detection module and third detection module in this way, can prevent leak detection from fishing
Fish access point 5, detection accuracy is high, substantially increases the safety of user.
The present embodiment is it is further preferred that provide a method, wherein judgement fishing access point 5 further include:
Before sending detection property message, constructs and inputs detection property message, wherein
Detection property message is the message that there is detection to identify voluntarily constructed according to user demand.
In the present embodiment, constructing and inputting detection property message can be realized by building detection property message module,
In, building detection property message module linking parsing module 13.Building detection property message module be used for according to default detection mark and
The automatic detection mark of addition in messages is carried out in the setting position of detection mark.
The present embodiment is it is further preferred that provide a method, wherein sending detection property message includes:
Detection property message is sent to wireless probe 16, also,
By wireless probe 16 to wireless access point send detection property message, with detect corresponding wireless access point whether be
Fishing access point 5.
Access point 5 of going fishing can be accurately determined in this way.Furthermore, input module 11 facilitates user according to oneself 1 environment of network
The case where set detection property message, using flexible effect is good.Also, detection efficiency and precision are high in this way.
The present embodiment is it is further preferred that provide a method, further includes:
After access point 5 is gone fishing in judgement, fishing access point 5 is alerted, and receives the characteristic information of fishing access point 5, will be corresponding
The characteristic information of fishing access point 5 is sent out by the way of short message alarm, mail alarm, sound alarm and/or system interface prompt
The administrator of WLAN is given, to remind administrator manually to check fishing access point 5, wherein
Characteristic information includes the characteristic information of MAC Address, signal strength, radio band, working channel and associated terminal.
In the present embodiment, the alarm of fishing access point 5 can be realized by alarm module.Alarm module, connection output
Analysis result is sent to by module 12 by the way of short message alarm, mail alarm, sound alarm and/or system interface prompt
The administrator of WLAN, to remind administrator manually to check fishing access point 5.In this way when discovery fishing access point
When 5, administrator in time can manually be checked fishing access point 5, greatly improve the safety of system.
The present embodiment is it is further preferred that provide a method, wherein filtering packets include:
Real-time reception message;
Keyword in the keyword of matching message and default message table;
By keyword in message table and corresponding type of message come the keyword in matching message, to identify message
Type of message, wherein type of message includes management class message, control class message and data message.
In the present embodiment, filtering module may include matching module.Matching module passes through the pass in preset message table
Key word and corresponding type of message carry out the keyword in matching message, to identify the type of message of message, wherein type of message packet
Include management class message, control class message and data message.
The only management in analysis Wireless LAN 1, control class message in this way, without the datagram of analysing terminal user
Text, and then protect the privacy of the user of user terminal.
The present embodiment is it is further preferred that provide a method, further includes:
The characteristic information that Wireless LAN 1 is preset before information comparative analysis, is obtained by data-interface from user network 1
It is derived from the characteristic information for laying Wireless LAN or wireless local area is laid by 1 administrator's typing of network by input module 11 certainly
The characteristic information of network, wherein
Characteristic information from laying Wireless LAN includes from the BSSID for laying Wireless LAN and laying wirelessly certainly
The SSID information of local area network.
In the present embodiment, input module 11 can be set in user terminal, and linking parsing module 13 is so that it is convenient to which user makes
With.
A kind of method of discovery fishing access point of the invention is illustrated above.For a kind of discovery of the invention
Go fishing access point the corresponding device of method specific features as shape, size and position can be according to the features disclosed in above-mentioned
Effect is specifically designed, these designs are that those skilled in the art can be realized.Moreover, each technology of above-mentioned disclosure is special
Sign be not limited to it is disclosed with other feature combination, those skilled in the art can also purpose according to the present invention carry out each skill
Other combinations between art feature, be subject to realize the present invention purpose.
Claims (9)
1. a kind of method of discovery fishing access point, for quickly finding the fishing wireless access point in WLAN, comprising:
The message in WLAN is collected, by cancelling IEEE802.11 protocol suite to the verifying function of message data link layer
Collect the message, also,
The message characteristic information of the message is obtained, to believe according to message characteristic information come the wireless correlation in collection network environment
Breath, wherein
The message characteristic information includes BSSID the and SSID information of the message;
Collect statistics information counts the message characteristic information of all messages in current wireless Local Area Network network environment;
Information comparative analysis matches the BSSID of the message according to the BSSID from laying Wireless LAN,
And according to the SSID for matching the message from the SSID for laying Wireless LAN, also,
As the BSSID of the message and SSID of the BSSID mismatch and/or the message for laying Wireless LAN certainly
When mismatching with the SSID from laying Wireless LAN, output sends the letter of the illegal wireless access point of the message
Breath;
Judgement fishing access point, receives the information of the illegal wireless access point, is clicked through with accessing respectively to the illegal wireless
Row verifying, to export fishing access point, wherein
It is described fishing access point be verify can not by the illegal wireless access point;
Wherein, the filtering packets before collect statistics information classify according to message format and filter the message, to filter out data
Message;
A plurality of clients pass through network attached server end, the first packet forwarding module are provided on user terminal, for receiving nothing
Line relevant information and detection property message, and forwarding radio related information and detection property message;
Input module, the second packet forwarding module, analysis module and output module are provided on server end, wherein analysis mould
Block includes wireless access point authentication module interconnected and fishing access point judgment module, for summarizing radio related information,
And compare the radio related information of wireless access point in Wireless LAN and preset from laying Wireless LAN
The radio related information of wireless access point, to judge whether access point is fishing access point and exports analysis result;
Collect statistics information realizes that input module is used to input wirelessly connecing from laying Wireless LAN by input module
The radio related information of access point, and building detection property message;
Information comparative analysis realizes that wireless access point authentication module can match wireless local area by wireless access point authentication module
The wireless related letter of the radio related information of wireless access point in network and the wireless access point from laying Wireless LAN
Breath, and then detect and export illegal wireless access point and corresponding radio related information;
Judgement fishing access point is realized by the fishing access point judgment module of analysis module, wherein fishing access point judgement
Module connects wireless access point authentication module, right according to illegal wireless access point and corresponding radio related information, and then respectively
Illegal wireless access point is verified, and exports fishing access point, wherein output fishing access point can by output module come
It realizes;
Output module linking parsing module, output module is for receiving analysis result and display and output analysis result.
2. according to the method described in claim 1, wherein, judging that fishing access point includes:
Compare the information and the preset information from laying wireless access point of the illegal wireless access point, it is wireless to detect
Whether the message in the collection WLAN that access point is sent includes non-from the BSSID for laying Wireless LAN;
When the message in the collection WLAN includes the non-BSSID for laying Wireless LAN certainly, detection is accordingly connect
Access point, and export the first testing result, wherein
If the message in the collection WLAN that corresponding access point is sent lays Wireless LAN described in including certainly
SSID or with probe requests thereby convert it is described collection WLAN in message SSID, then first testing result be
Corresponding access point is fishing access point.
3. according to the method described in claim 1, wherein, judging that fishing access point includes:
Whether the SSID for detecting wireless access point is described from the SSID for laying Wireless LAN, also,
When the message in the collection WLAN that wireless access point is sent includes described from laying Wireless LAN
When SSID, detect whether the message collected in WLAN includes non-from the gateway address laid, and export the second inspection
Survey result, wherein
When the message in the collection WLAN includes the non-gateway address laid certainly, second testing result is phase
Answering access point is fishing access point.
4. according to the method described in claim 1, wherein, judging that fishing access point includes:
Detection property message is sent to wireless access point by wireless client or wireless probe, and exports third testing result,
In,
When that can not receive the detection property message from the network internal laid, the third testing result is that corresponding access point is
Fishing access point.
5. according to the method described in claim 4, wherein, judging access point of going fishing further include:
Before sending detection property message, constructs and inputs detection property message, wherein
The detection property message is the message that there is detection to identify voluntarily constructed according to user demand.
6. according to the method described in claim 5, wherein, sending detection property message includes:
The detection property message is sent to wireless probe, also,
The detection property message is sent to wireless access point by the wireless probe, whether to detect corresponding wireless access point
For access point of going fishing.
7. according to the method described in claim 1, further include:
After access point is gone fishing in judgement, fishing access point alarm receives the characteristic information of the fishing access point, will accordingly go fishing
The characteristic information of access point is sent to nothing by the way of short message alarm, mail alarm, sound alarm and/or system interface prompt
The administrator of line local area network, to remind administrator manually to check fishing access point, wherein
The characteristic information includes the characteristic information of MAC Address, signal strength, radio band, working channel and associated terminal.
8. according to the method described in claim 1, wherein, filtering packets include:
Message described in real-time reception;
Match the keyword in the keyword and default message table of the message;
The keyword in the message is matched by keyword in the message table and corresponding type of message, to identify
State the type of message of message, wherein the type of message includes management class message, control class message and data message.
9. according to the method described in claim 1, further include:
The characteristic information that Wireless LAN is preset before information comparative analysis is obtained by data-interface from the network of user terminal
It is described that from the characteristic information for laying Wireless LAN or by input module, laying is wireless certainly as described in network administrator's typing
The characteristic information of local area network, wherein
It is described from the characteristic information for laying Wireless LAN include it is described from the BSSID for laying Wireless LAN and it is described from
Lay the SSID information of Wireless LAN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710010929.6A CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710010929.6A CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106507363A CN106507363A (en) | 2017-03-15 |
| CN106507363B true CN106507363B (en) | 2019-04-02 |
Family
ID=58345123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710010929.6A Active CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106507363B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961683B (en) * | 2017-03-21 | 2021-07-02 | 金华市智甄通信设备有限公司 | Method and system for detecting illegal AP and discoverer AP |
| CN109660991B (en) * | 2017-10-11 | 2021-03-19 | 腾讯科技(深圳)有限公司 | Pseudo base station prompting method, device and storage medium |
| CN108460103B (en) * | 2018-02-05 | 2019-10-15 | 百度在线网络技术(北京)有限公司 | Information acquisition method and device |
| CN109195166A (en) * | 2018-09-14 | 2019-01-11 | 厦门美图移动科技有限公司 | Internet access method and device |
| CN109803264B (en) * | 2018-12-24 | 2022-04-29 | 奇安信科技集团股份有限公司 | Method and device for recognizing wireless intrusion |
| CN109451530B (en) * | 2019-01-03 | 2022-04-22 | 中国联合网络通信集团有限公司 | Information collection method and information collection system |
| CN110012469B (en) * | 2019-04-29 | 2021-03-30 | 四川英得赛克科技有限公司 | Method for rapidly judging validity of wireless hotspot in industrial control environment |
| CN110087244A (en) * | 2019-04-29 | 2019-08-02 | 新华三技术有限公司 | A kind of information acquisition method and device |
| CN114173323A (en) * | 2020-08-21 | 2022-03-11 | 中芯未来(北京)科技有限公司 | Fishing WiFi detection method based on combination of terminal and cloud |
| CN113630782B (en) * | 2021-08-09 | 2024-06-18 | 迈普通信技术股份有限公司 | Wireless sharing detection method, device and system and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8655312B2 (en) * | 2011-08-12 | 2014-02-18 | F-Secure Corporation | Wireless access point detection |
-
2017
- 2017-01-06 CN CN201710010929.6A patent/CN106507363B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106507363A (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106507363B (en) | A method of discovery fishing access point | |
| US20220225101A1 (en) | Ai cybersecurity system monitoring wireless data transmissions | |
| KR102163280B1 (en) | An apparatus for network monitoring based on edge computing and method thereof, and system | |
| US9584487B2 (en) | Methods, systems, and computer program products for determining an originator of a network packet using biometric information | |
| US10152715B2 (en) | Detection of an unauthorized wireless communication device | |
| CN101352018B (en) | Method and system for network protection | |
| US7856656B1 (en) | Method and system for detecting masquerading wireless devices in local area computer networks | |
| CN107197456B (en) | Detection method and detection device for identifying pseudo AP (access point) based on client | |
| Cunche et al. | I know who you will meet this evening! linking wireless devices using wi-fi probe requests | |
| KR20100075043A (en) | Management system for security control of irc and http botnet and method thereof | |
| CN102857388A (en) | Cloud detection safety management auditing system | |
| US20080201109A1 (en) | Wireless Performance Analysis System | |
| CN101854275A (en) | Method and device for detecting Trojans by analyzing network behaviors | |
| US11240136B2 (en) | Determining attributes using captured network probe data in a wireless communications system | |
| CN105959290A (en) | Detection method and device of attack message | |
| CN110225062A (en) | A kind of method and apparatus monitoring network attack | |
| EP4044505A1 (en) | Detecting botnets | |
| Gasser et al. | Security implications of publicly reachable building automation systems | |
| CN206332851U (en) | A kind of discovery device for access point of going fishing | |
| CN101159636A (en) | System and method for detecting illegal access | |
| CN103067360B (en) | Program network Activity recognition method and system | |
| Lu et al. | Client-side evil twin attacks detection using statistical characteristics of 802.11 data frames | |
| WO2017070965A1 (en) | Data processing method based on software defined network and related device | |
| Meng et al. | Building a wireless capturing tool for WiFi | |
| CN116432805A (en) | Illegal service prediction method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |