CN106685843B - Method for safely strengthening router - Google Patents

Method for safely strengthening router Download PDF

Info

Publication number
CN106685843B
CN106685843B CN201710117754.9A CN201710117754A CN106685843B CN 106685843 B CN106685843 B CN 106685843B CN 201710117754 A CN201710117754 A CN 201710117754A CN 106685843 B CN106685843 B CN 106685843B
Authority
CN
China
Prior art keywords
verification
router
equipment
notification
triggered
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710117754.9A
Other languages
Chinese (zh)
Other versions
CN106685843A (en
Inventor
赵彩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University City College
Original Assignee
Xian Jiaotong University City College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University City College filed Critical Xian Jiaotong University City College
Priority to CN201710117754.9A priority Critical patent/CN106685843B/en
Publication of CN106685843A publication Critical patent/CN106685843A/en
Application granted granted Critical
Publication of CN106685843B publication Critical patent/CN106685843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for strengthening the router safely, set up WiFi to log on and verify in the end of the router, when the apparatus tries to access the router, trigger the verification, the host computer end obtains the apparatus information, judge whether the apparatus has already been listed in the blacklist, if yes, finish verifying, refuse to access; if not, entering the next step; the host side judges whether the equipment logs in the router before, if not, an alarm is triggered, and then the next verification is carried out; if yes, directly carrying out next verification; in the verification process, if the WiFi password passes once verification, an IP address is distributed by a DHCP of the router, whether a notification is triggered or not and in which manner the notification is determined according to user configuration information, and the notification content is an event that equipment logs in an intranet; if the WiFi password is not verified, a verification failure strategy is triggered, and access is refused, and the method and the device for the WiFi password authentication trigger reminding when a new client accesses WiFi by integrating related hardware and software for the router, so that a user can master the use condition of the router at any time.

Description

Method for safely strengthening router
Technical Field
The invention belongs to the technical field of wireless internet security application, relates to wireless terminal routing equipment, and particularly relates to a method for strengthening a router in security.
Background
In a real WiFi application scenario, if it is just a network-off, it is not enough to bring people's security into the attention in most cases, but if privacy disclosure is involved, security holes even further cause the loss of economic benefits, personal reputation and business secrets, and it is feared that it is too late. The wireless router is a terminal for a user to access the internet, and is also the weakest link in security and the link which is easy to cause problems. Here the safety issues are in two steps: firstly, a WiFi password is cracked (or leaked), and an opportunity is created for unauthorized local area network access; in the second step, the router itself is attacked, and thereafter, not only the security of the intranet of the lan supported by the router is flushed, but also the personal security of the user system (including but not limited to PC, mobile phone, etc.) is armed.
It is not new at all about the break of the WiFi password, which is just a matter of time why? The network of the wireless router is arranged in the following way:
WPS: for simplifying security setup and network management for wireless WiFi, it supports two modes: a Personal Identification Number (PIN) mode and a Push Button (PBC) mode. The PIN mode only has 11000 groups of passwords, and a large amount of cracking software on the network can crack the WiFi network encrypted in the mode by 100 percent; the PBC mode requires a client to be externally connected with a wireless network card and has a WPS button, and the WPS button is useless for internet access equipment, mobile phones, tablets and the like comprising a built-in network card, such as a PC (personal computer), a notebook and the like, and is almost useless in reality.
WPA-PSK (TKIP), WPA2-PSK (AES), WPA-PSK (TKIP) + WPA2-PSK (AES): WPA2 is the most used and highest encryption mode in wireless routing today. After grasping the 'handshake packet' with data, the common packet can run the password by itself, the diamond treasure can be handed to black products for running, the GPU speed of the diamond treasure is hundreds of times higher than that of the common equipment, and social library resources are added, application teammates such as WiFi universal keys (which can automatically upload and share hot-spot WiFi passwords) and the like are installed for assisting in attacking, and even if the WiFi passwords in the WPA2 mode are cracked, the probability event is also realized;
the Mac address is bound by the white name and the dhcp is closed, so that the problems are not solved, and all the problems are solved by corresponding means and determined by technical strength. So "defense is only one step and security is one system".
Once the WiFi password is broken, the second step mentioned above-router security is switched from two wires to one wire. The router is not protected by the https protocol, can be intercepted by monitoring and packet capturing, can be attacked by intranet running passwords, and is more difficult to protect.
Disclosure of Invention
In order to overcome the disadvantages of the prior art, the present invention provides a method for enhancing security of a router, which converts the concept without technically performing a positive countermeasure against an intruder, so that a general user can also improve the security of the router.
In order to achieve the purpose, the invention adopts the technical scheme that:
a method for strengthening a router safely sets WiFi login verification at a router end, and comprises the following steps:
step 1, when the equipment tries to access the router, the verification is triggered, the host acquires the equipment information, whether the equipment is listed in a blacklist or not is judged, if so, the verification is finished, and the access is refused; if not, entering the next step;
step 2, the host end judges whether the equipment logs in the router before, if not, the alarm is triggered, and then the next step of verification is carried out; if yes, directly carrying out next verification;
step 3, in the verification process, if the WiFi password passes verification once, an IP address is distributed by a router DHCP, whether a notification is triggered or not and in which mode the notification is carried out are determined according to user configuration information, and the notification content is an event that equipment logs in an intranet; and if the WiFi password is not verified, triggering a verification failure strategy and refusing access.
The router always keeps a monitoring state, and when the equipment leaves, whether a notification event is triggered or not is determined according to the read user configuration information, and the notification content is the event that the equipment leaves the intranet.
The host end is a device with a similar wireless/wired network access function, and includes but is not limited to a mobile, wireless, wired, router, power line modem, power line adapter, wireless extender, wireless AP, wireless controller, wireless remote controller, wireless VPN router, wired/wireless monitoring/storage/remote control (including but not limited to webcam/remote security device), and the like.
The authentication failure policy is: when the first verification of the WiFi login of the equipment fails, marking the last verification state of the equipment as failure, starting timing and counting, directly refusing verification according to the read user configuration information if the login verification request of the same equipment is received again, automatically adding the equipment to a blacklist, discarding the verification request sent by the client equipment in the blacklist equipment list later, and not verifying; or starting a delay verification strategy, wherein the nth time of allowed verification time is the delay time of the (n-1) th allowed verification time, a new delay time is obtained through calculation, and the nth time of verification request is accepted only after the new delay time is expired; or controlling according to the total number of allowed verification times set by the user, and after the verification failure times reach a set value, not receiving the WiFi login verification request of the equipment any more, and automatically adding the equipment into the blacklist list; or a combination of a delay strategy and a counting strategy.
At the same time, a manual confirmation button can be arranged on the router, and repeated verification which is immediately effective is directly allowed when the router is manually and physically confirmed by a user. The user can also manage the blacklist through a manual maintenance mode.
And when the notification event is triggered, respectively configuring different types of trigger notifications according to the host event type of the trigger event, and performing according to the read user configuration setting.
The execution of the notification event is performed asynchronously.
The notification is in the form of one or more of sound, light, screen display message, mobile phone message push notification, bracelet/smart watch reminding, short message, mail and voice incoming call notification.
Compared with the prior art, the invention can provide automatic processing and notification according to the user predefined mode when a new client device which is never accessed successfully accesses the WiFi or an event which does not pass the verification strategy appears by bringing in the monitoring mode to finish the safety management of the router, so that a user can master the use condition of the router at any time if the user wants to, the unauthorized invasion can be hidden everywhere and can not be hidden, and the router and the intranet are safe, and the application safety of the user is damaged, refusing to go outside the first gate. The same strategy is valid for wireless mobile routers or for routers with wired access.
Drawings
Fig. 1 is a general flowchart of a router security enforcement method.
Fig. 2 is a WiFi login authentication failure policy flow diagram.
Fig. 3 is a notification [ alarm ] function completed according to user configuration after integrating function modules.
Detailed Description
The embodiments of the present invention will be described in detail below with reference to the drawings and examples.
As shown in fig. 1 above, when a new WiFi login authentication request arrives, the router determines from the MAC address of the client device whether the device is on the black list listed on the router? If so, discarding the authentication request; if not, continuously judging whether the router is logged in before, if not, triggering and informing an alarm event (the legend 1: the explanation of figure 3, the same below) for the new client to log in the network for the first time; if the client which has logged in before logs in again, the event of triggering the notification [ alarm ] is saved, and the authentication processing process is directly started.
If the WiFi password passes once verification, an IP address can be allocated by a DHCP of the router (under the condition of dynamically allocating IP), whether to notify the [ alarm ] and the mode to notify the [ alarm ] to the user that the client successfully logs in the intranet is determined according to the configuration information of the user, the router keeps a monitoring state, and when the client leaves the intranet or other events occur, whether to trigger the notification of the [ alarm ] event is determined according to the read configuration of the user; if the WiFi password is not verified, triggering a verification failure strategy, which is explained by referring to FIG. 2;
WiFi login authentication failure policy:
as shown in fig. 2, after the client device fails to log in the WiFi for the first time, the last verification status of the client device is marked as failure, and timing and counting are started, if a login verification request of the same client device is received again, according to the read user configuration setting, verification can be directly refused, information such as the MAC address of the client device is automatically added to the blacklist, and the verification request sent by the client device in the blacklist device list is discarded later without verification; or starting a delay verification strategy, wherein the nth time allowed verification time is the delay time of the nth-1 time allowed verification, a new delay time is obtained through an algorithm, and the nth time verification request is accepted only after the new delay time is expired; or controlling according to the total number of allowed verification set by the user, for example, after the verification failure number reaches n, the WiFi login verification request of the client equipment is not accepted any more, and the information such as the MAC address of the client equipment is automatically added into the blacklist; or the combination of the delay strategy and the counting strategy is set by the user;
or when the verification fails each time, a notification [ alarm ] event is triggered, and when the router is designed and manufactured, a manual confirmation button is added, so that the repeated verification which is effective immediately is directly allowed when the user manually and physically confirms.
The policy setting when the WiFi login authentication fails, including but not limited to the above-mentioned ones, may also be used in combination, the device blacklist may be added automatically by the device, and the user may also maintain manually, when the authentication passes again, the next operation returns to the next step of the main process of the WiFi login authentication.
A notification [ alarm ] module:
as shown in fig. 3, when the notification [ alarm ] event is triggered, different types of triggered notifications [ alarm ] may be configured according to the host event type of the trigger event, and this is performed according to the read user configuration setting. The execution of the notification alarm event is asynchronous, so that the response and the performance of the router are not influenced by the interference of other factors. Integrated and expanded modules and functionality that can be used to notify [ alerts ], including but not limited to the following forms: voice-to-voice broadcast, color and flashing frequency of light-to-breath lights, screen display messages (the first three are applicable to mobile wireless routers), mobile message push notifications, bracelet/smart watch reminders, text messages, mail, voice incoming call notifications, etc. The various types of notifications (alarms) can be used in combination with multiple options, so that the user can master any transaction of the WiFi network in the home even if the user is out of thousands of miles.
In conclusion, the method and the device are convenient and easy to implement, are suitable for various scenes, avoid the complexity of white list setting, and facilitate users to timely identify and monitor the use condition of the current network.

Claims (5)

1. A method for strengthening a router safely is characterized by setting WiFi login verification at a router end and comprising the following steps:
step 1, when the equipment tries to access the router, the verification is triggered, the host acquires the equipment information, whether the equipment is listed in a blacklist or not is judged, if so, the verification is finished, and the access is refused; if not, entering the next step; the router always keeps a monitoring state, and when equipment leaves, whether a notification event is triggered or not is determined according to the read user configuration information, and the notification content is the event that the equipment leaves the intranet;
step 2, the host end judges whether the equipment logs in the router before, if not, the alarm is triggered, and then the next step of verification is carried out; if yes, directly carrying out next verification;
step 3, in the verification process, if the WiFi password passes verification once, an IP address is distributed by a router DHCP, whether a notification is triggered or not and in which mode the notification is carried out are determined according to user configuration information, and the notification content is an event that equipment logs in an intranet; if the WiFi password is not verified, triggering a verification failure strategy and refusing access; the authentication failure policy is: when the first verification of the WiFi login of the equipment fails, marking the last verification state of the equipment as failure, starting timing and counting, directly refusing verification according to the read user configuration information if the login verification request of the same equipment is received again, automatically adding the equipment to a blacklist, discarding the verification request sent by the client equipment in the blacklist equipment list later, and not verifying; or starting a delay verification strategy, wherein the nth time of allowed verification time is the delay time of the (n-1) th allowed verification time, a new delay time is obtained through calculation, and the nth time of verification request is accepted only after the new delay time is expired; or controlling according to the total number of allowed verification times set by the user, and after the verification failure times reach a set value, not receiving the WiFi login verification request of the equipment any more, and automatically adding the equipment into the blacklist list; or the delay strategy is combined with the counting strategy;
when the verification fails, a notification event is triggered, different types of trigger notifications are respectively configured according to the host event types of the trigger events when the notification event is triggered, the notification is performed according to the read user configuration settings, and the execution of the notification event is performed asynchronously.
2. The method of claim 1, wherein the host is a device with wireless/wired network access function.
3. A method for security enhancing a router according to claim 1, wherein a manual confirmation button is provided on the router to directly allow for repeated authentication to be effected immediately upon manual physical confirmation by a user.
4. The method of claim 1, wherein the user manages the blacklist by manual maintenance.
5. A method for security enhancing router according to claim 1, wherein the notification is in the form of one or more of sound, light, on screen message, mobile phone message push notification, bracelet/smart watch alert, short message, email, voice incoming call notification.
CN201710117754.9A 2017-03-01 2017-03-01 Method for safely strengthening router Active CN106685843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710117754.9A CN106685843B (en) 2017-03-01 2017-03-01 Method for safely strengthening router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710117754.9A CN106685843B (en) 2017-03-01 2017-03-01 Method for safely strengthening router

Publications (2)

Publication Number Publication Date
CN106685843A CN106685843A (en) 2017-05-17
CN106685843B true CN106685843B (en) 2020-06-02

Family

ID=58862532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710117754.9A Active CN106685843B (en) 2017-03-01 2017-03-01 Method for safely strengthening router

Country Status (1)

Country Link
CN (1) CN106685843B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106993062B (en) * 2017-05-31 2020-06-02 北京小米移动软件有限公司 Message pushing method and device
CN107454001A (en) * 2017-07-10 2017-12-08 魏喜荣 It is a kind of to possess voice reminder and the router of detection function
CN107241348A (en) * 2017-07-13 2017-10-10 上海斐讯数据通信技术有限公司 Alarming method and system that a kind of router is logged in
CN113160459B (en) * 2021-04-01 2023-06-06 深圳市欧瑞博科技股份有限公司 False alarm intelligent processing method of door lock, door lock equipment and computer readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105472610A (en) * 2015-11-20 2016-04-06 上海斐讯数据通信技术有限公司 Logging-in management method and apparatus of wireless router
CN105554845A (en) * 2015-07-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Access method, router, and terminal

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7606821B2 (en) * 2004-06-30 2009-10-20 Ebay Inc. Method and system for preventing fraudulent activities
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
CN103856941A (en) * 2012-12-05 2014-06-11 腾讯科技(深圳)有限公司 Wireless network monitoring method and related device
CN104113934B (en) * 2014-07-25 2017-09-05 北京奇虎科技有限公司 The method and access system of communication equipment couple in router
CN104105092A (en) * 2014-07-25 2014-10-15 无锡市崇安区科技创业服务中心 Security monitoring method for wireless network
CN105119871A (en) * 2014-12-08 2015-12-02 哈尔滨安天科技股份有限公司 WIFI monitoring method and system based on terminal equipment
CN104683980A (en) * 2015-02-10 2015-06-03 四川长虹电器股份有限公司 Antitheft security management system and method for home wireless router
CN104796896B (en) * 2015-04-29 2019-04-12 北京奇艺世纪科技有限公司 A kind of method, apparatus and system of wireless network authorization access
CN106095220B (en) * 2016-05-30 2019-09-27 北京小米移动软件有限公司 Notification message reminding method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105554845A (en) * 2015-07-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Access method, router, and terminal
CN105472610A (en) * 2015-11-20 2016-04-06 上海斐讯数据通信技术有限公司 Logging-in management method and apparatus of wireless router

Also Published As

Publication number Publication date
CN106685843A (en) 2017-05-17

Similar Documents

Publication Publication Date Title
CN106685843B (en) Method for safely strengthening router
US7316031B2 (en) System and method for remotely monitoring wireless networks
CN1781099B (en) Automatic configuration of client terminal in public hot spot
JP3585422B2 (en) Access point device and authentication processing method thereof
US9553897B2 (en) Method and computer device for monitoring wireless network
US7710933B1 (en) Method and system for classification of wireless devices in local area computer networks
KR102329493B1 (en) Method and apparatus for preventing connection in wireless intrusion prevention system
Waliullah et al. Wireless LAN security threats & vulnerabilities
CN109618344B (en) Safe connection method and device of wireless monitoring equipment
CN105072613A (en) Wireless network system and wireless network access method
CN104486765A (en) Wireless intrusion detecting system and detecting method
WO2016086763A1 (en) Wireless access node detecting method, wireless network detecting system and server
CN103327484A (en) Method for clearing illegal AP in wireless local area network
CN104168561A (en) Hot-spot configuration method and accessing method and device in wireless local-area network
WO2016131289A1 (en) Method, device and user equipment for testing security of wireless hotspot
CN104660572A (en) Novel method and device for controlling mode data for denial of service attack in access network
CN109327465B (en) Method for safely resisting network hijacking
CN105516093B (en) A kind of method and router of anti-loiter network
Hafiz et al. Profiling and mitigating brute force attack in home wireless LAN
CN105792216B (en) Wireless fishing based on certification accesses point detecting method
Huang et al. A whole-process WiFi security perception software system
Kaplanis Detection and prevention of man in the middle attacks in Wi-Fi technology
CN106658484A (en) Method for preventing wireless network attacks, terminal and wireless access point
VanSickle et al. Effectiveness of tools in identifying rogue access points on a wireless network
RU124102U1 (en) VULNERABILITY IDENTIFICATION DEVICE IN WIRELESS NETWORK TYPE WI-FI

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant