CN106686590A - Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment - Google Patents
Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment Download PDFInfo
- Publication number
- CN106686590A CN106686590A CN201510760449.2A CN201510760449A CN106686590A CN 106686590 A CN106686590 A CN 106686590A CN 201510760449 A CN201510760449 A CN 201510760449A CN 106686590 A CN106686590 A CN 106686590A
- Authority
- CN
- China
- Prior art keywords
- terminal
- control
- failure
- threshold value
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a controlled terminal identification method, a controlled terminal management method, a controlled terminal identification device, a controlled terminal management device and wireless access point equipment, wherein the number of failures in accessing the wireless access point equipment by the terminal through a password can be obtained. The obtained number of failures is compared with a preset controlled threshold. Whether the terminal is the controlled terminal which requires additional management is determined according to a comparison result. Therefore automatic identification of the controlled terminal can be realized. Furthermore the controlled terminals can be managed according to a preset management rule, thereby preventing right damage of a valid user caused by free accessing into the wireless access point equipment by the controlled terminals. The controlled terminal identification, the controlled terminal management method, the controlled terminal identification device, the controlled terminal management device and the wireless access point equipment have advantages of easy realization, high accuracy, in-time management on the identified illegal terminals, and improving user experience to a certain extent.
Description
Technical field
The present invention relates to the communications field, and in particular to a kind of control terminal recognition and management method, device, nothing
Line access point apparatus.
Background technology
With the extensive application and the popularization of wireless network of intelligent terminal, WiFi (Wireless-Fidelity)
Increasingly become indispensable environment in people's life, public place, office space and home network device
Be increasingly using WLAN (Wireless Local Area Networks) AP (Access Point, wirelessly
Access point) technical limit spacing Internet service.And the awareness of safety of corresponding self terminal device of people is also increasingly
By force, this requires that WAP can provide safely and effectively key and access service.Some restrictions at present
Terminal utilizes some illegal softwares, access key can be got by some technological means, so as to smoothly connect
Enter WAP, so as to share network traffics.The situation is all generally deposited in family and commercial wireless access point
Greatly loss and risk are being caused to WAP holder.But at present, having no effective method can
It is limiting terminal and and then takes it corresponding control automatically identifies which terminal.It is above-mentioned in order to be directed to
Problem, can only arrange black and white lists manually currently for WAP, and be manually set in blacklist
Terminal will be unable to access, only manually by terminal should from blacklist delete, the access terminal can be realized
Access.
For said method, because current limiting terminal many obtains WAP keys using having on network
Illegal software, can by software polling attempt get WAP key, so as to illegally be linked into
The focus, free use flow;This to this kind of limiting terminal due to having no automatic identifying method at present, because
This only realizes that difficulty is big by the mode of manual identification and addition limiting terminal, and hysteresis quality is strong, it is difficult to ensure that wirelessly
The rights and interests of access point apparatus, and operating process is loaded down with trivial details.
The content of the invention
The main technical problem to be solved in the present invention is to provide a kind of control terminal recognition and management method, dress
Put, wireless access point device, solve existing automatic identification limiting terminal and limiting terminal cannot be carried out automatically
The problem of management.
To solve above-mentioned technical problem, the present invention provides a kind of control terminal identification method, including:
Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;
The frequency of failure and default control threshold value are compared, the terminal is judged according to comparative result
Whether it is the control terminal for needing management;Wherein described control threshold value is that default terminal attempts password access mistake
The number of times for losing.
In an embodiment of the present invention, the control threshold value includes the first control threshold value, the control end
End includes suspicious terminal, described to judge whether the terminal is that illegal terminal includes according to comparative result:
Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, judges the terminal
For suspicious terminal.
In an embodiment of the present invention, the control threshold value is also included more than the first control threshold value
Second control threshold value, the control terminal includes illegal terminal;It is described that the terminal is judged according to comparative result
Whether it is that illegal terminal also includes:
The frequency of failure is judged more than after the first control threshold value, continuation obtains the frequency of failure, when
When the frequency of failure is more than or equal to the second control threshold value, judge the terminal for illegal terminal.
In an embodiment of the present invention, the frequency of failure is compared with the first control threshold value
When, the frequency of failure is in the first preset time period, the terminal attempts password and accesses the secondary of continuous failure
Number, or the number of times of terminal trial password access accumulation failure;
When the frequency of failure is compared with the second control threshold value, the frequency of failure is second pre-
If in the time period, the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and is connect
Enter the number of times of accumulation failure;Second preset time period is more than or equal to first preset time period.
In an embodiment of the present invention, the frequency of failure is that the terminal attempts the continuous mistake of password access
The number of times for losing, or the number of times of terminal trial password access accumulation failure.
In order to solve the above problems, present invention also offers a kind of illegal terminal management method, including:
Connect using the current password of attempting of control terminal identification method identification as described in any one of claim 1-5
Enter the control terminal of wireless access point device;
When control terminal has been identified, to the control terminal that identifies according to default management rule at
Reason.
In an embodiment of the present invention, when the control terminal for identifying is suspicious terminal, to the pipe
Terminal processed carries out process according to default management rule to be included:
The suspicious terminal is added in gray list, and to the terminal in the gray list using the first management rule
Then it is managed.
In an embodiment of the present invention, first management rule includes:
The suspicious terminal in the gray list is forbidden to access the wireless access point device, or in the gray list
In suspicious terminal access the flow and/or connection that the suspicious terminal is limited after the wireless access point device
Duration.
In an embodiment of the present invention, first management rule also includes:
Suspicious terminal in the gray list proceeds monitoring, when monitoring the continuous n times of the suspicious terminal
Input proper password or when being input into proper password accumulative M time, the suspicious terminal is changed the original sentence to as legal terminal, from
The suspicious terminal is deleted in the gray list;The N is more than or equal to 2, less than or equal to 5;The M is more than
Equal to 2, less than or equal to 10.
In an embodiment of the present invention, when the control terminal for identifying is illegal terminal, to the pipe
Terminal processed carries out process according to default management rule to be included:
The illegal terminal is added in blacklist, and second pipe is adopted to the illegal terminal in the blacklist
Reason rule is managed.
In an embodiment of the present invention, second management rule includes:In forbidding the blacklist
Illegal terminal accesses the wireless access point device.
In order to solve the above problems, present invention also offers a kind of control terminal identification means, including:
Statistical module, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;
Processing module, for the frequency of failure and default control threshold value to be compared, according to comparing knot
Fruit judges whether the terminal is control terminal;Wherein described control threshold value is that default terminal trial password connects
Enter the number of times of failure.
In an embodiment of the present invention, the processing module includes the first judging submodule, the control
Threshold value includes the first control threshold value, and the control terminal includes suspicious terminal;
Whether first judging submodule is used to judge the frequency of failure more than or equal to the first control threshold
Value, in this way, judges that the terminal is suspicious terminal.
In an embodiment of the present invention, the processing module also includes the second judging submodule, the pipe
Threshold value processed also includes the second control threshold value more than the first control threshold value, and the control terminal includes illegal
Terminal;
Whether second judging submodule is used to judge the frequency of failure more than or equal to the second control threshold
Value, in this way, judges the terminal for illegal terminal.
In order to solve the above problems, present invention also offers a kind of control terminal management apparatus, including obtain mould
Block and management module;
The acquisition module is used to obtain the control terminal identification means as described in any one of claim 12-14
The current trial password for identifying accesses the control terminal of wireless access point device;
The management module is used to enter the control terminal that the acquisition module is obtained according to default management rule
Row is processed.
In an embodiment of the present invention, the management module includes the first management submodule, for working as
State control terminal for suspicious terminal when, the terminal is added in gray list, and to the end in the gray list
End is managed using the first management rule.
In an embodiment of the present invention, the management module includes the second management submodule, for working as
State control terminal for illegal terminal when, the terminal is added in blacklist, and to the end in the blacklist
End is managed using the second management rule.
In order to solve the above problems, present invention also offers a kind of wireless access point device, including it is as described above
Control terminal identification means and control terminal management apparatus as above;The control terminal identification means
For from identification of illegal terminal in the current terminal for attempting the password access wireless access point device;
The control terminal management apparatus are used for the control terminal root identified to the control terminal identification means
Processed according to default management rule.
The invention has the beneficial effects as follows:
Control terminal recognition and management method, device, wireless access point device that the present invention is provided, can pass through
Acquisition terminal attempts the frequency of failure that password accesses wireless access point device, according to the frequency of failure for obtaining and in advance
If control threshold value be compared, judge that whether terminal is the pipe that needs additionally to be managed according to comparative result
Terminal processed, therefore the automatic identification of control terminal can be realized;And then can be according to default management rule to this
Class control terminal is managed, it is to avoid control free terminal accesses wireless access point device infringement validated user power
Benefit.And the above-mentioned control terminal recognition and Managed Solution of present invention offer realizes simple, accuracy rate height and energy
In time the limiting terminal to identifying is managed, and can largely lift the satisfaction of Consumer's Experience.
Description of the drawings
Fig. 1 is the control terminal identification method schematic flow sheet that the embodiment of the present invention one is provided;
Fig. 2 is the limiting terminal management method schematic flow sheet that the embodiment of the present invention one is provided;
Fig. 3 is the control terminal identification means structural representation that the embodiment of the present invention two is provided;
Fig. 4 is the structural representation of processing module in Fig. 3;
Fig. 5 is the limiting terminal managing device structural representation that the embodiment of the present invention two is provided;
Fig. 6 is the structural representation of management module in Fig. 5;
Fig. 7 is the limiting terminal management method schematic flow sheet that the embodiment of the present invention three is provided.
Specific embodiment
The present invention can pass through to obtain the frequency of failure that terminal trial password accesses wireless access point device automatically, root
The control terminal being additionally managed is recognized the need for according to the frequency of failure for obtaining, and then according to default management
Rule is managed to this kind of control terminal, lifts the cut-in quality and safety of legal terminal, prevents this kind of pipe
Terminal processed (namely above-mentioned trial password access failure number of times is more than or equal to default certain number of times, namely control
This Terminal Type of threshold value) freely use flow and information sharing.And the scheme that provides of the present invention realize it is simple,
Accuracy rate is high, promptness is good, can greatly promote the satisfaction of Consumer's Experience.Below by specific embodiment
The present invention is described in further detail with reference to accompanying drawing.
Embodiment one:
In the present embodiment, include two stages to the process of limiting terminal, first stage is i.e. to wirelessly connecing
Enter the control terminal that point device initiates to identify a need for managing in the terminal for connecting;Second stage is
The control terminal identified to first stage is managed.Separately below example is carried out to the above-mentioned two stage
Explanation.
Shown in Figure 1, the process of the control terminal identification method provided in the present embodiment includes:
Step 101:Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;
Step 102:By obtain the terminal the frequency of failure and default control threshold value be compared, according to than
Relatively result determines whether the terminal is control terminal.
Namely the present embodiment Fig. 1 is provided and is attempted the failure that password is accessed to wireless access point device according to terminal
It is the limiting terminal for needing additional management which terminal number of times automatically identifies, and has filled up how automatic identification is limited
The technological gap of terminal processed;And the program realizes simple, recognition accuracy height, takes resource few.
In the present embodiment, it can be assumed that every frequency of failure is all more than or equal to the terminal of default control threshold value
Limiting terminal.But in order to lift accuracy and the flexibility of management, the present embodiment can also enter to limiting terminal
Row further classification, for example, can be divided into suspicious end to limiting terminal according to the frequency of failure situation of its trial connection
End and illegal terminal;Wherein suspicious terminal to attempt and can have failed the terminal of certain number of times with qualitative, but should
The frequency of failure is also not enough to regard as constituting malicious intrusions, but has the suspicion of malicious intrusions connection;Illegal terminal
The terminal that attempt and have failed more number of times is then referred to, and the frequency of failure be enough to regard as constituting malicious intrusions.
It is the first control threshold value that suspicious terminal setup failed number of times decision threshold is directed in the present embodiment, and correspondence is illegal eventually
End setup failed number of times decision threshold is the second control threshold value;Generally the second control threshold value is more than first
Control threshold value, now, by the frequency of failure and default control threshold of the terminal for obtaining in above-mentioned steps 102
The process that value is compared includes:
First the terminal frequency of failure of acquisition can be compared with the first control threshold value, such as larger than equal to first pipe
Threshold value processed, then judge that the terminal is suspicious terminal;
After judging the terminal for suspicious terminal, continue the frequency of failure for obtaining the terminal, and the mistake that will be obtained
Lose number of times to be compared with the second control threshold value, when the frequency of failure is more than or equal to the second control threshold value, then sentence
The fixed terminal is illegal terminal.
In the present embodiment, obtaining the mode of the terminal frequency of failure can adopt following any-mode:
Mode one:The frequency of failure is that terminal attempts the number of times that password accesses continuous failure, or terminal attempts password
Access the number of times of accumulation failure;This mode can time-out, acquisition be terminal the history frequency of failure;
For example when the frequency of failure is that terminal attempts the number of times of the continuous failure of password access, corresponding first control threshold value
May be configured as 10 times, corresponding second control threshold value may be configured as 30 times or 35 times etc.;For example fail again
When number of times is that terminal attempts the number of times of password access accumulation failure, corresponding first control threshold value may be configured as 15
Or 20 times, corresponding second control threshold value may be configured as 40 times or 50 times etc.;Namely in the present embodiment respectively
The concrete value of threshold value can flexibly select to arrange according to current practical application scene.
Mode two:When whether judge terminal be suspicious terminal, the frequency of failure of acquisition is the first preset time period
Interior, terminal attempts the number of times that password accesses continuous failure, or terminal attempts the number of times that password accesses accumulation failure;
When judging terminal for illegal terminal, the frequency of failure of acquisition is that in the second preset time period, terminal is attempted
Password accesses the number of times of continuous failure, or terminal attempts the number of times that password accesses accumulation failure;Second it is default when
Between section be more than the first preset time period.
For example, it may be judged whether when being suspicious terminal, obtaining within 10 seconds this time periods of the first preset time period
Whether terminal attempts password and accesses the number of times of continuous failure existing more than or equal to the first control threshold value 10 times, or acquisition
Terminal attempts password and whether accesses the number of times of accumulative failure more than or equal to the first control threshold in 10 seconds this time periods
Value 20 times;When whether judge terminal be illegal terminal, obtain the first preset time period 15 or 20 seconds this
Terminal attempts password and accesses the number of times of continuous failure whether be more than or equal to the second control threshold value 30 times in time period,
Or whether acquisition number of times of the accumulative failure of terminal trial password access within 15 or 20 seconds this time periods is more than
Equal to the second control threshold value 35 times.
It should be appreciated that the first preset time period in the present embodiment also can with second then the time period it is equal.
It is then now to be taken at the more terminal of the frequency of failure in same time period for illegal terminal.
In the present embodiment, for the terminal being judged in illegal terminal, then no longer changed the original sentence to automatically, removed
Non-administrator or user are changed the original sentence to it manually;And for the terminal of suspicious terminal is judged to, then can basis
Certain rule of changing the original sentence to is changed the original sentence to as legal terminal, so can increase limiting terminal control flexibility and
Accuracy, it is to avoid erroneous judgement causes terminal to be judged to the situation of limiting terminal.For example, this is changed the original sentence to rule and specifically may be used
For:
It should be appreciated that the rule of changing the original sentence in the present embodiment is not limited to above-mentioned rule, for example also dependent on
The instruction that keeper or user issue is changed the original sentence to accordingly.
Got after limiting terminal by said process, you can according to default management rule to corresponding restriction
Terminal is processed.The process is shown in Figure 2, including:
Step 201:The current restriction end for attempting password access wireless access point device is identified by said method
End;
Step 202:Limiting terminal to identifying is processed according to default management rule.
In the present embodiment, when not being classified to limiting terminal, then for all limiting terminals can be using system
One management rule is processed, for example, directly all add blacklist, and forbids connection WAP to set
It is standby.But the present embodiment can adopt above-mentioned differentiated control to further lift accurately determining and flexibility for management
Mode, limiting terminal is divided into suspicious terminal and illegal terminal, wherein:
When the terminal for identifying be suspicious terminal when, to the limiting terminal according to default management rule at
Reason includes:The suspicious terminal is added in gray list, and to gray list in suspicious terminal manage using first
Rule is managed.
When the terminal for identifying be illegal terminal when, to the limiting terminal according to default management rule at
Reason includes:Illegal terminal is added in blacklist, and to the illegal terminal in blacklist using the second management rule
Then it is managed.
Terminal is added in gray list and blacklist in the present embodiment specifically can be believed by the unique identification by terminal
Breath is added in gray list and blacklist, for example, the MAC Address of terminal is added in gray list and blacklist.
The first management rule in the present embodiment includes:The suspicious terminal in gray list is forbidden to access wireless access
Point device, or the suspicious terminal in gray list is when being linked into wireless access point device, limits the suspicious terminal
Flow and/or connection duration.
The second management rule in the present embodiment includes:The illegal terminal in blacklist is forbidden to access wireless access
Point device;Because impact of the illegal terminal to user than larger, therefore can directly forbid it to access.Certainly,
According to concrete application scene, can be accessed using its is not prohibited by similar first management rule, but be connect at it
Its flow and/or connection duration are limited after entering, can be limited by the way of more strict.
In addition, the first management rule in the present embodiment may also include to gray list in suspicious terminal continue into
Row monitoring, when monitoring the continuous n times input proper password of the suspicious terminal or be input into proper password accumulative M time
When, the suspicious terminal is changed the original sentence to as legal terminal, the suspicious terminal is deleted from gray list;The present embodiment
The value of middle N and M can go in theory any one value more than or equal to 2, for example, can set N and be more than
Equal to 2, less than or equal to 5, specifically such as N is equal to 2,3 or 5;M is for example set again is more than or equal to 2,
Less than or equal to 10, specifically such as N is equal to 2,3,5,8 or 10.By the way can be by suspicious end
After end is deleted from gray list, allow for the terminal and normally access.
In the present embodiment, when the terminal for being judged as suspicious terminal or illegal terminal is sent out to wireless access point device
When playing connection, can also notify that it is judged as suspicious terminal or non-to the corresponding notification message of the terminal feedback
Method terminal, forbids its connection or accesses immediately also limit its flow and/or connection duration.For example, can adopt
802.11 frames notify, the type field of frame head (Mac header), the Subtype values 0000 of management frame~
1001 is Reserved, at present and is not used, and in the present embodiment, the reserved field be used to carry mark
Information;For identification information, arrange but be not limited to 0000,0001 and represent user's gray list respectively and user is black
List, if it is 0000 to detect control frame identification information, for informing that terminal at present received by the terminal
In entering gray list, forbid its connection or access immediately also limit its flow and/or connection duration;If detecting
Beacon information in control frame is 0001, for informing that at present the terminal has been included into blacklist terminal,
It is forbidden to connect.
Embodiment two:
A kind of control terminal identification means are present embodiments provided, shown in Figure 3, it includes:
Statistical module 31, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;
Processing module 32, the frequency of failure and default control threshold value for statistical module 31 to be obtained is compared
Compared with judging whether terminal is limiting terminal according to comparative result.
In the present embodiment, it can be assumed that every frequency of failure is all more than or equal to the terminal of default control threshold value
Limiting terminal.But in order to lift accuracy and the flexibility of management, the present embodiment can also enter to limiting terminal
Row further classification, for example, can be divided into suspicious end to limiting terminal according to the frequency of failure situation of its trial connection
End and illegal terminal.Now, shown in Figure 4, the processing module 32 in the present embodiment is sentenced including first
Disconnected submodule 321, control threshold value includes the first control threshold value;
Whether the first judging submodule 321 is used to judge the frequency of failure of the terminal for obtaining more than or equal to first pipe
Threshold value processed, in this way, judges terminal as suspicious terminal.
Processing module 32 also includes the second judging submodule 322, and control threshold value is also included more than the first control threshold
Second control threshold value of value;
Whether the second judging submodule 322 is used to judge the frequency of failure of the terminal for obtaining more than or equal to second pipe
Threshold value processed, in this way, judges that terminal is illegal terminal.
In the present embodiment, statistical module 31 obtains the mode of the terminal frequency of failure and can adopt following any-mode:
Mode one:The frequency of failure is that terminal attempts the number of times that password accesses continuous failure, or terminal attempts password
Access the number of times of accumulation failure;This mode can time-out, statistical module 31 obtain is terminal history
The frequency of failure;For example when the frequency of failure is that terminal attempts password and accesses the number of times of continuous failure, corresponding the
One control threshold value may be configured as 10 times, and corresponding second control threshold value may be configured as 30 times or 35 times etc.;
When again such as frequency of failure is that terminal attempts the number of times of password access accumulation failure, corresponding first control threshold value
May be configured as 15 or 20 times, corresponding second control threshold value may be configured as 40 times or 50 times etc.;Namely
The concrete value of each threshold value can flexibly select to arrange according to current practical application scene in the present embodiment.
Mode two:When whether judge terminal be suspicious terminal, the frequency of failure that statistical module 31 is obtained is first
In preset time period, terminal attempts the number of times that password accesses continuous failure, or terminal attempts password and accesses accumulation
The number of times of failure;
When judging terminal for illegal terminal, statistical module 31 obtain the frequency of failure be the second preset time period in,
Terminal attempts the number of times that password accesses continuous failure, or terminal attempts the number of times that password accesses accumulation failure;The
Two preset time periods are more than the first preset time period.
For example, it may be judged whether when being suspicious terminal, obtaining within 10 seconds this time periods of the first preset time period
Whether terminal attempts password and accesses the number of times of continuous failure existing more than or equal to the first control threshold value 10 times, or acquisition
Terminal attempts password and whether accesses the number of times of accumulative failure more than or equal to the first control threshold in 10 seconds this time periods
Value 20 times;When whether judge terminal be illegal terminal, obtain the first preset time period 15 or 20 seconds this
Terminal attempts password and accesses the number of times of continuous failure whether be more than or equal to the second control threshold value 30 times in time period,
Or whether acquisition number of times of the accumulative failure of terminal trial password access within 15 or 20 seconds this time periods is more than
Equal to the second control threshold value 35 times.
It should be appreciated that the first preset time period in the present embodiment also can with second then the time period it is equal.
It is then now to be taken at the more terminal of the frequency of failure in same time period for illegal terminal.
Shown in Figure 5, the present embodiment additionally provides a kind of limiting terminal managing device, including obtains mould
Block 61 and management module 62;
Acquisition module 61 is used to obtain current trial password by control terminal identification means as shown in Figure 3-4
Access the limiting terminal in the terminal of wireless access point device;
Management module 62 is used to carry out the limiting terminal that acquisition module 61 is obtained according to default management rule
Process.
Shown in Figure 6, the management module 62 in the present embodiment includes the first management submodule 621 and ash
List arranges submodule 622.Gray list setup module 622 is used to arrange gray list, including arranges in gray list
Allow the rules such as the maximum number of terminals of storage;First management submodule 621 is used to work as control terminal identification means
When the terminal for identifying is suspicious terminal, the terminal is added in gray list, and the terminal in gray list is adopted
It is managed with the first management rule;
Management module 62 also includes that the second management submodule 623 and blacklist arrange submodule 624.Blacklist
Arranging submodule 624 is used to arrange blacklist, including arranges maximum number of terminals for allowing to store in blacklist etc.
Rule;The terminal that second management submodule 623 is used to be identified when control terminal identification means is illegal terminal
When, the terminal is added in blacklist, and the terminal in blacklist is managed using the second management rule.
The first management rule in the present embodiment includes:The suspicious terminal in gray list is forbidden to access wireless access
Point device, or the suspicious terminal in gray list is when being linked into wireless access point device, limits the stream of the terminal
Amount and/or connection duration.The first management rule in the present embodiment may also include for gray list in suspicious end
End proceeds monitoring, when monitoring the continuous n times input proper password of the suspicious terminal or be input into for accumulative M time
During proper password, the suspicious terminal is changed the original sentence to as legal terminal, the suspicious terminal is deleted from gray list;
The value of N and M can go in theory any one value more than or equal to 2 in the present embodiment.
The second management rule in the present embodiment includes:Forbid the terminal in blacklist to access WAP to set
It is standby;Because impact of the illegal terminal to user than larger, therefore can directly forbid it to access.Certainly, root
According to concrete application scene, can be accessed using its is not prohibited by similar first management rule, but in its access
After limit its flow and/or connection duration, can be limited by the way of more strict.
It should be appreciated that the above-mentioned control terminal identification means of the present embodiment and limiting terminal managing device can
To be arranged on any wireless access point device so that wireless access point device can be known by the control terminal
Other device is attempted identifying limiting terminal in the terminal that password is accessed from current, and is managed by the limiting terminal
Device is processed the limiting terminal for identifying according to above-mentioned management rule.Limiting terminal malice loiter network is placed,
The network security of legal terminal is effectively ensured.
Embodiment three:
In order to be better understood from the present invention, illustrate for example with reference to a specific application scenarios.
It is assumed to be wireless access point device and gray list, blacklist and right is set in the way of in embodiment one
Corresponding management rule, and limiting terminal is managed according to the mode in embodiment one;And gray list and
What is stored in blacklist is the MAC Address of limiting terminal, obtains the terminal frequency of failure continuous using terminal is obtained
As a example by the frequency of failure.When wireless access point device restarting, when having terminal to attempt accessing, its management process
It is shown in Figure 7, including:
Step 801:Wireless access point device starts;
Step 802:Judge it is current attempt terminal that password accesses whether in gray list, in this way, go to step
Rapid 809;It is such as no, go to step 803;
Step 803:Judge it is current attempt terminal that password accesses whether in blacklist, in this way, go to step
Rapid 812;Otherwise, step 804 is gone to:
Step 804:Obtain the terminal to continually attempt to access the frequency of failure of wireless access point device;
Step 805:Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, goes to step 806;
Otherwise, step 813 is gone to;
Step 806:The MAC Address of the terminal is added in gray list;
Step 807:Continue to obtain the frequency of failure that the terminal continually attempts to access wireless access point device;
Step 808:As the frequency of failure is more than or equal to the second control threshold value, its MAC Address is added in blacklist.
Step 809:Monitor correct number of times and the frequency of failure that the terminal continuously input password;
Step 810:Whether correct judgment number of times in this way, goes to step 811 more than or equal to default N values;It is no
Then, step 807 is gone to;
Step 811:The MAC Address of the terminal is deleted from gray list, it is allowed to its access.
Step 812:Sending notice to terminal forbids it to access wireless access point device.
Step 813:Terminal is allowed normally to access wireless access point device.
It can be seen that, the number of times that can pass through record terminal trial access failure of the invention is by different terminal storages to not
In same list, and it is managed using corresponding management rule, the access of malice loiter network terminal can be prevented,
The network security of legal terminal can be effectively ensured.
Above content is to combine specific embodiment further description made for the present invention, it is impossible to recognized
Being embodied as of the fixed present invention is confined to these explanations.For the ordinary skill of the technical field of the invention
For personnel, without departing from the inventive concept of the premise, some simple deduction or replace can also be made,
Protection scope of the present invention should be all considered as belonging to.
Claims (18)
1. a kind of control terminal identification method, it is characterised in that include:
Obtain terminal and attempt the frequency of failure that password accesses wireless access point device;
The frequency of failure and default control threshold value are compared, the terminal is judged according to comparative result
Whether it is the control terminal for needing management;Wherein described control threshold value is that default terminal attempts password access mistake
The number of times for losing.
2. control terminal identification method as claimed in claim 1, it is characterised in that the control threshold value
Including the first control threshold value, the control terminal includes suspicious terminal, described according to comparative result judges
Whether terminal is that illegal terminal includes:
Judge that the frequency of failure, whether more than or equal to the first control threshold value, in this way, judges the terminal
For suspicious terminal.
3. control terminal identification method as claimed in claim 2, it is characterised in that the control threshold value
Also include the second control threshold value more than the first control threshold value, the control terminal includes illegal terminal;
It is described to judge whether the terminal is that illegal terminal also includes according to comparative result:
The frequency of failure is judged more than after the first control threshold value, continuation obtains the frequency of failure, when
When the frequency of failure is more than or equal to the second control threshold value, judge the terminal for illegal terminal.
4. control terminal identification method as claimed in claim 3, it is characterised in that by the failure time
Number is with the first control threshold value when being compared, and the frequency of failure is in the first preset time period, described
Terminal attempts the number of times that password accesses continuous failure, or the terminal attempts the number of times that password accesses accumulation failure;
When the frequency of failure is compared with the second control threshold value, the frequency of failure is second pre-
If in the time period, the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and is connect
Enter the number of times of accumulation failure;Second preset time period is more than or equal to first preset time period.
5. the control terminal identification method as described in any one of claim 1-3, it is characterised in that described
The frequency of failure is that the terminal attempts the number of times that password accesses continuous failure, or the terminal is attempted password and accessed
The number of times of accumulation failure.
6. a kind of illegal terminal management method, it is characterised in that include:
Connect using the current password of attempting of control terminal identification method identification as described in any one of claim 1-5
Enter the control terminal of wireless access point device;
When control terminal has been identified, to the control terminal that identifies according to default management rule at
Reason.
7. illegal terminal processing method as claimed in claim 6, it is characterised in that when the pipe for identifying
When terminal processed is suspicious terminal, carrying out process according to default management rule to the control terminal includes:
The suspicious terminal is added in gray list, and to the terminal in the gray list using the first management rule
Then it is managed.
8. illegal terminal processing method as claimed in claim 7, it is characterised in that first management
Rule includes:
The suspicious terminal in the gray list is forbidden to access the wireless access point device, or in the gray list
Suspicious terminal when accessing flow and/or connection that the suspicious terminal is limited after the wireless access point device
It is long.
9. illegal terminal processing method as claimed in claim 8, it is characterised in that the first pipe
Reason rule also includes:
Suspicious terminal in the gray list proceeds monitoring, when monitoring the continuous n times of the suspicious terminal
Input proper password or when being input into proper password accumulative M time, the suspicious terminal is changed the original sentence to as legal terminal, from
The suspicious terminal is deleted in the gray list;The N is more than or equal to 2, less than or equal to 5;The M is more than
Equal to 2, less than or equal to 10.
10. the illegal terminal processing method as described in any one of claim 6-9, it is characterised in that work as knowledge
When the control terminal not gone out is illegal terminal, the control terminal is processed according to default management rule
Including:
The illegal terminal is added in blacklist, and second pipe is adopted to the illegal terminal in the blacklist
Reason rule is managed.
11. illegal terminal processing methods as claimed in claim 10, it is characterised in that the second pipe
Reason rule includes:The illegal terminal in the blacklist is forbidden to access the wireless access point device.
12. a kind of control terminal identification means, it is characterised in that include:
Statistical module, for counting terminal the frequency of failure that password accesses wireless access point device is attempted;
Processing module, for the frequency of failure and default control threshold value to be compared, according to comparing knot
Fruit judges whether the terminal is control terminal;Wherein described control threshold value is that default terminal trial password connects
Enter the number of times of failure.
13. control terminal identification means as claimed in claim 12, it is characterised in that the process mould
Block includes the first judging submodule, and the control threshold value includes the first control threshold value, and the control terminal includes
Suspicious terminal;
Whether first judging submodule is used to judge the frequency of failure more than or equal to the first control threshold
Value, in this way, judges that the terminal is suspicious terminal.
14. control terminal identification means as claimed in claim 13, it is characterised in that the process mould
Block also includes the second judging submodule, and the control threshold value also includes second more than the first control threshold value
Control threshold value, the control terminal includes illegal terminal;
Whether second judging submodule is used to judge the frequency of failure more than or equal to the second control threshold
Value, in this way, judges the terminal for illegal terminal.
15. a kind of control terminal management apparatus, it is characterised in that including acquisition module and management module;
The acquisition module is used to obtain the control terminal identification means as described in any one of claim 12-14
The current trial password for identifying accesses the control terminal of wireless access point device;
The management module is used to enter the control terminal that the acquisition module is obtained according to default management rule
Row is processed.
16. control terminal management apparatus as claimed in claim 15, it is characterised in that the management mould
Block includes the first management submodule, for when the control terminal is suspicious terminal, the terminal being added
In gray list, and the terminal in the gray list is managed using the first management rule.
The 17. control terminal management apparatus as described in claim 15 or 16, it is characterised in that the pipe
Reason module includes the second management submodule, for when the control terminal is illegal terminal, by the terminal
In adding blacklist, and the terminal in the blacklist is managed using the second management rule.
18. a kind of wireless access point devices, it is characterised in that include such as any one of claim 12-14 institute
The control terminal identification means stated and the control terminal management apparatus as described in any one of claim 15-17;
The control terminal identification means are used to from current attempt in the terminal that password accesses the wireless access point device
Identification of illegal terminal;
The control terminal management apparatus are used for the control terminal root identified to the control terminal identification means
Processed according to default management rule.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510760449.2A CN106686590A (en) | 2015-11-10 | 2015-11-10 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
PCT/CN2016/074369 WO2016184208A1 (en) | 2015-11-10 | 2016-02-23 | Limited terminal identification and processing method, apparatus, and wireless access point device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510760449.2A CN106686590A (en) | 2015-11-10 | 2015-11-10 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106686590A true CN106686590A (en) | 2017-05-17 |
Family
ID=57319383
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510760449.2A Pending CN106686590A (en) | 2015-11-10 | 2015-11-10 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106686590A (en) |
WO (1) | WO2016184208A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108135024A (en) * | 2017-12-07 | 2018-06-08 | 上海连尚网络科技有限公司 | Sequential processes method, equipment and the computer readable storage medium of wireless access point |
CN109041268A (en) * | 2018-10-31 | 2018-12-18 | 北京小米移动软件有限公司 | The management method and device of WIFI connection |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
CN101340387A (en) * | 2008-08-12 | 2009-01-07 | 华为技术有限公司 | Method and apparatus for control forwarding data packets |
CN101645817A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | Wireless network access system and method thereof for preventing illegal user from malicious access |
CN103079200A (en) * | 2011-10-26 | 2013-05-01 | 国民技术股份有限公司 | Wireless access authentication method, system and wireless router |
CN103249040A (en) * | 2012-02-08 | 2013-08-14 | 华为终端有限公司 | Method and device for wireless access authentication |
US8713626B2 (en) * | 2003-10-16 | 2014-04-29 | Cisco Technology, Inc. | Network client validation of network management frames |
CN104333863A (en) * | 2014-10-20 | 2015-02-04 | 小米科技有限责任公司 | Connection management method, device and electronic equipment |
-
2015
- 2015-11-10 CN CN201510760449.2A patent/CN106686590A/en active Pending
-
2016
- 2016-02-23 WO PCT/CN2016/074369 patent/WO2016184208A1/en active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8713626B2 (en) * | 2003-10-16 | 2014-04-29 | Cisco Technology, Inc. | Network client validation of network management frames |
CN101141259A (en) * | 2007-10-22 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and device of access point equipment for preventing error access |
CN101645817A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | Wireless network access system and method thereof for preventing illegal user from malicious access |
CN101340387A (en) * | 2008-08-12 | 2009-01-07 | 华为技术有限公司 | Method and apparatus for control forwarding data packets |
CN103079200A (en) * | 2011-10-26 | 2013-05-01 | 国民技术股份有限公司 | Wireless access authentication method, system and wireless router |
CN103249040A (en) * | 2012-02-08 | 2013-08-14 | 华为终端有限公司 | Method and device for wireless access authentication |
CN104333863A (en) * | 2014-10-20 | 2015-02-04 | 小米科技有限责任公司 | Connection management method, device and electronic equipment |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108135024A (en) * | 2017-12-07 | 2018-06-08 | 上海连尚网络科技有限公司 | Sequential processes method, equipment and the computer readable storage medium of wireless access point |
CN108135024B (en) * | 2017-12-07 | 2021-08-17 | 上海尚往网络科技有限公司 | Sequential processing method, device and computer readable storage medium for wireless access point |
CN109041268A (en) * | 2018-10-31 | 2018-12-18 | 北京小米移动软件有限公司 | The management method and device of WIFI connection |
Also Published As
Publication number | Publication date |
---|---|
WO2016184208A1 (en) | 2016-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11188636B2 (en) | System for controlling access to an account | |
CN101917431A (en) | Method and device for preventing illegal invasion of internal network of intelligent home | |
CN106506289A (en) | Networking method and apparatus, networking method and device, router and intelligent appliance | |
CN113206814B (en) | Network event processing method and device and readable storage medium | |
CN105635084A (en) | Apparatus and method for authenticating terminal | |
US11510121B2 (en) | Wireless client device detection and steering on a network with multiple access points | |
CN106656989B (en) | Flow monitoring method and terminal | |
CN107421060A (en) | Air conditioner communication means and air conditioner based on NB IoT networks | |
CN106211164A (en) | Terminal network changing method, terminal network switching device and terminal | |
CN107682887A (en) | A kind of router control, the method and system of anti-loiter network | |
KR101117628B1 (en) | Wireless security system capable of detecting non-authorized access of wireless terminal and method thereof | |
CN110798459A (en) | Multi-safety-node linkage defense method based on safety function virtualization | |
CN107659936A (en) | A kind of cut-in method and device of control WiFi access devices | |
CN106686590A (en) | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment | |
CN108810892A (en) | A kind of wireless network management method, smart machine and router | |
US20210185534A1 (en) | Method for securing accesses to a network, system and associated device | |
CN105812338A (en) | Data access management and control method and network management equipment | |
CN104601578A (en) | Recognition method and device for attack message and core device | |
CN105592036B (en) | A kind of method and apparatus optimizing FC port security | |
CN107360574A (en) | A kind of terminal equipment managing method, a kind of cloud controller and a kind of WAP | |
CN105992313B (en) | WI-FI management method and device | |
CN103516739B (en) | The elimination method and device of STA | |
CN111343193B (en) | Cloud network port security protection method and device, electronic equipment and storage medium | |
CN112822141B (en) | Method, apparatus, user terminal and computer readable medium for preventing attacks in a WLAN | |
US11539741B2 (en) | Systems and methods for preventing, through machine learning and access filtering, distributed denial of service (“DDoS”) attacks originating from IoT devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170517 |