CN107104854A

CN107104854A - Detection method, equipment and the system of terminal dual network interconnection

Info

Publication number: CN107104854A
Application number: CN201710235488.XA
Authority: CN
Inventors: 戴雯; 金驰; 戴心齐; 王贵智; 王阿婷; 史经伟
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2017-04-12
Filing date: 2017-04-12
Publication date: 2017-08-29
Anticipated expiration: 2037-04-12
Also published as: CN107104854B

Abstract

The invention provides detection method, equipment and the system of a kind of terminal dual network interconnection, it is related to technical field of network security.Methods described includes：Determine the local dns address list of the corresponding network interface card of terminal；Dual network DNS collection set in advance is obtained, the dual network DNS collection includes the corresponding feature set in two network areas；According to the local dns address list and the dual network DNS collection, UNICOM's state of the terminal is determined.The present invention can determine UNICOM's state of terminal by comparing local dns address list and default dual network DNS collection, realize the detection that behavior is interconnected to a variety of violations of terminal.

Description

Detection method, equipment and the system of terminal dual network interconnection

Technical field

The present invention is on technical field of network security, especially with regard to the detection technique of terminal connected network, tool Saying for body is a kind of detection method, equipment and system of the interconnection of terminal dual network.

Background technology

This part is it is intended that the embodiments of the present invention stated in claims provide background or context.Herein Description recognizes it is prior art not because not being included in this part.

In order to ensure the safe and stable operation of internal network and important production network, prevent that important information system meets with network To external attack destruction, internal network and internet are typically physically separated by enterprise, the tightened up enterprise of some safety requirements Industry is even isolated the production net and Office Network in internal network, forms multiple network areas being mutually isolated.But pass through Prolonged operation management is found, multiple different nets are difficult to ensure that by simple physical isolation or network equipment isolation Network region is completely isolated.Internal staff is often because the reason such as easy to use or human negligence, passes through certain technology Means bypass all kinds of control measures, and inside terminals are connected into multiple network areas simultaneously is used, so that in multiple isolation A new network path is hewed out between network area.In this way, external hackers or rogue program can utilize this violation terminal As springboard, internetwork safety protection equipment is bypassed, enterprises important system is attacked, steals sensitive data, causes serious Information security issue.

At present, industry mainly has following two major class to solve for the violation interconnection behavior of two network areas of connection simultaneously Scheme：

(1), the detective based on all kinds of scan protocols is surveyed, and the program is primarily present problems with：Need in each network Detecting server is disposed, and because using insecure detection techniques such as ping, syslog detective surveys, in complex network There is more wrong report under scape, fail to report.

(2) local detection, based on C/S terminals, the program is primarily present problems with：Because only local static inspection Survey, detection method are single, so a variety of violations interconnection behavior of terminal can not be detected simultaneously, particularly deliberately evade in employee Complex scene under exist it is more wrong report, fail to report.

Therefore, a kind of new terminal detection scheme how is provided, it can accurately detect that the network of terminal interconnects row in violation of rules and regulations To be this area technical barrier urgently to be resolved hurrily.

The content of the invention

In view of this, the invention provides a kind of terminal dual network interconnection detection method, equipment and system, by than UNICOM's state of terminal can be determined to local dns address list and default dual network DNS collection, realized to terminal A variety of violations interconnect the detection of behavior.

To achieve these goals, the present invention provides a kind of system, the system include terminal, two network areas and Detection device, the detection device includes：

Address list determining device, the local dns address list for determining the corresponding network interface card of terminal；

Feature set acquisition device, for obtaining dual network DNS collection set in advance, the dual network DNS collection includes two The corresponding feature set in network area；

UNICOM's state determination device, for according to the local dns address list and the dual network DNS collection, it is determined that Go out UNICOM's state of the terminal.

In a preferred embodiment of this invention, the address list determining device includes：Status information determining module, is used for Obtain the status information of the corresponding network interface card of the terminal；

Address list acquisition module, for when the status information shows that the network interface card is active, obtaining institute State the dns address list of network interface card；

Module is rejected in address, for rejecting exception network interface card dns address from the dns address list, forms local dns Address list.

In a preferred embodiment of the invention, UNICOM's state determination device includes：Feature comparing module, for than Feature set corresponding with two network areas to the local dns address list；

First state output module, for belonging to different nets when the local dns address in the local dns address list During the corresponding feature set in network region, UNICOM's state of the terminal is dual network interconnection.

In a preferred embodiment of the invention, the equipment also includes：

Network area determining device, for belonging to same net when the local dns address in the local dns address list During the corresponding feature set in network region, the same network area is referred to as first network region；

Finger URL acquisition device, for when the terminal is provided with proxy server, obtaining dual network set in advance URL collection, the dual network set of URL includes the corresponding set of URL in two network areas；

Network area access mechanism, for accessing the network outside the first network region by the proxy server Region；

Third state output device, for when receiving real-time URL, according to the real-time URL and the dual network Set of URL, determines UNICOM's state of the terminal.

In a preferred embodiment of the invention, the third state output device includes：Finger URL comparing module, is used for Compare the dual network set of URL and the real-time URL；

Return code acquisition module, for the network area pair belonged to outside the first network region as the real-time URL During the set of URL answered, return code threshold value set in advance is obtained；

Third state output module, for when the real-time URL return code be less than the return code threshold value when, the end UNICOM's state at end interconnects for dual network.

In a preferred embodiment of the invention, the equipment also includes：Information acquisition device, for being set when the terminal Put when being not provided with proxy server；Or when not receiving the URL of the return of the network area outside the first network region； Or when the URL and the URL that receive the return of the network area outside the first network region return code are more than or equal to institute When stating return code threshold value, the IP information and routing iinformation of the terminal are obtained；

4th state output device, UNICOM's shape for determining the terminal according to the IP information and routing iinformation State.

In a preferred embodiment of the invention, the 4th state output device includes：Threshold value acquisition module, for obtaining Take IP threshold values set in advance, route threshold value and exception network interface card title；

Quantity determining module, the movable IP quantity for determining the terminal according to the IP information；

5th state output module, for when the movable IP quantity be less than the IP threshold values when, the UNICOM of the terminal State interconnects for non-dual network；

Judge module, for when the movable IP quantity is more than or equal to the IP threshold values, being sentenced according to the routing iinformation The terminal of breaking whether there is default route or static routing；

Network interface card title determining module, for when being judged as YES, determining the net that the default route or static routing are pointed to Card title；

6th state output module, for when the network interface card title with it is described exception network interface card name-matches when, the terminal UNICOM's state be non-dual network interconnection.

In a preferred embodiment of the invention, the equipment also includes：

Extraction element is route, for when the network interface card title and the exception network interface card of the default route or static routing sensing When title is mismatched, a plurality of local routing is extracted according to the routing iinformation；

Network interface card information determining device, for determining the corresponding network interface card information of the local routing；

Screening plant is route, it is a plurality of effective local for being filtered out according to the network interface card information from the local routing Route；

7th state output device, for according to the effective local routing and dual network DNS collection set in advance, Determine UNICOM's state of the terminal.

In a preferred embodiment of the invention, the 7th state output device includes：

Feature acquisition module, for when a plurality of effective local routing is a plurality of static routing, obtaining described many The corresponding feature of bar static routing；

Route characteristics comparing module, for comparing the corresponding feature set in described two network areas and a plurality of static state It route corresponding feature；

8th state output module, for belonging to two network areas correspondences when the corresponding feature of a plurality of static routing Feature set when, UNICOM's state of the terminal is dual network interconnection.

In a preferred embodiment of the invention, the equipment also includes：

Feature acquisition device, for when a plurality of effective local routing is static routing and default route, obtaining Take the corresponding feature of the local routing；

Feature comparison device, for comparing the corresponding feature set in described two network areas and local routing correspondence Feature；

9th state output device, for when the corresponding feature of static routing feature corresponding with the default route When belonging to the corresponding feature set in two network areas, UNICOM's state of the terminal is dual network interconnection.

It is an object of the invention to provide a kind of detection method of terminal dual network interconnection, methods described includes：

Determine the local dns address list of the corresponding network interface card of terminal；

Dual network DNS collection set in advance is obtained, the dual network DNS collection includes the corresponding feature in two network areas Collection；

According to the local dns address list and the dual network DNS collection, UNICOM's state of the terminal is determined.

In a preferred embodiment of the invention, the local dns address list for determining the corresponding network interface card of terminal includes：

Obtain the status information of the corresponding network interface card of the terminal；

When the status information shows that the network interface card is active, the dns address list of the network interface card is obtained；

Exception network interface card dns address is rejected from the dns address list, local dns address list is formed.

In a preferred embodiment of the invention, according to the local dns address list and the dual network DNS collection, Determining UNICOM's state of the terminal includes：

Compare local dns address list feature set corresponding with two network areas；

When the local dns address in the local dns address list belongs to the corresponding feature set in different network area, UNICOM's state of the terminal interconnects for dual network.

In a preferred embodiment of the invention, methods described also includes：

When the local dns address in the local dns address list belongs to the corresponding feature set in same network area, The same network area is referred to as first network region；

When the terminal is provided with proxy server, dual network set of URL set in advance, the dual network URL are obtained Collection includes the corresponding set of URL in two network areas；

Network area outside the first network region is accessed by the proxy server；

When receiving real-time URL, according to the real-time URL and the dual network set of URL, the terminal is determined UNICOM's state.

In a preferred embodiment of the invention, according to the real-time URL and the dual network set of URL, institute is determined Stating UNICOM's state of terminal includes：

Compare the dual network set of URL and the real-time URL；

When the corresponding set of URL in the network area outside the real-time URL belongs to the first network region, obtain advance The return code threshold value of setting；

When the return code of the real-time URL is less than the return code threshold value, UNICOM's state of the terminal is dual network Interconnection.

In a preferred embodiment of the invention, methods described also includes：

When the terminal, which is set, is not provided with proxy server；Or

When not receiving the URL of the return of the network area outside the first network region；Or

When the URL and the URL that receive the return of the network area outside the first network region return code are more than During equal to the return code threshold value, the IP information and routing iinformation of the terminal are obtained；

UNICOM's state of the terminal is determined according to the IP information and routing iinformation.

In a preferred embodiment of the invention, the UNICOM of the terminal is determined according to the IP information and routing iinformation State includes：

Obtain IP threshold values set in advance, route threshold value and exception network interface card title；

The movable IP quantity of the terminal is determined according to the IP information；

When the movable IP quantity is less than the IP threshold values, UNICOM's state of the terminal interconnects for non-dual network；

When the movable IP quantity is more than or equal to the IP threshold values, whether the terminal is judged according to the routing iinformation There is default route or static routing；

When being judged as YES, the network interface card title that the default route or static routing are pointed to is determined；

When the network interface card title is with the exception network interface card name-matches, UNICOM's state of the terminal is mutual for non-dual network Connection.

In a preferred embodiment of the invention, methods described also includes：When the default route or static routing are pointed to Network interface card title when being mismatched with the exception network interface card title, a plurality of local routing is extracted according to the routing iinformation；

Determine the corresponding network interface card information of the local routing；

A plurality of effective local routing is filtered out from the local routing according to the network interface card information；

According to the effective local routing and dual network DNS collection set in advance, the UNICOM of the terminal is determined State.

In a preferred embodiment of the invention, according to the effective local routing and dual network set in advance DNS collection, determining UNICOM's state of the terminal includes：When a plurality of effective local routing is a plurality of static routing, Obtain the corresponding feature of a plurality of static routing；

Compare the corresponding feature set in described two network areas and the corresponding feature of a plurality of static routing；

When the corresponding feature of a plurality of static routing belongs to the corresponding feature set in two network areas, the terminal UNICOM's state interconnects for dual network.

In a preferred embodiment of the invention, methods described also includes：When a plurality of effective local routing is quiet When state route and default route, the corresponding feature of the local routing is obtained；

Compare the corresponding feature set in described two network areas and the corresponding feature of the local routing；

When the corresponding feature of static routing feature corresponding with the default route, to belong to two network areas corresponding Feature set when, UNICOM's state of the terminal is dual network interconnection.

The beneficial effects of the present invention are there is provided detection method, equipment and the system that a kind of terminal dual network is interconnected, UNICOM's state of terminal can be determined by comparing local dns address list and default dual network DNS collection, is realized Violations a variety of to terminal interconnect the detection of behavior.

For the above and other objects, features and advantages of the present invention can be become apparent, preferred embodiment cited below particularly, And coordinate institute's accompanying drawings, it is described in detail below.

Brief description of the drawings

In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, may be used also To obtain other accompanying drawings according to these accompanying drawings.

Fig. 1 is a kind of structural representation of the detecting system of terminal dual network interconnection provided in an embodiment of the present invention；

Fig. 2 is a kind of structure of the embodiment one of the detection means of terminal dual network interconnection provided in an embodiment of the present invention Block diagram；

Fig. 3 is address list determining device in a kind of detection means of terminal dual network interconnection provided in an embodiment of the present invention Structured flowchart；

Fig. 4 is UNICOM's state determination device in a kind of detection means of terminal dual network interconnection provided in an embodiment of the present invention Structured flowchart；

Fig. 5 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment two structured flowchart；

Fig. 6 is third state output device in a kind of detection means of terminal dual network interconnection provided in an embodiment of the present invention Structured flowchart；

Fig. 7 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment three structured flowchart；

Fig. 8 is the 4th state output device in a kind of detection means of terminal dual network interconnection provided in an embodiment of the present invention Structured flowchart；

Fig. 9 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment four structured flowchart；

Figure 10 fills for the 7th state output in a kind of detection means of terminal dual network interconnection provided in an embodiment of the present invention The structured flowchart for the embodiment one put；

Figure 11 is the 7th state output in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention The structured flowchart of the embodiment two of device；

Figure 12 is a kind of stream of the embodiment one of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu；

Figure 13 be Figure 12 in step S101 particular flow sheet；

Figure 14 be Figure 12 in step S103 particular flow sheet；

Figure 15 is a kind of stream of the embodiment two of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu；

Figure 16 be Figure 15 in step S107 particular flow sheet；

Figure 17 is a kind of stream of the embodiment three of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu；

Figure 18 be Figure 17 in step S109 particular flow sheet；

Figure 19 is a kind of stream of the embodiment four of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu；

Figure 20 be Figure 19 in step S113 particular flow sheet；

Figure 21 be Figure 19 in step S113 embodiment two particular flow sheet；

Figure 22 realizes the schematic diagram of double net interconnections for terminal in the prior art by proxy server；

Figure 23 realizes double net interconnection schematic diagrames for terminal in the prior art by double netcard+modification static routing；

Figure 24 changes static routing by Secondary IP+ for terminal in the prior art and realizes double net interconnection schematic diagrames；

The overall flow figure for the detection method that terminal dual network is interconnected in the specific embodiment that Figure 25 provides for the present invention；

The detection engine flow chart of giving out a contract for a project for the specific embodiment that Figure 26 provides for the present invention；

The route detecting and alarm flow chart for the specific embodiment that Figure 27 provides for the present invention；

Two default routes of the specific embodiment that Figure 28 provides for the present invention constitute the flow chart that dual network interconnects scene.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art obtained under the premise of creative work is not made it is all its His embodiment, belongs to the scope of protection of the invention.

One skilled in the art will appreciate that embodiments of the present invention can be implemented as a kind of system, device, method or calculating Machine program product.Therefore, the present invention, which is disclosed, can be implemented as following form, i.e.,：Complete hardware, complete software (bag Include firmware, resident software, microcode etc.), or the form that hardware and software is combined.

Below with reference to the principle and spirit of some representative embodiments of the present invention, in detail the explaination present invention.

The present invention provides a kind of detection method, equipment and the system of the interconnection of terminal dual network, is found eventually with accurate detection The interconnection behavior in violation of rules and regulations of the network at end.Network is interconnected in violation of rules and regulations, i.e., terminal runs counter to administrative provisions, using certain technological means, simultaneously The different isolation network region of connection.

Fig. 1 is a kind of structural representation of the system of the detection of terminal dual network interconnection provided in an embodiment of the present invention, please Refering to Fig. 1, the system that the present invention is provided includes terminal 100, two network areas and detection means 200.

In the prior art, in order to ensure the safe and stable operation of internal network and important production network, weight in network is prevented Information system is wanted to be destroyed by external attack, internal network and internet are typically physically separated by enterprise, some safely will Ask tightened up enterprise even to be isolated the production net and Office Network in internal network, form multiple nets being mutually isolated Network region.

In the present invention, two network areas being mutually isolated are as shown in Figure 1.Detection means 200 is mainly used to detection eventually The connected state at end, if lead to state in duplex.By prolonged research and operation management, the present inventor recognizes For the mode that current terminal is interconnected in violation of rules and regulations mainly has following 3 class：

1st, agency's interconnection.Enterprise is general to dispose proxy server (Proxy between Internet and intranet Server), the service that terminal provides proxy access internet is isolated for enterprises.Under proxy mode, terminal is not visited directly Internet resources are asked, but first connect proxy server, are gone to access site resource by proxy server, then result feedback will be accessed To terminal, terminal as shown in figure 22 realizes double net interconnection schematic diagrames by proxy server.This mode, which mainly has, hides true IP, breakthrough inter access limitation, raising access speed, it is ensured that the advantage such as access safety.Under normal circumstances, proxy server meeting Limiting terminal is only capable of accessing the website that a few thing needs.But some employees may build not managed agency privately Server (can access network area A and network area B simultaneously), and terminal connects proxy server by Configuration Agent service, Network area A and network area B is accessed simultaneously, realizes double net interconnections.

2nd, many network interface card interconnections.In the terminal containing two pieces of network interface cards, the configuration connection network area A of network interface card 1, network interface card 2 is configured Network area B is connected, terminal as shown in figure 23 realizes double net interconnection schematic diagrames by double netcard+modification static routing.Assuming that The acquiescence hop value of network interface card 1 is higher, then terminal can only access network area A by network interface card 1.But certain technology can be passed through Means, such as manually add static routing, modification route hop value, the flow for accessing network area B are routed into network interface card 2, i.e., same When access network area A and network area B, realize double net interconnections.

3rd, Secondary IP are interconnected.To be multiplexed same physical network port, enterprise can enable Secondary in interchanger IP is configured, and is that employee distributes multiple IP address, it is desirable to set the IP address of a network area when terminal is accessed on demand every time, Single network region is only accessed, terminal changes static routing by Secondary IP+ and realizes that double nets are interconnected as of fig. 24 Schematic diagram.But because operating system is configured without limitation, employee can set two IP address simultaneously, then by adding by hand Plus static routing, the mode of modification route hop value, while accessing network area A and network area B, realize double net interconnections.

In the detecting system of terminal dual network interconnection proposed by the present invention, detection device is in the embodiment one shown in Fig. 2 Include：

Address list determining device 201, the local dns address list for determining the corresponding network interface card of terminal.Fig. 3 is address The structured flowchart of list determining device, referring to Fig. 3, the device includes：

Status information determining module 301, the status information for obtaining the corresponding network interface card of the terminal；

Address list acquisition module 302, for when the status information shows that the network interface card is active, obtaining The dns address list of the network interface card；

Module 303 is rejected in address, for rejecting exception network interface card dns address from the dns address list, forms local Dns address list.Referred herein to exception network interface card be such as enterprise VPN Microsoft Loopback Adapter.

As shown in figure 1, detection device also includes：Feature set acquisition device 202, for obtaining dual network set in advance DNS collection, the dual network DNS collection includes the corresponding feature set in two network areas；

In the detection device of the present invention, tactful configuration has been preset (referring to table 1).In a particular embodiment, Configuration strategy in table 1 can include part or all.It is respectively described below for 6 configurations in table 1：Network area A/B Feature, the feature to recognize network interface card UNICOM network area A/B, general recommendations using DNS collection or fuzzy matching gateway net Duan Zuowei criterions (the dual network DNS collection i.e. in feature set acquisition device 202)；Network area A/B detection set of URL, matches somebody with somebody The URL put need to be the URL for being uniquely present in map network region, and to carry out detection of giving out a contract for a project, the present invention supports multiple set of URL Configuration also need to the detection URL of network area, matching detection item by item is carried out in detection, any one detection UNICOM, To reduce rate of failing to report；Make an exception network interface card title, due to having VPN etc. is similar to build tunnel between two network areas in general enterprises The legal setting in road, it is proposed that extract feature and be set to exception；Whether detection switch, the engine is opened for overall control.

Table 1

UNICOM's state determination device 203, for according to the local dns address list and the dual network DNS collection, Determine UNICOM's state of the terminal.Fig. 4 is the structured flowchart of UNICOM's state determination device, referring to Fig. 4, the device bag Include：

Feature comparing module 2031, for comparing local dns address list feature corresponding with two network areas Collection；

First state output module 2032, for belonging to different when the local dns address in the local dns address list The corresponding feature set in network area when, UNICOM's state of the terminal is dual network interconnection.

That is, comparing " the network area A DNS collection " and " network area B DNS in local dns list and strategy Collection ".If the local dns address in local dns list belongs to heterogeneous networks region, UNICOM's state of the terminal is double The network interconnection.

Fig. 5 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment two structured flowchart, referring to Fig. 5, in embodiment two, detection device also includes：

Network area determining device 204, for belonging to same when the local dns address in the local dns address list During the corresponding feature set in individual network area, the same network area is referred to as first network region, such as, specific real one Apply in example, the local dns address in local dns list belongs to network area A DNS collection, then network area A is referred to as First network region.

Finger URL acquisition device 205, for when the terminal is provided with proxy server, obtaining set in advance pair of net Network set of URL, the dual network set of URL includes the corresponding set of URL in two network areas；

Network area access mechanism 206, for being accessed by the proxy server outside the first network region Network area, namely access network area B.

Third state output device 207, for when receiving real-time URL, according to the real-time URL and described pair Network set of URL, determines UNICOM's state of the terminal.

Fig. 6 is the structured flowchart of third state output device, referring to Fig. 6, the device includes：

Finger URL comparing module 2071, for comparing the dual network set of URL and the real-time URL；

Return code acquisition module 2072, for the network area belonged to outside the first network region as the real-time URL During the corresponding set of URL in domain, return code threshold value set in advance is obtained；

Third state output module 2073, for when the real-time URL return code be less than the return code threshold value when, institute UNICOM's state of terminal is stated to interconnect for dual network.

That is, when detecting terminal and being provided with proxy server, then passing through another network area of engine calling proxy access The page of domain website, if return code is less than 500, illustrates that terminal is in double net interconnection states.

As above it is embodiment one and the implementation of a kind of detection device for terminal dual network interconnection that the present invention is provided Mode two, preferably in one, two, the detection logic of detection device is referred to as detection engine of giving out a contract for a project, and it is local by comparing DNS address lists and default dual network DNS collection can determine UNICOM's state of terminal, and detection engine of giving out a contract for a project can control The detection of engine and dormancy period, detection judge physical network environment residing for terminal in advance, if be only connected to single network company Connect, detect whether the network connection is configured with browser agent, while the set of URL of two network areas is asked respectively, to detection As a result judged, main criterion is that, if URL request has return, and return code is both less than precognition (such as 500), then UNICOM's dual network region simultaneously is regarded as, the detection that behavior is interconnected to a variety of violations of terminal is realized, can detect that terminal is more simultaneously Kind in violation of rules and regulations interconnection behavior (including agency interconnection, many network interface cards interconnection, auxiliary IP (hereinafter referred its English name Secondary IP) Interconnection etc.).

Detection engine of giving out a contract for a project more lightweight, can quickly find most of pair of net interconnection problem, can detect generation The unlawful practices such as reason interconnection, the interconnection of many network interface cards, Secondary IP interconnections.The detection device that the present invention introduced below is provided Another detection logic that embodiment three, four, five includes, its be referred to as route detecting and alarm, the route detecting and alarm for Many network interface card and Secondary IP interconnection Detection results more preferably, can as detection engine of giving out a contract for a project supplement, with detection engine of giving out a contract for a project Cooperation detection network interconnection scene.

Fig. 7 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment three structured flowchart, referring to Fig. 7, in embodiment three, detection device also includes：

Information acquisition device 208, for when terminal setting is not provided with proxy server；Or ought not receive described During the URL that the network area outside first network region is returned；Or the network area outside the first network region ought be received When the URL and the return code of the URL that domain is returned are more than or equal to the return code threshold value, obtain the IP information of the terminal with And routing iinformation.

Strategy required for routing table detection is contained in the detection device of the present invention is configured (referring to table 2).For in table 2 4 described configurations are respectively described below：Network area A/B feature, the spy to recognize network interface card UNICOM network area A/B Levy, general recommendations uses DNS collection or the gateway network segment of fuzzy matching as judging characteristic；Make an exception network interface card title, due to general enterprise There is the similar legal setting that tunnel is built between two network areas such as VPN in the industry, it is proposed that extract feature and be set to exception； Whether detection switch, the engine is opened for overall control.

Table 2

4th state output device 209, the UNICOM for determining the terminal according to the IP information and routing iinformation State.

Fig. 8 is the structured flowchart of the 4th state output device, referring to Fig. 8, the device includes：

Threshold value acquisition module 2091, for obtaining IP threshold values set in advance, route threshold value and exception network interface card title.

Quantity determining module 2092, the movable IP quantity for determining the terminal according to the IP information；

5th state output module 2093, for when the movable IP quantity be less than the IP threshold values when, the terminal UNICOM's state interconnects for non-dual network；

Judge module 2094, for when the movable IP quantity is more than or equal to the IP threshold values, being believed according to the route Breath judges that the terminal whether there is default route or static routing；

Network interface card title determining module 2095, for when being judged as YES, determining that the default route or static routing are pointed to Network interface card title；

6th state output module 2096, it is described for when the network interface card title is with the exception network interface card name-matches UNICOM's state of terminal interconnects for non-dual network.

That is, in the apparatus, first determining whether detection activity IP quantity：

If a, activity IP quantity are more than or equal to 2, go to judgement and exclude exception network interface card；

If b, activity IP quantity are less than 2, UNICOM's state of terminal interconnects for non-dual network.

When judging to exclude exception network interface card, if at least there is a default route or static routing, and the Adapter Name of its sensing Title matches exception network interface card title, then UNICOM's state of terminal interconnects for non-dual network.

Fig. 9 interconnects for terminal dual network in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention Detection means embodiment four structured flowchart, referring to Fig. 9, the detection device also includes：

Extraction element 210 is route, for when the network interface card title and the exception of the default route or static routing sensing When network interface card title is mismatched, a plurality of local routing is extracted according to the routing iinformation；

Network interface card information determining device 211, for determining the corresponding network interface card information of the local routing.In the routing table, only Include the hardware number for matching the route, such as shown in the IPv4 routing tables shown in table 3, leading to network target 202.101.23.85 using the equipment that hardware ID is 16, by inquiring about computer hardware equipment ID, it is known that hardware ID is 16 Equipment is network interface card A.In order to set up each route with the relation of map network link information (IP, gateway, dns), it is necessary to inquire about The corresponding hardware ID number of each route, inquires network interface card information by hardware ID number, the network is inquired according to network interface card information Connection whether activity, IP DNS gateway information etc..

Table 3

There is no default route in this routing table, first route is points to the static routing in network A region, and Article 2 is route To point to the static routing in network B region, the two constitutes dual network regional internet.

Screening plant 212 is route, it is a plurality of effective for being filtered out according to the network interface card information from the local routing Local routing.In a particular embodiment, failure route may also be contained, it is necessary to further be screened in routing table, can The operating procedures such as ping gateways are taken, to ensure to exclude failure route.

7th state output device 213, for according to the effective local routing and dual network DNS set in advance Collection, determines UNICOM's state of the terminal.

Figure 10 is the structured flowchart of the 7th state output device, referring to Fig. 10, the device includes：

Feature acquisition module 2131, for when a plurality of effective local routing is a plurality of static routing, obtaining institute State the corresponding feature of a plurality of static routing；

Route characteristics comparing module 2132, for comparing the corresponding feature set in described two network areas and described a plurality of The corresponding feature of static routing；

8th state output module 2133, for belonging to two network areas when the corresponding feature of a plurality of static routing During corresponding feature set, UNICOM's state of the terminal interconnects for dual network.

That is, when judging whether two static routing constitute dual network interconnection：If there is static routing, and static routing has The feature containing network area A, the feature containing network area B having, if any two static routing can match two The gateway network segment of individual network area, then be considered as double net interconnection states.

Figure 11 is the 7th state output in a kind of system of the detection of terminal dual network interconnection provided in an embodiment of the present invention The structured flowchart of the embodiment two of device, is referred in Figure 11, embodiment two, the device also includes：

Character pair acquisition module 2134, for being static routing and acquiescence road when a plurality of effective local routing By when, obtain the corresponding feature of the local routing；

Feature comparing module 2135, for comparing the corresponding feature set in described two network areas and the local routing Corresponding feature；

9th state output module 2136, for when the corresponding feature of the static routing it is corresponding with the default route When feature belongs to the corresponding feature set in two network areas, UNICOM's state of the terminal is dual network interconnection.

That is, when judging whether static routing constitutes dual network interconnection with default route, if there is static routing, and depositing In default route, and there is the minimum default route of a certain bar metric (the minimum default route of metric may in routing table It is not unique) and a certain bar static routing, meet：In the two network interface card by interface lookup to sensing, there is one to contain network area Domain A feature, another contains network area B feature, then being considered as dual network regional internet, (typical violation sample is for example following Table 4, table 5).

Table 4

In table 4, first route is points to the default route in network A region, and Article 2 route is to point to network B region Static routing, the two constitute dual network interconnection.

Table 5

In table 5, first and Article 2 route are all the minimum default routes of metric, and first route is points to net The default route of network a-quadrant, Article 3 route is points to the static routing in network B region, and the two constitutes dual network interconnection.

As above in embodiment three, four, five, routing table detecting and alarm is added in detection device, by computer Residing network environment information is extracted, network environment is judged in advance, is carried out IP combings judgement, routing table information and is entered It is capable to comb, judged result is combed, exported, main criterion is if there is two or more IP and presence can be same Shi Shengxiao route is able to UNICOM and two network areas, then regards as UNICOM's dual network region simultaneously.

Only include detection engine of giving out a contract for a project in the embodiment one, two of detection device that the present invention is provided, although its compared with For lightweight, most of pair of net interconnection problem can be quickly found, the violation feelings of proxy access interconnection can be particularly found Condition.But if the static routing table that (1) terminal is set does not include detection set of URL by chance, then there are problems that failing to report；(2) or The DNS of the network area of person two is identical, then is difficult the scene that Secondary IP violations are checked by detection engine of giving out a contract for a project.Therefore, Route detecting and alarm is added in embodiments of the present invention three, four, five, Detection results are further lifted.

, it is necessary to enable two pieces of network interface cards simultaneously in many network interface cards interconnection scene, and construct two network connections； , it is necessary to set configuration two by the way that TCP/IP is senior in same network connection under Secondary IP interconnection violation scenes Above IP and respective gateway.But only have a network connection when enlivening due to multiple network connection/IP simultaneously to work, route Acquiescence only walks one piece of network interface card/IP, and other network interface card/IP are without flow, therefore no matter which kind of configuration is required to increase route, changes silent Recognize the situation for only walking one piece of network interface card/IP.If necessary to which the route of the fraction network segment is pointed to another network interface card/IP, other network segments Access and keep acquiescence network interface card constant, it is only necessary to increase one or several static routing (such as table 5 for pointing to another piece of network interface card/IP In Article 3)；One piece of network interface card/IP is pointed to if necessary to a part of network segment respectively, another part network segment points to another piece of net Card/IP, then need to be respectively configured single route (such as in table 3 and table 4 the 1st, 2 articles).

In the other embodiment of the present invention, after the connected state of terminal is detected, it can also increase newly and handle in violation of rules and regulations Flow, connects the behavior record daily record of obstructed network area and further handles and (for example cut off network to connect simultaneously for terminal Connect), form a whole set of automatic detection processing whole process.

Although in addition, being referred to some unit modules of system in above-detailed, this division is not strong Property processed.In fact, according to the embodiment of the present invention, the feature and function of two or more above-described units can be with Embody in a unit.Equally, the feature and function of an above-described unit can also be further divided into by many Individual unit embodies.Terms used above " module " and " unit ", can be realize predetermined function software and/or Hardware.Although the module described by following examples is preferably realized with software, hardware, or software and hardware The realization of combination is also that may and be contemplated.

After the coordination of exemplary embodiment of the invention is described, next, refer to the attached drawing is exemplary to the present invention The method of embodiment is introduced.The implementation of this method may refer to above-mentioned overall implementation, repeats part and repeats no more.

Figure 12 is a kind of stream of the embodiment one of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu, this method includes in embodiment one：

S101：Determine the local dns address list of the corresponding network interface card of terminal.Figure 13 steps S101 particular flow sheet, please Refering to Figure 13, the step includes：

S201：Obtain the status information of the corresponding network interface card of the terminal；

S202：When the status information shows that the network interface card is active, the dns address row of the network interface card are obtained Table；

S203：Exception network interface card dns address is rejected from the dns address list, local dns address list is formed.Herein The exception network interface card referred to is such as enterprise VPN Microsoft Loopback Adapter.

As shown in figure 12, detection method also includes：

S102：Dual network DNS collection set in advance is obtained, it is corresponding that the dual network DNS collection includes two network areas Feature set；

S103：According to the local dns address list and the dual network DNS collection, the UNICOM of the terminal is determined State.Figure 14 is step S103 particular flow sheet, refers to Figure 14, the step includes：

S301：Compare local dns address list feature set corresponding with two network areas；

S302：When the local dns address in the local dns address list belongs to the different corresponding features in network area During collection, UNICOM's state of the terminal interconnects for dual network.

Figure 15 is a kind of stream of the embodiment two of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu, referring to Fig. 5, in embodiment two, detection method also includes：

S104：When the local dns address in the local dns address list belongs to the corresponding feature in same network area During collection, the same network area is referred to as first network region, such as, in one embodiment, in local dns list Local dns address belong to network area A DNS collection, then network area A is referred to as first network region.

S105：When the terminal is provided with proxy server, dual network set of URL set in advance, described pair of net are obtained Network set of URL includes the corresponding set of URL in two network areas；

S106：Network area outside the first network region is accessed by the proxy server, namely accesses net Network region B.

S107：When receiving real-time URL, according to the real-time URL and the dual network set of URL, determine described UNICOM's state of terminal.

Figure 16 is S107 particular flow sheet, refers to Figure 16, the step includes：

S401：Compare the dual network set of URL and the real-time URL；

S402：When the corresponding set of URL in the network area outside the real-time URL belongs to the first network region, obtain Take return code threshold value set in advance；

S403：When the return code of the real-time URL is less than the return code threshold value, UNICOM's state of the terminal is double The network interconnection.

As above it is embodiment one and the implementation of a kind of detection method for terminal dual network interconnection that the present invention is provided Mode two, preferably in one, two, the detection logic of detection method is referred to as detection engine of giving out a contract for a project, and it is local by comparing DNS address lists and default dual network DNS collection can determine UNICOM's state of terminal, and detection engine of giving out a contract for a project can control The detection of engine and dormancy period, detection judge physical network environment residing for terminal in advance, if be only connected to single network company Connect, detect whether the network connection is configured with browser agent, while the set of URL of two network areas is asked respectively, to detection As a result judged, main criterion is that, if URL request has return, and return code is both less than precognition (such as 500), then UNICOM's dual network region simultaneously is regarded as, the detection that behavior is interconnected to a variety of violations of terminal is realized, can detect that terminal is more simultaneously Kind in violation of rules and regulations interconnection behavior (including agency interconnection, many network interface cards interconnection, auxiliary IP (hereinafter referred its English name Secondary IP) Interconnection etc.).

Detection engine of giving out a contract for a project more lightweight, can quickly find most of pair of net interconnection problem, can detect generation The unlawful practices such as reason interconnection, the interconnection of many network interface cards, Secondary IP interconnections.The detection device that the present invention introduced below is provided Another middle detection logic that embodiment three, four, five includes, its be referred to as route detecting and alarm, the route detecting and alarm for Many network interface card and Secondary IP interconnection Detection results more preferably, can as detection engine of giving out a contract for a project supplement, with detection engine of giving out a contract for a project Cooperation detection agency's interconnection scene.

Figure 17 is a kind of stream of the embodiment three of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu, referring to Fig. 7, in embodiment three, detection method also includes：

S108：When the terminal, which is set, is not provided with proxy server；Or ought not receive the first network region it During the URL that outer network area is returned；Or when receive URL that network area outside the first network region returns and When the return code of the URL is more than or equal to the return code threshold value, the IP information and routing iinformation of the terminal are obtained.

S109：UNICOM's state of the terminal is determined according to the IP information and routing iinformation.

Figure 18 is step S109 particular flow sheet, refers to Figure 18, the step includes：

S501：Obtain IP threshold values set in advance, route threshold value and exception network interface card title.

S502：The movable IP quantity of the terminal is determined according to the IP information；

S503：When the movable IP quantity is less than the IP threshold values, UNICOM's state of the terminal is mutual for non-dual network Connection；

S504：When the movable IP quantity is more than or equal to the IP threshold values, the end is judged according to the routing iinformation End whether there is default route or static routing；

S505：When being judged as YES, the network interface card title that the default route or static routing are pointed to is determined；

S506：For when the network interface card title is with the exception network interface card name-matches, UNICOM's state of the terminal to be Non- dual network interconnection.

That is, in the method, first determining whether detection activity IP quantity：

Figure 19 is a kind of stream of the embodiment four of the detection method of terminal dual network interconnection provided in an embodiment of the present invention Cheng Tu, refers to Figure 19, and the detection method also includes：

S110：When the network interface card title that the default route or static routing are pointed to is mismatched with the exception network interface card title When, a plurality of local routing is extracted according to the routing iinformation；

S111：Determine the corresponding network interface card information of the local routing.In the routing table, only comprising the hardware for matching the route Numbering, such as shown in the IPv4 routing tables shown in table 3, leading to network target 202.101.23.85 is 16 using hardware ID Equipment, by inquiring about computer hardware equipment ID, it is known that the equipment that hardware ID is 16 is network interface card A.In order to set up each route With the relation of map network link information (IP, gateway, dns), it is necessary to inquire about each corresponding hardware ID number of route, pass through Hardware ID number inquires network interface card information, according to network interface card information inquire the network connection whether activity, IP DNS gateway information Deng.There is no default route in routing table shown in table 3, first route is the static routing in sensing network A region, Article 2 It route to point to the static routing in network B region, the two constitutes dual network regional internet.

S112：A plurality of effective local routing is filtered out from the local routing according to the network interface card information.Specific Embodiment in, may can take ping gateways etc. also containing failure route, it is necessary to further screened in routing table Operating procedure, to ensure to exclude failure route.

S113：According to the effective local routing and dual network DNS collection set in advance, the terminal is determined UNICOM's state.

Figure 20 is step S113 particular flow sheet, refers to Figure 20, the step includes：

S601：When a plurality of effective local routing is a plurality of static routing, a plurality of static routing pair is obtained The feature answered；

S602：Compare the corresponding feature set in described two network areas and the corresponding feature of a plurality of static routing；

S603：It is described when the corresponding feature of a plurality of static routing belongs to the corresponding feature set in two network areas UNICOM's state of terminal interconnects for dual network.

Figure 21 is the particular flow sheet of step S113 embodiment two, is referred in Figure 21, embodiment two, the squad leader Also include：

S701：When a plurality of effective local routing is static routing and default route, the local road is obtained By corresponding feature；

S702：Compare the corresponding feature set in described two network areas and the corresponding feature of the local routing；

S703：When the corresponding feature of static routing feature corresponding with the default route belongs to two network areas During corresponding feature set, UNICOM's state of the terminal interconnects for dual network.

That is, when judging whether static routing constitutes dual network interconnection with default route, if there is static routing, and depositing In default route, and there is the minimum default route of a certain bar metric (the minimum default route of metric may in routing table It is not unique) and a certain bar static routing, meet：In the two network interface card by interface lookup to sensing, there is one to contain network area Domain A feature, another contains network area B feature, then being considered as dual network regional internet, (typical violation sample is for example following Table 4, table 5).In table 4, first route is points to the default route in network A region, and Article 2 route is to point to network B The static routing in region, the two constitutes dual network interconnection.In table 5, first and Article 2 route are all that metric is minimum Default route, first route is points to the default route in network A region, and Article 3 route is points to the quiet of network B region State is route, and the two constitutes dual network interconnection.

As above in embodiment three, four, five, routing table detecting and alarm is added in detection method, by computer Residing network environment information is extracted, network environment is judged in advance, is carried out IP combings judgement, routing table information and is entered It is capable to comb, judged result is combed, exported, main criterion is if there is two or more IP and presence can be same Shi Shengxiao route is able to UNICOM and two network areas, then regards as UNICOM's dual network region simultaneously.

Only include detection engine of giving out a contract for a project in the embodiment one, two of detection method that the present invention is provided, although its compared with For lightweight, most of pair of net interconnection problem can be quickly found, the violation feelings of proxy access interconnection can be particularly found Condition.But if the static routing table that (1) terminal is set does not include detection set of URL by chance, then there are problems that failing to report；(2) or The DNS of the network area of person two is identical, then is difficult the scene that Secondary IP violations are checked by detection engine of giving out a contract for a project.Therefore, Route detecting and alarm is added in embodiments of the present invention three, four, five, Detection results are further lifted.

It should be noted that although the operation of the inventive method is described with particular order in the accompanying drawings, this is not required that Or imply that these must be performed according to the particular order operates, or the operation having to carry out shown in whole could be realized Desired result.Additionally or alternatively, it is convenient to omit some steps, multiple steps are merged into a step to perform, and/ Or a step is decomposed into execution of multiple steps.

Below in conjunction with the accompanying drawings, technical scheme is described in detail with specific embodiment.Figure 25 is in specific embodiment The overall flow figure of the detection method of terminal dual network interconnection, in this specific embodiment, policy update are mainly responsible for from strategy Management server obtain corresponding strategies update, detection engine of giving out a contract for a project mainly realize to terminal whether by proxy server simultaneously The detection in UNICOM's heterogeneous networks region；Routing table detecting and alarm module mainly realize to terminal whether by many network interface cards or SecondaryIP modes are while the detection in UNICOM's heterogeneous networks region.Violation processing stream can also be increased newly on the basis of the present invention Journey, connects the behavior record daily record of obstructed network area for terminal and further handles (for example cutting off network connection) simultaneously, Form a whole set of automatic detection processing whole process.

The detection engine flow chart of giving out a contract for a project for the specific embodiment that Figure 26 provides for the present invention, refers to Figure 26, detection of giving out a contract for a project Engine to implement logic as follows：

(1), (cycle detection time interval can configure cycle detection, it is contemplated that access the IO expenses and connection network of hardware Network delay, be recommended as 1 minute).Detection cycle starts to jump to (2)；

(2) after, detection starts, judge whether terminal has network interface card to be active, if be active, perform (3).If without movable network interface card, detection of end jumps to routing table detecting and alarm；

(3) all dns address lists of terminal local activity network interface card, are obtained, rejecting exception network interface card, (such as enterprise VPN is virtual Network interface card) dns address, formed local dns list, jump to (4)；

(4) " network area A DNS collection " and " the network area B DNS in local dns list and strategy, are compared Collection ".If local dns list belongs to a network area DNS, illustrate that terminal is in single network physical UNICOM environment, Jump to (5).If local dns list belongs to heterogeneous networks region, detection of end jumps to routing table detecting and alarm；

(5), continue detection and act on behalf of facilities, acted on behalf of if setting, then pass through another net of engine calling proxy access The page of network region website, do not return or return code be more than 500 (server internal error) when belong to non-UNICOM, such as Fruit return code is less than 500, then illustrates that terminal is in double net interconnection states, jump to (6).If not meeting features described above, Detection of end, jumps to routing table detecting and alarm；

(6), record network interconnection result output.

Detection engine of giving out a contract for a project terminates, and jumps to routing table detecting and alarm.

The route detecting and alarm flow chart for the specific embodiment that Figure 27 provides for the present invention, refers to Figure 27, route detection Engine to implement logic as follows：

(1) detection activity IP quantity, is judged：

If a, activity IP quantity are more than or equal to 2, judgement (2) is gone to；

If b, activity IP quantity are less than 2, detection of end.

(2), judge to exclude exception network interface card：

If a, at least exist a default route or static routing, and its point to network interface card title match exception Adapter Name Claim, then detection of end；

B, otherwise, goes to judgement (3)；

(3) routing table, is detected, the specific embodiment that dual network is interconnected, and Figure 28 provides for the present invention is judged whether Two default routes constitute the flow chart that dual network interconnects scene, and the sub- logical flow chart of route detection is as follows：

A, extract local all routes, network objectives and netmask full 0 for default route, other routes are non-write from memory Recognize the route of route, jump to b.

B, in the routing table, only comprising the hardware number for matching the route, such as leading to network target in table 3 202.101.23.85 using the equipment that hardware ID is 16, by inquiring about computer hardware equipment ID, it is known that hardware ID is 16 Equipment is network interface card A.In order to set up each route with the relation of map network link information (IP, gateway, dns), it is necessary to inquire about The corresponding hardware ID number of each route, inquires network interface card information by hardware ID number, the network is inquired according to network interface card information Connection whether activity, IP DNS gateway information etc. (result is referring to table 3, table 4, table 5 after correspondence), jump to c.

It may also contain failure route, it is necessary to further be screened in c, routing table, ping gateways etc. can be taken to operate Step, to ensure to exclude failure route, jumps to d.

D, judge that two static routing constitute dual networks interconnection:If there is static routing, and static routing have contain net Network region A feature, the feature containing network area B having, if any two static routing can match two network areas The gateway network segment in domain, then be considered as double net interconnection states, jump to f.When not meeting features described above, e is jumped to.

E, static routing and default route constitute dual network interconnection:If there is static routing, and there is default route, and Exist the minimum default route of a certain bar metric (the minimum default route of metric may not be unique in routing table) with it is a certain Bar static routing, meets：In the two network interface card by interface lookup to sensing, there is a feature containing network area A, separately One feature containing network area B, then be considered as dual network regional internet (typical violation sample is referring to table 4, table 5), jump to f.When not meeting features described above, g is jumped to.

F, dual network regional internet state extract terminal routing information, detection of end.

G, other routing conditions are considered as non-dual network regional internet situation, detection of end.

As described above, present embodiments providing a kind of detection scheme of terminal dual network interconnection, pass through two detecting and alarms Real-time detection, can effectively be found in end side agency interconnection, many network interface cards interconnection, Secondary IP interconnection etc. a variety of nets Network interconnection behavior, and having the advantage that in violation of rules and regulations：

1st, relative to bag detecting strategy of the tradition based on all kinds of scan protocols, detection engine of giving out a contract for a project of the invention：

(1) found from upper end centralization, drive sweep formula, be changed into lower end distribution, the pattern of active detecting discovery.Cause To be detected in end side, so single detecting server need not be disposed in each network area, and reduce to network The dependence of environment, improves the accuracy rate of detection.

(2) using the HTTP application protocols detection based on TCP reliable transport protocols, it is to avoid under complex scene, ping, What the simple unreliable protocol such as syslog detectives survey was likely to occur fails to report by mistake.

2nd, relative to local detection scheme of the tradition based on C/S terminals.The route detecting and alarm of the present invention：

(1) using by the way of end side deployment lightweight script circular test, the computing resource of terminal had both been saved, again It can in real time detect, record unlawful practice.

(2) most direct routing table detection method is used, it is to avoid terminal interconnects behavior huge number, every kind of Novel net in violation of rules and regulations Card be required for individually research the problem of, particularly employee deliberately evade wait complex scene under, energy effective detection pinpoint the problems.

3rd, two detecting and alarms aid in mutually, complemented one another, and can efficiently find the behavior of user's dual network interconnection, effectively User is avoided to be bypassed by all kinds of technological means.Detected engine is judged as that program is certainly while connecting the terminal in Multi net voting region Dynamic log simultaneously takes treatment measures (such as disabling network interface card).

For the improvement of a technology, can clearly to distinguish be improvement on hardware (for example, to diode, crystal Pipe, switch etc. circuit structure improvement) or software on improvement (for the improvement of method flow).However, with technology Development, the improvement of current many method flows can be considered as directly improving for hardware circuit.Designer is almost All corresponding hardware circuit is obtained by the way that improved method flow is programmed into hardware circuit.Therefore, it cannot be said that one The improvement of individual method flow cannot be realized with hardware entities module.For example, PLD (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) It is exactly such a integrated circuit, its logic function is determined by user to device programming.By designer is voluntarily programmed come handle One digital display circuit " integrated " is on a piece of PLD, without asking chip maker to design and make special integrated electricity Road chip.Moreover, nowadays, substitution manually makes IC chip, and " logic compiler is also used in this programming instead mostly (logic compiler) " softwares realize that software compiler used is similar when it writes with program development, and to compile Also handy specific programming language is write for source code before translating, and this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but have many kinds, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、 Confluence、 CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed Integrated are most generally used at present Circuit Hardware Description Language) and Verilog2.Those skilled in the art also will be apparent to the skilled artisan that only Need method flow slightly programming in logic and being programmed into integrated circuit with above-mentioned several hardware description languages, it is possible to very It is readily obtained the hardware circuit for realizing the logical method flow.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing Device and storage can by the computer of the computer readable program code (such as software or firmware) of (micro-) computing device Read medium, gate, switch, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, the example of controller includes but is not limited to following micro-control Device processed：ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, Memory Controller is also implemented as a part for the control logic of memory.

It is also known in the art that in addition to realizing controller in pure computer readable program code mode, it is complete By the way that method and step is carried out into programming in logic controller can be caused with gate, switch entirely, application specific integrated circuit, can compiled Journey logic controller realizes identical function with the form of embedded microcontroller etc..Therefore this controller is considered A kind of hardware component, and the structure in hardware component can also be considered as to the device for realizing various functions included in it. Or even, not only can be able to will be the software module of implementation method but also can be for realizing that the device of various functions is considered as Structure in hardware component.

System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity, Or realized by the product with certain function.

For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, this is being implemented The function of each unit can be realized in same or multiple softwares and/or hardware during application.

As seen through the above description of the embodiments, those skilled in the art can be understood that the application can Realized by the mode of software plus required general hardware platform.Understood based on such, the technical scheme essence of the application On the part that is contributed in other words to prior art can be embodied in the form of software product, computer software production Product can be stored in storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are to cause a computer System (can be personal computer, server, or network system etc.) performs each embodiment of the application or embodiment Method described in some parts.

Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.Especially for system For embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is real referring to method Apply the part explanation of example.

The application can be used in numerous general or special purpose computing system environments or configuration.For example：Personal computer, clothes Be engaged in device computer, hand system or portable system, plate system, multicomputer system, the system based on microprocessor, Set top box, programmable consumer electronics system, network PC, minicom, mainframe computer including any of the above system or DCE of system etc..

The application can be described in the general context of computer executable instructions, such as program Module.Usually, program module include performing particular task or realize the routine of particular abstract data type, program, object, Component, data structure etc..The application can also be put into practice in a distributed computing environment, in these DCEs, Task is performed by the teleprocessing system connected by communication network.In a distributed computing environment, program module can With positioned at including in the local and remote computer-readable storage medium including storage system.

Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application have it is many deformation and Change is without departing from spirit herein, it is desirable to which appended claim includes these deformations and changed without departing from the application Spirit.

Claims

1. a kind of detection method of terminal dual network interconnection, it is characterized in that, methods described includes：

Dual network DNS collection set in advance is obtained, the dual network DNS collection includes the corresponding feature set in two network areas；

2. according to the method described in claim 1, it is characterized in that, the local dns address column for determining the corresponding network interface card of terminal Table includes：

3. method according to claim 2, it is characterized in that, according to the local dns address list and the dual network DNS collection, determining UNICOM's state of the terminal includes：

It is described when the local dns address in the local dns address list belongs to the corresponding feature set in different network area UNICOM's state of terminal interconnects for dual network.

4. method according to claim 3, it is characterized in that, methods described also includes：

It is described when the local dns address in the local dns address list belongs to the corresponding feature set in same network area Same network area is referred to as first network region；

When the terminal is provided with proxy server, dual network set of URL set in advance, the dual network set of URL bag are obtained Include the corresponding set of URL in two network areas；

When receiving real-time URL, according to the real-time URL and the dual network set of URL, the UNICOM of the terminal is determined State.

5. method according to claim 4, it is characterized in that, according to the real-time URL and the dual network set of URL, really Making UNICOM's state of the terminal includes：

Compare the dual network set of URL and the real-time URL；

When the corresponding set of URL in the network area outside the real-time URL belongs to the first network region, acquisition is preset Return code threshold value；

When the return code of the real-time URL is less than the return code threshold value, UNICOM's state of the terminal interconnects for dual network.

6. method according to claim 5, it is characterized in that, methods described also includes：

When the terminal, which is set, is not provided with proxy server；Or

When the URL and the URL that receive the return of the network area outside the first network region return code are more than or equal to During the return code threshold value, the IP information and routing iinformation of the terminal are obtained；

7. method according to claim 6, it is characterized in that, the terminal is determined according to the IP information and routing iinformation UNICOM's state include：

When the movable IP quantity is more than or equal to the IP threshold values, judge that the terminal whether there is according to the routing iinformation Default route or static routing；

When the network interface card title is with the exception network interface card name-matches, UNICOM's state of the terminal interconnects for non-dual network.

8. method according to claim 7, it is characterized in that, methods described also includes：

When the network interface card title that the default route or static routing are pointed to is mismatched with the exception network interface card title, according to described Routing iinformation extracts a plurality of local routing；

According to the effective local routing and dual network DNS collection set in advance, UNICOM's state of the terminal is determined.

9. method according to claim 8, it is characterized in that, according to the effective local routing and set in advance pair Network DNS collection, determining UNICOM's state of the terminal includes：

When a plurality of effective local routing is a plurality of static routing, the corresponding feature of a plurality of static routing is obtained；

When the corresponding feature of a plurality of static routing belongs to the corresponding feature set in two network areas, the UNICOM of the terminal State interconnects for dual network.

10. method according to claim 8, it is characterized in that, according to the effective local routing and set in advance Dual network DNS collection, determining UNICOM's state of the terminal includes：

When a plurality of effective local routing is static routing and default route, the corresponding spy of the local routing is obtained Levy；

When the corresponding feature of static routing feature corresponding with the default route belongs to the corresponding spy in two network areas During collection, UNICOM's state of the terminal interconnects for dual network.

11. a kind of detection device of terminal dual network interconnection, it is characterized in that, the equipment includes：

Feature set acquisition device, for obtaining dual network DNS collection set in advance, the dual network DNS collection includes two networks The corresponding feature set in region；

UNICOM's state determination device, for according to the local dns address list and the dual network DNS collection, determining institute State UNICOM's state of terminal.

12. equipment according to claim 11, it is characterized in that, the address list determining device includes：

Status information determining module, the status information for obtaining the corresponding network interface card of the terminal；

Address list acquisition module, for when the status information shows that the network interface card is active, obtaining the net The dns address list of card；

Module is rejected in address, for rejecting exception network interface card dns address from the dns address list, forms local dns address column Table.

13. equipment according to claim 12, it is characterized in that, UNICOM's state determination device includes：

Feature comparing module, for comparing local dns address list feature set corresponding with two network areas；

First state output module, for belonging to different network areas when the local dns address in the local dns address list During the corresponding feature set in domain, UNICOM's state of the terminal is dual network interconnection.

14. equipment according to claim 13, it is characterized in that, the equipment also includes：

Network area determining device, for belonging to same network area when the local dns address in the local dns address list During the corresponding feature set in domain, the same network area is referred to as first network region；

Finger URL acquisition device, for when the terminal is provided with proxy server, obtaining dual network URL set in advance Collection, the dual network set of URL includes the corresponding set of URL in two network areas；

Network area access mechanism, for accessing the network area outside the first network region by the proxy server Domain；

Third state output device, for when receiving real-time URL, according to the real-time URL and dual network URL Collection, determines UNICOM's state of the terminal.

15. equipment according to claim 14, it is characterized in that, the third state output device includes：

Finger URL comparing module, for comparing the dual network set of URL and the real-time URL；

Return code acquisition module, the network area for belonging to outside the first network region as the real-time URL is corresponding During set of URL, return code threshold value set in advance is obtained；

Third state output module, for when the real-time URL return code be less than the return code threshold value when, the terminal UNICOM's state interconnects for dual network.

16. equipment according to claim 15, it is characterized in that, the equipment also includes：

Information acquisition device, for when terminal setting is not provided with proxy server；Or ought not receive first net During the URL that the network area outside network region is returned；Or returned when receiving the network area outside the first network region URL and the return code of URL when being more than or equal to the return code threshold value, obtain the IP information and route letter of the terminal Breath；

4th state output device, UNICOM's state for determining the terminal according to the IP information and routing iinformation.

17. equipment according to claim 16, it is characterized in that, the 4th state output device includes：

Threshold value acquisition module, for obtaining IP threshold values set in advance, route threshold value and exception network interface card title；

5th state output module, for when the movable IP quantity be less than the IP threshold values when, UNICOM's state of the terminal Interconnected for non-dual network；

Judge module, for when the movable IP quantity is more than or equal to the IP threshold values, institute to be judged according to the routing iinformation Terminal is stated with the presence or absence of default route or static routing；

Network interface card title determining module, for when being judged as YES, determining the Adapter Name that the default route or static routing are pointed to Claim；

6th state output module, for when the network interface card title with it is described exception network interface card name-matches when, the connection of the terminal Logical state interconnects for non-dual network.

18. equipment according to claim 17, it is characterized in that, the equipment also includes：

Extraction element is route, for when the default route or the network interface card title of static routing sensing and the exception network interface card title During mismatch, a plurality of local routing is extracted according to the routing iinformation；

Screening plant is route, for filtering out a plurality of effective local road from the local routing according to the network interface card information By；

7th state output device, for according to the effective local routing and dual network DNS collection set in advance, it is determined that Go out UNICOM's state of the terminal.

19. equipment according to claim 18, it is characterized in that, the 7th state output device includes：

Feature acquisition module, for when a plurality of effective local routing is a plurality of static routing, obtaining described a plurality of quiet State route corresponding feature；

Route characteristics comparing module, for comparing the corresponding feature set in described two network areas and a plurality of static routing Corresponding feature；

8th state output module, for belonging to the corresponding spy in two network areas when the corresponding feature of a plurality of static routing During collection, UNICOM's state of the terminal interconnects for dual network.

20. equipment according to claim 18, it is characterized in that, the 7th state output device also includes：

Character pair acquisition module, for when a plurality of effective local routing is static routing and default route, obtaining Take the corresponding feature of the local routing；

Feature comparing module, for comparing the corresponding feature set in described two network areas and the corresponding spy of the local routing Levy；

9th state output module, for belonging to when the corresponding feature of static routing feature corresponding with the default route During the corresponding feature set in two network areas, UNICOM's state of the terminal is dual network interconnection.

21. a kind of detecting system of terminal dual network interconnection, it is characterized in that, the system include terminal, two network areas with And the detection device as described in claim 11 to 20 any one,

Wherein, the detection device includes：

Address list determining device, the local dns address list for determining the corresponding network interface card of the terminal；