CN107453989A - Internet behavior information processing method for enterprise gateway - Google Patents

Internet behavior information processing method for enterprise gateway Download PDF

Info

Publication number
CN107453989A
CN107453989A CN201710898359.9A CN201710898359A CN107453989A CN 107453989 A CN107453989 A CN 107453989A CN 201710898359 A CN201710898359 A CN 201710898359A CN 107453989 A CN107453989 A CN 107453989A
Authority
CN
China
Prior art keywords
port numbers
server
processing method
information processing
proxy server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710898359.9A
Other languages
Chinese (zh)
Inventor
马彦龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Link Telecom Technology Co Ltd
Original Assignee
Shanghai Link Telecom Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Link Telecom Technology Co Ltd filed Critical Shanghai Link Telecom Technology Co Ltd
Priority to CN201710898359.9A priority Critical patent/CN107453989A/en
Publication of CN107453989A publication Critical patent/CN107453989A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5053Lease time; Renewal aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of internet behavior information processing method for enterprise gateway, including step:S1:Service server reports information updating to be used for storage agent server ip and the address table of port numbers according to each gateway;S2:Judge whether far-end IP corresponding to the packet of Intranet client computer and distal end slogan match with the IP of any agent server and port numbers in address table, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.Compared with prior art, the interconnection that the present invention is established between all gateways by service server, so as to improve the recognition accuracy of the proxy server based on IP and port numbers.

Description

Internet behavior information processing method for enterprise gateway
Technical field
The present invention relates to a kind of internet behavior processing method, believes more particularly, to a kind of internet behavior for enterprise gateway Cease processing method.
Background technology
Game is played during the thing of boss's headache the most surely belongs to be on duty in enterprise, is seen a film or unlimited using bandwidth resources The mad P2P of system is downloaded, and is done a little and the irrelevant behavior that works, these behaviors and is seriously consumed ERM, influence enterprise Office and production efficiency, how the non-protection application such as reasonable management and control amusement behavior, P2P downloads, Web TV, protect during working The normal operation raising production efficiency for hindering enterprise's OA office system is the problem of paying the utmost attention to the most.
Network firewall common at present is respective orphan mostly to serving the filter type of the access and packet of network Vertical, it corresponds to applicating category by far-end IP and remote port come identification data bag, and this mode is often passed through by client computer The mode of proxy server escapes from the examination of gateway.
The content of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind is used for enterprise gateway Internet behavior information processing method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of internet behavior information processing method for enterprise gateway, including step:
S1:Service server reports information updating to be used for storage agent server ip and the ground of port numbers according to each gateway Location table;
S2:Judge far-end IP corresponding to the packet of Intranet client computer and distal end slogan whether with any generation in address table IP and the port numbers matching of server are managed, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
Step S1 specifically includes step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway;
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
Step S12 is specifically included:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then recognizing Far-end IP and port numbers are proxy server corresponding to fixed;
S122:The far-end IP of identification and port numbers are reported into business service as the IP and port numbers of proxy server Device.
Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address To threshold value, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address Value, it is specially:
If the continuous occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address To first threshold.
First threshold is 5 times.
Compared with prior art, the invention has the advantages that:
1) interconnection established by service server between all gateways, so as to improve based on IP and the agency of port numbers clothes The recognition accuracy of business device.
2) after identifying proxy server by the HTTP_VIA fields in environmental variance, using its IP and port numbers as blocking Foundation is cut, intercepting efficiency can be improved.
3) address table replacement is periodically carried out, is avoided because without interception caused by dynamic IP.
4) exist for retaining item, specially treated when resetting can be for the fixed IP in part proxy server one Lao Yongyi is intercepted.
Brief description of the drawings
Fig. 1 is the key step schematic flow sheet of the present invention.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to Following embodiments.
A kind of internet behavior information processing method for enterprise gateway, established by service server between all gateways Interconnection, so as to improve the recognition accuracy of the proxy server based on IP and port numbers.
As shown in figure 1, including step:
S1:Service server reports information updating to be used for storage agent server ip and the ground of port numbers according to each gateway Location table, specifically includes step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway, specific bag Include:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then recognizing Far-end IP and port numbers are proxy server corresponding to fixed, and agency service is identified by the HTTP_VIA fields in environmental variance After device, using its IP and port numbers as foundation is intercepted, intercepting efficiency can be improved;
S122:The far-end IP of identification and port numbers are reported into business service as the IP and port numbers of proxy server Device.
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
S2:Judge far-end IP corresponding to the packet of Intranet client computer and distal end slogan whether with any generation in address table IP and the port numbers matching of server are managed, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address To threshold value, then the proxy server is retains item, it is preferred that if in the table of current address any agent server IP and port numbers Continuous occurrence number before all previous replacement reaches first threshold, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address Value, it is specially:
Wherein, first threshold is preferably 5 times.

Claims (6)

1. a kind of internet behavior information processing method for enterprise gateway, it is characterised in that including step:
S1:Service server reports information updating for storage agent server ip and the address of port numbers according to each gateway Table;
S2:Judge whether far-end IP corresponding to the packet of Intranet client computer and distal end slogan take with any agent in address table The IP of business device and port numbers matching, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
A kind of 2. internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that institute State step S1 and specifically include step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway;
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
A kind of 3. internet behavior information processing method for enterprise gateway according to claim 2, it is characterised in that institute Step S12 is stated to specifically include:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then identification pair The far-end IP and port numbers answered are proxy server;
S122:The far-end IP of identification and port numbers are reported into service server as the IP and port numbers of proxy server.
4. a kind of internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that every Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address Value, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
A kind of 5. internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that institute If stating the occurrence number of the IP of any agent server and port numbers before all previous replacement in the table of current address reaches threshold value, specifically For:
If the continuous occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address One threshold value.
A kind of 6. internet behavior information processing method for enterprise gateway according to claim 5, it is characterised in that institute First threshold is stated as 5 times.
CN201710898359.9A 2017-09-28 2017-09-28 Internet behavior information processing method for enterprise gateway Pending CN107453989A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710898359.9A CN107453989A (en) 2017-09-28 2017-09-28 Internet behavior information processing method for enterprise gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710898359.9A CN107453989A (en) 2017-09-28 2017-09-28 Internet behavior information processing method for enterprise gateway

Publications (1)

Publication Number Publication Date
CN107453989A true CN107453989A (en) 2017-12-08

Family

ID=60498332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710898359.9A Pending CN107453989A (en) 2017-09-28 2017-09-28 Internet behavior information processing method for enterprise gateway

Country Status (1)

Country Link
CN (1) CN107453989A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556388A (en) * 2021-07-14 2021-10-26 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212375A (en) * 2006-12-30 2008-07-02 北大方正集团有限公司 Method and system for controlling network access via agent
US8055767B1 (en) * 2008-07-15 2011-11-08 Zscaler, Inc. Proxy communication string data
CN102752756A (en) * 2012-06-08 2012-10-24 深信服网络科技(深圳)有限公司 Method and device for preventing surfing the Internet by privately connecting wireless access point (AP)
CN105847234A (en) * 2016-03-11 2016-08-10 中国联合网络通信集团有限公司 Suspicious terminal access pre-warning method, gateway management platform and gateway device
CN106549959A (en) * 2016-10-26 2017-03-29 中国银联股份有限公司 A kind of recognition methodss of agent IP Protocol IP address and device
CN106651580A (en) * 2016-12-15 2017-05-10 北京知道创宇信息技术有限公司 Method and device for judging whether financial account is malicious or not, and computing device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212375A (en) * 2006-12-30 2008-07-02 北大方正集团有限公司 Method and system for controlling network access via agent
US8055767B1 (en) * 2008-07-15 2011-11-08 Zscaler, Inc. Proxy communication string data
CN102752756A (en) * 2012-06-08 2012-10-24 深信服网络科技(深圳)有限公司 Method and device for preventing surfing the Internet by privately connecting wireless access point (AP)
CN105847234A (en) * 2016-03-11 2016-08-10 中国联合网络通信集团有限公司 Suspicious terminal access pre-warning method, gateway management platform and gateway device
CN106549959A (en) * 2016-10-26 2017-03-29 中国银联股份有限公司 A kind of recognition methodss of agent IP Protocol IP address and device
CN106651580A (en) * 2016-12-15 2017-05-10 北京知道创宇信息技术有限公司 Method and device for judging whether financial account is malicious or not, and computing device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556388A (en) * 2021-07-14 2021-10-26 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium
CN113556388B (en) * 2021-07-14 2023-06-13 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium

Similar Documents

Publication Publication Date Title
US10701035B2 (en) Distributed traffic management system and techniques
US10673877B2 (en) Method and apparatus for detecting port scans in a network
US20200293305A1 (en) Enhanced device updating
US9462009B1 (en) Detecting risky domains
US7916652B1 (en) Analyzing network traffic to diagnose subscriber network errors
CN101505219B (en) Method and protecting apparatus for defending denial of service attack
US20090182864A1 (en) Method and apparatus for fingerprinting systems and operating systems in a network
RU2634209C1 (en) System and method of autogeneration of decision rules for intrusion detection systems with feedback
US20050154733A1 (en) Real-time change detection for network systems
CN109644146B (en) Locating network faults through differential analysis of TCP telemetry
CN105959290A (en) Detection method and device of attack message
CN105743878A (en) Dynamic service handling using a honeypot
CN101572711B (en) Network-based detection method of rebound ports Trojan horse
CN113691566B (en) Mail server secret stealing detection method based on space mapping and network flow statistics
CN107360198B (en) Suspicious domain name detection method and system
CN107465666A (en) A kind of client ip acquisition methods and device
CN106357685A (en) Method and device for defending distributed denial of service attack
Osanaiye et al. TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment
CN108551449B (en) Anti-virus management system and method
CN104640105B (en) Associated method and system is analyzed and threatened to mobile phone viruses
Nitin et al. Intrusion detection and prevention system (idps) technology-network behavior analysis system (nbas)
CN111092900A (en) Method and device for monitoring abnormal connection and scanning behavior of server
CN109347892A (en) A kind of Internet Industry assets scanning processing method and device
CN111901317B (en) Access control policy processing method, system and equipment
Singh et al. Distributed defense: an edge over centralized defense against DDoS attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171208