CN107453989A - Internet behavior information processing method for enterprise gateway - Google Patents
Internet behavior information processing method for enterprise gateway Download PDFInfo
- Publication number
- CN107453989A CN107453989A CN201710898359.9A CN201710898359A CN107453989A CN 107453989 A CN107453989 A CN 107453989A CN 201710898359 A CN201710898359 A CN 201710898359A CN 107453989 A CN107453989 A CN 107453989A
- Authority
- CN
- China
- Prior art keywords
- port numbers
- server
- processing method
- information processing
- proxy server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5053—Lease time; Renewal aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of internet behavior information processing method for enterprise gateway, including step:S1:Service server reports information updating to be used for storage agent server ip and the address table of port numbers according to each gateway;S2:Judge whether far-end IP corresponding to the packet of Intranet client computer and distal end slogan match with the IP of any agent server and port numbers in address table, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.Compared with prior art, the interconnection that the present invention is established between all gateways by service server, so as to improve the recognition accuracy of the proxy server based on IP and port numbers.
Description
Technical field
The present invention relates to a kind of internet behavior processing method, believes more particularly, to a kind of internet behavior for enterprise gateway
Cease processing method.
Background technology
Game is played during the thing of boss's headache the most surely belongs to be on duty in enterprise, is seen a film or unlimited using bandwidth resources
The mad P2P of system is downloaded, and is done a little and the irrelevant behavior that works, these behaviors and is seriously consumed ERM, influence enterprise
Office and production efficiency, how the non-protection application such as reasonable management and control amusement behavior, P2P downloads, Web TV, protect during working
The normal operation raising production efficiency for hindering enterprise's OA office system is the problem of paying the utmost attention to the most.
Network firewall common at present is respective orphan mostly to serving the filter type of the access and packet of network
Vertical, it corresponds to applicating category by far-end IP and remote port come identification data bag, and this mode is often passed through by client computer
The mode of proxy server escapes from the examination of gateway.
The content of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind is used for enterprise gateway
Internet behavior information processing method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of internet behavior information processing method for enterprise gateway, including step:
S1:Service server reports information updating to be used for storage agent server ip and the ground of port numbers according to each gateway
Location table;
S2:Judge far-end IP corresponding to the packet of Intranet client computer and distal end slogan whether with any generation in address table
IP and the port numbers matching of server are managed, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
Step S1 specifically includes step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway;
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
Step S12 is specifically included:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then recognizing
Far-end IP and port numbers are proxy server corresponding to fixed;
S122:The far-end IP of identification and port numbers are reported into business service as the IP and port numbers of proxy server
Device.
Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address
To threshold value, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address
Value, it is specially:
If the continuous occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address
To first threshold.
First threshold is 5 times.
Compared with prior art, the invention has the advantages that:
1) interconnection established by service server between all gateways, so as to improve based on IP and the agency of port numbers clothes
The recognition accuracy of business device.
2) after identifying proxy server by the HTTP_VIA fields in environmental variance, using its IP and port numbers as blocking
Foundation is cut, intercepting efficiency can be improved.
3) address table replacement is periodically carried out, is avoided because without interception caused by dynamic IP.
4) exist for retaining item, specially treated when resetting can be for the fixed IP in part proxy server one
Lao Yongyi is intercepted.
Brief description of the drawings
Fig. 1 is the key step schematic flow sheet of the present invention.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention
Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to
Following embodiments.
A kind of internet behavior information processing method for enterprise gateway, established by service server between all gateways
Interconnection, so as to improve the recognition accuracy of the proxy server based on IP and port numbers.
As shown in figure 1, including step:
S1:Service server reports information updating to be used for storage agent server ip and the ground of port numbers according to each gateway
Location table, specifically includes step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway, specific bag
Include:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then recognizing
Far-end IP and port numbers are proxy server corresponding to fixed, and agency service is identified by the HTTP_VIA fields in environmental variance
After device, using its IP and port numbers as foundation is intercepted, intercepting efficiency can be improved;
S122:The far-end IP of identification and port numbers are reported into business service as the IP and port numbers of proxy server
Device.
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
S2:Judge far-end IP corresponding to the packet of Intranet client computer and distal end slogan whether with any generation in address table
IP and the port numbers matching of server are managed, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address
To threshold value, then the proxy server is retains item, it is preferred that if in the table of current address any agent server IP and port numbers
Continuous occurrence number before all previous replacement reaches first threshold, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address
Value, it is specially:
Wherein, first threshold is preferably 5 times.
Claims (6)
1. a kind of internet behavior information processing method for enterprise gateway, it is characterised in that including step:
S1:Service server reports information updating for storage agent server ip and the address of port numbers according to each gateway
Table;
S2:Judge whether far-end IP corresponding to the packet of Intranet client computer and distal end slogan take with any agent in address table
The IP of business device and port numbers matching, if it has, then the packet is intercepted, if it has not, the packet of then letting pass.
A kind of 2. internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that institute
State step S1 and specifically include step:
S11:Service server establishes the address table for storage agent server ip and port numbers;
S12:The IP of proxy server that itself finds and port numbers are reported to service server by each gateway;
S13:The IP for receiving proxy server and port numbers are added in address table by proxy server.
A kind of 3. internet behavior information processing method for enterprise gateway according to claim 2, it is characterised in that institute
Step S12 is stated to specifically include:
S121:Gateway judges whether HTTP_VIA fields have setting in the environmental variance that client computer is sent, if it has, then identification pair
The far-end IP and port numbers answered are proxy server;
S122:The far-end IP of identification and port numbers are reported into service server as the IP and port numbers of proxy server.
4. a kind of internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that every
Every setting time interval, address table is reset, and reset process includes step:
S31:If the occurrence number of the IP of any agent server and port numbers before all previous replacement reaches threshold in the table of current address
Value, then the proxy server is reservation item;
S32:In addition to item is retained, all proxy server IP stored in the table of current address port numbers are deleted.
A kind of 5. internet behavior information processing method for enterprise gateway according to claim 1, it is characterised in that institute
If stating the occurrence number of the IP of any agent server and port numbers before all previous replacement in the table of current address reaches threshold value, specifically
For:
If the continuous occurrence number of the IP of any agent server and port numbers before all previous replacement reaches in the table of current address
One threshold value.
A kind of 6. internet behavior information processing method for enterprise gateway according to claim 5, it is characterised in that institute
First threshold is stated as 5 times.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898359.9A CN107453989A (en) | 2017-09-28 | 2017-09-28 | Internet behavior information processing method for enterprise gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898359.9A CN107453989A (en) | 2017-09-28 | 2017-09-28 | Internet behavior information processing method for enterprise gateway |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107453989A true CN107453989A (en) | 2017-12-08 |
Family
ID=60498332
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710898359.9A Pending CN107453989A (en) | 2017-09-28 | 2017-09-28 | Internet behavior information processing method for enterprise gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107453989A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113556388A (en) * | 2021-07-14 | 2021-10-26 | 杭州玳数科技有限公司 | Proxy service method, proxy service platform, computer device, and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212375A (en) * | 2006-12-30 | 2008-07-02 | 北大方正集团有限公司 | Method and system for controlling network access via agent |
US8055767B1 (en) * | 2008-07-15 | 2011-11-08 | Zscaler, Inc. | Proxy communication string data |
CN102752756A (en) * | 2012-06-08 | 2012-10-24 | 深信服网络科技(深圳)有限公司 | Method and device for preventing surfing the Internet by privately connecting wireless access point (AP) |
CN105847234A (en) * | 2016-03-11 | 2016-08-10 | 中国联合网络通信集团有限公司 | Suspicious terminal access pre-warning method, gateway management platform and gateway device |
CN106549959A (en) * | 2016-10-26 | 2017-03-29 | 中国银联股份有限公司 | A kind of recognition methodss of agent IP Protocol IP address and device |
CN106651580A (en) * | 2016-12-15 | 2017-05-10 | 北京知道创宇信息技术有限公司 | Method and device for judging whether financial account is malicious or not, and computing device |
-
2017
- 2017-09-28 CN CN201710898359.9A patent/CN107453989A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212375A (en) * | 2006-12-30 | 2008-07-02 | 北大方正集团有限公司 | Method and system for controlling network access via agent |
US8055767B1 (en) * | 2008-07-15 | 2011-11-08 | Zscaler, Inc. | Proxy communication string data |
CN102752756A (en) * | 2012-06-08 | 2012-10-24 | 深信服网络科技(深圳)有限公司 | Method and device for preventing surfing the Internet by privately connecting wireless access point (AP) |
CN105847234A (en) * | 2016-03-11 | 2016-08-10 | 中国联合网络通信集团有限公司 | Suspicious terminal access pre-warning method, gateway management platform and gateway device |
CN106549959A (en) * | 2016-10-26 | 2017-03-29 | 中国银联股份有限公司 | A kind of recognition methodss of agent IP Protocol IP address and device |
CN106651580A (en) * | 2016-12-15 | 2017-05-10 | 北京知道创宇信息技术有限公司 | Method and device for judging whether financial account is malicious or not, and computing device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113556388A (en) * | 2021-07-14 | 2021-10-26 | 杭州玳数科技有限公司 | Proxy service method, proxy service platform, computer device, and storage medium |
CN113556388B (en) * | 2021-07-14 | 2023-06-13 | 杭州玳数科技有限公司 | Proxy service method, proxy service platform, computer device, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10701035B2 (en) | Distributed traffic management system and techniques | |
US10673877B2 (en) | Method and apparatus for detecting port scans in a network | |
US20200293305A1 (en) | Enhanced device updating | |
US9462009B1 (en) | Detecting risky domains | |
US7916652B1 (en) | Analyzing network traffic to diagnose subscriber network errors | |
CN101505219B (en) | Method and protecting apparatus for defending denial of service attack | |
US20090182864A1 (en) | Method and apparatus for fingerprinting systems and operating systems in a network | |
RU2634209C1 (en) | System and method of autogeneration of decision rules for intrusion detection systems with feedback | |
US20050154733A1 (en) | Real-time change detection for network systems | |
CN109644146B (en) | Locating network faults through differential analysis of TCP telemetry | |
CN105959290A (en) | Detection method and device of attack message | |
CN105743878A (en) | Dynamic service handling using a honeypot | |
CN101572711B (en) | Network-based detection method of rebound ports Trojan horse | |
CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
CN107360198B (en) | Suspicious domain name detection method and system | |
CN107465666A (en) | A kind of client ip acquisition methods and device | |
CN106357685A (en) | Method and device for defending distributed denial of service attack | |
Osanaiye et al. | TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment | |
CN108551449B (en) | Anti-virus management system and method | |
CN104640105B (en) | Associated method and system is analyzed and threatened to mobile phone viruses | |
Nitin et al. | Intrusion detection and prevention system (idps) technology-network behavior analysis system (nbas) | |
CN111092900A (en) | Method and device for monitoring abnormal connection and scanning behavior of server | |
CN109347892A (en) | A kind of Internet Industry assets scanning processing method and device | |
CN111901317B (en) | Access control policy processing method, system and equipment | |
Singh et al. | Distributed defense: an edge over centralized defense against DDoS attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171208 |