CN108366076A - The detecting system and its detection method of privately owned access in a kind of network - Google Patents
The detecting system and its detection method of privately owned access in a kind of network Download PDFInfo
- Publication number
- CN108366076A CN108366076A CN201810201996.0A CN201810201996A CN108366076A CN 108366076 A CN108366076 A CN 108366076A CN 201810201996 A CN201810201996 A CN 201810201996A CN 108366076 A CN108366076 A CN 108366076A
- Authority
- CN
- China
- Prior art keywords
- address
- mac address
- privately owned
- network
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
It is in the network for being applied to be made of several terminal devices, several interchangers and several routers the invention discloses the detecting system and its detection method of privately owned access in a kind of network, characterized in that the detecting system includes:Operating system collection module, MAC Address library collection module, mac address information acquisition module, private address analysis module, private address authentication module and private address display module.The present invention can investigate the unknown device accessed in information network, especially investigate the illegal act for using router in network privately, to reach overall monitor, timely feedback, quickly rectify and improve, ensure the purpose of information network security.
Description
Technical field
The present invention relates to network safety filed, in specifically a kind of network privately owned access detection and monitoring system and its
Method.
Background technology
With the rapid development of power informatization, state's net corporate information network scale constantly increases, and the safety faced is chosen
War tends to diversification and complicates.It is higher and higher in view of the large-scale complexity of Electricity Information Network and to network general safety
It is required that conventional security solution cannot preferably complete guaranteeing network security for task.It is opened around network security transformation
In the maintenance work of exhibition, in time, accurately and rapidly finds privately owned equipment and it is transformed into row address in time, in the company of raising
Network security, Strengthens network safety management plays vital effect in guaranteeing network security.
Due to being continuously increased for information network scale, the safety problem that faces also getting worse.Current various equipment are
Extensive utilization becomes inalienable part in people's work, life to every field, but with corporate networks scale
Extension, the quantity of the equipment accounts such as the network equipment, safety equipment, terminal also rapidly increases, at the same equipment account safeguard height according to
The sense of responsibility for relying information operation maintenance personnel causes account that cannot really reflect that equipment accesses situation in information Intranet, has part not
Access device knowing, not being included in security management and control system, including access routing device privately etc., one is brought safely to Information Network
Determine risk.One side operation maintenance personnel the factors such as may facilitate to work simultaneously, set up routing device privately, and use private network
In the access information network of address, cause information Intranet there are prodigious security risk, on the other hand, due to the private network of access
Location, it is difficult to install VRV and be monitored, so that there are security risks.Therefore, investigate in information network whether accessed unknown set
It is standby, it especially finds to investigate the private address in information Intranet with the presence or absence of the behavior for using router privately in information Intranet
Situation is the most important thing of maintenance work of guaranteeing network security.
Invention content
In place of the present invention is in order to solve the deficiencies in the prior art, propose in a kind of network the detecting system of privately owned access and its
Detection method is especially investigated to investigate the unknown device accessed in information network and uses the non-of router in network privately
Judicial act ensures the purpose of information network security to reach overall monitor, timely feedback, quickly rectify and improve.
Used technical solution is the present invention in order to achieve the above objectives:
The detecting system of privately owned access in a kind of network of the present invention is applied to by several terminal devices, several friendships
It changes planes in the network formed with several routers, its main feature is that, the detecting system includes:Operating system collection module,
MAC Address library collection module, mac address information acquisition module, private address analysis module, private address authentication module and privately owned
Address display module;
The operating system and formation operation system comparison library of the operating system collection module acquisition all-router;
MAC Address library collection module acquires the MAC Address of all devices in the network, and according to all interchangers
With manufacturer's MAC Address of router, finds out and belong to the MAC Address of router in the MAC Address of all devices as demesne
Location, to establish Standard MAC address library with private address and its corresponding trade name;
The mac address information is according to specified IP address section, with acquiring in corresponding IP address section the MAC of all devices
Location, to form mac address table to be measured;
The private address analysis module is compared the mac address table to be measured and the Standard MAC address library one by one
It is right, the MAC Address to match each other is found out as doubtful privately owned access address;
According to the IP address of doubtful privately owned access address, execution NMAP orders obtain doubtful the private address authentication module
The operating system of equipment corresponding to privately owned access address, and matched with the operating system comparison library, if successful match,
Indicate that corresponding doubtful privately owned access address is privately owned access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned to connect
It is legal access address to enter address;
All privately owned access addresses are counted and are visualized by the private address display module.
The detection method of privately owned access in a kind of network of the present invention is applied to by several terminal devices, several exchanges
In the network that machine and several routers are formed, its main feature is that carrying out as follows:
Step 1: the operating system and formation operation system comparison library of acquisition all-router;
Step 2: the MAC Address of all devices in the network is acquired, and according to the manufacturer of all interchangers and router
MAC Address finds out the MAC Address for belonging to router in the MAC Address of all devices as private address, to demesne
Location and its corresponding trade name establish Standard MAC address library;
Step 3: specifying IP address section in the network, scan address segment table is formed, according to the scan address segment table
In IP address section execute NMAP orders, obtain the MAC Address of all devices in corresponding IP address section, and with forming MAC to be measured
Location table;
Step 4: the mac address table to be measured and the Standard MAC address library are compared one by one, if MAC to be measured
Preceding 6 data of MAC Address are consistent with manufacturer's MAC Address in the table of location, then it represents that it compares successfully, it will be in mac address table to be measured
Corresponding MAC Address is as doubtful privately owned access address, otherwise, indicates that comparison is unsuccessful, by the MAC in mac address table to be measured
Address is as legal access address;
Step 5: establishing doubtful private information table, the doubtful private information table according to all doubtful privately owned access addresses
It is to be made of IP address, MAC Address, trade name;
Step 6: according to the IP address in the doubtful private information table, executes NMAP orders and obtain doubtful privately owned access
The operating system of equipment corresponding to address, and matched with the operating system comparison library, if successful match, then it represents that corresponding
Doubtful privately owned access address be privately owned access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned access address is
Legal access address;
Step 7: privately owned access address information table is established according to all privately owned access addresses, to privately owned access address
Corresponding privately owned access device is rectified and improved in information table;The access address information table is by IP address, MAC Address, manufacturer's name
Claim and operating system is constituted.
Compared with prior art, advantageous effects of the invention are embodied in:
1, the present invention by private address analysis module, private address authentication module to it is all by route using private network
The equipment of location access network is monitored and investigates, and can accurately find access device, so as to effectively find illegal access in time
Behavior is simultaneously rectified and improved, and then has ensured information network security.
2, the present invention carries out the MAC Address of all manufacturers by operating system collection module, MAC Address library collection module
Classification is concluded, and route system and MAC Address, the operating system comparison library and standard MAC of formation can accurately, be comprehensively grasped
Address base has sharing, while network personnel can be helped according to the addresses mac and system, you can quickly judges whether equipment is road
By device equipment, reduces artificial investigation work, improve work efficiency.
3, the present invention by private address display module to present in network use private net address access number of devices
It is counted and is visualized using the moon, day as the period, can comprehensively grasp the equipment rectification situation of private net address access network,
The analysis result information for further avoiding because rectifying and improving overlong time, and leading to the repeated work to having rectified and improved equipment, while generating
Rectification foundation and support are provided for network reconstruction.
4, the present invention has sharing in actual practice, avoids repetition and adopt by the data of collection, acquisition and analysis
Collect datamation, in the endurance for alleviating network to a certain degree.
Description of the drawings
Fig. 1 is detecting system block diagram of the present invention;
Fig. 2 is the flow chart of detection method.
Specific implementation mode
In the present embodiment, as shown in Figure 1, in a kind of network privately owned access detecting system, be applied to by several ends
In the network that end equipment, several interchangers and several routers are formed, which includes:Operating system collects mould
Block, MAC Address library collection module, mac address information acquisition module, private address analysis module, private address authentication module and
Private address display module;
Operating system collection module acquires the operating system and formation operation system comparison library of all-router;
The MAC Address of all devices in the collection module acquisition network of MAC Address library, and according to all interchangers and router
Manufacturer's MAC Address, find out and belong to the MAC Address of router in the MAC Address of all devices as private address, to
Private address and its corresponding trade name establish Standard MAC address library;
Mac address information acquires the MAC Address of all devices in corresponding IP address section according to specified IP address section, from
And form mac address table to be measured;
Private address analysis module is compared mac address table to be measured and Standard MAC address library one by one, is found out mutually
Matched MAC Address is as doubtful privately owned access address;
According to the IP address of doubtful privately owned access address, execution NMAP orders obtain doubtful privately owned private address authentication module
The operating system of equipment corresponding to access address, and matched with operating system comparison library, if successful match, then it represents that corresponding
Doubtful privately owned access address be privately owned access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned access address is
Legal access address;
All privately owned access addresses are counted and are visualized by private address display module.
In the present embodiment, as shown in Fig. 2, in a kind of network privately owned access detection method, be applied to by several terminals
In the network that equipment, several interchangers and several routers are formed, and carry out as follows:
Step 1: the operating system and formation operation system comparison library of acquisition all-router;
Operating system comparison library information is the operation being made of router rs name, router model, router operating system
System comparison library;
Step 2: the MAC Address of all devices in network is acquired, and according to the manufacturer MAC of all interchangers and router
Address finds out the MAC Address for belonging to router in the MAC Address of all devices as private address, to private address
And its corresponding trade name establishes Standard MAC address library;
Standard MAC address library information is the Standard MAC address library being made of manufacturer's MAC Address, trade name, standard MAC
Manufacturer's MAC Address in address base is made of 6 data;
Step 3: specifying IP address section in a network, scan address segment table is formed, according to the IP in the segment table of scan address
Location section executes NMAP orders, obtains the MAC Address of all devices in corresponding IP address section, and form mac address table to be measured;
Scan address segment table is the scan address segment table that several IP address sections present in network are constituted;
NMAP orders refer to a kind of network sweep and sniff kit in a network environment, for scanning in a network
There are execution orders corresponding when the information of equipment, such as nmap-sP-n 192.168.1.0/24 orders;
Mac address table to be measured is the mac address table information to be measured for having IP address, MAC Address to constitute;
Step 4: mac address table to be measured and Standard MAC address library are compared one by one, if in mac address table to be measured
Preceding 6 data of MAC Address are consistent with manufacturer's MAC Address, then it represents that it compares successfully, it will be corresponding in mac address table to be measured
MAC Address is as doubtful privately owned access address, otherwise, indicates that comparison is unsuccessful, the MAC Address in mac address table to be measured is made
For legal access address;
Step 5: establish doubtful private information table according to all doubtful privately owned access addresses, doubtful private information table be by
IP address, MAC Address, trade name are constituted;
Step 6: according to the IP address in doubtful private information table, executes NMAP orders and obtain doubtful privately owned access address
The operating system of corresponding equipment, and matched with operating system comparison library, if successful match, then it represents that corresponding doubtful private
It is privately owned access address to have access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned access address is legal access
Address;
NMAP orders refer to the IP address according to equipment, scan execution corresponding when the operating system of the equipment in network
Order, such as nmap-O 192.168.1.1 orders;
Step 7: privately owned access address information table is established according to all privately owned access addresses, to privately owned access address
Corresponding privately owned access device is rectified and improved in information table, while using the moon, day as the period, to privately owned access address information into line number
Amount statistics, and the quantity of privately owned access address information is visualized in the form of tendency chart;Access address information table
It is made of IP address, MAC Address, trade name and operating system.
Claims (2)
1. the detecting system of privately owned access in a kind of network, if be applied to by several terminal devices, several interchangers and
In the network that dry router is formed, characterized in that the detecting system includes:Operating system collection module, MAC Address library
Collection module, mac address information acquisition module, private address analysis module, private address authentication module and private address displaying
Module;
The operating system and formation operation system comparison library of the operating system collection module acquisition all-router;
MAC Address library collection module acquires the MAC Address of all devices in the network, and according to all interchangers and road
By manufacturer's MAC Address of device, finds out and belong to the MAC Address of router in the MAC Address of all devices as private address, from
And Standard MAC address library is established with private address and its corresponding trade name;
The mac address information acquires the MAC Address of all devices in corresponding IP address section according to specified IP address section, from
And form mac address table to be measured;
The private address analysis module is compared the mac address table to be measured and the Standard MAC address library one by one, is looked into
The MAC Address to match each other is found out as doubtful privately owned access address;
According to the IP address of doubtful privately owned access address, execution NMAP orders obtain doubtful privately owned the private address authentication module
The operating system of equipment corresponding to access address, and matched with the operating system comparison library, if successful match, then it represents that
Corresponding doubtful privately owned access address is privately owned access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned access
Location is legal access address;
All privately owned access addresses are counted and are visualized by the private address display module.
2. the detection method of privately owned access in a kind of network, it is applied to by several terminal devices, several interchangers and several
In the network that a router is formed, it is characterized in that carrying out as follows:
Step 1: the operating system and formation operation system comparison library of acquisition all-router;
Step 2: the MAC Address of all devices in the network is acquired, and according to the manufacturer MAC of all interchangers and router
Address finds out the MAC Address for belonging to router in the MAC Address of all devices as private address, to private address
And its corresponding trade name establishes Standard MAC address library;
Step 3: specifying IP address section in the network, scan address segment table is formed, according in the scan address segment table
IP address section executes NMAP orders, obtains the MAC Address of all devices in corresponding IP address section, and form mac address table to be measured;
Step 4: the mac address table to be measured and the Standard MAC address library are compared one by one, if mac address table to be measured
Preceding 6 data of middle MAC Address are consistent with manufacturer's MAC Address, then it represents that it compares successfully, it will be corresponding in mac address table to be measured
MAC Address as doubtful privately owned access address, otherwise, indicate compare it is unsuccessful, by the MAC Address in mac address table to be measured
As legal access address;
Step 5: establish doubtful private information table according to all doubtful privately owned access addresses, the doubtful private information table be by
IP address, MAC Address, trade name are constituted;
Step 6: according to the IP address in the doubtful private information table, executes NMAP orders and obtain doubtful privately owned access address
The operating system of corresponding equipment, and matched with the operating system comparison library, if successful match, then it represents that corresponding to doubt
It is privately owned access address like privately owned access address, if matching is unsuccessful, then it represents that corresponding doubtful privately owned access address is legal
Access address;
Step 7: privately owned access address information table is established according to all privately owned access addresses, to privately owned access address information
Corresponding privately owned access device is rectified and improved in table;The access address information table by IP address, MAC Address, trade name and
Operating system is constituted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810201996.0A CN108366076A (en) | 2018-03-12 | 2018-03-12 | The detecting system and its detection method of privately owned access in a kind of network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810201996.0A CN108366076A (en) | 2018-03-12 | 2018-03-12 | The detecting system and its detection method of privately owned access in a kind of network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108366076A true CN108366076A (en) | 2018-08-03 |
Family
ID=63003808
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810201996.0A Pending CN108366076A (en) | 2018-03-12 | 2018-03-12 | The detecting system and its detection method of privately owned access in a kind of network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108366076A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109327391A (en) * | 2018-08-07 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Target device determines method, apparatus, electronic equipment and storage medium |
CN109347699A (en) * | 2018-10-26 | 2019-02-15 | 武汉虹旭信息技术有限责任公司 | Wireless terminal acquisition system and its method based on openwrt router |
CN112601212A (en) * | 2020-12-24 | 2021-04-02 | 烟台正海科技股份有限公司 | Positioning method, unit and device for private WIFI of intranet |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102819470A (en) * | 2012-08-13 | 2012-12-12 | 广州杰赛科技股份有限公司 | Private cloud computing platform-based virtual machine repair method |
CN105791047A (en) * | 2016-02-29 | 2016-07-20 | 农忠海 | Method for controlling management system of secure video private network |
-
2018
- 2018-03-12 CN CN201810201996.0A patent/CN108366076A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102819470A (en) * | 2012-08-13 | 2012-12-12 | 广州杰赛科技股份有限公司 | Private cloud computing platform-based virtual machine repair method |
CN105791047A (en) * | 2016-02-29 | 2016-07-20 | 农忠海 | Method for controlling management system of secure video private network |
Non-Patent Citations (1)
Title |
---|
宋敏: "私网接入检测工具的研究和应用", 《数字技术与应用》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109327391A (en) * | 2018-08-07 | 2019-02-12 | 阿里巴巴集团控股有限公司 | Target device determines method, apparatus, electronic equipment and storage medium |
CN109347699A (en) * | 2018-10-26 | 2019-02-15 | 武汉虹旭信息技术有限责任公司 | Wireless terminal acquisition system and its method based on openwrt router |
CN112601212A (en) * | 2020-12-24 | 2021-04-02 | 烟台正海科技股份有限公司 | Positioning method, unit and device for private WIFI of intranet |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108366076A (en) | The detecting system and its detection method of privately owned access in a kind of network | |
CN101448277B (en) | Method, system and device for processing wireless access network faults | |
CN110703009B (en) | Abnormal analysis and processing method for line loss rate of transformer area | |
CN105471620A (en) | Broadband intelligent terminal embedded network analysis and diagnosis device and method thereof | |
CN106603507A (en) | Method and system for automatically completing network security self checking | |
CN108871434A (en) | A kind of on-line monitoring system and method for slewing | |
CN105306246B (en) | A kind of method, apparatus and server of the complaint of automatic-answering back device network class | |
CN107819645A (en) | A kind of Internet of Things method of testing based on software emulation | |
CN103092754A (en) | Automatic test method of long distance multi-device condition | |
CN113206546A (en) | Supermarket power equipment operation maintenance method, system and storage medium | |
CN113659714A (en) | Method and system for automatically identifying topological relation of transformer area | |
CN109522166A (en) | A kind of automatic assessment method and system of equal guarantors' assessment | |
Wu et al. | Enterprise Digital Intelligent Remote Control System Based on Industrial Internet of Things | |
CN107124715B (en) | Safety protection performance evaluation method suitable for electric power wireless private network terminal | |
CN109284886A (en) | Electrical Safety management method and device based on artificial intelligence | |
CN107229499B (en) | Master station simulation system and detection method for detecting fault terminal of power acquisition system | |
CN105207835A (en) | Determination method of network element working state of wireless local area network and apparatus thereof | |
CN110430085B (en) | Intelligent detection device for centralized meter reading communication faults | |
CN113359585A (en) | Monitoring system for outdoor cabinet of power system | |
CN117354337A (en) | Cloud-based intelligent operation and maintenance architecture of energy storage system | |
CN111856313B (en) | Double-circuit power supply real-time monitoring device | |
CN109272249A (en) | A kind of platform area line loss defect elimination method based on platform area identifier | |
CN113283779A (en) | Accurate analysis algorithm for positioning electricity stealing loss | |
CN107017835B (en) | The fault monitoring system and method for photovoltaic module | |
Sperotto et al. | Anomaly characterization in flow-based traffic time series |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180803 |
|
RJ01 | Rejection of invention patent application after publication |