CN108430063A - A kind of method and apparatus for monitoring ARP deceptions in WLAN - Google Patents
A kind of method and apparatus for monitoring ARP deceptions in WLAN Download PDFInfo
- Publication number
- CN108430063A CN108430063A CN201810331311.4A CN201810331311A CN108430063A CN 108430063 A CN108430063 A CN 108430063A CN 201810331311 A CN201810331311 A CN 201810331311A CN 108430063 A CN108430063 A CN 108430063A
- Authority
- CN
- China
- Prior art keywords
- mac address
- address information
- wireless
- gateway device
- access point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The purpose of the application is to provide a kind of method for monitoring ARP deceptions in WLAN, specifically includes:Using the current MAC address information of the gateway device of wireless network where wireless terminal as with reference to mac address information;Whether the current MAC address information of the delay detection gateway device and the reference mac address information are identical;If the current MAC address information of the gateway device is different from the reference mac address information, determine that there are ARP deceptions in the WLAN.Highest permission of this method monitoring ARP deceptions without obtaining wireless terminal, applicability is wide, easy to operate, improves the usage experience of user.
Description
Technical field
This application involves the communications field more particularly to a kind of technologies for monitoring ARP deceptions in WLAN.
Background technology
Due to wireless network use open medium using public electromagnetic wave as carrier come transmission data signal, lead to
Letter both sides do not have cable connection.If transmission link does not take encipherment protection appropriate, the risk of data transmission that will increase
Add.Even if increasing certification in wireless network and encrypting relevant security mechanism, the user in the corresponding same WLAN,
There is also security risks, such as ARP to cheat.
The existing detection for ARP deceptions, mainly by detecting the ARP data packets of wireless terminal bottom, or detection
Whether data packet is corresponding data packet of legitimate request etc., and still, these methods usually require to obtain the highest weight of wireless terminal
Limit, process operation is more complicated, is not suitable for vast wireless terminal user.
Invention content
The purpose of the application is to provide a kind of method and apparatus monitoring ARP deceptions in WLAN.
According to the one side of the application, provide a kind of for ARP deceptions in monitoring WLAN in wireless terminal
Method, this method includes:
The current MAC address information of the gateway device of wireless network where wireless terminal is used as with reference to mac address information,
Wherein, the wireless terminal with the wireless connection of wireless access point by accessing the wireless network;
Whether the current MAC address information of the delay detection gateway device and the reference mac address information are identical;
If the current MAC address information of the gateway device is different from the reference mac address information, determine described wireless
There are ARP deceptions in LAN.
According to further aspect of the application, provides one kind and taken advantage of for ARP in monitoring WLAN in wireless terminal
The method deceived, this method include:
When the other equipment for being not present in the shared MAC Address of gateway device in WLAN residing for wireless terminal, obtain
The current MAC address information of the gateway device, wherein the wireless terminal with the wireless connection of wireless access point by accessing
The wireless network;
The request that the mac address information about the wireless access point is sent to corresponding server, receives the server
The mac address information of wireless access point returned based on the request, described;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, determine
There are ARP deceptions in the WLAN.
According to the one side of the application, a kind of setting for ARP deceptions in wireless terminal monitors WLAN is provided
Standby, which includes:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
Device is managed to execute:
The current MAC address information of the gateway device of wireless network where wireless terminal is used as with reference to mac address information,
Wherein, the wireless terminal with the wireless connection of wireless access point by accessing the wireless network;
Whether the current MAC address information of the delay detection gateway device and the reference mac address information are identical;
If the current MAC address information of the gateway device is different from the reference mac address information, determine described wireless
There are ARP deceptions in LAN.
According to the one side of the application, a kind of setting for ARP deceptions in wireless terminal monitors WLAN is provided
Standby, which includes:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
Device is managed to execute:
When the other equipment for being not present in the shared MAC Address of gateway device in WLAN residing for wireless terminal, obtain
The current MAC address information of the gateway device, wherein the wireless terminal with the wireless connection of wireless access point by accessing
The wireless network;
The request that the mac address information about the wireless access point is sent to corresponding server, receives the server
The mac address information of wireless access point returned based on the request, described;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, determine
There are ARP deceptions in the WLAN.
According to the one side of the application, it includes the computer-readable medium instructed to provide a kind of, and described instruction is in quilt
System is made to carry out when execution:
The current MAC address information of the gateway device of wireless network where wireless terminal is used as with reference to mac address information,
Wherein, the wireless terminal with the wireless connection of wireless access point by accessing the wireless network;
Whether the current MAC address information of the delay detection gateway device and the reference mac address information are identical;
If the current MAC address information of the gateway device is different from the reference mac address information, determine described wireless
There are ARP deceptions in LAN.
According to the one side of the application, it includes the computer-readable medium instructed to provide a kind of, and described instruction is in quilt
System is made to carry out when execution:
When the other equipment for being not present in the shared MAC Address of gateway device in WLAN residing for wireless terminal, obtain
The current MAC address information of the gateway device, wherein the wireless terminal with the wireless connection of wireless access point by accessing
The wireless network;
The request that the mac address information about the wireless access point is sent to corresponding server, receives the server
The mac address information of wireless access point returned based on the request, described;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, determine
There are ARP deceptions in the WLAN.
Compared with prior art, the gateway MAC address for the WLAN that the application is connected by detection wireless terminal
Whether information changes, and shares gateway MAC address letter with the presence or absence of two IP address informations in current local arp cache table
Breath is cheated to monitor in current wireless Local Area Network with the presence or absence of ARP.This method monitoring ARP deceptions are without obtaining wireless terminal
Highest permission, applicability is wide, easy to operate, improves the usage experience of user.Moreover, this method to server request by being somebody's turn to do
Gateway MAC address information improves the success rate of detection ARP deceptions to reduce the probability of wrong report.
Description of the drawings
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 shows to be used to monitor ARP in WLAN by wireless terminal according to one kind of the application one embodiment
The system topological figure of deception;
Fig. 2 shows be used to monitor ARP in WLAN by wireless terminal according to one kind of the application one embodiment
The method flow diagram of deception;
Fig. 3 shows that one kind according to the application another embodiment is used for by wireless terminal monitoring WLAN
The method flow diagram of ARP deceptions.
Same or analogous reference numeral represents same or analogous component in attached drawing.
Specific implementation mode
The application is described in further detail below in conjunction with the accompanying drawings.
In a typical configuration of this application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology realizes information storage.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, magnetic tape disk storage or other magnetic storage apparatus or
Any other non-transmission medium can be used for storage and can be accessed by a computing device information.
The application meaning equipment includes but not limited to that user equipment, the network equipment or user equipment and the network equipment pass through
Network is integrated constituted equipment.The user equipment, which includes but not limited to any type, to carry out human-computer interaction with user
The mobile electronic product, such as smart mobile phone, tablet computer etc. of (such as human-computer interaction is carried out by touch tablet), the mobile electricity
Arbitrary operating system, such as android operating systems, iOS operating systems may be used in sub- product.Wherein, the network equipment
Including a kind of the electronic equipment of numerical computations and information processing can be carried out automatically according to the instruction for being previously set or storing,
Hardware includes but not limited to microprocessor, application-specific integrated circuit (ASIC), programmable logic device (PLD), field programmable gate
Array (FPGA), digital signal processor (DSP), embedded device etc..The network equipment includes but not limited to computer, net
The cloud that network host, single network server, multiple network server collection or multiple servers are constituted;Here, cloud is by being based on cloud meter
The a large amount of computers or network server for calculating (Cloud Computing) are constituted, wherein cloud computing is the one of Distributed Calculation
Kind, a virtual supercomputer being made of the computer collection of a group loose couplings.The network includes but not limited to interconnect
Net, wide area network, Metropolitan Area Network (MAN), LAN, VPN network, wireless self-organization network (Ad Hoc networks) etc..Preferably, the equipment
Can also be run on the user equipment, the network equipment or user equipment and the network equipment, the network equipment, touch terminal or
The network equipment is integrated the program in constituted equipment by network with touch terminal.
Certainly, those skilled in the art will be understood that above equipment is only for example, other are existing or are likely to occur from now on
Equipment be such as applicable to the application, should also be included within the application protection domain, and be incorporated herein by reference herein.
In the description of the present application, the meaning of " plurality " is two or more, unless otherwise specifically defined.
Fig. 1 shows that the typical scene of the application, wireless terminal are obtained by the communication of gateway device and server
MAC (Media Access Control, media access address) address information of gateway device is taken, determining in current local area network is
It is no that there are ARP deceptions.Wherein, gateway device includes but not limited to handle energy in wireless routing device and some large-scale LANs
Stronger professional equipment of power etc. illustrates that following embodiment, certain those skilled in the art should be able to manage with wireless routing device herein
Solution, such embodiment are equally applicable to the gateway devices such as other professional equipments.Wherein, wireless terminal includes mobile whole in the application
(such as mobile phone, PAD), the ends PC etc. are held, illustrates that following embodiment, those skilled in the art will be understood that herein with mobile terminal
Such embodiment is equally applicable to other such as ends PC wireless terminals.Wherein, mobile terminal includes the mobile end of non-highest permission
It holds (such as mobile phone, PAD) etc., such as the mobile terminal of the mobile terminal of non-root authority Android system, the IOS systems that do not escape from prison
Deng.
Fig. 2 shows one kind of the one side according to the application to be used to monitor ARP in WLAN by wireless terminal
The method of deception, the method comprising the steps of S11, step S12 and step S13.In step s 11, wireless terminal will be described wireless
The current MAC address information of the gateway device of wireless network where terminal, which is used as, refers to mac address information, wherein described wireless
Terminal with the wireless connection of wireless access point by accessing the wireless network;In step s 12, wireless terminal delay detection institute
Whether current MAC address information and the reference mac address information for stating gateway device are identical;In step s 13, if the net
The current MAC address information for closing equipment is different from the reference mac address information, and wireless terminal determines in the WLAN
There are ARP deceptions.
Specifically, in step s 11, wireless terminal is worked as the gateway device of wireless network where the mobile terminal
Preceding mac address information, which is used as, refers to mac address information, wherein the wireless terminal passes through the wireless connection with wireless access point
Access the wireless network.Wherein, the mac address information of gateway device includes the wireless routing device of contemporary wireless terminals connection
Corresponding mac address information.For example, user holds mobile terminal (such as mobile phone), mobile terminal and certain wireless routing device
Wireless access point establishes wireless connection.In the current arp cache table of mobile terminal enquiry, with determining the corresponding IP of current gateway
The corresponding mac address information in location, and using the gateway MAC address information as with reference to mac address information, wherein in arp cache table
Store the IP for the equipment for having correspondence with current mobile terminal and the correspondence of mac address information;For another example, mobile terminal
Broadcast includes the ARP request frame of gateway device IP address information in a wireless local area network, and receive other equipment return includes to be somebody's turn to do
The ARP that IP address information corresponds to mac address information replys frame, and using the mac address information as with reference to mac address information.
In step s 12, wireless terminal delay detects the current MAC address information of the gateway device and the reference
Whether mac address information is identical.For example, mobile terminal waits for a period of time, such as delay one or two second or a few minutes are not, mobile
Terminal obtains the corresponding mac address information of current gateway equipment again, and compares current MAC address information with reference MAC
Whether location information is identical.
In step s 13, if the current MAC address information of the gateway device is different from the reference mac address information,
Wireless terminal determines that there are ARP deceptions in the WLAN.If for example, the current MAC address information of gateway device and ginseng
It is different to examine mac address information, mobile terminal determines that there are one mapping relations to attack in current MAC address and reference MAC Address
The mapping relations of the IP and MAC Address of person's broadcast, determine that there are ARP deceptions in current local area network.
For example, user holds mobile terminal, the wireless access point of the mobile terminal and wireless routing device establishes wirelessly
The IP address of connection, current wireless access point distribution is IP0, and the mac address information of the wireless routing device is MAC0.It is mobile whole
End checks that the corresponding mac address informations of current IP0 are MAC1 in current local arp cache table, and as reference by the MAC1
MAC Address;For another example, the ARP request frame of the mobile terminal IP address information IP0 of broadcast gateway in a wireless local area network, and receive
The ARP comprising the corresponding MAC Address MAC1 of the IP0 that other equipment returns replys frame, and using the MAC1 as with reference to MAC
Location.Then, after certain interval of time, mobile terminal is in current local arp cache table or broadcast IP0 is obtained in a wireless local area network
It is MAC2 to take the corresponding mac address informations of current IP0, and whether compare MAC2 and MAC1 identical.If acquisition for mobile terminal
MAC2 is different mac address informations from MAC1, and mobile terminal determines that there are ARP deceptions in current wireless Local Area Network.
In some embodiments, this method further includes step S14 (not shown) and step S15 (not shown).In step S14
In, if the current MAC address information of the gateway device is identical as the reference mac address information, described in wireless terminal detection
With the presence or absence of the miscellaneous equipment for sharing MAC Address with the gateway device in the address caching table of wireless terminal;In step S15
In, and if it exists, wireless terminal determines that there are ARP deceptions in the WLAN.For example, if acquisition for mobile terminal is current
Mac address information is the same mac address information with reference mac address information, and mobile terminal, which detects in current arp cache table, is
The no IP address there are two equipment corresponds to the gateway MAC address information;If in the presence of mobile terminal determines Current wireless local area
There are ARP deceptions in net.
For example, mobile terminal detects that the MAC2 and MAC1 of acquisition are identical mac address information, mobile terminal is in local
Detect whether that there are two different IP address are corresponding with MAC2 in arp cache table;If in the presence of mobile terminal determines current wireless
There are ARP deceptions in LAN.
In some embodiments, in step S15, and if it exists, wireless terminal is sent to corresponding server about the nothing
The request of the mac address information of line access point, and receive the wireless access point that the server is returned based on the request, described
Mac address information;If the mac address information of the current MAC address information of the gateway device and the wireless access point is not
Together, determine that there are ARP deceptions in the WLAN.For example, if mobile terminal detects that there are two in current arp cache table
The IP address of a equipment corresponds to the gateway MAC address information, and mobile terminal is by the wireless connection of wireless access point to correspondence
Server send the wireless access point mac address information request, wherein in the request comprising the wireless access point
BSSID, wherein the BSSID is included the mac address information of the wireless access point or believed based on the wireless access point MAC Address
Cease the other information etc. generated;Server receives the request, and the MAC Address letter of the wireless access point is sent to mobile terminal
Breath.Mobile terminal receives the mac address information that server returns, and the mac address information and current MAC address information are carried out
Compare, if the mac address information is different from current MAC address information, it is determined that there are ARP deceptions in current wireless Local Area Network.
For example, to detect the presence of two different IP address in local arp cache table corresponding with MAC2 for mobile terminal, move
Dynamic terminal to server sends the request for obtaining the corresponding MAC Address of the wireless access point, wherein the request includes that this wirelessly connects
The corresponding BSSID of access point, server receive the request, and inquire the corresponding mac address informations of the BSSID in the database
MAC0, and the correspondence of the IP0 and MAC0 is back to mobile terminal.Mobile terminal receives the corresponding of the IP0 and MAC0 and closes
System, and it is whether identical compared with MAC2 based on the MAC0, if the MAC0 is different mac address informations, mobile terminal from MAC2
Determine that there are ARP deceptions in current wireless Local Area Network.
In some embodiments, in step S15, if the current MAC address information of the gateway device with it is described wireless
The mac address information of access point is identical, return to step 12.For example, if the mac address information that server returns is with current MAC
Location information is identical, and mobile terminal determines that current wireless Local Area Network suffered from two IP in ARP deceptions or abovementioned steps and shares one
A mac address information is wrong report, and current network is not cheated by ARP, and mobile terminal reacquires current gateway MAC Address letter
Breath, monitors whether that there are ARP deceptions.
For example, mobile terminal receives the feedback information for including gateway MAC address information MAC0 that server returns, being based on should
MAC0 is compared with MAC2.If MAC0 is identical as MAC2, mobile terminal determines that current wireless Local Area Network suffered from ARP and takes advantage of
Deceive or abovementioned steps in two IP to share a mac address information be wrong report, current network is not cheated by ARP, and is obtained again
Current gateway MAC Address is taken, current wireless Local Area Network is further monitored and is cheated with the presence or absence of ARP.
In some embodiments, this method further includes step S16 (not shown).In step s 16, the wireless terminal
There is no the miscellaneous equipment that MAC Address is shared with gateway device, return to step S12 in address caching table.For example, mobile terminal exists
It is inquired in local arp cache table, determines that, there is no the other equipment for sharing MAC Address with gateway device, mobile terminal obtains again
Current gateway mac address information is taken, monitors whether that there are ARP deceptions.
For example, mobile terminal detects that the MAC2 and MAC1 of acquisition are identical mac address information, mobile terminal is in local
Detection is there is no two different IP address are corresponding with MAC2 in arp cache table, mobile terminal reacquisition current gateway MAC
Location further monitors current wireless Local Area Network and is cheated with the presence or absence of ARP.
In some embodiments, in step s 13, if the current MAC address information of the gateway device and the reference
Mac address information is different, and wireless terminal sends asking for the mac address information about the wireless access point to corresponding server
It asks, and receives the mac address information of the wireless access point that the server is returned based on the request, described;If the gateway
The current MAC address information of equipment is different from the mac address information of the wireless access point, determines and is deposited in the WLAN
It is cheated in ARP.For example, mobile terminal determines that the current MAC address information of gateway device is different from reference to mac address information, move
Dynamic terminal to server sends the request of the mac address information about the wireless access point, wherein the request includes that this wirelessly connects
The corresponding BSSID of access point;Server receives the request, and in the corresponding mac address information of the data base querying BSSID, and will
The mac address information is back to mobile terminal;Mobile terminal receives the mac address information, with reference MAC by the MAC Address
Location and current MAC address are compared, if the mac address information with reference to MAC Address be same MAC Address or with it is current
Mac address information is different MAC Address, and mobile terminal determines current wireless Local Area Network, and there are ARP deceptions.
In some embodiments, in step s 13, if the current MAC address information of the gateway device with it is described wireless
The mac address information of access point is identical, and the mac address information of the determination wireless access point is updated to the ginseng by wireless terminal
Examine mac address information, and return to step b.For example, mac address information and current MAC address that mobile terminal returns to server
Information compares, if the mac address information is identical as current MAC address, mobile terminal reacquires current gateway MAC Address letter
Breath, monitors whether that there are ARP deceptions.
For example, MAC2 and MAC1 that mobile device detection obtains are different mac address informations, mobile terminal is to server
Send the request for obtaining the corresponding MAC Address of the wireless access point, wherein the request includes that the wireless access point is corresponding
BSSID, server receive the request, and the corresponding mac address information MAC0 of inquiry BSSID in the database, and by the IP0 and
The correspondence of MAC0 is back to mobile terminal.Mobile terminal receives the correspondence of the IP0 and MAC0, and based on the MAC0 with
MAC2 or MAC1 compare it is whether identical, if the MAC0 and current MAC2 address informations are different or identical as MAC1, it is determined that current
There are ARP deceptions in WLAN;If MAC0 is identical as MAC2, mobile terminal determines that current wireless Local Area Network suffered from
ARP cheat or abovementioned steps in MAC1 from MAC2 be different mac address informations be wrong report, current network is not cheated by ARP,
And current gateway MAC Address is reacquired, it further monitors current wireless Local Area Network and is cheated with the presence or absence of ARP.
Fig. 3 is shown to be used to monitor in WLAN by wireless terminal according to one kind of the application other side
The method of ARP deceptions, the method comprising the steps of S21, step S22 and step S23.In the step s 21, the nothing residing for the wireless terminal
The other equipment that gateway device shares MAC Address is not present in line LAN, wireless terminal obtains working as the gateway device
Preceding mac address information, wherein the wireless terminal with the wireless connection of wireless access point by accessing the wireless network;
In step S22, wireless terminal sends the request of the mac address information about the wireless access point to corresponding server, receives
The mac address information of the wireless access point that the server is returned based on the request, described;In step S23, if the net
The current MAC address information for closing equipment is different from the mac address information of the wireless access point, and wireless terminal determines described wireless
There are ARP deceptions in LAN.For example, for example, user holds mobile terminal (such as mobile phone), mobile terminal and certain wireless routing
The wireless access point of equipment establishes wireless connection.The current arp cache table of mobile terminal enquiry is deposited in current arp cache table
The gateway MAC address information, the MAC Address of acquisition for mobile terminal current wireless access point are corresponded in the IP address of two equipment
Information;Then, mobile terminal sends the MAC of the wireless access point by the wireless connection of wireless access point to corresponding server
The request of address information, wherein include the BSSID of the wireless access point in the request, wherein the BSSID includes that this wirelessly connects
The mac address information of access point or the other information etc. generated based on the wireless access point mac address information;Server receives should
It asks, and sends the mac address information of the wireless access point to mobile terminal.Mobile terminal is with receiving the MAC that server returns
Location information, and the mac address information is compared with current MAC address information, if the mac address information is with current MAC
Location information is different, it is determined that there are ARP deceptions in current wireless Local Area Network.
For example, user holds mobile terminal, the wireless access point of the mobile terminal and wireless routing device establishes wirelessly
The IP address of connection, current wireless access point distribution is IP0, and the mac address information of the wireless routing device is MAC0.It is mobile whole
End inquiry in current local cache table corresponds to the same MAC Address with the presence or absence of two IP address, and the MAC Address is net
The corresponding MAC Address of equipment is closed, when it is present, acquisition for mobile terminal current gateway equipment current MAC address is MAC2.Then,
Mobile terminal sends the request for obtaining the corresponding MAC Address of the wireless access point to server, wherein the request includes that this is wireless
The corresponding BSSID of access point, server receive the request, and inquire the corresponding mac address informations of the BSSID in the database
MAC0, and the correspondence of the IP0 and MAC0 is back to mobile terminal.Mobile terminal receives the corresponding of the IP0 and MAC0 and closes
System, and it is whether identical compared with MAC2 based on the MAC0, if the MAC0 is different mac address informations, mobile terminal from MAC2
Determine that there are ARP deceptions in current wireless Local Area Network.
In some embodiments, in step S23, if the current MAC address information of the gateway device with it is described wireless
The mac address information of access point is identical, wireless terminal return to step A.If for example, server return mac address information with work as
Preceding mac address information is identical, and mobile terminal determines that current wireless Local Area Network suffered from ARP deceptions or abovementioned steps two
It is wrong report that IP, which shares a mac address information, and current network is not cheated by ARP, and mobile terminal reacquires current gateway MAC
Address information monitors whether that there are ARP deceptions.
For example, mobile terminal receives the feedback information for including gateway MAC address information MAC0 that server returns, being based on should
MAC0 is compared with MAC2.If MAC0 is identical as MAC2, mobile terminal determines that current wireless Local Area Network suffered from ARP and takes advantage of
Deceive or abovementioned steps in two IP to share a mac address information be wrong report, current network is not cheated by ARP, and is looked into again
Inquiry is corresponding with gateway MAC address with the presence or absence of the IP address of two equipment, further monitors whether current wireless Local Area Network is deposited
It is cheated in ARP.
Present invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage has calculating
Machine code, when the computer code is performed, such as preceding any one of them method is performed.
Present invention also provides a kind of computer program products, when the computer program product is executed by computer equipment
When, such as preceding any one of them method is performed.
Present invention also provides a kind of computer equipment, the computer equipment includes:
One or more processors;
Memory, for storing one or more computer programs;
When one or more of computer programs are executed by one or more of processors so that it is one or
Multiple processors realize such as preceding any one of them method.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt
With application-specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodiment
In, the software program of the application can be executed by processor to realize steps described above or function.Similarly, the application
Software program (including relevant data structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory,
Magnetic or optical driver or floppy disc and similar devices.In addition, hardware can be used to realize in some steps or function of the application, example
Such as, coordinate to execute the circuit of each step or function as with processor.
In addition, the part of the application can be applied to computer program product, such as computer program instructions, when its quilt
When computer executes, by the operation of the computer, it can call or provide according to the present processes and/or technical solution.
Those skilled in the art will be understood that the existence form of computer program instructions in computer-readable medium includes but not limited to
Source file, executable file, installation package file etc., correspondingly, the mode that computer program instructions are computer-executed include but
It is not limited to:The computer directly execute the instruction or the computer compile the instruction after execute program after corresponding compiling again,
Either the computer reads and executes the instruction or after the computer reads and install and execute corresponding installation again after the instruction
Program.Here, computer-readable medium can be the arbitrary available computer readable storage medium accessed for computer or
Communication media.
Communication media includes thereby comprising such as computer-readable instruction, data structure, program module or other data
Signal of communication is transmitted to the medium of another system from a system.Communication media may include having the transmission medium led (such as electric
Cable and line (for example, optical fiber, coaxial etc.)) and can propagate wireless (not having the transmission the led) medium of energy wave, such as sound, electricity
Magnetic, RF, microwave and infrared.Computer-readable instruction, data structure, program module or other data can be embodied as example wireless
Medium (such as carrier wave or be such as embodied as spread spectrum technique a part similar mechanism) in modulated message signal.
Term " modulated message signal " refers to that one or more feature is modified or is set in a manner of coding information in the signal
Fixed signal.Modulation can be simulation, digital or Hybrid Modulation Technology.
As an example, not a limit, computer readable storage medium may include such as computer-readable finger for storage
Enable, the volatile and non-volatile that any method or technique of the information of data structure, program module or other data is realized, can
Mobile and immovable medium.For example, computer readable storage medium includes, but are not limited to volatile memory, such as with
Machine memory (RAM, DRAM, SRAM);And nonvolatile memory, such as flash memory, various read-only memory (ROM, PROM,
EPROM, EEPROM), magnetic and ferromagnetic/ferroelectric memory (MRAM, FeRAM);And magnetic and optical storage apparatus (hard disk,
Tape, CD, DVD);Or other currently known media or Future Development can store the computer used for computer system
Readable information/data.
Here, including a device according to one embodiment of the application, which includes for storing computer program
The memory of instruction and processor for executing program instructions, wherein when the computer program instructions are executed by the processor
When, trigger method and/or technology scheme of the device operation based on aforementioned multiple embodiments according to the application.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned exemplary embodiment, Er Qie
In the case of without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and scope of the present application is by appended power
Profit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent requirements of the claims
Variation is included in the application.Any reference signs in the claims should not be construed as limiting the involved claims.This
Outside, it is clear that one word of " comprising " is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in device claim is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second equal words are used for table
Show title, and does not represent any particular order.
Claims (11)
1. a kind of method for monitoring ARP deceptions in WLAN by wireless terminal, wherein this method includes:
The current MAC address information of the gateway device of wireless network where wireless terminal is used as with reference to mac address information,
In, the wireless terminal with the wireless connection of wireless access point by accessing the wireless network;
Whether the current MAC address information of the delay detection gateway device and the reference mac address information are identical;
If the current MAC address information of the gateway device is different from the reference mac address information, the wireless local is determined
There are ARP deceptions in net.
2. according to the method described in claim 1, wherein, the method further includes:
If the current MAC address information of the gateway device is identical as the reference mac address information, the wireless terminal is detected
Address caching table in the presence or absence of with the gateway device share MAC Address miscellaneous equipment;
If in the presence of determining that there are ARP deceptions in the WLAN.
3. according to the method described in claim 2, wherein, if it is described exist determine in the WLAN there are ARP deceptions,
Including:
If in the presence of the request of the mac address information about the wireless access point is sent to corresponding server, and receive the clothes
The mac address information for the wireless access point that device is returned based on the request, described of being engaged in;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, described in determination
There are ARP deceptions in WLAN.
4. according to the method described in claim 3, wherein, if it is described exist determine in the WLAN there are ARP deceptions,
Further include:
If the current MAC address information of the gateway device is identical as the mac address information of the wireless access point, described in return
Delay detects the current MAC address information of the gateway device and the step whether identical with reference to mac address information.
5. according to the method described in claim 2, wherein, the method further includes:
If there is no the miscellaneous equipments for sharing MAC Address with gateway device in the address caching table of the wireless terminal, institute is returned
It states delay and detects the current MAC address information of the gateway device and the step whether identical with reference to mac address information.
6. according to the method described in claim 1, wherein, if the current MAC address information of the gateway device with it is described
With reference to mac address information difference, determine that there are ARP deceptions in the WLAN, including:
If the current MAC address information of the gateway device is different from the reference mac address information, sent to corresponding server
The request of mac address information about the wireless access point, and receive that the server is returned based on the request, described
The mac address information of wireless access point;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, described in determination
There are ARP deceptions in WLAN.
7. according to the method described in claim 6, wherein, if the current MAC address information of the gateway device with it is described
With reference to mac address information difference, determines in the WLAN there are ARP deceptions, further include:
If the current MAC address information of the gateway device is identical as the mac address information of the wireless access point, institute will be determined
State wireless access point mac address information be updated to it is described refer to mac address information, and return to the delay detection gateway
The current MAC address information of equipment and the step whether identical with reference to mac address information.
8. a kind of method for monitoring ARP deceptions in WLAN by wireless terminal, wherein this method includes:
When the other equipment for being not present in gateway device in WLAN residing for wireless terminal and sharing MAC Address, described in acquisition
The current MAC address information of gateway device, wherein the wireless terminal by with described in the access of the wireless connection of wireless access point
Wireless network;
The request that the mac address information about the wireless access point is sent to corresponding server, receives the server and is based on
The mac address information of the wireless access point that the request returns, described;
If the current MAC address information of the gateway device is different from the mac address information of the wireless access point, described in determination
There are ARP deceptions in WLAN.
9. according to the method described in claim 8, wherein, if the current MAC address information of the gateway device with it is described
The mac address information of wireless access point is different, determines that there are ARP deceptions in the WLAN, including:
If the current MAC address information of the gateway device is identical as the mac address information of the wireless access point, described in return
When the other equipment for being not present in the shared MAC Address of gateway device in WLAN residing for wireless terminal, the gateway is obtained
The current MAC address information of equipment, wherein the wireless terminal is described wireless by being accessed with the wireless connection of wireless access point
The step of network.
10. a kind of equipment for monitoring ARP deceptions in WLAN by wireless terminal, wherein the equipment includes:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the processor when executed
It executes as right will go the operation of any one of 1 to 9 the method.
11. a kind of includes the computer-readable medium of instruction, described instruction makes system carry out such as claim 1 when executed
To the operation of any one of 9 the methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810331311.4A CN108430063B (en) | 2018-04-13 | 2018-04-13 | Method and equipment for monitoring ARP spoofing in wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810331311.4A CN108430063B (en) | 2018-04-13 | 2018-04-13 | Method and equipment for monitoring ARP spoofing in wireless local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108430063A true CN108430063A (en) | 2018-08-21 |
| CN108430063B CN108430063B (en) | 2021-11-19 |
Family
ID=63160933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810331311.4A Active CN108430063B (en) | 2018-04-13 | 2018-04-13 | Method and equipment for monitoring ARP spoofing in wireless local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108430063B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111953794A (en) * | 2020-08-20 | 2020-11-17 | 深圳市富之富信息科技有限公司 | Group cheating and lending early warning method and device |
| CN112804668A (en) * | 2019-11-14 | 2021-05-14 | 诺玛有限公司 | Computer readable medium recorded with bluetooth security threat detection method |
| CN113132993A (en) * | 2021-04-23 | 2021-07-16 | 杭州网银互联科技股份有限公司 | Data stealing identification system applied to wireless local area network and use method thereof |
| CN114828004A (en) * | 2022-04-28 | 2022-07-29 | 广州通则康威智能科技有限公司 | Method and device for automatically acquiring IP (Internet protocol) of wireless network equipment by small program |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101099134A (en) * | 2005-02-25 | 2008-01-02 | 思科技术公司 | Dynamically measuring and re-classifying access points in a wireless network |
| CN101119371A (en) * | 2007-08-28 | 2008-02-06 | 杭州华三通信技术有限公司 | Method, client terminal, server and system for preventing network attack using ARP |
| CN101951367A (en) * | 2010-09-09 | 2011-01-19 | 健雄职业技术学院 | Method for preventing campus network from virus attacks |
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| US20150188942A1 (en) * | 2011-10-28 | 2015-07-02 | Samsung Sds Co., Ltd. | System and method for detecting address resolution protocol (arp) spoofing |
| CN106209837A (en) * | 2016-07-08 | 2016-12-07 | 珠海市魅族科技有限公司 | ARP cheat detecting method and system |
| CN106376003A (en) * | 2015-07-23 | 2017-02-01 | 中移(杭州)信息技术有限公司 | Method and device for detecting wireless local area network connection and wireless local area network data transmission |
| CN106506531A (en) * | 2016-12-06 | 2017-03-15 | 杭州迪普科技股份有限公司 | The defence method and device of ARP attack messages |
| CN106899554A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of method and device for preventing ARP from cheating |
| CN106961683A (en) * | 2017-03-21 | 2017-07-18 | 上海斐讯数据通信技术有限公司 | A kind of method, system and finder AP for detecting rogue AP |
| CN107222462A (en) * | 2017-05-08 | 2017-09-29 | 汕头大学 | A kind of LAN internals attack being automatically positioned of source, partition method |
| CN107294989A (en) * | 2017-07-04 | 2017-10-24 | 杭州迪普科技股份有限公司 | A kind of method and device of anti-ARP gateways deception |
| CN107493576A (en) * | 2016-06-12 | 2017-12-19 | 上海连尚网络科技有限公司 | For the method and apparatus for the security information for determining WAP |
-
2018
- 2018-04-13 CN CN201810331311.4A patent/CN108430063B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101099134A (en) * | 2005-02-25 | 2008-01-02 | 思科技术公司 | Dynamically measuring and re-classifying access points in a wireless network |
| CN101119371A (en) * | 2007-08-28 | 2008-02-06 | 杭州华三通信技术有限公司 | Method, client terminal, server and system for preventing network attack using ARP |
| CN101951367A (en) * | 2010-09-09 | 2011-01-19 | 健雄职业技术学院 | Method for preventing campus network from virus attacks |
| US20150188942A1 (en) * | 2011-10-28 | 2015-07-02 | Samsung Sds Co., Ltd. | System and method for detecting address resolution protocol (arp) spoofing |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| CN106376003A (en) * | 2015-07-23 | 2017-02-01 | 中移(杭州)信息技术有限公司 | Method and device for detecting wireless local area network connection and wireless local area network data transmission |
| CN106899554A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of method and device for preventing ARP from cheating |
| CN107493576A (en) * | 2016-06-12 | 2017-12-19 | 上海连尚网络科技有限公司 | For the method and apparatus for the security information for determining WAP |
| CN106209837A (en) * | 2016-07-08 | 2016-12-07 | 珠海市魅族科技有限公司 | ARP cheat detecting method and system |
| CN106506531A (en) * | 2016-12-06 | 2017-03-15 | 杭州迪普科技股份有限公司 | The defence method and device of ARP attack messages |
| CN106961683A (en) * | 2017-03-21 | 2017-07-18 | 上海斐讯数据通信技术有限公司 | A kind of method, system and finder AP for detecting rogue AP |
| CN107222462A (en) * | 2017-05-08 | 2017-09-29 | 汕头大学 | A kind of LAN internals attack being automatically positioned of source, partition method |
| CN107294989A (en) * | 2017-07-04 | 2017-10-24 | 杭州迪普科技股份有限公司 | A kind of method and device of anti-ARP gateways deception |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804668A (en) * | 2019-11-14 | 2021-05-14 | 诺玛有限公司 | Computer readable medium recorded with bluetooth security threat detection method |
| CN111953794A (en) * | 2020-08-20 | 2020-11-17 | 深圳市富之富信息科技有限公司 | Group cheating and lending early warning method and device |
| CN113132993A (en) * | 2021-04-23 | 2021-07-16 | 杭州网银互联科技股份有限公司 | Data stealing identification system applied to wireless local area network and use method thereof |
| CN114828004A (en) * | 2022-04-28 | 2022-07-29 | 广州通则康威智能科技有限公司 | Method and device for automatically acquiring IP (Internet protocol) of wireless network equipment by small program |
| CN114828004B (en) * | 2022-04-28 | 2024-01-26 | 广州通则康威科技股份有限公司 | Method and device for automatically acquiring IP of wireless network equipment by applet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108430063B (en) | 2021-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alotaibi | Utilizing blockchain to overcome cyber security concerns in the internet of things: A review | |
| CN108430063A (en) | A kind of method and apparatus for monitoring ARP deceptions in WLAN | |
| Dang et al. | An approach to data privacy in smart home using blockchain technology | |
| CN108566656A (en) | A kind of method and apparatus for detecting wireless network secure | |
| Šarac et al. | Increasing privacy and security by integrating a blockchain secure interface into an IoT device security gateway architecture | |
| Latif et al. | Distributed denial of service (DDoS) attack in cloud-assisted wireless body area networks: a systematic literature review | |
| US10887307B1 (en) | Systems and methods for identifying users | |
| US11212248B2 (en) | Method and device for managing a user | |
| CN110113747B (en) | Method and equipment for connecting hidden wireless access point | |
| CN106878343B (en) | It is the system serviced that network security is provided under a kind of cloud computing environment | |
| Geetha et al. | Cloud integrated iot enabled sensor network security: research issues and solutions | |
| US20200311231A1 (en) | Anomalous user session detector | |
| CN107690175A (en) | A kind of method and apparatus for being used to manage WAP | |
| CN108650236A (en) | A kind of method and apparatus for detecting ssl man-in-the-middle attacks | |
| CN107332700A (en) | A kind of method and apparatus for being used to configure wireless routing device | |
| JP7452813B2 (en) | Techniques for accelerated hierarchical key caching in edge systems | |
| Chen | Embedding the MRC and SC schemes into trust management algorithm applied to IoT security protection | |
| CN112333105A (en) | Communication method and device of cloud robot | |
| Zhong et al. | Data security storage method for power distribution internet of things in cyber-physical energy systems | |
| Hewa et al. | How DoS attacks can be mounted on Network Slice Broker and can they be mitigated using blockchain? | |
| US11411887B2 (en) | Method and device for performing traffic control on user equipment | |
| CN107196957A (en) | A kind of distributed identity authentication method and system | |
| Rizvi et al. | Analyzing the integration of cognitive radio and cloud computing for secure networking | |
| CN108282786A (en) | A kind of method and apparatus for detecting DNS spoofing attacks in WLAN | |
| CN108768937A (en) | A kind of method and apparatus for detecting ARP deceptions in WLAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210426 Address after: 200131 Zone E, 9th floor, No.1 Lane 666, zhangheng Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai Applicant after: Shanghai Shangxiang Network Technology Co.,Ltd. Address before: 200120 Shanghai city Pudong New Area mud Town Road No. 979 Building 2 Hon Applicant before: SHANGHAI LIANSHANG NETWORK TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |