CN109302317A - A kind of network device detection methods and detection device - Google Patents
A kind of network device detection methods and detection device Download PDFInfo
- Publication number
- CN109302317A CN109302317A CN201811198481.6A CN201811198481A CN109302317A CN 109302317 A CN109302317 A CN 109302317A CN 201811198481 A CN201811198481 A CN 201811198481A CN 109302317 A CN109302317 A CN 109302317A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- behavior
- message
- detection
- message store
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention provides a kind of network device detection methods and detection devices, wherein detection method includes the following steps: S1: establishing basic message store, professional message store and behavior and judge library;S2: the message and SNMP message of the basic message store of transmission to the network equipment;S3: pass through the type information of the SNMP Receive message network equipment, and the response of the network equipment is judged that library is compared with behavior, judge whether network equipment behavior is legal, if it is, it performs the next step: S4: matching the detection messages of professional message store according to type information, the network equipment is detected using detection messages.Present networks equipment detection method can business loophole to the network equipment and defect detect.
Description
Technical field
The present invention relates to network detection technique field more particularly to a kind of network device detection methods and detection devices.
Background technique
Network equipment detection and fault discovery technology are that one kind can effectively find that the currently running network equipment is potential
The technology of defect and hiding back door has become one of the hot spot in network security research at present, for discovery defect and back door
The network equipment detection safe practice analyzed and studied, have important practical significance.
Network equipment detection is a kind of technology for carrying out remotely-or locally systematic testing.The basic principle is that using simulation
The mode that all kinds of messages send destination router, interchanger or firewall is constructed, and may to destination network device
Existing defect carries out one by onechecking, to carry out Reliability evaluation to objects such as router, interchanger, firewalls.It borrows
Help the detection technique based on message, people may find that the service of the port of opening, offer existing for network and host,
Certain system informations, the configuration of mistake, known loophole, unknown loophole, back door etc..Therefore network equipment detection technique is a kind of
Extremely effective automatic test technology can find user's purchase, test, now net running hidden trouble of equipment, for user's buying, comment
The reliability for estimating the network equipment provides strong technical support.
Scanned in client or the client of network equipment detection in majority of network equipment at present, majority only install it is a kind of or
Fixed several scanning softwares, there is problems in that, no inspection software can scan and test the defect of all-network equipment.
Meanwhile the detection use-case of most of test cases, especially new technology new standard needs user to add manually, increase maintenance and
The difficulty and cost of exploitation, and not can completely supplement case and message store.
In addition, existing Port Scan Techniques target is not single, purpose is indefinite, can not find road comprehensively and effectively
By the loophole of device, interchanger or firewall.And existing Port Scan Techniques without and network present in business, such as road
By agreement, MPLS (Multi-Protocol Label Switching, multiprotocol label switching), IPsec (Internet
Protocol Security is encrypted and is authenticated the network transmission protocol to protect IP agreement by the grouping to IP agreement
Race) etc. it is associated, therefore cannot targetedly find the loophole and defect of business.
Summary of the invention
In view of this, the technical problem to be solved in the present invention is to provide a kind of network device detection methods and detection device,
Can business loophole to the network equipment and defect detect.
The technical scheme of the present invention is realized as follows:
A kind of network device detection methods, comprising the following steps:
S1: basic message store, professional message store and behavior are established and judges library;
S2: the message and SNMP message of the transmission basic message store to the network equipment;
S3: by the type information of the network equipment described in the SNMP Receive message, and by the response of the network equipment
Judge that library is compared with the behavior, judges whether the network equipment behavior is legal, if so, performing the next step:
S4: the detection messages of the professional message store are matched according to the type information, using the detection messages to institute
The network equipment is stated to be detected.
Preferably, the SNMP message is also used to obtain the business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing
One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
Preferably, after the S4, further includes:
The basic message store, the professional message store and behavior judgement are updated according to the variation of the network equipment
Library.
Preferably, described to judge whether the network equipment behavior is legal and include:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is carried out
It compares, if consistent with respondent behavior record, determines that behavior is legal, otherwise determine that behavior is illegal.
The invention also provides a kind of network equipment detection devices, comprising:
Module is established, judges library for basic message store, professional message store and behavior;
Sending module, the message and SNMP message for sending the basic message store are to the network equipment;
Judgment module, for the type information by the network equipment described in the SNMP Receive message, and by the network
The response of equipment judges that library is compared with the behavior, judges whether the network equipment behavior is legal, if so, under executing
One step:
Matching module utilizes the inspection for matching the detection messages of the professional message store according to the type information
Text is observed and predicted to detect the network equipment.
Preferably, the SNMP message is also used to obtain the business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing
One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
Preferably, network equipment detection device further includes update module;
The update module is used to update the basic message store, the professional message according to the variation of the network equipment
Library and the behavior judge library.
Preferably, described to judge whether the network equipment behavior is legal and include:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is carried out
It compares, if consistent with respondent behavior record, determines that behavior is legal, otherwise determine that behavior is illegal.
Network device detection methods proposed by the present invention and detection device, can by basic message store to the network equipment into
Row Preliminary detection, it is legal to judge whether, the report of profession is further matched for the model that legal equipment is directed to the network equipment again
Text is detected, so as to comprehensively and effectively to the different types of network equipment business loophole and defect detect.
Detailed description of the invention
Fig. 1 is the flow chart for the network device detection methods that the embodiment of the present invention proposes;
Fig. 2 is the structural block diagram for the network equipment detection device that the embodiment of the present invention proposes.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the embodiment of the present invention proposes a kind of network device detection methods, comprising the following steps:
S101: basic message store, professional message store and behavior are established and judges library.
In the present embodiment, basic message store is for storing general message, and professional message store is for storage and heterogeneous networks
The matched detection messages of equipment, behavior judge library for the network equipment to the legal respondent behavior of the storage of message.
S102: the message and SNMP message of the basic message store of transmission to the network equipment.
When being detected, general message and SNMP message are sent to the network equipment to be detected.
S103: judge by the type information of the SNMP Receive message network equipment, and by the response of the network equipment and behavior
Library is compared, and judges whether network equipment behavior is legal, if so, executing S104.
There are two purposes for this step tool, first is that the type information of the network equipment is obtained, second is that judging the network equipment to general
Whether the respondent behavior of message is legal, if illegal, that is, complete detection, otherwise performs the next step.
S104: matching the detection messages of professional message store according to type information, is carried out using detection messages to the network equipment
Detection.
When response of the network equipment to general message is legal, precisely detection can be carried out further to it.Specifically, root
The detection messages that professional message store is matched according to the type information of the network equipment, detect the network equipment by detection messages.
Wherein, detection messages are professional message corresponding with network device model number, due to the classification model of the network equipment
More, general message detection is inaccurate, therefore professional message can be set, for the network equipment of different type and model
It is detected with corresponding message, standardizes its detection more.
In a preferred embodiment of the invention, SNMP message is also used to obtain the business configuration of the network equipment;
Business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match
It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
In the present embodiment, the port SNMP of the network equipment and service can be opened, by sending SNMP to the network equipment
Message obtains the business configuration of the network equipment.
Its business configuration can be interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing
One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
It in a preferred embodiment of the invention, further include according to the basic message store of the variation of network equipment update, specially
Retribution for sins library and behavior judge library.
In the present embodiment, since the network equipment will do it update, it is therefore desirable to be updated in time to database, guarantee inspection
The accuracy of survey.
In a preferred embodiment of the invention, judging whether network equipment behavior is legal includes:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with message is compared
It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
As shown in Fig. 2, the invention also provides a kind of network equipment detection devices, comprising:
Module 201 is established, judges library for basic message store, professional message store and behavior;
Sending module 202, the message and SNMP message for sending basic message store are to the network equipment;
Judgment module 203, for by the type information of the SNMP Receive message network equipment, and by the response of the network equipment
Judge that library is compared with behavior, whether legal judges network equipment behavior, if so, performing the next step:
Matching module 204, for matching the detection messages of professional message store according to type information, using detection messages to net
Network equipment is detected.
In a preferred embodiment of the invention, SNMP message is also used to obtain the business configuration of the network equipment;
Business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match
It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
In a preferred embodiment of the invention, network equipment detection device further includes update module;
Update module is used to update basic message store, professional message store and behavior according to the variation of the network equipment and judges library.
In a preferred embodiment of the invention, judging whether network equipment behavior is legal includes:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with message is compared
It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
Network device detection methods proposed by the present invention and detection device, can by basic message store to the network equipment into
Row Preliminary detection, it is legal to judge whether, the report of profession is further matched for the model that legal equipment is directed to the network equipment again
Text is detected, so as to comprehensively and effectively to the different types of network equipment business loophole and defect detect.
In conclusion following effect at least may be implemented in the embodiment of the present invention:
In embodiments of the present invention, Preliminary detection is carried out to the network equipment by basic message store, it is legal to judge whether, right
It is detected in the message that the model that legal equipment is directed to the network equipment again further matches profession, so as to comprehensively effective
The business loophole and defect of the different types of network equipment are detected.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (8)
1. a kind of network device detection methods, which comprises the following steps:
S1: basic message store, professional message store and behavior are established and judges library;
S2: the message and SNMP message of the transmission basic message store to the network equipment;
S3: by the type information of the network equipment described in the SNMP Receive message, and by the response of the network equipment and institute
The behavior of stating judges that library is compared, and judges whether the network equipment behavior is legal, if so, performing the next step:
S4: the detection messages of the professional message store are matched according to the type information, using the detection messages to the net
Network equipment is detected.
2. network device detection methods as described in claim 1, which is characterized in that the SNMP message is also used to obtain described
The business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match
It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
3. network device detection methods as described in claim 1, which is characterized in that after the S4, further includes:
The basic message store, the professional message store and the behavior, which are updated, according to the variation of the network equipment judges library.
4. network device detection methods as described in any one of claims 1-3, which is characterized in that the judgement network is set
Include: for whether behavior is legal
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is compared
It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
5. a kind of network equipment detection device characterized by comprising
Module is established, judges library for basic message store, professional message store and behavior;
Sending module, the message and SNMP message for sending the basic message store are to the network equipment;
Judgment module, for the type information by the network equipment described in the SNMP Receive message, and by the network equipment
Response judge that library is compared with the behavior, judge whether the network equipment behavior legal, if so, execute it is next
Step:
Matching module is reported for matching the detection messages of the professional message store according to the type information using the detection
Text detects the network equipment.
6. network equipment detection device as claimed in claim 5, which is characterized in that the SNMP message is also used to obtain described
The business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match
It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
7. network equipment detection device as claimed in claim 5, which is characterized in that further include update module;
The update module be used to be updated according to the variation of the network equipment the basic message store, the professional message store and
The behavior judges library.
8. such as the described in any item network equipment detection devices of claim 5-7, which is characterized in that the judgement network is set
Include: for whether behavior is legal
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is compared
It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198481.6A CN109302317A (en) | 2018-10-15 | 2018-10-15 | A kind of network device detection methods and detection device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198481.6A CN109302317A (en) | 2018-10-15 | 2018-10-15 | A kind of network device detection methods and detection device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109302317A true CN109302317A (en) | 2019-02-01 |
Family
ID=65162580
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811198481.6A Pending CN109302317A (en) | 2018-10-15 | 2018-10-15 | A kind of network device detection methods and detection device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109302317A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111796578A (en) * | 2020-06-29 | 2020-10-20 | 中国第一汽车股份有限公司 | Vehicle controller testing method, device and system and storage medium |
CN114978942A (en) * | 2022-05-13 | 2022-08-30 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
CN114978942B (en) * | 2022-05-13 | 2024-05-24 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
-
2018
- 2018-10-15 CN CN201811198481.6A patent/CN109302317A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111796578A (en) * | 2020-06-29 | 2020-10-20 | 中国第一汽车股份有限公司 | Vehicle controller testing method, device and system and storage medium |
CN114978942A (en) * | 2022-05-13 | 2022-08-30 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
CN114978942B (en) * | 2022-05-13 | 2024-05-24 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Baykara et al. | A novel honeypot based security approach for real-time intrusion detection and prevention systems | |
US10356044B2 (en) | Security information and event management | |
US8272061B1 (en) | Method for evaluating a network | |
EP3253018B1 (en) | Network intrusion detection based on geographical information | |
CN105450442B (en) | A kind of network topology investigation method and its system | |
CN102724317B (en) | A kind of network traffic data sorting technique and device | |
McHugh | Intrusion and intrusion detection | |
CN104113443B (en) | A kind of network device detection methods, device and cloud detection system | |
US6363489B1 (en) | Method for automatic intrusion detection and deflection in a network | |
CN105681250B (en) | A kind of Botnet distribution real-time detection method and system | |
CN104169937B (en) | Chance system scans | |
CN111934922B (en) | Method, device, equipment and storage medium for constructing network topology | |
CN102394885B (en) | Information classification protection automatic verification method based on data stream | |
CN106603507A (en) | Method and system for automatically completing network security self checking | |
CN105391687A (en) | System and method for supplying information security operation service to medium-sized and small enterprises | |
CN106657025A (en) | Network attack behavior detection method and device | |
CN104753736B (en) | For detecting the method and system evaded to the malice of Virtual Private Network | |
CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
CN104239798B (en) | Mobile terminal, server end in mobile office system and its virus method and system | |
CN109302317A (en) | A kind of network device detection methods and detection device | |
CN108881315A (en) | A kind of method and system of the double LSA attack ospf protocols of detection and recovery based on NFV | |
Kumar et al. | A Review on Recent Advances & Future Trends of Security in Honeypot. | |
CN105099807B (en) | Apparatus testing method and device | |
US11470083B2 (en) | Device integration for a network access control server based on device mappings and testing verification | |
TW200924428A (en) | An inside tracing method of the network attacking detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |