CN109302317A - A kind of network device detection methods and detection device - Google Patents

A kind of network device detection methods and detection device Download PDF

Info

Publication number
CN109302317A
CN109302317A CN201811198481.6A CN201811198481A CN109302317A CN 109302317 A CN109302317 A CN 109302317A CN 201811198481 A CN201811198481 A CN 201811198481A CN 109302317 A CN109302317 A CN 109302317A
Authority
CN
China
Prior art keywords
network equipment
behavior
message
detection
message store
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811198481.6A
Other languages
Chinese (zh)
Inventor
王永清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Shuiheng Technology Co Ltd
Original Assignee
Anhui Shuiheng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Shuiheng Technology Co Ltd filed Critical Anhui Shuiheng Technology Co Ltd
Priority to CN201811198481.6A priority Critical patent/CN109302317A/en
Publication of CN109302317A publication Critical patent/CN109302317A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention provides a kind of network device detection methods and detection devices, wherein detection method includes the following steps: S1: establishing basic message store, professional message store and behavior and judge library;S2: the message and SNMP message of the basic message store of transmission to the network equipment;S3: pass through the type information of the SNMP Receive message network equipment, and the response of the network equipment is judged that library is compared with behavior, judge whether network equipment behavior is legal, if it is, it performs the next step: S4: matching the detection messages of professional message store according to type information, the network equipment is detected using detection messages.Present networks equipment detection method can business loophole to the network equipment and defect detect.

Description

A kind of network device detection methods and detection device
Technical field
The present invention relates to network detection technique field more particularly to a kind of network device detection methods and detection devices.
Background technique
Network equipment detection and fault discovery technology are that one kind can effectively find that the currently running network equipment is potential The technology of defect and hiding back door has become one of the hot spot in network security research at present, for discovery defect and back door The network equipment detection safe practice analyzed and studied, have important practical significance.
Network equipment detection is a kind of technology for carrying out remotely-or locally systematic testing.The basic principle is that using simulation The mode that all kinds of messages send destination router, interchanger or firewall is constructed, and may to destination network device Existing defect carries out one by onechecking, to carry out Reliability evaluation to objects such as router, interchanger, firewalls.It borrows Help the detection technique based on message, people may find that the service of the port of opening, offer existing for network and host, Certain system informations, the configuration of mistake, known loophole, unknown loophole, back door etc..Therefore network equipment detection technique is a kind of Extremely effective automatic test technology can find user's purchase, test, now net running hidden trouble of equipment, for user's buying, comment The reliability for estimating the network equipment provides strong technical support.
Scanned in client or the client of network equipment detection in majority of network equipment at present, majority only install it is a kind of or Fixed several scanning softwares, there is problems in that, no inspection software can scan and test the defect of all-network equipment. Meanwhile the detection use-case of most of test cases, especially new technology new standard needs user to add manually, increase maintenance and The difficulty and cost of exploitation, and not can completely supplement case and message store.
In addition, existing Port Scan Techniques target is not single, purpose is indefinite, can not find road comprehensively and effectively By the loophole of device, interchanger or firewall.And existing Port Scan Techniques without and network present in business, such as road By agreement, MPLS (Multi-Protocol Label Switching, multiprotocol label switching), IPsec (Internet Protocol Security is encrypted and is authenticated the network transmission protocol to protect IP agreement by the grouping to IP agreement Race) etc. it is associated, therefore cannot targetedly find the loophole and defect of business.
Summary of the invention
In view of this, the technical problem to be solved in the present invention is to provide a kind of network device detection methods and detection device, Can business loophole to the network equipment and defect detect.
The technical scheme of the present invention is realized as follows:
A kind of network device detection methods, comprising the following steps:
S1: basic message store, professional message store and behavior are established and judges library;
S2: the message and SNMP message of the transmission basic message store to the network equipment;
S3: by the type information of the network equipment described in the SNMP Receive message, and by the response of the network equipment Judge that library is compared with the behavior, judges whether the network equipment behavior is legal, if so, performing the next step:
S4: the detection messages of the professional message store are matched according to the type information, using the detection messages to institute The network equipment is stated to be detected.
Preferably, the SNMP message is also used to obtain the business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
Preferably, after the S4, further includes:
The basic message store, the professional message store and behavior judgement are updated according to the variation of the network equipment Library.
Preferably, described to judge whether the network equipment behavior is legal and include:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is carried out It compares, if consistent with respondent behavior record, determines that behavior is legal, otherwise determine that behavior is illegal.
The invention also provides a kind of network equipment detection devices, comprising:
Module is established, judges library for basic message store, professional message store and behavior;
Sending module, the message and SNMP message for sending the basic message store are to the network equipment;
Judgment module, for the type information by the network equipment described in the SNMP Receive message, and by the network The response of equipment judges that library is compared with the behavior, judges whether the network equipment behavior is legal, if so, under executing One step:
Matching module utilizes the inspection for matching the detection messages of the professional message store according to the type information Text is observed and predicted to detect the network equipment.
Preferably, the SNMP message is also used to obtain the business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
Preferably, network equipment detection device further includes update module;
The update module is used to update the basic message store, the professional message according to the variation of the network equipment Library and the behavior judge library.
Preferably, described to judge whether the network equipment behavior is legal and include:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is carried out It compares, if consistent with respondent behavior record, determines that behavior is legal, otherwise determine that behavior is illegal.
Network device detection methods proposed by the present invention and detection device, can by basic message store to the network equipment into Row Preliminary detection, it is legal to judge whether, the report of profession is further matched for the model that legal equipment is directed to the network equipment again Text is detected, so as to comprehensively and effectively to the different types of network equipment business loophole and defect detect.
Detailed description of the invention
Fig. 1 is the flow chart for the network device detection methods that the embodiment of the present invention proposes;
Fig. 2 is the structural block diagram for the network equipment detection device that the embodiment of the present invention proposes.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the embodiment of the present invention proposes a kind of network device detection methods, comprising the following steps:
S101: basic message store, professional message store and behavior are established and judges library.
In the present embodiment, basic message store is for storing general message, and professional message store is for storage and heterogeneous networks The matched detection messages of equipment, behavior judge library for the network equipment to the legal respondent behavior of the storage of message.
S102: the message and SNMP message of the basic message store of transmission to the network equipment.
When being detected, general message and SNMP message are sent to the network equipment to be detected.
S103: judge by the type information of the SNMP Receive message network equipment, and by the response of the network equipment and behavior Library is compared, and judges whether network equipment behavior is legal, if so, executing S104.
There are two purposes for this step tool, first is that the type information of the network equipment is obtained, second is that judging the network equipment to general Whether the respondent behavior of message is legal, if illegal, that is, complete detection, otherwise performs the next step.
S104: matching the detection messages of professional message store according to type information, is carried out using detection messages to the network equipment Detection.
When response of the network equipment to general message is legal, precisely detection can be carried out further to it.Specifically, root The detection messages that professional message store is matched according to the type information of the network equipment, detect the network equipment by detection messages.
Wherein, detection messages are professional message corresponding with network device model number, due to the classification model of the network equipment More, general message detection is inaccurate, therefore professional message can be set, for the network equipment of different type and model It is detected with corresponding message, standardizes its detection more.
In a preferred embodiment of the invention, SNMP message is also used to obtain the business configuration of the network equipment;
Business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
In the present embodiment, the port SNMP of the network equipment and service can be opened, by sending SNMP to the network equipment Message obtains the business configuration of the network equipment.
Its business configuration can be interface message, internet protocol address configuration, virtual LAN VLAN configuration, routing One of configuration, multiprotocol label switching MPLS and protocol configuration are a variety of.
It in a preferred embodiment of the invention, further include according to the basic message store of the variation of network equipment update, specially Retribution for sins library and behavior judge library.
In the present embodiment, since the network equipment will do it update, it is therefore desirable to be updated in time to database, guarantee inspection The accuracy of survey.
In a preferred embodiment of the invention, judging whether network equipment behavior is legal includes:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with message is compared It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
As shown in Fig. 2, the invention also provides a kind of network equipment detection devices, comprising:
Module 201 is established, judges library for basic message store, professional message store and behavior;
Sending module 202, the message and SNMP message for sending basic message store are to the network equipment;
Judgment module 203, for by the type information of the SNMP Receive message network equipment, and by the response of the network equipment Judge that library is compared with behavior, whether legal judges network equipment behavior, if so, performing the next step:
Matching module 204, for matching the detection messages of professional message store according to type information, using detection messages to net Network equipment is detected.
In a preferred embodiment of the invention, SNMP message is also used to obtain the business configuration of the network equipment;
Business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
In a preferred embodiment of the invention, network equipment detection device further includes update module;
Update module is used to update basic message store, professional message store and behavior according to the variation of the network equipment and judges library.
In a preferred embodiment of the invention, judging whether network equipment behavior is legal includes:
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with message is compared It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
Network device detection methods proposed by the present invention and detection device, can by basic message store to the network equipment into Row Preliminary detection, it is legal to judge whether, the report of profession is further matched for the model that legal equipment is directed to the network equipment again Text is detected, so as to comprehensively and effectively to the different types of network equipment business loophole and defect detect.
In conclusion following effect at least may be implemented in the embodiment of the present invention:
In embodiments of the present invention, Preliminary detection is carried out to the network equipment by basic message store, it is legal to judge whether, right It is detected in the message that the model that legal equipment is directed to the network equipment again further matches profession, so as to comprehensively effective The business loophole and defect of the different types of network equipment are detected.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention, Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.

Claims (8)

1. a kind of network device detection methods, which comprises the following steps:
S1: basic message store, professional message store and behavior are established and judges library;
S2: the message and SNMP message of the transmission basic message store to the network equipment;
S3: by the type information of the network equipment described in the SNMP Receive message, and by the response of the network equipment and institute The behavior of stating judges that library is compared, and judges whether the network equipment behavior is legal, if so, performing the next step:
S4: the detection messages of the professional message store are matched according to the type information, using the detection messages to the net Network equipment is detected.
2. network device detection methods as described in claim 1, which is characterized in that the SNMP message is also used to obtain described The business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
3. network device detection methods as described in claim 1, which is characterized in that after the S4, further includes:
The basic message store, the professional message store and the behavior, which are updated, according to the variation of the network equipment judges library.
4. network device detection methods as described in any one of claims 1-3, which is characterized in that the judgement network is set Include: for whether behavior is legal
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is compared It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
5. a kind of network equipment detection device characterized by comprising
Module is established, judges library for basic message store, professional message store and behavior;
Sending module, the message and SNMP message for sending the basic message store are to the network equipment;
Judgment module, for the type information by the network equipment described in the SNMP Receive message, and by the network equipment Response judge that library is compared with the behavior, judge whether the network equipment behavior legal, if so, execute it is next Step:
Matching module is reported for matching the detection messages of the professional message store according to the type information using the detection Text detects the network equipment.
6. network equipment detection device as claimed in claim 5, which is characterized in that the SNMP message is also used to obtain described The business configuration of the network equipment;
The business configuration includes interface message, internet protocol address configuration, virtual LAN VLAN configuration, routes and match It sets, one of multiprotocol label switching MPLS and protocol configuration or a variety of.
7. network equipment detection device as claimed in claim 5, which is characterized in that further include update module;
The update module be used to be updated according to the variation of the network equipment the basic message store, the professional message store and The behavior judges library.
8. such as the described in any item network equipment detection devices of claim 5-7, which is characterized in that the judgement network is set Include: for whether behavior is legal
Artificial setting respondent behavior records;The response of network equipment respondent behavior record corresponding with the message is compared It is right, if consistent with respondent behavior record, determine that behavior is legal, otherwise determines that behavior is illegal.
CN201811198481.6A 2018-10-15 2018-10-15 A kind of network device detection methods and detection device Pending CN109302317A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811198481.6A CN109302317A (en) 2018-10-15 2018-10-15 A kind of network device detection methods and detection device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811198481.6A CN109302317A (en) 2018-10-15 2018-10-15 A kind of network device detection methods and detection device

Publications (1)

Publication Number Publication Date
CN109302317A true CN109302317A (en) 2019-02-01

Family

ID=65162580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811198481.6A Pending CN109302317A (en) 2018-10-15 2018-10-15 A kind of network device detection methods and detection device

Country Status (1)

Country Link
CN (1) CN109302317A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111796578A (en) * 2020-06-29 2020-10-20 中国第一汽车股份有限公司 Vehicle controller testing method, device and system and storage medium
CN114978942A (en) * 2022-05-13 2022-08-30 深信服科技股份有限公司 Router detection method and device, electronic equipment and storage medium
CN114978942B (en) * 2022-05-13 2024-05-24 深信服科技股份有限公司 Router detection method and device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111796578A (en) * 2020-06-29 2020-10-20 中国第一汽车股份有限公司 Vehicle controller testing method, device and system and storage medium
CN114978942A (en) * 2022-05-13 2022-08-30 深信服科技股份有限公司 Router detection method and device, electronic equipment and storage medium
CN114978942B (en) * 2022-05-13 2024-05-24 深信服科技股份有限公司 Router detection method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Baykara et al. A novel honeypot based security approach for real-time intrusion detection and prevention systems
US10356044B2 (en) Security information and event management
US8272061B1 (en) Method for evaluating a network
EP3253018B1 (en) Network intrusion detection based on geographical information
CN105450442B (en) A kind of network topology investigation method and its system
CN102724317B (en) A kind of network traffic data sorting technique and device
McHugh Intrusion and intrusion detection
CN104113443B (en) A kind of network device detection methods, device and cloud detection system
US6363489B1 (en) Method for automatic intrusion detection and deflection in a network
CN105681250B (en) A kind of Botnet distribution real-time detection method and system
CN104169937B (en) Chance system scans
CN111934922B (en) Method, device, equipment and storage medium for constructing network topology
CN102394885B (en) Information classification protection automatic verification method based on data stream
CN106603507A (en) Method and system for automatically completing network security self checking
CN105391687A (en) System and method for supplying information security operation service to medium-sized and small enterprises
CN106657025A (en) Network attack behavior detection method and device
CN104753736B (en) For detecting the method and system evaded to the malice of Virtual Private Network
CN106452955B (en) A kind of detection method and system of abnormal network connection
CN104239798B (en) Mobile terminal, server end in mobile office system and its virus method and system
CN109302317A (en) A kind of network device detection methods and detection device
CN108881315A (en) A kind of method and system of the double LSA attack ospf protocols of detection and recovery based on NFV
Kumar et al. A Review on Recent Advances & Future Trends of Security in Honeypot.
CN105099807B (en) Apparatus testing method and device
US11470083B2 (en) Device integration for a network access control server based on device mappings and testing verification
TW200924428A (en) An inside tracing method of the network attacking detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination