CN109309628A - A kind of obstruction processing method and processing device of shared access user - Google Patents
A kind of obstruction processing method and processing device of shared access user Download PDFInfo
- Publication number
- CN109309628A CN109309628A CN201811093661.8A CN201811093661A CN109309628A CN 109309628 A CN109309628 A CN 109309628A CN 201811093661 A CN201811093661 A CN 201811093661A CN 109309628 A CN109309628 A CN 109309628A
- Authority
- CN
- China
- Prior art keywords
- user
- target user
- data packet
- local area
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Abstract
The embodiment of the invention discloses the obstruction processing method and processing device of shared access user a kind of, method includes: to extract user's characteristic information according to the data packet of the internet of acquisition, and user's characteristic information includes local area network characteristic information and server account information;If determining that the corresponding target user of data packet determines that target user has destination server account in current local area network, and according to server account information according to local area network characteristic information, then the internet behavior of target user is detected;If determining that target user is not inconsistent according to preset condition, target user is added to blocked user group, to carry out blocking operation to target user.Determine target user after current local area network and target user have destination server account by extracting the user's characteristic information in data packet, if the internet behavior of detection target user does not meet preset condition, blocking operation then is carried out to target user, to realize the obstruction under mirror image pattern to the network user, to guarantee the stability of the whole network.
Description
Technical field
The present embodiments relate to network technique fields, and in particular to the obstruction processing method of shared access user a kind of and
Device.
Background technique
With communication and the development of electronics, people are more and more frequent using network.People are when corporate office, no
Exempt from also to use network, but in use, it is easy to unlawful practice is generated, is detecting unlawful practice, it will usually
User's online is blocked, and pushes the obstruction page, to prompt for there is unlawful practice.
The push of the blocked user prompt page in the prior art, is that blocked user surfs the Internet and pushes obstruction page under tandem mode
Face can cause very big network contingency, so one if causing suspension after monitoring device goes wrong under tandem mode to client
As under the scene relatively high to network demand stability, network can be monitored using mirror image pattern.But in mirror image mould
It is supervisory control action mostly under formula, is not carried out the blocked user network under mirror image pattern.
Summary of the invention
Since existing method is there are the above problem, the embodiment of the present invention proposes the obstruction processing side of shared access user a kind of
Method and device.
In a first aspect, the embodiment of the present invention proposes the obstruction processing method of shared access user a kind of, comprising:
Mirroring device obtains the data packet of internet, extracts user's characteristic information according to the data packet, the user is special
Reference breath includes local area network characteristic information and server account information;
If according to the local area network characteristic information determine the corresponding target user of the data packet in current local area network, and
Determine that the target user has destination server account according to the server account information, then to the upper of the target user
Net behavior is detected;
If determining that the target user is not inconsistent according to preset condition, the target user is added to blocked user group,
To carry out blocking operation to the target user.
Optionally, the method also includes:
If according to the local area network characteristic information determine the corresponding target user of the data packet not in current local area network,
Or determine that the target user does not have destination server account according to the server account information, then abandon the data
Packet.
Optionally, if described determine that the target user is not inconsistent according to preset condition, the target user is added to
Blocked user group, specifically includes:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring
In enclosing, then the target user is added to blocked user group.
Optionally, the method also includes:
The obstruction page is sent to each user terminal in the blocked user group.
Second aspect, the embodiment of the present invention also propose the blocking processing device of shared access user a kind of, comprising:
Characteristic extracting module extracts user's characteristic information, institute according to the data packet for obtaining the data packet of internet
Stating user's characteristic information includes local area network characteristic information and server account information;
Feature judgment module, if for determining the corresponding target user of the data packet according to the local area network characteristic information
Determine that the target user has destination server account in current local area network, and according to the server account information, then
The internet behavior of the target user is detected;
User's blocking module, if for determining that the target user is not inconsistent according to preset condition, by the target user
It is added to blocked user group, to carry out blocking operation to the target user.
Optionally, described device further include:
Data packet discarding module, if for determining that the corresponding target of the data packet is used according to the local area network characteristic information
Family determines that the target user does not have destination server account not in current local area network, or according to the server account information
Number, then abandon the data packet.
Optionally, user's blocking module is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring
In enclosing, then the target user is added to blocked user group.
Optionally, described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
The third aspect, the embodiment of the present invention also propose a kind of electronic equipment, comprising:
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Order is able to carry out the above method.
Fourth aspect, the embodiment of the present invention also propose a kind of non-transient computer readable storage medium, the non-transient meter
Calculation machine readable storage medium storing program for executing stores computer program, and the computer program makes the computer execute the above method.
As shown from the above technical solution, the embodiment of the present invention determines mesh by extracting the user's characteristic information in data packet
User is marked after current local area network and target user have destination server account, if the internet behavior of detection target user is not
Meet preset condition, then blocking operation is carried out to target user, so that the obstruction under mirror image pattern to the network user is realized, to protect
Demonstrate,prove the stability of the whole network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Other attached drawings are obtained according to these figures.
Fig. 1 is a kind of flow diagram of the obstruction processing method for shared access user that one embodiment of the invention provides;
Fig. 2 is a kind of structural schematic diagram for mirroring device shared access internet that one embodiment of the invention provides;
Fig. 3 is a kind of structural schematic diagram of the blocking processing device for shared access user that one embodiment of the invention provides;
Fig. 4 is the logic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
With reference to the accompanying drawing, further description of the specific embodiments of the present invention.Following embodiment is only used for more
Technical solution of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
Fig. 1 shows a kind of flow diagram of the obstruction processing method of shared access user provided in this embodiment, packet
It includes:
S101, mirroring device obtain the data packet of internet, extract user's characteristic information, the use according to the data packet
Family characteristic information includes local area network characteristic information and server account information.
Wherein, referring to fig. 2, the mirroring device is connect with interchanger and bridge 2 simultaneously, can be copied from interchanger mutually
Data packet in networking is for analyzing, without influencing the original data transmission in internet.
Specifically, after the data packet of mirroring device acquisition internet, the data packet is analyzed, described in extraction
User's characteristic information in data packet.
The local area network characteristic information is for characterizing active user whether in current local area network.
The server account information be used for record active user whether be corresponding server user.
If S102, determining the corresponding target user of the data packet in current local area network according to the local area network characteristic information
It is interior, and determine that the target user has destination server account according to the server account information, then the target is used
The internet behavior at family is detected.
Wherein, the internet behavior of the target user is information relevant to target user login internet.
If S103, determining that the target user is not inconsistent according to preset condition, the target user is added to obstruction and is used
Family group, to carry out blocking operation to the target user.
It specifically, can be by pushing the realization of the obstruction page to the blocking operation of target user to target user.For example, base
The obstruction page of PPPoE+VLAN encapsulation can be pushed in HTTP, after opening encapsulation function, mirroring device makes under mirror image pattern
When pushing control message with control mouth, it can be packaged automatically according to environment.If pppoe environment, the source MAC of message is same
When can be revised as the MAC Address of PPPoE server automatically, the VLAN ID of user can be encapsulated into the packet of the obstruction page, and
It whether is pppoe environment according to user environment information, the source MAC of modification push message.
The present embodiment determined by extracting the user's characteristic information in data packet target user in current local area network and
After target user has destination server account, if the internet behavior of detection target user does not meet preset condition, to target
User carries out blocking operation, so that the obstruction under mirror image pattern to the network user is realized, to guarantee the stability of the whole network.
Further, on the basis of above method embodiment, S103 is specifically included:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring
In enclosing, then the target user is added to blocked user group.
Specifically, the white list is the list of secured user, and the range of IP sections of the monitoring is pre-set mirror image
The range of the IP section of equipment emphasis monitoring, such as 192.168.1.3-192.168.3.7.
Determine whether that user is added to blocked user group to block by the range of IP sections of white list and monitoring, quickly
It is convenient and accurate.
Further, on the basis of above method embodiment, the method also includes:
If S104, determining the corresponding target user of the data packet not in current local according to the local area network characteristic information
In net, or according to the server account information determine the target user do not have destination server account, then abandon described in
Data packet.
Specifically, in the user of current local area network, mirroring device does not abandon the data packet without processing, no
It is analyzed;For the related service of destination server, does not have the user of destination server account without processing, therefore abandon
The data packet, without analysis.
Further, on the basis of above method embodiment, the method also includes:
S105, the obstruction page is sent to each user terminal in the blocked user group.
Specifically, referring to fig. 2, after user is surfed the Internet by user terminal generates flow, mirroring device passes through shared access
Internet, mirroring device obtain user network data from the mirror port of the interchanger of internet, and by extracting identification, if with
Family behavior is ineligible, then the obstruction page is pushed to network by control mouth, then by interchanger according to blocked user group
List be sent to each user terminal, can be realized the network congestion under mirror image pattern to user, the scene used is extensive, system
It is more stable, the demanding scene of some network stabilizations can be used normally, and by perfectly handling VLAN+PPPoE
Scene can be used and more complicated scene.
Fig. 3 shows a kind of structural schematic diagram of the blocking processing device of shared access user provided in this embodiment, institute
Stating device includes: characteristic extracting module 301, feature judgment module 302 and user's blocking module 303, in which:
The characteristic extracting module 301 is used to obtain the data packet of internet, extracts user characteristics according to the data packet
Information, the user's characteristic information include local area network characteristic information and server account information;
If the feature judgment module 302 is used to determine the corresponding mesh of the data packet according to the local area network characteristic information
User is marked in current local area network, and determines that the target user has destination server account according to the server account information
Number, then the internet behavior of the target user is detected;
If user's blocking module 303 is used to determine that the target user is not inconsistent according to preset condition, by the mesh
Mark user is added to blocked user group, to carry out blocking operation to the target user.
Specifically, the characteristic extracting module 301 obtains the data packet of internet, and it is special to extract user according to the data packet
Reference breath, the user's characteristic information includes local area network characteristic information and server account information;The feature judgment module 302
If the corresponding target user of the data packet is determined in current local area network according to the local area network characteristic information, and according to described
Server account information determine the target user have destination server account, then to the internet behavior of the target user into
Row detection;If user's blocking module 303 determines that the target user is not inconsistent according to preset condition, by the target user
It is added to blocked user group, to carry out blocking operation to the target user.
The present embodiment determined by extracting the user's characteristic information in data packet target user in current local area network and
After target user has destination server account, if the internet behavior of detection target user does not meet preset condition, to target
User carries out blocking operation, so that the obstruction under mirror image pattern to the network user is realized, to guarantee the stability of the whole network.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Data packet discarding module, if for determining that the corresponding target of the data packet is used according to the local area network characteristic information
Family determines that the target user does not have destination server account not in current local area network, or according to the server account information
Number, then abandon the data packet.
Further, on the basis of above-mentioned apparatus embodiment, user's blocking module 303 is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring
In enclosing, then the target user is added to blocked user group.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
The blocking processing device of shared access user described in the present embodiment can be used for executing above method embodiment,
Principle is similar with technical effect, and details are not described herein again.
Referring to Fig. 4, the electronic equipment, comprising: processor (processor) 401, memory (memory) 402 and total
Line 403;
Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the program instruction in the memory 402, to execute above-mentioned each method embodiment
Provided method.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out method provided by above-mentioned each method embodiment.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
It is noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although reference
Invention is explained in detail for previous embodiment, those skilled in the art should understand that: it still can be right
Technical solution documented by foregoing embodiments is modified or equivalent replacement of some of the technical features;And this
It modifies or replaces, the spirit and model of technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution
It encloses.
Claims (10)
1. a kind of obstruction processing method of shared access user characterized by comprising
Mirroring device obtains the data packet of internet, extracts user's characteristic information, the user characteristics letter according to the data packet
Breath includes local area network characteristic information and server account information;
If according to the local area network characteristic information determine the corresponding target user of the data packet in current local area network, and according to
The server account information determines that the target user has destination server account, then to the online row of the target user
To be detected;
If determining that the target user is not inconsistent according to preset condition, the target user is added to blocked user group, with right
The target user carries out blocking operation.
2. the method according to claim 1, wherein the method also includes:
If determining the corresponding target user of the data packet not in current local area network or root according to the local area network characteristic information
It determines that the target user does not have destination server account according to the server account information, then abandons the data packet.
3. the method according to claim 1, wherein if described determine the target user not according to preset condition
Symbol, then be added to blocked user group for the target user, specifically include:
If the target user is not in white list, and the IP address of the target user is in the range of preset IP sections of monitoring
It is interior, then the target user is added to blocked user group.
4. method according to claim 1-3, which is characterized in that the method also includes:
The obstruction page is sent to each user terminal in the blocked user group.
5. a kind of blocking processing device of shared access user characterized by comprising
Characteristic extracting module extracts user's characteristic information, the use according to the data packet for obtaining the data packet of internet
Family characteristic information includes local area network characteristic information and server account information;
Feature judgment module, if for determining that the corresponding target user of the data packet is working as according to the local area network characteristic information
In preceding local area network, and determine that the target user has destination server account according to the server account information, then to institute
The internet behavior for stating target user detects;
User's blocking module, if adding the target user for determining that the target user is not inconsistent according to preset condition
To blocked user group, to carry out blocking operation to the target user.
6. device according to claim 5, which is characterized in that described device further include:
Data packet discarding module, if for determining the corresponding target user of the data packet not according to the local area network characteristic information
Determine that the target user does not have destination server account in current local area network, or according to the server account information,
Then abandon the data packet.
7. device according to claim 5, which is characterized in that user's blocking module is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the range of preset IP sections of monitoring
It is interior, then the target user is added to blocked user group.
8. according to the described in any item devices of claim 5-7, which is characterized in that described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
9. a kind of electronic equipment characterized by comprising
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
Enough methods executed as described in Claims 1-4 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer program is stored up, the computer program makes the computer execute the method as described in Claims 1-4 is any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811093661.8A CN109309628A (en) | 2018-09-19 | 2018-09-19 | A kind of obstruction processing method and processing device of shared access user |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811093661.8A CN109309628A (en) | 2018-09-19 | 2018-09-19 | A kind of obstruction processing method and processing device of shared access user |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109309628A true CN109309628A (en) | 2019-02-05 |
Family
ID=65223974
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811093661.8A Pending CN109309628A (en) | 2018-09-19 | 2018-09-19 | A kind of obstruction processing method and processing device of shared access user |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109309628A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090059818A1 (en) * | 1998-04-03 | 2009-03-05 | Pickett Scott K | Systems and methods for providing configurable caller id iformation |
CN101577729A (en) * | 2009-06-10 | 2009-11-11 | 上海宝信软件股份有限公司 | Method for blocking bypass by combining DNS redirection with Http redirection |
CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
CN103441882A (en) * | 2013-09-04 | 2013-12-11 | 上海辰锐信息科技公司 | Remote management method for internet access |
CN107465659A (en) * | 2017-06-30 | 2017-12-12 | 北京北信源软件股份有限公司 | A kind of network log-in management method and device |
CN107623661A (en) * | 2016-07-15 | 2018-01-23 | 阿里巴巴集团控股有限公司 | Block system, the method and device of access request, server |
-
2018
- 2018-09-19 CN CN201811093661.8A patent/CN109309628A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090059818A1 (en) * | 1998-04-03 | 2009-03-05 | Pickett Scott K | Systems and methods for providing configurable caller id iformation |
CN101577729A (en) * | 2009-06-10 | 2009-11-11 | 上海宝信软件股份有限公司 | Method for blocking bypass by combining DNS redirection with Http redirection |
CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
CN103441882A (en) * | 2013-09-04 | 2013-12-11 | 上海辰锐信息科技公司 | Remote management method for internet access |
CN107623661A (en) * | 2016-07-15 | 2018-01-23 | 阿里巴巴集团控股有限公司 | Block system, the method and device of access request, server |
CN107465659A (en) * | 2017-06-30 | 2017-12-12 | 北京北信源软件股份有限公司 | A kind of network log-in management method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109792409B (en) | Methods, systems, and computer readable media for dropping messages during congestion events | |
CN107431712B (en) | System and method for webflow logging for multi-tenant environments | |
CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
CN108650218A (en) | Network Traffic Monitoring method, apparatus, computer equipment and storage medium | |
CN107623663A (en) | Handle the method and device of network traffics | |
CN109271793A (en) | Internet of Things cloud platform device class recognition methods and system | |
CN110022227A (en) | Method for processing business, device, equipment and storage medium | |
CN109309591B (en) | Traffic data statistical method, electronic device and storage medium | |
US10567441B2 (en) | Distributed security system | |
CN105447385B (en) | A kind of applied database honey jar detected at many levels realizes system and method | |
CN110505248A (en) | A kind of localization method and system of Intranet NAT flow | |
CN108123919A (en) | The monitoring guard system and method for network | |
CN112272179A (en) | Network security processing method, device, equipment and machine readable storage medium | |
CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
CN108028828A (en) | A kind of distributed denial of service ddos attack detection method and relevant device | |
CN103959715A (en) | Methods, systems, and computer readable media for testing a diameter routing node | |
CN105591832B (en) | application layer slow attack detection method and related device | |
CN109039959A (en) | A kind of the consistency judgment method and relevant apparatus of SDN network rule | |
US20210352516A1 (en) | Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium | |
CN114338064B (en) | Method, device, system, equipment and storage medium for identifying network traffic type | |
CN110381082B (en) | Mininet-based attack detection method and device for power communication network | |
CN110222297B (en) | Identification method of tag user and related equipment | |
CN109309628A (en) | A kind of obstruction processing method and processing device of shared access user | |
CN109361618B (en) | Data flow marking method and device, computer equipment and storage medium | |
CN104111821B (en) | The method, apparatus and system of a kind of data processing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190205 |