CN109309628A - A kind of obstruction processing method and processing device of shared access user - Google Patents

A kind of obstruction processing method and processing device of shared access user Download PDF

Info

Publication number
CN109309628A
CN109309628A CN201811093661.8A CN201811093661A CN109309628A CN 109309628 A CN109309628 A CN 109309628A CN 201811093661 A CN201811093661 A CN 201811093661A CN 109309628 A CN109309628 A CN 109309628A
Authority
CN
China
Prior art keywords
user
target user
data packet
local area
area network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811093661.8A
Other languages
Chinese (zh)
Inventor
金科
岳勇
张洪钏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201811093661.8A priority Critical patent/CN109309628A/en
Publication of CN109309628A publication Critical patent/CN109309628A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Abstract

The embodiment of the invention discloses the obstruction processing method and processing device of shared access user a kind of, method includes: to extract user's characteristic information according to the data packet of the internet of acquisition, and user's characteristic information includes local area network characteristic information and server account information;If determining that the corresponding target user of data packet determines that target user has destination server account in current local area network, and according to server account information according to local area network characteristic information, then the internet behavior of target user is detected;If determining that target user is not inconsistent according to preset condition, target user is added to blocked user group, to carry out blocking operation to target user.Determine target user after current local area network and target user have destination server account by extracting the user's characteristic information in data packet, if the internet behavior of detection target user does not meet preset condition, blocking operation then is carried out to target user, to realize the obstruction under mirror image pattern to the network user, to guarantee the stability of the whole network.

Description

A kind of obstruction processing method and processing device of shared access user
Technical field
The present embodiments relate to network technique fields, and in particular to the obstruction processing method of shared access user a kind of and Device.
Background technique
With communication and the development of electronics, people are more and more frequent using network.People are when corporate office, no Exempt from also to use network, but in use, it is easy to unlawful practice is generated, is detecting unlawful practice, it will usually User's online is blocked, and pushes the obstruction page, to prompt for there is unlawful practice.
The push of the blocked user prompt page in the prior art, is that blocked user surfs the Internet and pushes obstruction page under tandem mode Face can cause very big network contingency, so one if causing suspension after monitoring device goes wrong under tandem mode to client As under the scene relatively high to network demand stability, network can be monitored using mirror image pattern.But in mirror image mould It is supervisory control action mostly under formula, is not carried out the blocked user network under mirror image pattern.
Summary of the invention
Since existing method is there are the above problem, the embodiment of the present invention proposes the obstruction processing side of shared access user a kind of Method and device.
In a first aspect, the embodiment of the present invention proposes the obstruction processing method of shared access user a kind of, comprising:
Mirroring device obtains the data packet of internet, extracts user's characteristic information according to the data packet, the user is special Reference breath includes local area network characteristic information and server account information;
If according to the local area network characteristic information determine the corresponding target user of the data packet in current local area network, and Determine that the target user has destination server account according to the server account information, then to the upper of the target user Net behavior is detected;
If determining that the target user is not inconsistent according to preset condition, the target user is added to blocked user group, To carry out blocking operation to the target user.
Optionally, the method also includes:
If according to the local area network characteristic information determine the corresponding target user of the data packet not in current local area network, Or determine that the target user does not have destination server account according to the server account information, then abandon the data Packet.
Optionally, if described determine that the target user is not inconsistent according to preset condition, the target user is added to Blocked user group, specifically includes:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring In enclosing, then the target user is added to blocked user group.
Optionally, the method also includes:
The obstruction page is sent to each user terminal in the blocked user group.
Second aspect, the embodiment of the present invention also propose the blocking processing device of shared access user a kind of, comprising:
Characteristic extracting module extracts user's characteristic information, institute according to the data packet for obtaining the data packet of internet Stating user's characteristic information includes local area network characteristic information and server account information;
Feature judgment module, if for determining the corresponding target user of the data packet according to the local area network characteristic information Determine that the target user has destination server account in current local area network, and according to the server account information, then The internet behavior of the target user is detected;
User's blocking module, if for determining that the target user is not inconsistent according to preset condition, by the target user It is added to blocked user group, to carry out blocking operation to the target user.
Optionally, described device further include:
Data packet discarding module, if for determining that the corresponding target of the data packet is used according to the local area network characteristic information Family determines that the target user does not have destination server account not in current local area network, or according to the server account information Number, then abandon the data packet.
Optionally, user's blocking module is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring In enclosing, then the target user is added to blocked user group.
Optionally, described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
The third aspect, the embodiment of the present invention also propose a kind of electronic equipment, comprising:
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to Order is able to carry out the above method.
Fourth aspect, the embodiment of the present invention also propose a kind of non-transient computer readable storage medium, the non-transient meter Calculation machine readable storage medium storing program for executing stores computer program, and the computer program makes the computer execute the above method.
As shown from the above technical solution, the embodiment of the present invention determines mesh by extracting the user's characteristic information in data packet User is marked after current local area network and target user have destination server account, if the internet behavior of detection target user is not Meet preset condition, then blocking operation is carried out to target user, so that the obstruction under mirror image pattern to the network user is realized, to protect Demonstrate,prove the stability of the whole network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Other attached drawings are obtained according to these figures.
Fig. 1 is a kind of flow diagram of the obstruction processing method for shared access user that one embodiment of the invention provides;
Fig. 2 is a kind of structural schematic diagram for mirroring device shared access internet that one embodiment of the invention provides;
Fig. 3 is a kind of structural schematic diagram of the blocking processing device for shared access user that one embodiment of the invention provides;
Fig. 4 is the logic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
With reference to the accompanying drawing, further description of the specific embodiments of the present invention.Following embodiment is only used for more Technical solution of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
Fig. 1 shows a kind of flow diagram of the obstruction processing method of shared access user provided in this embodiment, packet It includes:
S101, mirroring device obtain the data packet of internet, extract user's characteristic information, the use according to the data packet Family characteristic information includes local area network characteristic information and server account information.
Wherein, referring to fig. 2, the mirroring device is connect with interchanger and bridge 2 simultaneously, can be copied from interchanger mutually Data packet in networking is for analyzing, without influencing the original data transmission in internet.
Specifically, after the data packet of mirroring device acquisition internet, the data packet is analyzed, described in extraction User's characteristic information in data packet.
The local area network characteristic information is for characterizing active user whether in current local area network.
The server account information be used for record active user whether be corresponding server user.
If S102, determining the corresponding target user of the data packet in current local area network according to the local area network characteristic information It is interior, and determine that the target user has destination server account according to the server account information, then the target is used The internet behavior at family is detected.
Wherein, the internet behavior of the target user is information relevant to target user login internet.
If S103, determining that the target user is not inconsistent according to preset condition, the target user is added to obstruction and is used Family group, to carry out blocking operation to the target user.
It specifically, can be by pushing the realization of the obstruction page to the blocking operation of target user to target user.For example, base The obstruction page of PPPoE+VLAN encapsulation can be pushed in HTTP, after opening encapsulation function, mirroring device makes under mirror image pattern When pushing control message with control mouth, it can be packaged automatically according to environment.If pppoe environment, the source MAC of message is same When can be revised as the MAC Address of PPPoE server automatically, the VLAN ID of user can be encapsulated into the packet of the obstruction page, and It whether is pppoe environment according to user environment information, the source MAC of modification push message.
The present embodiment determined by extracting the user's characteristic information in data packet target user in current local area network and After target user has destination server account, if the internet behavior of detection target user does not meet preset condition, to target User carries out blocking operation, so that the obstruction under mirror image pattern to the network user is realized, to guarantee the stability of the whole network.
Further, on the basis of above method embodiment, S103 is specifically included:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring In enclosing, then the target user is added to blocked user group.
Specifically, the white list is the list of secured user, and the range of IP sections of the monitoring is pre-set mirror image The range of the IP section of equipment emphasis monitoring, such as 192.168.1.3-192.168.3.7.
Determine whether that user is added to blocked user group to block by the range of IP sections of white list and monitoring, quickly It is convenient and accurate.
Further, on the basis of above method embodiment, the method also includes:
If S104, determining the corresponding target user of the data packet not in current local according to the local area network characteristic information In net, or according to the server account information determine the target user do not have destination server account, then abandon described in Data packet.
Specifically, in the user of current local area network, mirroring device does not abandon the data packet without processing, no It is analyzed;For the related service of destination server, does not have the user of destination server account without processing, therefore abandon The data packet, without analysis.
Further, on the basis of above method embodiment, the method also includes:
S105, the obstruction page is sent to each user terminal in the blocked user group.
Specifically, referring to fig. 2, after user is surfed the Internet by user terminal generates flow, mirroring device passes through shared access Internet, mirroring device obtain user network data from the mirror port of the interchanger of internet, and by extracting identification, if with Family behavior is ineligible, then the obstruction page is pushed to network by control mouth, then by interchanger according to blocked user group List be sent to each user terminal, can be realized the network congestion under mirror image pattern to user, the scene used is extensive, system It is more stable, the demanding scene of some network stabilizations can be used normally, and by perfectly handling VLAN+PPPoE Scene can be used and more complicated scene.
Fig. 3 shows a kind of structural schematic diagram of the blocking processing device of shared access user provided in this embodiment, institute Stating device includes: characteristic extracting module 301, feature judgment module 302 and user's blocking module 303, in which:
The characteristic extracting module 301 is used to obtain the data packet of internet, extracts user characteristics according to the data packet Information, the user's characteristic information include local area network characteristic information and server account information;
If the feature judgment module 302 is used to determine the corresponding mesh of the data packet according to the local area network characteristic information User is marked in current local area network, and determines that the target user has destination server account according to the server account information Number, then the internet behavior of the target user is detected;
If user's blocking module 303 is used to determine that the target user is not inconsistent according to preset condition, by the mesh Mark user is added to blocked user group, to carry out blocking operation to the target user.
Specifically, the characteristic extracting module 301 obtains the data packet of internet, and it is special to extract user according to the data packet Reference breath, the user's characteristic information includes local area network characteristic information and server account information;The feature judgment module 302 If the corresponding target user of the data packet is determined in current local area network according to the local area network characteristic information, and according to described Server account information determine the target user have destination server account, then to the internet behavior of the target user into Row detection;If user's blocking module 303 determines that the target user is not inconsistent according to preset condition, by the target user It is added to blocked user group, to carry out blocking operation to the target user.
The present embodiment determined by extracting the user's characteristic information in data packet target user in current local area network and After target user has destination server account, if the internet behavior of detection target user does not meet preset condition, to target User carries out blocking operation, so that the obstruction under mirror image pattern to the network user is realized, to guarantee the stability of the whole network.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Data packet discarding module, if for determining that the corresponding target of the data packet is used according to the local area network characteristic information Family determines that the target user does not have destination server account not in current local area network, or according to the server account information Number, then abandon the data packet.
Further, on the basis of above-mentioned apparatus embodiment, user's blocking module 303 is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the model of preset IP sections of monitoring In enclosing, then the target user is added to blocked user group.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
The blocking processing device of shared access user described in the present embodiment can be used for executing above method embodiment, Principle is similar with technical effect, and details are not described herein again.
Referring to Fig. 4, the electronic equipment, comprising: processor (processor) 401, memory (memory) 402 and total Line 403;
Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the program instruction in the memory 402, to execute above-mentioned each method embodiment Provided method.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated When machine executes, computer is able to carry out method provided by above-mentioned each method embodiment.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member It is physically separated with being or may not be, component shown as a unit may or may not be physics list Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
It is noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although reference Invention is explained in detail for previous embodiment, those skilled in the art should understand that: it still can be right Technical solution documented by foregoing embodiments is modified or equivalent replacement of some of the technical features;And this It modifies or replaces, the spirit and model of technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution It encloses.

Claims (10)

1. a kind of obstruction processing method of shared access user characterized by comprising
Mirroring device obtains the data packet of internet, extracts user's characteristic information, the user characteristics letter according to the data packet Breath includes local area network characteristic information and server account information;
If according to the local area network characteristic information determine the corresponding target user of the data packet in current local area network, and according to The server account information determines that the target user has destination server account, then to the online row of the target user To be detected;
If determining that the target user is not inconsistent according to preset condition, the target user is added to blocked user group, with right The target user carries out blocking operation.
2. the method according to claim 1, wherein the method also includes:
If determining the corresponding target user of the data packet not in current local area network or root according to the local area network characteristic information It determines that the target user does not have destination server account according to the server account information, then abandons the data packet.
3. the method according to claim 1, wherein if described determine the target user not according to preset condition Symbol, then be added to blocked user group for the target user, specifically include:
If the target user is not in white list, and the IP address of the target user is in the range of preset IP sections of monitoring It is interior, then the target user is added to blocked user group.
4. method according to claim 1-3, which is characterized in that the method also includes:
The obstruction page is sent to each user terminal in the blocked user group.
5. a kind of blocking processing device of shared access user characterized by comprising
Characteristic extracting module extracts user's characteristic information, the use according to the data packet for obtaining the data packet of internet Family characteristic information includes local area network characteristic information and server account information;
Feature judgment module, if for determining that the corresponding target user of the data packet is working as according to the local area network characteristic information In preceding local area network, and determine that the target user has destination server account according to the server account information, then to institute The internet behavior for stating target user detects;
User's blocking module, if adding the target user for determining that the target user is not inconsistent according to preset condition To blocked user group, to carry out blocking operation to the target user.
6. device according to claim 5, which is characterized in that described device further include:
Data packet discarding module, if for determining the corresponding target user of the data packet not according to the local area network characteristic information Determine that the target user does not have destination server account in current local area network, or according to the server account information, Then abandon the data packet.
7. device according to claim 5, which is characterized in that user's blocking module is specifically used for:
If the target user is not in white list, and the IP address of the target user is in the range of preset IP sections of monitoring It is interior, then the target user is added to blocked user group.
8. according to the described in any item devices of claim 5-7, which is characterized in that described device further include:
Block page sending module, each user terminal being sent in the blocked user group for the page will to be blocked.
9. a kind of electronic equipment characterized by comprising
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy Enough methods executed as described in Claims 1-4 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited Computer program is stored up, the computer program makes the computer execute the method as described in Claims 1-4 is any.
CN201811093661.8A 2018-09-19 2018-09-19 A kind of obstruction processing method and processing device of shared access user Pending CN109309628A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811093661.8A CN109309628A (en) 2018-09-19 2018-09-19 A kind of obstruction processing method and processing device of shared access user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811093661.8A CN109309628A (en) 2018-09-19 2018-09-19 A kind of obstruction processing method and processing device of shared access user

Publications (1)

Publication Number Publication Date
CN109309628A true CN109309628A (en) 2019-02-05

Family

ID=65223974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811093661.8A Pending CN109309628A (en) 2018-09-19 2018-09-19 A kind of obstruction processing method and processing device of shared access user

Country Status (1)

Country Link
CN (1) CN109309628A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090059818A1 (en) * 1998-04-03 2009-03-05 Pickett Scott K Systems and methods for providing configurable caller id iformation
CN101577729A (en) * 2009-06-10 2009-11-11 上海宝信软件股份有限公司 Method for blocking bypass by combining DNS redirection with Http redirection
CN102904902A (en) * 2012-10-31 2013-01-30 北京锐安科技有限公司 Dynamic host configuration protocol (DHCP)-based bypass blocking method
CN103441882A (en) * 2013-09-04 2013-12-11 上海辰锐信息科技公司 Remote management method for internet access
CN107465659A (en) * 2017-06-30 2017-12-12 北京北信源软件股份有限公司 A kind of network log-in management method and device
CN107623661A (en) * 2016-07-15 2018-01-23 阿里巴巴集团控股有限公司 Block system, the method and device of access request, server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090059818A1 (en) * 1998-04-03 2009-03-05 Pickett Scott K Systems and methods for providing configurable caller id iformation
CN101577729A (en) * 2009-06-10 2009-11-11 上海宝信软件股份有限公司 Method for blocking bypass by combining DNS redirection with Http redirection
CN102904902A (en) * 2012-10-31 2013-01-30 北京锐安科技有限公司 Dynamic host configuration protocol (DHCP)-based bypass blocking method
CN103441882A (en) * 2013-09-04 2013-12-11 上海辰锐信息科技公司 Remote management method for internet access
CN107623661A (en) * 2016-07-15 2018-01-23 阿里巴巴集团控股有限公司 Block system, the method and device of access request, server
CN107465659A (en) * 2017-06-30 2017-12-12 北京北信源软件股份有限公司 A kind of network log-in management method and device

Similar Documents

Publication Publication Date Title
CN109792409B (en) Methods, systems, and computer readable media for dropping messages during congestion events
CN107431712B (en) System and method for webflow logging for multi-tenant environments
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN108650218A (en) Network Traffic Monitoring method, apparatus, computer equipment and storage medium
CN107623663A (en) Handle the method and device of network traffics
CN109271793A (en) Internet of Things cloud platform device class recognition methods and system
CN110022227A (en) Method for processing business, device, equipment and storage medium
CN109309591B (en) Traffic data statistical method, electronic device and storage medium
US10567441B2 (en) Distributed security system
CN105447385B (en) A kind of applied database honey jar detected at many levels realizes system and method
CN110505248A (en) A kind of localization method and system of Intranet NAT flow
CN108123919A (en) The monitoring guard system and method for network
CN112272179A (en) Network security processing method, device, equipment and machine readable storage medium
CN112688932A (en) Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium
CN108028828A (en) A kind of distributed denial of service ddos attack detection method and relevant device
CN103959715A (en) Methods, systems, and computer readable media for testing a diameter routing node
CN105591832B (en) application layer slow attack detection method and related device
CN109039959A (en) A kind of the consistency judgment method and relevant apparatus of SDN network rule
US20210352516A1 (en) Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium
CN114338064B (en) Method, device, system, equipment and storage medium for identifying network traffic type
CN110381082B (en) Mininet-based attack detection method and device for power communication network
CN110222297B (en) Identification method of tag user and related equipment
CN109309628A (en) A kind of obstruction processing method and processing device of shared access user
CN109361618B (en) Data flow marking method and device, computer equipment and storage medium
CN104111821B (en) The method, apparatus and system of a kind of data processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190205