CN110365689B - Port detection method, device and system - Google Patents

Port detection method, device and system Download PDF

Info

Publication number
CN110365689B
CN110365689B CN201910657041.0A CN201910657041A CN110365689B CN 110365689 B CN110365689 B CN 110365689B CN 201910657041 A CN201910657041 A CN 201910657041A CN 110365689 B CN110365689 B CN 110365689B
Authority
CN
China
Prior art keywords
service
real
server
rule base
real data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910657041.0A
Other languages
Chinese (zh)
Other versions
CN110365689A (en
Inventor
刘晓
章宇东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sohu New Media Information Technology Co Ltd
Original Assignee
Beijing Sohu New Media Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sohu New Media Information Technology Co Ltd filed Critical Beijing Sohu New Media Information Technology Co Ltd
Priority to CN201910657041.0A priority Critical patent/CN110365689B/en
Publication of CN110365689A publication Critical patent/CN110365689A/en
Application granted granted Critical
Publication of CN110365689B publication Critical patent/CN110365689B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Abstract

The application provides a port scanning method, a port scanning device and a port scanning system, which are applied to a server, wherein the method comprises the following steps: creating a virtual object of a client; performing interactive operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server; determining a real service in the real data message. In this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet. Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.

Description

Port detection method, device and system
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, and a system for port detection.
Background
The server has many ports, which can be opened to other terminals for use. While the server is open, an intruder can attack the server by means of the port. To avoid an attack, a scan operation is typically performed on an open port of the server.
Some scanning tools (e.g., nmap, zmap) are currently commonly employed to perform scanning operations on open ports of servers. At present, a scanning tool can scan an open port and obtain default services of the port by adopting a semi-open scanning mode nmap-sS, and the mode cannot detect real services of the port (an attacker modifies the port services under some conditions).
The scanning tool can scan the software version of the server by using a version detection mode nmap-sV and obtain an open port and real service by analyzing, but the mode is slow and is not suitable for efficient port scanning of enterprise-level scale to obtain real service.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a system for port detection, which can perform efficient scanning on real services and are suitable for efficient port scanning on an enterprise-level scale.
The present application provides the following technical features:
a port scanning method is applied to a server, and comprises the following steps:
creating a virtual object of a client;
performing interactive operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server;
determining a real service in the real data message.
Optionally, the obtaining the real data packet fed back by the server by performing an interactive operation with the server through an open port by using the virtual object includes:
establishing TCP connection with the server by using the virtual object, and setting to execute interactive operation in a TCP socket mode;
the virtual object sends a message to the server;
and acquiring the real data message fed back by the server.
Optionally, the determining the real service in the real data packet includes:
matching each field in the real data message with each field in a preset service rule base to determine an intersection field which is formed by the real data message and the preset service rule base;
determining real services corresponding to the intersection fields in the preset service rule base;
the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one.
Optionally, the method further includes:
scanning an open port of the server by using a scanning tool to obtain default service of the open port;
comparing the default service with the real service;
and sending out a message that the default service of the open port is tampered when the default service is inconsistent with the real service.
Optionally, the method further includes:
comparing the real service with a preset sensitive service rule base;
extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service;
and if the IP address is the public network address, sending out prompt information for closing the open port.
Optionally, the method further includes:
extracting an encryption and decryption password from the real data message;
matching the encryption and decryption passwords with a preset weak password rule base;
and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
Optionally, the method further includes:
the method comprises the steps of pre-storing a preset service rule base, a preset sensitive service rule base and a preset weak password rule base.
A port scanning device applied to a server comprises:
a creating unit for creating a virtual object of a client;
the interaction unit is used for executing interaction operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server;
a determining unit, configured to determine a real service in the real data packet.
Optionally, the method further includes:
the first anomaly detection unit is used for scanning the open port of the server by using a scanning tool to obtain default service of the open port; comparing the default service with the real service; sending a message indicating that the default service of the open port is tampered when the default service is inconsistent with the real service;
the second anomaly detection unit is used for comparing the real service with a preset sensitive service rule base; extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service; if the IP address is a public network address, sending a prompt message for closing the open port;
a third anomaly detection unit, configured to extract an encryption/decryption password from the real data packet; matching the encryption and decryption passwords with a preset weak password rule base; and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
A port scanning system, comprising:
the resource management platform is a server connected with the resource management platform;
the server is used for executing the port scanning method.
Through the technical means, the following beneficial effects can be realized:
in this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet.
Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a port detection system disclosed in an embodiment of the present application;
fig. 2 is a flowchart of a first embodiment of a port detection method disclosed in the present application;
fig. 3 is a flowchart of a second embodiment of a port detection method disclosed in the present application;
fig. 4 is a schematic structural diagram of a port detection apparatus disclosed in an embodiment of the present application;
fig. 5 is a flowchart of a third embodiment of a port detection method disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The present application provides a port scanning system, see fig. 1, which may include:
a resource management platform 100 and a plurality of servers 200.
Each server can send the server basic information to the resource management platform, so that the resource management platform can store the basic information of each server. The basic information may include open ports of servers, IP addresses, network types (public/private), responsible users and mailboxes, etc.
It is understood that the port scanning method provided by the present application can be applied to each server, and a detailed description will be given by taking one server as an example.
The present application provides a first embodiment of a port scanning method, referring to fig. 2, the application to a server may include:
step S201: a virtual object for the client is created.
The server creates a virtual object of the client for data interaction with the server.
Step S202: performing interactive operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server;
and aiming at the open port which needs to be detected by the server, carrying out interactive operation with the server through the open port by utilizing the virtual object. Specifically, the method can be realized by the following steps:
s1, establishing TCP connection with the server by using the virtual object, and setting to execute interactive operation in a TCPsocket mode;
s2, the virtual object sends a message to the server;
s3, obtaining the real data message fed back by the server.
Step S203: determining a real service in the real data message.
According to one embodiment provided by the present application, this step can be implemented as follows:
matching each field in the real data message with each field in a preset service rule base to determine an intersection field which is formed by the real data message and the preset service rule base; the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one. And determining the real service corresponding to the intersection field in the preset service rule base.
Through the technical characteristics, the application has the following beneficial effects:
in this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet.
Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.
The present application provides an embodiment two of a port scanning method, referring to fig. 3, the application to a server may include:
step S301: the server stores a preset service rule base, a preset sensitive service rule base and a preset weak password rule base.
The user can set the service rule base, the preset sensitive service rule base and the preset weak password rule base based on the application scene so as to be stored and used subsequently by the server.
The service rule base comprises a plurality of service names and a plurality of fields corresponding to the service names one by one, and each field can uniquely represent one service.
The preset sensitive service rule base comprises one or more service names, and is used for indicating that important data are involved when the service is operated under a certain application scene, and the service is set as a sensitive service in order to protect the safety of the important data.
The preset weak password rule base comprises a plurality of weak password rules.
Step S302: the server obtains the basic information of the server through the resource management platform.
The basic information includes each open port, the network type of the open port, the responsible person, the mailbox, and the like.
Step S303: the server scans the open port of the server by using a scanning tool to obtain the default service of the open port.
The server can scan the open port of the server by using a scanning tool nmap, which obtains the default service of the open port.
Step S304: a virtual object for the client is created.
Step S305: and executing interactive operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server.
Step S306: determining a real service in the real data message.
This step can be implemented in the following way: matching each field in the real data message with each field in a preset service rule base to determine an intersection field which is formed by the real data message and the preset service rule base; determining real services corresponding to the intersection fields in the preset service rule base; the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one.
It can be understood that the preset service rule base includes a field that can uniquely identify a service, and if the real data packet exists in the preset service rule base, that is, the real data packet and the preset service rule base have an intersection field, the intersection field is a field that is not enough to identify the real service.
And determining the service corresponding to the intersection field in the preset service rule base, so as to be the service corresponding to the real data message, namely the real service corresponding to the open port.
And after determining the real data message and the real service, executing abnormal identification operation:
step S307: comparing the default service with the real service; and sending out a message that the default service of the open port is tampered when the default service is inconsistent with the real service.
For example, if the default service corresponding to the open port is different from the real service, the responsible person is notified to prompt "the default service of the open port is tampered with, please modify in time".
Step S308: comparing the real service with a preset sensitive service rule base; extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service; and if the IP address is the public network address, sending out prompt information for closing the open port.
For example, if the real service is a sensitive service and the IP address is a public network address, it indicates that the sensitive service is at risk of leakage, so the responsible person is notified to prompt "the public network address turns on the sensitive service, please turn off immediately".
Step S309: extracting an encryption and decryption password from the real data message; matching the encryption and decryption passwords with a preset weak password rule base; and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
For example, an encryption/decryption password is extracted from a real data message, and if the real service of the open port includes a weak password, a responsible person is notified to prompt that "the real service relates to the weak password and please modify in time".
Through the technical characteristics, the application has the following beneficial effects:
in this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet.
Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.
In addition, the application also provides an abnormity detection mechanism for the open port, after the open port is scanned, abnormity detection can be performed on the open port, and a responsible person can be reminded after the abnormity is detected, so that the abnormity can be modified.
Referring to fig. 4, the present application further provides a port scanning apparatus applied to a server, the apparatus including:
a creating unit 41 for creating a virtual object of the client;
an interaction unit 42, configured to perform an interaction operation with the server through an open port by using the virtual object, and obtain a real data packet fed back by the server;
a determining unit 43, configured to determine a real service in the real data packet.
The interaction unit 42 is specifically configured to establish a TCP connection with the server by using the virtual object, and set to execute an interaction operation in a TCP socket manner; the virtual object sends a message to the server; and acquiring the real data message fed back by the server.
The determining unit 43 is specifically configured to match each field in the real data packet with each field in a preset service rule base, and determine an intersection field that both the real data packet and the preset service rule base have; determining real services corresponding to the intersection fields in the preset service rule base; the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one.
The port scanning device further includes:
a first anomaly detection unit 44, configured to scan an open port of the server by using a scanning tool, and obtain a default service of the open port; comparing the default service with the real service; sending a message indicating that the default service of the open port is tampered when the default service is inconsistent with the real service;
a second anomaly detection unit 45, configured to compare the real service with a preset sensitive service rule base; extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service; if the IP address is a public network address, sending a prompt message for closing the open port;
a third anomaly detection unit 46, configured to extract an encryption/decryption password from the real data packet; matching the encryption and decryption passwords with a preset weak password rule base; and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
Through the technical characteristics, the application has the following beneficial effects:
in this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet.
Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.
In addition, the application also provides an abnormity detection mechanism for the open port, after the open port is scanned, abnormity detection can be performed on the open port, and a responsible person can be reminded after the abnormity is detected, so that the abnormity can be modified.
Referring to fig. 5, a flowchart of a third embodiment of a port detection method in the present application is shown, which includes the following steps:
step 1: setting a rule base: the system is established according to the company safety system and comprises a service rule base, a weak password rule base and a sensitive rule base.
Step 2: collecting information: and acquiring a database including IP, network type, responsible person, mailbox and the like through the resource management platform.
And step 3: and (3) nmap detection: the nmap tool detects the open port, default service.
And 4, step 4: advanced detection: and creating a TCP client object, establishing connection with a server, and receiving and transmitting data messages through a TCP socket.
And 5: and (3) real service identification: and (4) comparing the data message received in the step (4) with the service rule base set in the step (1) to identify the real service of the port.
Step 6: and (3) sensitive service identification: and (4) comparing the data message received in the step (4) with the sensitive rule base set in the step (1) to identify whether the real service of the port is sensitive or not.
And 7: and (3) weak password identification: and (4) comparing the data message received in the step (4) with the weak password rule base set in the step (1) to identify whether the real service of the port is weak password or not.
And 8: service port change alarm: if the default service corresponding to the port of the IP is different from the real service, an alarm is given to inform a responsible person to prompt that the default port of the IP service is modified and please modify in time. Step 9 is performed.
And step 9: and (3) sensitive service alarm: if the real service is the sensitive service and the IP is the public network, the alarm informs the responsible person to prompt the public network IP to start the sensitive service and please close the sensitive service immediately.
Step 10: weak password alarm: if the real service of the IP is a weak password, the alarm informs a responsible person to prompt that the service is the weak password and please modify in time.
Through the technical characteristics, the application has the following beneficial effects:
in this embodiment, the server creates a virtual object of the client, obtains a real data packet of the open port in the server by interacting the virtual object with the server, and obtains a real service in the real data packet.
Compared with the prior art that the software version is analyzed, the method and the device can simply, conveniently and quickly obtain the real service of the open port, and are suitable for efficient port scanning of enterprise-level scale.
In addition, the application also provides an abnormity detection mechanism for the open port, after the open port is scanned, abnormity detection can be performed on the open port, and a responsible person can be reminded after the abnormity is detected, so that the abnormity can be modified.
The functions described in the method of the present embodiment, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (8)

1. A port scanning method is applied to a server, and the method comprises the following steps:
creating a virtual object of a client;
performing interactive operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server;
determining a real service in the real data message;
the determining the real service in the real data message comprises:
matching each field in the real data message with each field in a preset service rule base to determine an intersection field which is formed by the real data message and the preset service rule base;
determining real services corresponding to the intersection fields in the preset service rule base;
the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one;
scanning an open port of the server by using a scanning tool to obtain default service of the open port;
comparing the default service with the real service;
and sending out a message that the default service of the open port is tampered when the default service is inconsistent with the real service.
2. The method of claim 1, wherein the using the virtual object to perform an interactive operation with the server through an open port to obtain a real data packet fed back by the server comprises:
establishing TCP connection with the server by using the virtual object, and setting to execute interactive operation in a TCP socket mode;
the virtual object sends a message to the server;
and acquiring the real data message fed back by the server.
3. The method of claim 1, further comprising:
comparing the real service with a preset sensitive service rule base;
extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service;
and if the IP address is the public network address, sending out prompt information for closing the open port.
4. The method of claim 1, further comprising:
extracting an encryption and decryption password from the real data message;
matching the encryption and decryption passwords with a preset weak password rule base;
and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
5. The method of claim 1, further comprising:
the method comprises the steps of pre-storing a preset service rule base, a preset sensitive service rule base and a preset weak password rule base.
6. A port scanning device applied to a server, the device comprising:
a creating unit for creating a virtual object of a client;
the interaction unit is used for executing interaction operation with the server through an open port by using the virtual object to obtain a real data message fed back by the server;
a determining unit, configured to determine a real service in the real data packet;
the determining the real service in the real data message comprises:
matching each field in the real data message with each field in a preset service rule base to determine an intersection field which is formed by the real data message and the preset service rule base;
determining real services corresponding to the intersection fields in the preset service rule base;
the preset service rule base comprises a plurality of services and a plurality of fields corresponding to the services one by one;
the first anomaly detection unit is used for scanning the open port of the server by using a scanning tool to obtain default service of the open port; comparing the default service with the real service; and sending out a message that the default service of the open port is tampered when the default service is inconsistent with the real service.
7. The apparatus of claim 6, further comprising:
the second anomaly detection unit is used for comparing the real service with a preset sensitive service rule base; extracting an IP address from the real data message under the condition that the real service is determined to be a sensitive service; if the IP address is a public network address, sending a prompt message for closing the open port;
a third anomaly detection unit, configured to extract an encryption/decryption password from the real data packet; matching the encryption and decryption passwords with a preset weak password rule base; and if the encryption and decryption password is determined to be a weak password, sending out prompt information that the encryption and decryption password is a weak password.
8. A port scanning system, comprising:
the resource management platform is a server connected with the resource management platform;
the server is configured to perform the port scanning method according to any one of claims 1 to 5.
CN201910657041.0A 2019-07-19 2019-07-19 Port detection method, device and system Active CN110365689B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910657041.0A CN110365689B (en) 2019-07-19 2019-07-19 Port detection method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910657041.0A CN110365689B (en) 2019-07-19 2019-07-19 Port detection method, device and system

Publications (2)

Publication Number Publication Date
CN110365689A CN110365689A (en) 2019-10-22
CN110365689B true CN110365689B (en) 2021-11-23

Family

ID=68221247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910657041.0A Active CN110365689B (en) 2019-07-19 2019-07-19 Port detection method, device and system

Country Status (1)

Country Link
CN (1) CN110365689B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7908655B1 (en) * 2005-08-16 2011-03-15 Sprint Communications Company L.P. Connectionless port scan detection on a network
CN104468632A (en) * 2014-12-31 2015-03-25 北京奇虎科技有限公司 Loophole attack prevention method, device and system
CN106301909A (en) * 2016-08-11 2017-01-04 杭州华三通信技术有限公司 A kind of port detection method and device
CN108989296A (en) * 2018-06-29 2018-12-11 杭州安恒信息技术股份有限公司 A kind of Internet of things system safety comprehensive assessment system and method
CN109388569A (en) * 2018-10-08 2019-02-26 金蝶软件(中国)有限公司 Method, testing service device and the storage medium of long-range detection client environment exception
CN109495466A (en) * 2018-11-06 2019-03-19 郑州云海信息技术有限公司 A kind of recognition methods and system of unknown miniport service

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7908655B1 (en) * 2005-08-16 2011-03-15 Sprint Communications Company L.P. Connectionless port scan detection on a network
CN104468632A (en) * 2014-12-31 2015-03-25 北京奇虎科技有限公司 Loophole attack prevention method, device and system
CN106301909A (en) * 2016-08-11 2017-01-04 杭州华三通信技术有限公司 A kind of port detection method and device
CN108989296A (en) * 2018-06-29 2018-12-11 杭州安恒信息技术股份有限公司 A kind of Internet of things system safety comprehensive assessment system and method
CN109388569A (en) * 2018-10-08 2019-02-26 金蝶软件(中国)有限公司 Method, testing service device and the storage medium of long-range detection client environment exception
CN109495466A (en) * 2018-11-06 2019-03-19 郑州云海信息技术有限公司 A kind of recognition methods and system of unknown miniport service

Also Published As

Publication number Publication date
CN110365689A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN109525558B (en) Data leakage detection method, system, device and storage medium
CN107391298B (en) Data storage state detection method and device and computer readable storage medium
CN107800678B (en) Method and device for detecting abnormal registration of terminal
US9769688B2 (en) Device and method for prompting information about Wi-Fi signal
CN107733581B (en) Rapid internet asset feature detection method and device based on whole network environment
US20150143454A1 (en) Security management apparatus and method
CN109597727B (en) Detection method, detection device, server and detection system of electronic equipment
EP3220573A1 (en) Method and system for controlling encryption of information and analyzing information as well as terminal
WO2014172956A1 (en) Login method,apparatus, and system
CN110313147B (en) Data processing method, device and system
JP2015225500A (en) Authentication information theft detection method, authentication information theft detection device, and program
CN105681257B (en) Information reporting method, device, equipment and system based on instant messaging interaction platform and computer storage medium
CN111935123B (en) Method, equipment and storage medium for detecting DNS spoofing attack
CN108600162A (en) User authen method and device, computing device and computer storage media
US10826901B2 (en) Systems and method for cross-channel device binding
CN109688096B (en) IP address identification method, device, equipment and computer readable storage medium
CN110365689B (en) Port detection method, device and system
CN113965418B (en) Attack success judgment method and device
JP5743822B2 (en) Information leakage prevention device and restriction information generation device
CN111259400B (en) Vulnerability detection method, device and system
CN107086918A (en) A kind of client validation method and server
CN109522708B (en) Method and device for safely controlling running environment of application program
CN102811146B (en) Method and device for detecting message processing environment
CN114491328A (en) Website access method, equipment, storage medium and device
Müller Evaluating the Security and Resilience of Typical off the Shelf CoAP IoT Devices: Assessing CoAP and Wi-Fi vulnerabilities

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant