CN110493228A - A kind of terminal violation networking detection method and device - Google Patents

A kind of terminal violation networking detection method and device Download PDF

Info

Publication number
CN110493228A
CN110493228A CN201910772033.0A CN201910772033A CN110493228A CN 110493228 A CN110493228 A CN 110493228A CN 201910772033 A CN201910772033 A CN 201910772033A CN 110493228 A CN110493228 A CN 110493228A
Authority
CN
China
Prior art keywords
network interface
interface card
address
interface
metric
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910772033.0A
Other languages
Chinese (zh)
Other versions
CN110493228B (en
Inventor
谢晓昕
王辉
陈锦祥
王洁如
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201910772033.0A priority Critical patent/CN110493228B/en
Publication of CN110493228A publication Critical patent/CN110493228A/en
Application granted granted Critical
Publication of CN110493228B publication Critical patent/CN110493228B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of terminal violation networking detection method and device, which comprises periodically obtains the IP address information of terminal;If judgement knows that the quantity of the IP address of the terminal is more than or equal to 2, the routing table of the terminal is obtained;Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first connected state of the terminal to network in violation of rules and regulations.Described device is for executing the above method.Terminal violation networking detection method and device provided in an embodiment of the present invention, improve the terminal reliability that networking detects in violation of rules and regulations.

Description

A kind of terminal violation networking detection method and device
Technical field
The present invention relates to field of computer technology, and in particular to a kind of terminal violation networking detection method and device.
Background technique
Currently, the safe and stable operation in order to guarantee Intranet, prevents the important information of Intranet from meeting with It attacks and destroys to external the Internet, Intranet and internet are usually physically separated by enterprise.
In the prior art, the terminal mode whether in violation of rules and regulations connection internet is detected usually using anchor point is checked, if terminal The anchor point of Intranet and internet can be accessed simultaneously, then judging terminal connection network in violation of rules and regulations.Above-mentioned anchor point detection Mode, be easy by user find and shield, to cause missing inspection, lead to the security risk of Intranet.
Therefore, how to propose a kind of terminal violation networking detection method, can not be found and be shielded by user, improve terminal The reliability of connected state detection becomes the important topic that this field needs to solve.
Summary of the invention
For the problems of the prior art, the suction type that the embodiment of the present invention provides a kind of Adsorbate Gas determines method And device, problems of the prior art can at least be partially solved.
On the one hand, the present invention proposes a kind of terminal violation networking detection method, comprising:
Periodically obtain the IP address information of terminal;
If judgement knows that the quantity of the IP address of the terminal is more than or equal to 2, the routing table of the terminal is obtained;
Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines that the first connected state of the terminal is It networks in violation of rules and regulations.
On the other hand, the present invention provides a kind of terminal violation networking detection device, comprising:
Obtaining unit, for periodically obtaining the IP address information of terminal;
Judging unit obtains institute after knowing that the quantity of IP address of the terminal is more than or equal to 2 in judgement State the routing table of terminal;
First determination unit determines the end for interconnecting violation judgment rule according to the routing table and intranet and extranet First connected state at end is to network in violation of rules and regulations.
In another aspect, the present invention provides a kind of electronic equipment, including memory, processor and storage are on a memory and can The computer program run on a processor, the processor realize terminal described in any of the above-described embodiment when executing described program The step of networking detection method in violation of rules and regulations.
Another aspect, the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, the calculating Machine program realizes the step of violation networking detection method of terminal described in any of the above-described embodiment when being executed by processor.
Terminal provided in an embodiment of the present invention in violation of rules and regulations sentencing by networking detection method, the regular IP address information for obtaining terminal The quantity of the disconnected IP address for knowing terminal is more than or equal to after 2, obtains the routing table of terminal, then according to routing table and Intranet and extranet interconnect violation judgment rule, determine that the first connected state of terminal to network in violation of rules and regulations, is not easy to be shielded, improves terminal The reliability of networking detection in violation of rules and regulations.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.In the accompanying drawings:
Fig. 1 is the flow diagram for the terminal violation networking detection method that first embodiment of the invention provides.
Fig. 2 is the flow diagram for the terminal violation networking detection method that second embodiment of the invention provides.
Fig. 3 is the flow diagram for the terminal violation networking detection method that third embodiment of the invention provides.
Fig. 4 is the flow diagram for the terminal violation networking detection method that fourth embodiment of the invention provides.
Fig. 5 is the flow diagram for the terminal violation networking detection method that fifth embodiment of the invention provides.
Fig. 6 is the flow diagram for the terminal violation networking detection method that sixth embodiment of the invention provides.
Fig. 7 is the structural schematic diagram for the terminal violation networking detection device that seventh embodiment of the invention provides.
Fig. 8 is the structural schematic diagram for the terminal violation networking detection device that eighth embodiment of the invention provides.
Fig. 9 is the structural schematic diagram for the terminal violation networking detection device that ninth embodiment of the invention provides.
Figure 10 is the structural schematic diagram for the terminal violation networking detection device that tenth embodiment of the invention provides.
Figure 11 is the structural schematic diagram for the terminal violation networking detection device that eleventh embodiment of the invention provides.
Figure 12 is the structural schematic diagram for the terminal violation networking detection device that twelveth embodiment of the invention provides.
Figure 13 is the structural schematic diagram for the terminal violation networking detection device that thriteenth embodiment of the invention provides.
Figure 14 is the structural schematic diagram for the terminal violation networking detection device that fourteenth embodiment of the invention provides.
Specific embodiment
Understand in order to make the object, technical scheme and advantages of the embodiment of the invention clearer, with reference to the accompanying drawing to this hair Bright embodiment is described in further details.Here, the illustrative embodiments of the present invention and their descriptions are used to explain the present invention, but simultaneously It is not as a limitation of the invention.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.
Technical solution provided by the present application in order to facilitate understanding below first carries out the research background of technical scheme Simple declaration.Enterprise internal network (hereinafter referred to as Intranet) and external the Internet (hereinafter referred to as outer net) can be carried out physics every From to guarantee the safe operation of Intranet.Further, Intranet can also be divided into multiple network areas being mutually isolated by enterprise, Such as multiple and different Intranet such as production network, office network, test network.The terminal of enterprises, difference depending on the application, Different network access authoritys is set, and some terminals can only access outer net, and some terminals can only access Intranet, further, visit Ask that the terminal of Intranet is arranged to that an Intranet can only be accessed, to guarantee the safety of corporate intranet operation.Internal staff in order to Using the convenience of network, terminal may be connected Intranet and outer net simultaneously, or connect multiple and different Intranets simultaneously, to enterprise The Intranet of industry brings security risk.Therefore, the embodiment of the present invention provides a kind of terminal violation networking detection method, to detect terminal Connected state, can reliably and accurately identify terminal with the presence or absence of in violation of rules and regulations network.Wherein, the terminal includes but unlimited In desktop computer, laptop, smart phone and tablet computer.
Fig. 1 is the flow diagram for the terminal violation networking detection method that one embodiment of the invention provides, as shown in Figure 1, Terminal violation networking detection method provided in an embodiment of the present invention, comprising:
S101, the IP address information for periodically obtaining terminal;
Specifically, the IP address information of terminal can be acquired periodically in server by interface function, and IP address information includes At least one IP address.Wherein, described to be periodically configured according to actual needs, such as primary, present invention reality is obtained per minute Apply example without limitation;The interface function for obtaining IP address information is configured according to actual needs, and the embodiment of the present invention is not It limits.The executing subject of terminal violation networking detection method provided in an embodiment of the present invention includes but is not limited to server.
If S102, judgement know that the quantity of the IP address of the terminal is more than or equal to 2, the road of the terminal is obtained By table;
Specifically, the server can count in IP address information after the IP address information for obtaining the terminal Including IP address quantity, if the quantity of the IP address be more than or equal to 2, the server can pass through tune Obtain the routing table of the terminal with relevant interface function, the routing table include network objectives, netmask, gateway, interface, The information such as metric.Wherein, the interface function for obtaining routing table is configured according to actual needs, and the embodiment of the present invention does not limit It is fixed.
S103, violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first networking of the terminal State is to network in violation of rules and regulations.
Specifically, the server is after the routing table for obtaining the terminal, can be according to the routing table and interior Outer net interconnects violation judgment rule, determines the first connected state of the terminal to network in violation of rules and regulations.The first connected state packet Networking and normal cluster in violation of rules and regulations are included, the first connected state of the terminal is normal cluster, and it is outer to show that the terminal individually connects Net individually connects Intranet;First connected state of the terminal is to network in violation of rules and regulations, shows the terminal while being connected to outer Net and Intranet.
Terminal provided in an embodiment of the present invention in violation of rules and regulations sentencing by networking detection method, the regular IP address information for obtaining terminal The quantity of the disconnected IP address for knowing terminal is more than or equal to after 2, obtains the routing table of terminal, then according to routing table and Intranet and extranet interconnect violation judgment rule, determine that the first connected state of terminal to network in violation of rules and regulations, is not easy to be shielded, improves terminal The reliability of networking detection in violation of rules and regulations.In addition, according to the violation of routing table and intranet and extranet interconnection violation judgment rule detection terminal Networking improves the terminal accuracy that networking detects in violation of rules and regulations.
Fig. 2 is the flow diagram for the terminal violation networking detection method that second embodiment of the invention provides, such as Fig. 2 institute Show, on the basis of the various embodiments described above, further, described according to the routing table and intranet and extranet interconnection, judgement is advised in violation of rules and regulations Then, determine that the first connected state of the terminal includes: for networking in violation of rules and regulations
S201, the interface that all static routing are obtained according to the routing table;
Specifically, the routing table includes default route and static routing, the network objectives and network of the default route Mask is all 0, and the network objectives and netmask of the static routing are not all 0, i.e. network objectives and netmask are all 0 It is otherwise static routing for default route.The server is all in the routing table from that can obtain in the routing table The interface of static routing.
S202, according to the interface of all static routing, obtain the corresponding network interface card of interface of all static routing;
Specifically, the server is after the interface for obtaining all static routing, due to each of described routing table Interface can all correspond to a network interface card, can be obtained according to the interface of each static routing corresponding with the interface of each static routing Network interface card, thus the corresponding network interface card of the interface for obtaining all static routing.
S203, the corresponding network interface card of interface according to all static routing, obtain the corresponding net of interface of all static routing The domain name server address of each network interface card in card;
Specifically, the server is after the corresponding network interface card of interface for obtaining all static routing, due to each network interface card Network interface card information in include at least one address name server (Domain Name Server, abbreviation DNS), the server The corresponding net of interface of each static routing can be obtained according to the network interface card information of the corresponding network interface card of interface of each static routing The dns address of card, thus in the corresponding network interface card of the interface for obtaining all static routing each network interface card dns address.
Exist including Intranet name server if S204, judgement are known in the corresponding network interface card of the interface of all static routing The network interface card of location and do not include Intranet domain name server address network interface card, it is determined that the first connected state of the terminal be in violation of rules and regulations join Net;Wherein, the Intranet domain name server address is preset.
Specifically, the server by the dns address of each network interface card in the corresponding network interface card of the interface of all static routing with Intranet domain name server address is compared, with judging in the corresponding network interface card of the interface of all static routing the DNS of each network interface card Location whether there is Intranet domain name server address.If thering is at least one dns address and Intranet domain name to take in the dns address of network interface card The dns address being engaged in device address is identical, then the network interface card is the network interface card for including Intranet domain name server address;If network interface card All dns address in dns address are not the dns address in Intranet domain name server address, then the network interface card is not include The network interface card of Intranet domain name server address illustrates that the dns address of the network interface card is outer net domain name server address.The server is such as Fruit is judged to have the network interface card including Intranet domain name server address in the corresponding network interface card of the interface of all static routing and not wrap The network interface card of Intranet domain name server address is included, then it is determined that the first connected state of the terminal is to network in violation of rules and regulations, i.e., the described end It holds while being connected to Intranet and outer net.Wherein, the Intranet domain name server address is preset, including at least one DNS Location.
Fig. 3 is the flow diagram for the terminal violation networking detection method that third embodiment of the invention provides, such as Fig. 3 institute Show, on the basis of the various embodiments described above, further, described according to the routing table and intranet and extranet interconnection, judgement is advised in violation of rules and regulations Then, determine that the first connected state of the terminal includes: for networking in violation of rules and regulations
S301, the interface of all static routing and connecing for the smallest default route of metric are obtained according to the routing table Mouthful;
Specifically, the server connecing from all static routing that can be obtained in the routing table in the routing table Mouthful.The server can obtain the interface and metric of all default routes from the routing table, and each interface is corresponding One metric, then compares the size of the metric of each default route, to obtain the smallest default route of metric Interface.
S302, according to the interface of all static routing, obtain the corresponding network interface card of interface of all static routing, and according to institute The interface for stating the smallest default route of metric obtains the corresponding network interface card of interface of the smallest default route of the metric;
Specifically, interface of the server in the interface and the smallest default route of metric for obtaining all static routing It later, can according to the interface of each static routing since each interface in the routing table can correspond to a network interface card To obtain network interface card corresponding with the interface of each static routing, thus the corresponding network interface card of the interface for obtaining all static routing, and It is obtained and the smallest default road of the metric according to the interface of each default route in the smallest default route of the metric The corresponding network interface card of the interface of each default route in, so that the interface for obtaining the smallest default route of the metric is corresponding Network interface card.
S303, according to the corresponding network interface card of interface of all static routing and the interface of the smallest default route of the metric Corresponding network interface card obtains each net in the corresponding network interface card of interface of all static routing and the smallest default route of the metric The domain name server address of card;
Specifically, the server can be obtained according to the network interface card information of the corresponding network interface card of interface of each static routing The dns address of the corresponding network interface card of the interface of each static routing, can also be according to every in the smallest default route of the metric The network interface card information of the corresponding network interface card of the interface of a default route obtains each default road in the smallest default route of the metric By the corresponding network interface card of interface dns address, to obtain all static routing and the smallest default route of the metric The domain name server address of each network interface card in the corresponding network interface card of interface.Wherein, all static routing and the metric are the smallest The corresponding network interface card of the interface of default route, i.e., the corresponding network interface card of interface and the smallest default of the metric of all static routing The corresponding network interface card of the interface of routing.
If S304, judgement know the corresponding network interface card of interface of all static routing and the smallest default route of the metric It is middle exist include the network interface card of Intranet domain name server address and do not include Intranet domain name server address network interface card, then the terminal The first connected state be in violation of rules and regulations network;Wherein, the Intranet domain name server address is preset.
Specifically, the server is corresponding by the interface of all static routing and the smallest default route of the metric The dns address of each network interface card is compared with Intranet domain name server address in network interface card, judges all static routing and the jump Count each network interface card in the corresponding network interface card of interface of the smallest default route dns address with the presence or absence of Intranet name server Location.If had in the dns address of network interface card, at least one dns address is identical as the dns address in Intranet domain name server address, that The network interface card is the network interface card for including Intranet domain name server address;If all dns address in the dns address of network interface card are not Dns address in Intranet domain name server address, then the network interface card is the network interface card for not including Intranet domain name server address, explanation The dns address of the network interface card is outer net domain name server address.The server if it is judged that all static routing interface pair In the network interface card answered exist including Intranet domain name server address network interface card and do not include Intranet domain name server address network interface card, that First connected state of the terminal is to network in violation of rules and regulations, i.e., the described terminal is connected to Intranet and outer net simultaneously.Wherein, in described Net domain name server address is preset, including at least one dns address.
On the basis of the various embodiments described above, further, terminal violation networking detection side provided in an embodiment of the present invention Method further include:
If judging to know, the first connected state of the terminal as normal cluster, according to the routing table and internal joins Net violation judgment rule determines the second connected state of the terminal to network in violation of rules and regulations.
Specifically, the server is if it is judged that the first connected state of the terminal is normal cluster, then can be with According to the routing table and internal network violation judgment rule, the second connected state of the terminal is determined to network in violation of rules and regulations. If the server does not judge the of the terminal according to the routing table and intranet and extranet interconnection violation judgment rule One connected state is to network in violation of rules and regulations, illustrates that the first connected state of the terminal is normal cluster.The second connected state packet Networking and normal cluster in violation of rules and regulations are included, the second connected state of the terminal is normal cluster, shows that the terminal only connects one Intranet;Second connected state of the terminal is to network in violation of rules and regulations, shows the terminal while connecting different Intranets.
For example, the server judges that the first connected state of the terminal is not to network in violation of rules and regulations by step S204, And judge that first connected state of terminal is also not by step S304 and network in violation of rules and regulations, then the server can determine First connected state of the terminal is normal cluster, i.e., the described terminal connection Intranet or outer net.
Fig. 4 is the flow diagram for the terminal violation networking detection method that fourth embodiment of the invention provides, such as Fig. 4 institute Show, on the basis of the various embodiments described above, further, described according to the routing table and internal network, judgement is advised in violation of rules and regulations Then, determine that the second connected state of the terminal includes: for networking in violation of rules and regulations
S401, the interface that all static routing are obtained according to the routing table;
Specifically, the server connecing from all static routing that can be obtained in the routing table in the routing table Mouthful.
S402, according to the interface of all static routing, obtain the corresponding network interface card of interface of all static routing;
Specifically, the server is after the interface for obtaining all static routing, according to the interface of each static routing Network interface card corresponding with the interface of each static routing can be obtained, thus the corresponding network interface card of the interface for obtaining all static routing.
S403, the corresponding network interface card of interface according to all static routing, obtain the corresponding net of interface of all static routing The domain name server address and gateway address of each network interface card in card;
Specifically, the server is after the corresponding network interface card of interface for obtaining all static routing, due to each network interface card Network interface card information in include at least one dns address, further include gateway address in the network interface card information of each network interface card, the server The corresponding net of interface of each static routing can be obtained according to the network interface card information of the corresponding network interface card of interface of each static routing The dns address and gateway address of card, thus in the corresponding network interface card of the interface for obtaining all static routing each network interface card dns address And gateway address.
If S404, judgement know the domain name server address of all network interface cards in the corresponding network interface card of the interface of all static routing It is all Intranet domain name server address, and the gateway address of each network interface card includes in the corresponding network interface card of interface of all static routing The gateway address of different Intranets, then the second connected state of the terminal is to network in violation of rules and regulations;Wherein, the Intranet name server Address be it is preset, the gateway address of each Intranet is preset.
Specifically, the server by the dns address of each network interface card in the corresponding network interface card of the interface of all static routing with Dns address in Intranet domain name server address is compared, and is judged each in the corresponding network interface card of the interface of all static routing Whether the dns address of network interface card is all Intranet domain name server address, if all dns address in the dns address of each network interface card All there are identical dns address in net domain name server address inside, then in the corresponding network interface card of the interface of all static routing The domain name server address of all network interface cards is all Intranet domain name server address.
The server is interior by the gateway address of each network interface card in the corresponding network interface card of the interface of all static routing and each The gateway address of net is compared, if there is the gateway of the gateway address Intranets different from least two of at least two network interface cards Location is identical, such as the gateway address of a network interface card is identical as a gateway address in production network, the gateway of another network interface card Address is identical as a gateway address in office network or the gateway address of first network interface card and production network in one Gateway address is identical, and the gateway address of second network interface card is identical as a gateway address in office network, third network interface card Gateway address is identical as a gateway address in test network, then each in the corresponding network interface card of the interface of all static routing The gateway address of network interface card includes the gateway address of different Intranets.
The server if it is judged that in the corresponding network interface card of the interface of all static routing all network interface cards domain name service Device address is all Intranet domain name server address, and the gateway of each network interface card in the corresponding network interface card of interface of all static routing Location includes the gateway address of different Intranets, then it is determined that the second connected state of the terminal is to network in violation of rules and regulations, i.e., the described terminal It is connected at least two Intranets simultaneously.Wherein, the Intranet domain name server address is preset, including at least one DNS Location, the gateway address of each Intranet are preset.
Fig. 5 is the flow diagram for the terminal violation networking detection method that fifth embodiment of the invention provides, such as Fig. 5 institute Show, on the basis of the various embodiments described above, further, described according to the routing table and internal network, judgement is advised in violation of rules and regulations Then, determine that the second connected state of the terminal includes: for networking in violation of rules and regulations
S501, the interface that the smallest default route of metric is obtained according to the routing table;
The server can obtain the interface and metric of all default routes, each interface from the routing table A corresponding metric, then compares the size of the metric of each default route, to obtain the smallest default road of metric By interface.
S502, according to the interface of the smallest default route of the metric, obtain the smallest default route of the metric The corresponding network interface card of interface;
Specifically, the server is obtained according to the interface of each default route in the smallest default route of the metric Network interface card corresponding with the interface of each default route in the smallest default route of the metric, to obtain the metric most The corresponding network interface card of the interface of small default route.
It is minimum to obtain the metric by S503, the corresponding network interface card of interface according to the smallest default route of the metric Default route the corresponding network interface card of interface in each network interface card domain name server address and gateway address;
Specifically, the server is after the corresponding network interface card of interface for obtaining the smallest default route of metric, It further include gateway in the network interface card information of each network interface card due to including at least one dns address in the network interface card information of each network interface card Location, the server can be according to the corresponding network interface cards of interface of each default route in the smallest default route of the metric Network interface card information obtain the corresponding network interface card of interface of each default route in the smallest default route of the metric dns address and Gateway address, to obtain the dns address of each network interface card in the corresponding network interface card of interface of the smallest default route of the metric And gateway address.
If S504, judgement know the domain of all network interface cards in the corresponding network interface card of interface of the smallest default route of the metric Name server address is all Intranet domain name server address, and the corresponding network interface card of interface of the smallest default route of the metric In each network interface card gateway address include different Intranets gateway address, then the second connected state of the terminal be in violation of rules and regulations join Net;Wherein, the Intranet domain name server address is preset, and the gateway address of each Intranet is preset.
Specifically, the server is by each network interface card in the corresponding network interface card of interface of the smallest default route of the metric Dns address be compared with dns address in Intranet domain name server address, judge the smallest default route of the metric Whether the dns address of each network interface card is Intranet domain name server address in the corresponding network interface card of interface, if the DNS of each network interface card All there are identical dns address in net domain name server address inside for all dns address in address, then the metric is most The domain name server address of all network interface cards is all Intranet domain name server address in the corresponding network interface card of the interface of small default route.
The server is by the gateway of each network interface card in the corresponding network interface card of interface of the smallest default route of the metric Address is compared with the gateway address of each Intranet, different from least two if there is the gateway address of at least two network interface cards The gateway address of Intranet is identical, such as the gateway address of a network interface card is identical as a gateway address in production network, another The gateway address of a network interface card is identical as a gateway address in office network or gateway address and the production of first network interface card A gateway address in network is identical, and the gateway address of second network interface card is identical as a gateway address in office network, The gateway address of third network interface card is identical as a gateway address in test network, then the smallest default road of the metric By the corresponding network interface card of interface in each network interface card gateway address include different Intranets gateway address.
The server is if it is judged that all nets in the corresponding network interface card of interface of the smallest default route of the metric The domain name server address of card is all Intranet domain name server address, and the interface of the smallest default route of the metric is corresponding Network interface card in each network interface card gateway address include different Intranets gateway address, then it is determined that the terminal second networking shape State is to network in violation of rules and regulations, i.e., the described terminal is connected at least two Intranets simultaneously.Wherein, the Intranet domain name server address is pre- If, including at least one dns address, the gateway address of each Intranet are preset.
Fig. 6 is the flow diagram for the terminal violation networking detection method that sixth embodiment of the invention provides, such as Fig. 6 institute Show, on the basis of the various embodiments described above, further, described according to the routing table and internal network, judgement is advised in violation of rules and regulations Then, determine that the second connected state of the terminal includes: for networking in violation of rules and regulations
S601, the interface of all static routing and connecing for the smallest default route of metric are obtained according to the routing table Mouthful;
Specifically, the server connecing from all static routing that can be obtained in the routing table in the routing table Mouthful.The server can obtain the interface and metric of all default routes from the routing table, then compare each The size of the metric of default route, to obtain the interface of the smallest default route of metric.
S602, according to the interface of all static routing, obtain the corresponding network interface card of interface of all static routing, and according to institute The interface for stating the smallest default route of metric obtains the corresponding network interface card of interface of the smallest default route of the metric;
Specifically, interface of the server in the interface and the smallest default route of metric for obtaining all static routing Later, network interface card corresponding with the interface of each static routing can be obtained according to the interface of each static routing, to obtain institute There is the corresponding network interface card of the interface of static routing, and according to the interface of each default route in the smallest default route of the metric Network interface card corresponding with the interface of each default route in the smallest default route of the metric is obtained, to obtain the hop The corresponding network interface card of interface of the smallest default route of number.
S603, according to the corresponding network interface card of interface of all static routing and the interface of the smallest default route of the metric Corresponding network interface card obtains each net in the corresponding network interface card of interface of all static routing and the smallest default route of the metric The domain name server address and gateway address of card;
Specifically, the server can obtain each static road according to the corresponding network interface card of interface of each static routing By the corresponding network interface card of interface dns address and gateway address, can also be according to every in the smallest default route of the metric The corresponding network interface card of the interface of a default route obtains the interface pair of each default route in the smallest default route of the metric The dns address and gateway address for the network interface card answered, to obtain all static routing and the smallest default route of the metric The domain name server address of each network interface card in the corresponding network interface card of interface.Wherein, all static routing and the metric are the smallest The corresponding network interface card of the interface of default route, i.e., the corresponding network interface card of interface and the smallest default of the metric of all static routing The corresponding network interface card of the interface of routing.
If S604, judgement know the corresponding network interface card of interface of all static routing and the smallest default route of the metric In the domain name server address of all network interface cards be all Intranet domain name server address, and all static routing and the metric are most The gateway address of each network interface card includes the gateway address of different Intranets in the corresponding network interface card of the interface of small default route, then described Second connected state of terminal is to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset, the net of each Intranet It is preset for closing address.
Specifically, the server is corresponding by the interface of all static routing and the smallest default route of the metric The dns address of each network interface card is compared with the dns address in Intranet domain name server address in network interface card, judges all static roads Whether the dns address by each network interface card in network interface card corresponding with the interface of the smallest default route of the metric is interior domain Name server address, if all dns address in the dns address of each network interface card exist in net domain name server address inside Identical dns address, then institute in the corresponding network interface card of interface of all static routing and the smallest default route of the metric The domain name server address for having network interface card is all Intranet domain name server address.
The server will be in the corresponding network interface card of interface of all static routing and the smallest default route of the metric The gateway address of each network interface card is compared with the gateway address of each Intranet, if there is the gateway address of at least two network interface cards The gateway address of Intranets different from least two is identical, such as a gateway in the gateway address and production network of a network interface card Address is identical, and the gateway address of another network interface card is identical as a gateway address in office network or first network interface card Gateway address is identical as a gateway address in production network, and one in the gateway address and office network of second network interface card Gateway address is identical, and the gateway address of third network interface card is identical as a gateway address in test network, then all static state The gateway address for routing each network interface card in network interface card corresponding with the interface of the smallest default route of the metric includes in difference The gateway address of net.
The server is if it is judged that the interface of all static routing and the smallest default route of the metric is corresponding Network interface card in the domain name server address of all network interface cards be all Intranet domain name server address, and all static routing and the jump The gateway address of each network interface card in the corresponding network interface card of interface of the smallest default route of counting includes the gateway address of different Intranets, Then it is determined that the second connected state of the terminal is to network in violation of rules and regulations, i.e., the described terminal is connected at least two Intranets simultaneously.Its In, the Intranet domain name server address is preset, including at least one dns address, and the gateway address of each Intranet is pre- If.
It will be appreciated that the server judges that the second connected state of the terminal is not in violation of rules and regulations by step S404 Networking judges that second connected state of terminal is not to network in violation of rules and regulations, and judge by step S604 by step S504 Second connected state of terminal is not to network in violation of rules and regulations, then the server can determine the second connected state of the terminal For normal cluster, i.e., the described terminal connects an Intranet.
Fig. 7 is the structural schematic diagram for the terminal violation networking detection device that seventh embodiment of the invention provides, such as Fig. 7 institute Show, networking detection device includes that obtaining unit 710, judging unit 720 and first are true to terminal provided in an embodiment of the present invention in violation of rules and regulations Order member 730, in which:
Obtaining unit 710 is for periodically obtaining the IP address information of terminal;Judging unit 720 is used to know in judgement described The quantity of the IP address of terminal is more than or equal to after 2, obtains the routing table of the terminal;First determination unit 730 is used for Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first connected state of the terminal to join in violation of rules and regulations Net.
Specifically, the IP address information of terminal, IP address information can be acquired periodically in obtaining unit 710 by interface function Including at least one IP address.Wherein, described to be periodically configured according to actual needs, such as primary, this hair is obtained per minute Bright embodiment is without limitation;The interface function for obtaining IP address information is configured according to actual needs, and the present invention is implemented Example is without limitation.The executing subject of networking detection method includes but is not limited to service to terminal provided in an embodiment of the present invention in violation of rules and regulations Device.
Judging unit 720 can count in IP address information after the IP address information for obtaining the terminal and include The quantity of IP address, if the quantity of the IP address is more than or equal to 2, judging unit 720 can be by calling phase The routing table that interface function obtains the terminal is closed, the routing table includes network objectives, netmask, gateway, interface, hop The information such as number.Wherein, the interface function for obtaining routing table is configured according to actual needs, and the embodiment of the present invention is without limitation.
First determination unit 730, can be according to the routing table and inside and outside after the routing table for obtaining the terminal Net interconnection violation judgment rule determines the first connected state of the terminal to network in violation of rules and regulations.First connected state includes First connected state of networking and normal cluster in violation of rules and regulations, the terminal is normal cluster, shows that the terminal individually connects outer net Or individually connect Intranet;First connected state of the terminal is to network in violation of rules and regulations, shows the terminal while being connected to outer net And Intranet.
Terminal provided in an embodiment of the present invention in violation of rules and regulations sentencing by networking detection device, the regular IP address information for obtaining terminal The quantity of the disconnected IP address for knowing terminal is more than or equal to after 2, obtains the routing table of terminal, then according to routing table and Intranet and extranet interconnect violation judgment rule, determine that the first connected state of terminal to network in violation of rules and regulations, is not easy to be shielded, improves terminal The reliability of networking detection in violation of rules and regulations.In addition, according to the violation of routing table and intranet and extranet interconnection violation judgment rule detection terminal Networking improves the terminal accuracy that networking detects in violation of rules and regulations.
Fig. 8 is the structural schematic diagram for the terminal violation networking detection device that eighth embodiment of the invention provides, such as Fig. 8 institute Show, on the basis of the various embodiments described above, further, the first determination unit 730 includes the first acquisition subelement 7301, second Obtain subelement 7302, third obtains subelement 7303 and the first judgment sub-unit 7304, in which:
First acquisition subelement 7301 is used to obtain the interface of all static routing according to the routing table;Second obtains son Unit 7302 is used for the interface according to all static routing, obtains the corresponding network interface card of interface of all static routing;Third obtains Subelement 7303 is used for the corresponding network interface card of interface according to all static routing, obtains the corresponding net of interface of all static routing The domain name server address of each network interface card in card;First judgment sub-unit 7304 is used to know connecing for all static routing in judgement There is the network interface card including Intranet domain name server address in mouthful corresponding network interface card and does not include the net of Intranet domain name server address After card, the first connected state of the terminal is determined to network in violation of rules and regulations;Wherein, the Intranet domain name server address is default 's.
Specifically, the routing table includes default route and static routing, the network objectives and network of the default route Mask is all 0, and the network objectives and netmask of the static routing are not all 0.First obtains subelement 7301 from the road By the interface that can obtain all static routing in the routing table in table.
After the interface for obtaining all static routing, since each interface in the routing table can correspond to a net Card, the second acquisition subelement 7302 can obtain corresponding with the interface of each static routing according to the interface of each static routing Network interface card, thus the corresponding network interface card of the interface for obtaining all static routing.
After the corresponding network interface card of interface for obtaining all static routing, due to including extremely in the network interface card information of each network interface card Few name server (Domain Name Server, an abbreviation DNS) address, third obtains subelement 7303 can be according to every The network interface card information of the corresponding network interface card of the interface of a static routing is with obtaining the DNS of the corresponding network interface card of interface of each static routing Location, thus in the corresponding network interface card of the interface for obtaining all static routing each network interface card dns address.
First judgment sub-unit 7304 by the dns address of each network interface card in the corresponding network interface card of the interface of all static routing with Intranet domain name server address is compared, with judging in the corresponding network interface card of the interface of all static routing the DNS of each network interface card Location whether there is Intranet domain name server address.If thering is at least one dns address and Intranet domain name to take in the dns address of network interface card The dns address being engaged in device address is identical, then the network interface card is the network interface card for including Intranet domain name server address;If network interface card All dns address in dns address are not the dns address in Intranet domain name server address, then the network interface card is not include The network interface card of Intranet domain name server address illustrates that the dns address of the network interface card is outer net domain name server address.First judgement is single If it is judged that there is the net including Intranet domain name server address in the corresponding network interface card of the interface of all static routing in member 7304 Card and the network interface card for not including Intranet domain name server address, then it is determined that the first connected state of the terminal is to network in violation of rules and regulations, The i.e. described terminal is connected to Intranet and outer net simultaneously.Wherein, the Intranet domain name server address is preset, including at least one A dns address.
Fig. 9 is the structural schematic diagram for the terminal violation networking detection device that ninth embodiment of the invention provides, such as Fig. 9 institute Show, on the basis of the various embodiments described above, further, the first determination unit 730 includes the 4th acquisition subelement the 7305, the 5th It obtains subelement the 7306, the 6th and obtains subelement 7307 and the second judgment sub-unit 7308, in which:
4th obtains the interface that subelement 7305 is used to obtain the smallest default route of metric according to the routing table;The Five obtain subelement 7306 for the interface according to the smallest default route of the metric, and it is the smallest silent to obtain the metric Recognize the corresponding network interface card of interface of routing;6th obtains subelement 7307 according to the interface pair of the smallest default route of the metric The network interface card answered, with obtaining in the corresponding network interface card of interface of the smallest default route of the metric name server of each network interface card Location;Second judgment sub-unit 7308 exists in the corresponding network interface card of interface that the smallest default route of the metric is known in judgement Network interface card including Intranet domain name server address and do not include Intranet domain name server address network interface card after, determine the terminal The first connected state be in violation of rules and regulations network;Wherein, the Intranet domain name server address is preset.
Specifically, the 4th subelement 7305 is obtained from all static state that can be obtained in the routing table in the routing table The interface of routing.4th acquisition subelement 7305 can obtain the interface and hop of all default routes from the routing table Number, the corresponding metric of each interface, then compares the size of the metric of each default route, to obtain metric most The interface of small default route.
After obtaining the interface of interface and the smallest default route of metric of all static routing, due to the routing Each interface in table can correspond to a network interface card, and the 5th obtains subelement 7306 can according to the interface of each static routing To obtain network interface card corresponding with the interface of each static routing, thus the corresponding network interface card of the interface for obtaining all static routing, and It is obtained and the smallest default road of the metric according to the interface of each default route in the smallest default route of the metric The corresponding network interface card of the interface of each default route in, so that the interface for obtaining the smallest default route of the metric is corresponding Network interface card.
6th obtains subelement 7307 can obtain according to the network interface card information of the corresponding network interface card of interface of each static routing The dns address of the corresponding network interface card of the interface of each static routing, can also be according to every in the smallest default route of the metric The network interface card information of the corresponding network interface card of the interface of a default route obtains each default road in the smallest default route of the metric By the corresponding network interface card of interface dns address, to obtain all static routing and the smallest default route of the metric The domain name server address of each network interface card in the corresponding network interface card of interface.Wherein, all static routing and the metric are the smallest The corresponding network interface card of the interface of default route, i.e., the corresponding network interface card of interface and the smallest default of the metric of all static routing The corresponding network interface card of the interface of routing.
Second judgment sub-unit 7308 is corresponding by the interface of all static routing and the smallest default route of the metric Network interface card in the dns address of each network interface card be compared with Intranet domain name server address, judge all static routing and described The dns address of each network interface card whether there is Intranet name server in the corresponding network interface card of interface of the smallest default route of metric Address.If had in the dns address of network interface card, at least one dns address is identical as the dns address in Intranet domain name server address, So the network interface card is the network interface card for including Intranet domain name server address;If all dns address in the dns address of network interface card are not It is the dns address in Intranet domain name server address, then the network interface card is the network interface card for not including Intranet domain name server address, says The dns address of the bright network interface card is outer net domain name server address.Second judgment sub-unit 7308 is if it is judged that all static state roads By interface corresponding network interface card in there is the network interface card including Intranet domain name server address and do not include Intranet name server The network interface card of location, then the first connected state of the terminal is to network in violation of rules and regulations, i.e., the described terminal is connected to Intranet and outer net simultaneously. Wherein, the Intranet domain name server address is preset, including at least one dns address.
Figure 10 is the structural schematic diagram for the terminal violation networking detection device that tenth embodiment of the invention provides, such as Figure 10 institute Show, on the basis of the various embodiments described above, further, terminal provided in an embodiment of the present invention in violation of rules and regulations also wrap by networking detection device Include the second determination unit 740, in which:
Second determination unit 740 is used for after the first connected state for judging to know the terminal is normal cluster, root According to the routing table and internal network violation judgment rule, the second connected state of the terminal is determined to network in violation of rules and regulations.
Specifically, the second determination unit 740 if it is judged that the terminal the first connected state be normal cluster, then According to the routing table and internal network violation judgment rule, second connected state of the terminal can be determined to join in violation of rules and regulations Net.If the second determination unit 740 is not judged described according to the routing table and intranet and extranet interconnection violation judgment rule First connected state of terminal is to network in violation of rules and regulations, illustrates that the first connected state of the terminal is normal cluster.Described second Net state includes violation networking and normal cluster, and the second connected state of the terminal is normal cluster, shows the terminal only Connect an Intranet;Second connected state of the terminal is to network in violation of rules and regulations, shows the terminal while connecting different Intranets.
Figure 11 is the structural schematic diagram for the terminal violation networking detection device that eleventh embodiment of the invention provides, such as Figure 11 Shown, on the basis of the various embodiments described above, further, the second determination unit 740 includes the 7th obtaining subelement 7401, the Eight, which obtain subelement the 7402, the 9th, obtains subelement 7403 and third judgment sub-unit 7404, in which:
7th acquisition subelement 7401 is used to obtain the interface of all static routing according to the routing table;8th obtains son Unit 7402 is used for the interface according to all static routing, obtains the corresponding network interface card of interface of all static routing;9th obtains Subelement 7403 is used for the corresponding network interface card of interface according to all static routing, obtains the corresponding net of interface of all static routing The domain name server address and gateway address of each network interface card in card;Third judgment sub-unit 7404 is all quiet for knowing in judgement The domain name server address of all network interface cards is all Intranet domain name server address in the corresponding network interface card of interface of state routing, and all In the corresponding network interface card of the interface of static routing the gateway address of each network interface card include different Intranets gateway address after, determine institute The second connected state of terminal is stated to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset, each Intranet Gateway address is preset.
Specifically, the 7th subelement 7401 is obtained from all static state that can be obtained in the routing table in the routing table The interface of routing.
After the interface for obtaining all static routing, the 8th obtains subelement 7402 according to the interface of each static routing Network interface card corresponding with the interface of each static routing can be obtained, thus the corresponding network interface card of the interface for obtaining all static routing.
After the corresponding network interface card of interface for obtaining all static routing, due to including extremely in the network interface card information of each network interface card Lack a dns address, further includes gateway address in the network interface card information of each network interface card, the 9th obtains subelement 7403 can be according to every The network interface card information of the corresponding network interface card of the interface of a static routing obtains the dns address of the corresponding network interface card of interface of each static routing And gateway address, thus in the corresponding network interface card of the interface for obtaining all static routing each network interface card dns address and gateway address.
Third judgment sub-unit 7404 by the dns address of each network interface card in the corresponding network interface card of the interface of all static routing with Dns address in Intranet domain name server address is compared, and is judged each in the corresponding network interface card of the interface of all static routing Whether the dns address of network interface card is all Intranet domain name server address, if all dns address in the dns address of each network interface card All there are identical dns address in net domain name server address inside, then in the corresponding network interface card of the interface of all static routing The domain name server address of all network interface cards is all Intranet domain name server address.
Third judgment sub-unit 7404 is by the gateway address of each network interface card in the corresponding network interface card of the interface of all static routing It is compared with the gateway address of each Intranet, if there is the gateway address Intranet different from least two of at least two network interface cards Gateway address it is identical, such as a network interface card gateway address with production network in a gateway address it is identical, another net The gateway address of card is identical as a gateway address in office network or the gateway address of first network interface card and production network In a gateway address it is identical, the gateway address of second network interface card is identical as a gateway address in office network, third The gateway address of a network interface card is identical as a gateway address in test network, then the corresponding net of the interface of all static routing The gateway address of each network interface card includes the gateway address of different Intranets in card.
Third judgment sub-unit 7404 is if it is judged that all network interface cards in the corresponding network interface card of the interface of all static routing Domain name server address is all Intranet domain name server address, and each network interface card in the corresponding network interface card of interface of all static routing Gateway address include different Intranets gateway address, then it is determined that the second connected state of the terminal be in violation of rules and regulations network, i.e., The terminal is connected at least two Intranets simultaneously.Wherein, the Intranet domain name server address is preset, including at least one A dns address, the gateway address of each Intranet are preset.
Figure 12 is the structural schematic diagram for the terminal violation networking detection device that twelveth embodiment of the invention provides, such as Figure 12 Shown, on the basis of the various embodiments described above, further, the second determination unit 740 includes the tenth obtaining subelement 7405, the 11, which obtain subelement the 7406, the 12nd, obtains subelement 7407 and the 4th judgment sub-unit 7408, in which:
Tenth obtains the interface that subelement 7405 is used to obtain the smallest default route of metric according to the routing table;The 11 obtain subelement 7406 for the interface according to the smallest default route of the metric, and it is the smallest to obtain the metric The corresponding network interface card of the interface of default route;12nd, which obtains subelement 7407, is used for according to the smallest default route of the metric The corresponding network interface card of interface, obtain the domain name of each network interface card in the corresponding network interface card of interface of the smallest default route of the metric Server address and gateway address;4th judgment sub-unit 7408 is used to know the smallest default route of the metric in judgement The corresponding network interface card of interface in the domain name server address of all network interface cards be all Intranet domain name server address, and the metric In the corresponding network interface card of the interface of the smallest default route the gateway address of each network interface card include different Intranets gateway address after, The second connected state of the terminal is determined to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset, each The gateway address of Intranet is preset.
Specifically, the tenth acquisition subelement 7405 can be obtained from the routing table all default routes interface and Metric, the corresponding metric of each interface, then compares the size of the metric of each default route, to obtain hop The interface of the smallest default route of number.
11st obtains subelement 7406 according to the interface of each default route in the smallest default route of the metric Network interface card corresponding with the interface of each default route in the smallest default route of the metric is obtained, to obtain the hop The corresponding network interface card of interface of the smallest default route of number.
After the corresponding network interface card of interface for obtaining the smallest default route of metric, due to the network interface card of each network interface card Include at least one dns address in information, further include gateway address in the network interface card information of each network interface card, the 12nd obtains subelement 7407 can be according to the network interface card information of the corresponding network interface card of interface of each default route in the smallest default route of the metric With obtaining dns address and the gateway of the corresponding network interface card of interface of each default route in the smallest default route of the metric Location, to obtain the dns address and gateway of each network interface card in the corresponding network interface card of interface of the smallest default route of the metric Address.
4th judgment sub-unit 7408 is by each net in the corresponding network interface card of interface of the smallest default route of the metric The dns address of card is compared with dns address in Intranet domain name server address, judges the smallest default route of the metric The corresponding network interface card of interface in the dns address of each network interface card whether be Intranet domain name server address, if each network interface card All there are identical dns address in net domain name server address inside for all dns address in dns address, then the hop The domain name server address of all network interface cards is all Intranet name server in the corresponding network interface card of interface of the smallest default route of number Address.
4th judgment sub-unit 7408 is by each net in the corresponding network interface card of interface of the smallest default route of the metric The gateway address of card is compared with the gateway address of each Intranet, if there is at least two network interface cards gateway address at least The gateway address of two difference Intranets is identical, such as a gateway address phase in the gateway address and production network of a network interface card Together, the gateway address of another network interface card is identical as a gateway address in office network or the gateway of first network interface card Location is identical as a gateway address in production network, a gateway in the gateway address and office network of second network interface card Location is identical, and the gateway address of third network interface card is identical as a gateway address in test network, then the metric is minimum Default route the corresponding network interface card of interface in each network interface card gateway address include different Intranets gateway address.
4th judgment sub-unit 7408 if it is judged that the smallest default route of the metric the corresponding network interface card of interface In the domain name server address of all network interface cards be all Intranet domain name server address, and the smallest default route of the metric The gateway address of each network interface card includes the gateway address of different Intranets in the corresponding network interface card of interface, then it is determined that the of the terminal Two connected states are to network in violation of rules and regulations, i.e., the described terminal is connected at least two Intranets simultaneously.Wherein, the Intranet name server Address is preset, including at least one dns address, and the gateway address of each Intranet is preset.
Figure 13 is the structural schematic diagram for the terminal violation networking detection device that thriteenth embodiment of the invention provides, such as Figure 13 It is shown, on the basis of the various embodiments described above, further, the second determination unit 740 include the 13rd obtain subelement 7409, 14th, which obtains subelement the 7410, the 15th, obtains subelement 7411 and the 5th judgment sub-unit 7412, in which:
13rd acquisition subelement 7409 is used to obtain the interface and metric of all static routing according to the routing table The interface of the smallest default route;14th obtains subelement 7410 for the interface according to all static routing, is owned The corresponding network interface card of the interface of static routing, and according to the interface of the smallest default route of the metric, obtain the metric The corresponding network interface card of the interface of the smallest default route;15th obtains subelement 7411 for the interface according to all static routing The corresponding network interface card of interface of corresponding network interface card and the smallest default route of the metric, obtains all static routing and the jump It counts the domain name server address and gateway address of each network interface card in the corresponding network interface card of interface of the smallest default route;5th sentences Disconnected subelement 7412 is used to know that the interface of all static routing and the smallest default route of the metric is corresponding in judgement The domain name server address of all network interface cards is all Intranet domain name server address in network interface card, and all static routing and the hop In the corresponding network interface card of interface of the smallest default routes of number the gateway address of each network interface card include different Intranets gateway address it Afterwards, the second connected state of the terminal is determined to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset, The gateway address of each Intranet is preset.
Specifically, the 13rd acquisition subelement 7409 is all quiet in the routing table from that can obtain in the routing table The interface of state routing.The server can obtain the interface and metric of all default routes from the routing table, so The size of the metric of each default route is compared afterwards, to obtain the interface of the smallest default route of metric.
After obtaining the interface of interface and the smallest default route of metric of all static routing, the 14th obtains son Unit 7410 can obtain network interface card corresponding with the interface of each static routing according to the interface of each static routing, to obtain The corresponding network interface card of the interface of all static routing, and connect according to each default route in the smallest default route of the metric Mouth obtains network interface card corresponding with the interface of each default route in the smallest default route of the metric, to obtain the jump It counts the corresponding network interface card of interface of the smallest default route.
15th acquisition subelement 7411 can obtain each static state according to the corresponding network interface card of interface of each static routing The dns address and gateway address of the corresponding network interface card of the interface of routing, can also be according in the smallest default route of the metric The corresponding network interface card of the interface of each default route obtains the interface of each default route in the smallest default route of the metric The dns address and gateway address of corresponding network interface card, to obtain all static routing and the smallest default route of the metric The corresponding network interface card of interface in each network interface card domain name server address.Wherein, all static routing and the metric are minimum Default route the corresponding network interface card of interface, i.e., the corresponding network interface card of interface of all static routing and the metric are the smallest silent Recognize the corresponding network interface card of interface of routing.
5th judgment sub-unit 7412 is corresponding by the interface of all static routing and the smallest default route of the metric Network interface card in the dns address of each network interface card be compared with the dns address in Intranet domain name server address, judge all static state Whether the dns address for routing each network interface card in network interface card corresponding with the interface of the smallest default route of the metric is Intranet Domain name server address, if all dns address in the dns address of each network interface card are deposited in net domain name server address inside In identical dns address, then in the corresponding network interface card of interface of all static routing and the smallest default route of the metric The domain name server address of all network interface cards is all Intranet domain name server address.
5th judgment sub-unit 7412 is corresponding by the interface of all static routing and the smallest default route of the metric Network interface card in the gateway address of each network interface card be compared with the gateway address of each Intranet, if there is at least two network interface cards The gateway address of gateway address Intranet different from least two is identical, such as in the gateway address and production network of a network interface card One gateway address is identical, and the gateway address of another network interface card is identical as a gateway address in office network or first The gateway address of a network interface card is identical as a gateway address in production network, the gateway address and office network of second network interface card In a gateway address it is identical, the gateway address of third network interface card is identical as a gateway address in test network, then The gateway address packet of each network interface card in the corresponding network interface card of interface of all static routing and the smallest default route of the metric Include the gateway address of different Intranets.
5th judgment sub-unit 7412 is if it is judged that all static routing and the smallest default route of the metric The domain name server address of all network interface cards is all Intranet domain name server address in the corresponding network interface card of interface, and all static routing The gateway address of each network interface card includes different Intranets in network interface card corresponding with the interface of the smallest default route of the metric Gateway address, then it is determined that the second connected state of the terminal is to network in violation of rules and regulations, i.e., the described terminal is connected at least two simultaneously A Intranet.Wherein, the Intranet domain name server address is preset, including at least one dns address, the gateway of each Intranet Address is preset.
The embodiment of server provided in an embodiment of the present invention specifically can be used for executing the place of above-mentioned each method embodiment Process is managed, details are not described herein for function, is referred to the detailed description of above method embodiment.
Figure 14 is the structural schematic diagram for the terminal violation networking detection device that fourteenth embodiment of the invention provides, such as Figure 14 Shown, which may include: processor (processor) 1401, communication interface (Communications Interface) 1402, memory (memory) 1403 and communication bus 1404, wherein processor 1401, communication interface 1402, Memory 1403 completes mutual communication by communication bus 1404.Processor 1401 can call patrolling in memory 1403 Instruction is collected, to execute following method: periodically obtaining the IP address information of terminal;If the number of the IP address of the terminal is known in judgement Amount is more than or equal to 2, then obtains the routing table of the terminal;According to the routing table and intranet and extranet interconnection, judgement is advised in violation of rules and regulations Then, the first connected state of the terminal is determined to network in violation of rules and regulations.
In addition, the logical order in above-mentioned memory 403 can be realized by way of SFU software functional unit and conduct Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally Substantially the part of the part that contributes to existing technology or the technical solution can be in other words for the technical solution of invention The form of software product embodies, which is stored in a storage medium, including some instructions to So that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation of the present invention The all or part of the steps of example the method.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. it is various It can store the medium of program code.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated When machine executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, periodically obtains the IP of terminal Address information;If judgement knows that the quantity of the IP address of the terminal is more than or equal to 2, the routing of the terminal is obtained Table;Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first connected state of the terminal in violation of rules and regulations Networking.
The present embodiment provides a kind of computer readable storage medium, the computer-readable recording medium storage computer journey Sequence, the computer program make the computer execute method provided by above-mentioned each method embodiment, for example, periodically obtain Take the IP address information of terminal;If judgement knows that the quantity of the IP address of the terminal is more than or equal to 2, the end is obtained The routing table at end;Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first networking shape of the terminal State is to network in violation of rules and regulations.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In the description of this specification, reference term " one embodiment ", " specific embodiment ", " some implementations Example ", " such as ", the description of " example ", " specific example " or " some examples " etc. mean it is described in conjunction with this embodiment or example Particular features, structures, materials, or characteristics are included at least one embodiment or example of the invention.In the present specification, Schematic expression of the above terms may not refer to the same embodiment or example.Moreover, the specific features of description, knot Structure, material or feature can be combined in any suitable manner in any one or more of the embodiments or examples.
Particular embodiments described above has carried out further in detail the purpose of the present invention, technical scheme and beneficial effects Describe in detail it is bright, it should be understood that the above is only a specific embodiment of the present invention, the guarantor being not intended to limit the present invention Range is protected, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in this Within the protection scope of invention.

Claims (16)

  1. The detection method 1. a kind of terminal is networked in violation of rules and regulations characterized by comprising
    Periodically obtain the IP address information of terminal;
    If judgement knows that the quantity of the IP address of the terminal is more than or equal to 2, the routing table of the terminal is obtained;
    Violation judgment rule is interconnected according to the routing table and intranet and extranet, determines the first connected state of the terminal in violation of rules and regulations Networking.
  2. 2. the method according to claim 1, wherein described interconnect in violation of rules and regulations according to the routing table and intranet and extranet Judgment rule determines that the first connected state of the terminal includes: for networking in violation of rules and regulations
    The interface of all static routing is obtained according to the routing table;
    According to the interface of all static routing, the corresponding network interface card of interface of all static routing is obtained;
    According to the corresponding network interface card of the interface of all static routing, each net in the corresponding network interface card of interface of all static routing is obtained The domain name server address of card;
    If judgement, which is known, has the network interface card including Intranet domain name server address in the corresponding network interface card of the interface of all static routing It does not include the network interface card of Intranet domain name server address, it is determined that the first connected state of the terminal is to network in violation of rules and regulations;Wherein, The Intranet domain name server address is preset.
  3. 3. the method according to claim 1, wherein described interconnect in violation of rules and regulations according to the routing table and intranet and extranet Judgment rule determines that the first connected state of the terminal includes: for networking in violation of rules and regulations
    The interface of all static routing and the interface of the smallest default route of metric are obtained according to the routing table;
    According to the interface of all static routing, the corresponding network interface card of interface of all static routing is obtained, and according to the metric The interface of the smallest default route obtains the corresponding network interface card of interface of the smallest default route of the metric;
    According to the corresponding net of interface of the corresponding network interface card of the interface of all static routing and the smallest default route of the metric Card, obtains the domain name of each network interface card in the corresponding network interface card of interface of all static routing and the smallest default route of the metric Server address;
    If judgement, which is known, has packet in the corresponding network interface card of interface of all static routing and the smallest default route of the metric It includes the network interface card of Intranet domain name server address and does not include the network interface card of Intranet domain name server address, it is determined that the of the terminal One connected state is to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset.
  4. 4. method according to any one of claims 1 to 3, which is characterized in that further include:
    If judging to know, the first connected state of the terminal as normal cluster, is disobeyed according to the routing table and internal network Judgment rule is advised, determines the second connected state of the terminal to network in violation of rules and regulations.
  5. 5. according to the method described in claim 4, it is characterized in that, described sentence in violation of rules and regulations according to the routing table and internal network Disconnected rule determines that the second connected state of the terminal includes: for networking in violation of rules and regulations
    The interface of all static routing is obtained according to the routing table;
    According to the interface of all static routing, the corresponding network interface card of interface of all static routing is obtained;
    According to the corresponding network interface card of the interface of all static routing, each net in the corresponding network interface card of interface of all static routing is obtained The domain name server address and gateway address of card;
    If judgement knows that the domain name server address of all network interface cards in the corresponding network interface card of the interface of all static routing is all Intranet Domain name server address, and the gateway address of each network interface card includes different Intranets in the corresponding network interface card of interface of all static routing Gateway address, it is determined that the second connected state of the terminal be in violation of rules and regulations network;Wherein, the Intranet domain name server address Be it is preset, the gateway address of each Intranet is preset.
  6. 6. according to the method described in claim 4, it is characterized in that, described sentence in violation of rules and regulations according to the routing table and internal network Disconnected rule determines that the second connected state of the terminal includes: for networking in violation of rules and regulations
    The interface of the smallest default route of metric is obtained according to the routing table;
    According to the interface of the smallest default route of the metric, the interface for obtaining the smallest default route of the metric is corresponding Network interface card;
    According to the corresponding network interface card of interface of the smallest default route of the metric, the smallest default route of the metric is obtained The corresponding network interface card of interface in each network interface card domain name server address and gateway address;
    If the name server of all network interface cards in the corresponding network interface card of interface of the smallest default route of the metric is known in judgement Address is all Intranet domain name server address, and each net in the corresponding network interface card of interface of the smallest default route of the metric The gateway address of card includes the gateway address of different Intranets, it is determined that the second connected state of the terminal is to network in violation of rules and regulations;Its In, the Intranet domain name server address be it is preset, the gateway address of each Intranet is preset.
  7. 7. according to the method described in claim 4, it is characterized in that, described sentence in violation of rules and regulations according to the routing table and internal network Disconnected rule determines that the second connected state of the terminal includes: for networking in violation of rules and regulations
    The interface of all static routing and the interface of the smallest default route of metric are obtained according to the routing table;
    According to the interface of all static routing, the corresponding network interface card of interface of all static routing is obtained, and according to the metric The interface of the smallest default route obtains the corresponding network interface card of interface of the smallest default route of the metric;
    According to the corresponding net of interface of the corresponding network interface card of the interface of all static routing and the smallest default route of the metric Card, obtains the domain name of each network interface card in the corresponding network interface card of interface of all static routing and the smallest default route of the metric Server address and gateway address;
    If all nets in the corresponding network interface card of interface of all static routing and the smallest default route of the metric are known in judgement The domain name server address of card is all Intranet domain name server address, and all static routing and the smallest default of the metric The gateway address of each network interface card includes the gateway address of different Intranets in the corresponding network interface card of the interface of routing, it is determined that the terminal The second connected state be in violation of rules and regulations network;Wherein, the Intranet domain name server address is preset, the gateway of each Intranet Location is preset.
  8. The detection device 8. a kind of terminal is networked in violation of rules and regulations characterized by comprising
    Obtaining unit, for periodically obtaining the IP address information of terminal;
    Judging unit obtains the end after knowing that the quantity of IP address of the terminal is more than or equal to 2 in judgement The routing table at end;
    First determination unit determines the terminal for interconnecting violation judgment rule according to the routing table and intranet and extranet First connected state.
  9. 9. device according to claim 8, which is characterized in that first determination unit includes:
    First obtains subelement, for obtaining the interface of all static routing according to the routing table;
    Second acquisition subelement obtains the corresponding net of interface of all static routing for the interface according to all static routing Card;
    Third obtains subelement and obtains connecing for all static routing for the corresponding network interface card of interface according to all static routing The domain name server address of each network interface card in the corresponding network interface card of mouth;
    First judgment sub-unit includes interior domain for existing in the corresponding network interface card of interface that all static routing are known in judgement Name server address network interface card and do not include Intranet domain name server address network interface card after, determine the terminal first network State is to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset.
  10. 10. device according to claim 8, which is characterized in that first determination unit includes:
    4th obtains subelement, for obtaining the interface of the smallest default route of metric according to the routing table;
    5th obtains subelement, and for the interface according to the smallest default route of the metric, it is minimum to obtain the metric Default route the corresponding network interface card of interface;
    6th acquisition subelement obtains the hop according to the corresponding network interface card of interface of the smallest default route of the metric The domain name server address of each network interface card in the corresponding network interface card of interface of the smallest default route of number;
    There is packet in the corresponding network interface card of interface that the smallest default route of the metric is known in judgement in the second judgment sub-unit Include the network interface card of Intranet domain name server address and do not include Intranet domain name server address network interface card after, determine the terminal First connected state is to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset.
  11. 11. according to the described in any item devices of claim 8 to 10, which is characterized in that further include:
    Second determination unit, for after the first connected state for judging to know the terminal is normal cluster, according to described Routing table and internal network violation judgment rule, determine the second connected state of the terminal.
  12. 12. device according to claim 11, which is characterized in that second determination unit includes:
    7th obtains subelement, for obtaining the interface of all static routing according to the routing table;
    8th acquisition subelement obtains the corresponding net of interface of all static routing for the interface according to all static routing Card;
    9th acquisition subelement obtains connecing for all static routing for the corresponding network interface card of interface according to all static routing The domain name server address and gateway address of each network interface card in the corresponding network interface card of mouth;
    Third judgment sub-unit, the domain name for all network interface cards in the corresponding network interface card of interface that all static routing are known in judgement Server address is all Intranet domain name server address, and in the corresponding network interface card of interface of all static routing each network interface card net After closing the gateway address that address includes different Intranets, the second connected state of the terminal is determined to network in violation of rules and regulations;Wherein, institute State Intranet domain name server address be it is preset, the gateway address of each Intranet is preset.
  13. 13. device according to claim 11, which is characterized in that second determination unit includes:
    Tenth obtains subelement, for obtaining the interface of the smallest default route of metric according to the routing table;
    11st acquisition subelement obtains the metric most for the interface according to the smallest default route of the metric The corresponding network interface card of the interface of small default route;
    12nd obtains subelement, for the corresponding network interface card of interface according to the smallest default route of the metric, obtains institute State the domain name server address and gateway address of each network interface card in the corresponding network interface card of interface of the smallest default route of metric;
    4th judgment sub-unit, for the institute in the corresponding network interface card of interface that the smallest default route of the metric is known in judgement The domain name server address for having network interface card is all Intranet domain name server address, and the interface of the smallest default route of the metric In corresponding network interface card the gateway address of each network interface card include different Intranets gateway address after, determine the second of the terminal Net state is to network in violation of rules and regulations;Wherein, the Intranet domain name server address is preset, and the gateway address of each Intranet is default 's.
  14. 14. device according to claim 11, which is characterized in that second determination unit includes:
    13rd obtains subelement, and the interface and metric for obtaining all static routing according to the routing table are the smallest silent Recognize the interface of routing;
    14th obtains subelement, and for the interface according to all static routing, the interface for obtaining all static routing is corresponding Network interface card, and according to the interface of the smallest default route of the metric, obtain the interface of the smallest default route of the metric Corresponding network interface card;
    15th obtains subelement, for according to all static routing the corresponding network interface card of interface and the metric it is the smallest silent The corresponding network interface card of interface for recognizing routing, the interface for obtaining all static routing and the smallest default route of the metric are corresponding The domain name server address and gateway address of each network interface card in network interface card;
    5th judgment sub-unit, for knowing the interface of all static routing and the smallest default route of the metric in judgement The domain name server address of all network interface cards is all Intranet domain name server address in corresponding network interface card, and all static routing and institute The gateway address for stating each network interface card in the corresponding network interface card of interface of the smallest default route of metric includes the gateway of different Intranets After address, the second connected state of the terminal is determined to network in violation of rules and regulations;Wherein, the Intranet domain name server address is pre- If, the gateway address of each Intranet is preset.
  15. 15. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor realizes any one of claim 1 to 7 side when executing the computer program The step of method.
  16. 16. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of any one of claim 1 to 7 the method is realized when being executed by processor.
CN201910772033.0A 2019-08-21 2019-08-21 Terminal illegal networking detection method and device Active CN110493228B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910772033.0A CN110493228B (en) 2019-08-21 2019-08-21 Terminal illegal networking detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910772033.0A CN110493228B (en) 2019-08-21 2019-08-21 Terminal illegal networking detection method and device

Publications (2)

Publication Number Publication Date
CN110493228A true CN110493228A (en) 2019-11-22
CN110493228B CN110493228B (en) 2021-10-26

Family

ID=68552580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910772033.0A Active CN110493228B (en) 2019-08-21 2019-08-21 Terminal illegal networking detection method and device

Country Status (1)

Country Link
CN (1) CN110493228B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201474A1 (en) * 2006-02-28 2007-08-30 Hitachi, Ltd. Device for protection against illegal communications and network system thereof
CN101257388A (en) * 2008-04-08 2008-09-03 华为技术有限公司 Lawless exterior joint detecting method, apparatus and system
CN102611713A (en) * 2012-04-10 2012-07-25 重庆交通大学 Entropy operation-based network intrusion detection method and device
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN103441864A (en) * 2013-08-12 2013-12-11 江苏华大天益电力科技有限公司 Method for monitoring illegal external connection of terminal equipment
CN104104686A (en) * 2014-07-24 2014-10-15 上海斐讯数据通信技术有限公司 Mobile Internet based network packet analysis and discovery method
CN105939239A (en) * 2015-07-31 2016-09-14 杭州迪普科技有限公司 Data transmission method and device of virtual network interface card
CN107104854A (en) * 2017-04-12 2017-08-29 中国工商银行股份有限公司 Detection method, equipment and the system of terminal dual network interconnection

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201474A1 (en) * 2006-02-28 2007-08-30 Hitachi, Ltd. Device for protection against illegal communications and network system thereof
CN101257388A (en) * 2008-04-08 2008-09-03 华为技术有限公司 Lawless exterior joint detecting method, apparatus and system
CN102611713A (en) * 2012-04-10 2012-07-25 重庆交通大学 Entropy operation-based network intrusion detection method and device
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN103441864A (en) * 2013-08-12 2013-12-11 江苏华大天益电力科技有限公司 Method for monitoring illegal external connection of terminal equipment
CN104104686A (en) * 2014-07-24 2014-10-15 上海斐讯数据通信技术有限公司 Mobile Internet based network packet analysis and discovery method
CN105939239A (en) * 2015-07-31 2016-09-14 杭州迪普科技有限公司 Data transmission method and device of virtual network interface card
CN107104854A (en) * 2017-04-12 2017-08-29 中国工商银行股份有限公司 Detection method, equipment and the system of terminal dual network interconnection

Also Published As

Publication number Publication date
CN110493228B (en) 2021-10-26

Similar Documents

Publication Publication Date Title
US10305776B2 (en) Network verification
CN108401492B (en) Routing method, device and server based on mixed resources
CN109491905A (en) Head end test method, apparatus and electronic equipment
CN113973077A (en) Extensible network traffic engineering platform for improving network elasticity in cloud applications
CN106534345B (en) A kind of message forwarding method and device
CN109889547A (en) A kind of detection method and device of abnormal network equipment
CN108306824B (en) Message sending method and device
CN109117275A (en) Account checking method, device, computer equipment and storage medium based on data fragmentation
CN108092853A (en) Method, apparatus, system, electronic equipment and the storage medium of monitoring server link state
CN106332141A (en) Flow load sharing method and flow load sharing device
CN104052679B (en) The load-balancing method of network traffics and device
CN110046994A (en) A kind of method and system for accepting block chain and depositing card transaction
CN106790175B (en) A kind of detection method and device of worm event
CN114338510A (en) Data forwarding method and system with separated control and forwarding
CN110233779A (en) Test method, test macro and computer readable storage medium
CN109460930A (en) A kind of method and relevant device of determining adventure account
CN109525683A (en) The free address Tapping Potential Method and device of the address Metropolitan Area Network (MAN) IPV4
CN103414756B (en) A kind of task distribution method, distribution node and system
CN110493228A (en) A kind of terminal violation networking detection method and device
CN105764094A (en) Hybrid load balancing method and device
CN114615015B (en) Method, device, equipment and medium for determining repair priority of service system
CN109361674A (en) Bypass stream data detection method, device and the electronic equipment of access
CN105634839B (en) A kind of method and apparatus for obtaining network reachable address space
CN105991552A (en) Method for aging flow table and NAT (network address translation) session table and apparatus
CN105871834B (en) A kind of method and apparatus calculating malice index

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant