CN110798340A - Port information combing method, device and server - Google Patents

Port information combing method, device and server Download PDF

Info

Publication number
CN110798340A
CN110798340A CN201910961589.4A CN201910961589A CN110798340A CN 110798340 A CN110798340 A CN 110798340A CN 201910961589 A CN201910961589 A CN 201910961589A CN 110798340 A CN110798340 A CN 110798340A
Authority
CN
China
Prior art keywords
port information
devices
server
equipment
communication connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910961589.4A
Other languages
Chinese (zh)
Other versions
CN110798340B (en
Inventor
李志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN201910961589.4A priority Critical patent/CN110798340B/en
Publication of CN110798340A publication Critical patent/CN110798340A/en
Application granted granted Critical
Publication of CN110798340B publication Critical patent/CN110798340B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Abstract

The embodiment of the application discloses a port information combing method, a device and a server, wherein the method comprises the following steps: the method comprises the steps that a server receives port information of first equipment and port information of one or more devices which establish communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; storing the port information of the first equipment and the port information of one or more equipment establishing communication connection with the first equipment in an analysis component in an associated mode; then acquiring a query instruction of the device port information associated with the port information of the first device; and then outputting the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device. By adopting the method and the device, the port information between the devices with the closed firewall can be combed, and the combing efficiency is improved.

Description

Port information combing method, device and server
Technical Field
The invention relates to the field of data analysis, in particular to a port information combing method, device and server.
Background
With the development and application of network technology, the network security problem becomes increasingly serious. In order to increase the security of network data interaction, a firewall is usually disposed between the internal network and the external network. However, in order to realize communication between devices of the internal network and the external network, it is necessary to close firewalls between some devices. Because the number of the firewalls is large, the firewall between the devices needs to be closed only after the firewall needs to be combed and analyzed, and if the firewall is not combed clearly, potential safety hazards may occur after the firewall is closed. At present, port information between devices of a closed firewall is combed mainly in a manual combing mode, so that the efficiency is low, and the error rate is high.
Disclosure of Invention
The embodiment of the application provides a port information combing method, a device and a server, which realize the combing of port information between devices with closed firewalls, avoid the complexity of manual combing, reduce the error rate of combing, improve the combing efficiency and save the labor cost.
In a first aspect, an embodiment of the present application provides a port information combing method, where the method includes:
the method comprises the steps that a server receives port information of first equipment and port information of one or more devices which establish communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated mode, and the analysis component is used for inquiring and analyzing the port information;
the server acquires a query instruction of the device port information associated with the port information of the first device;
and the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In the embodiment of the application, after the server receives the port information sent by the equipment, the port information is stored in the analysis assembly for inquiry and analysis, so that the port information between the equipment with the closed firewall can be combed out, the trouble of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation manner, after the server receives port information of a first device and port information of one or more devices that establish a communication connection with the first device, which are sent by the first device, and before the server stores the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device in association in the analysis component, the method further includes:
and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
In the embodiment of the application, before the server stores the receiving port information into the analysis component, the server firstly performs duplicate removal processing on the port information, removes redundant information, avoids the need of storing redundant information, and saves the storage space of the server.
In one possible implementation manner, the storing, by the server, port information of the first device and port information of one or more devices that establish a communication connection with the first device in association in an analysis component includes:
the server associates and matches the port information of the first device with a first preset field, associates and matches the port information of the one or more devices with a second preset field, wherein the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
According to the method and the device, the port information is matched with the preset field in an associated mode, the port information can be checked and inquired through the preset field, the inquiry efficiency can be improved, and the combing efficiency of the port information is further improved.
In one possible implementation manner, after the server outputs the port information of the one or more devices, which is queried according to the query instruction and stored in association with the port information of the first device, the method further includes:
the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
In a second aspect, an embodiment of the present application provides a port information combing method, where the method includes:
the method comprises the steps that a first device collects port information of the first device and port information of one or more devices which establish communication connection with the first device; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server, the port information of the first device and the port information of the one or more devices are stored in an analysis component of the server in an associated mode, and the analysis component is used for inquiring and analyzing the port information.
According to the method and the device, the port information of the device which is in communication connection with the device is collected, and the collected port information is sent to the server so as to be used for inquiring and analyzing, so that the port information between the devices which are closed to prevent the firewall can be combed out, the trouble of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes:
the first device performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
In the embodiment of the application, before the collected port information is sent to the server, the collected port information is subjected to duplicate removal processing, redundant information is removed, the situation that the server needs to store redundant information after the collected port information is sent to the server is avoided, and the storage space of the server is saved.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes:
the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in a message queue mode.
In the embodiment of the application, because the port information acquired by the equipment is huge in quantity, the acquired port information is stored in the cache component after the port information is acquired by the equipment, a buffer time is provided for the server to receive the port information, and the pressure of the server to receive and store a large amount of port information is relieved.
In one possible implementation manner, the acquiring, by the first device, port information of the first device and port information of one or more devices that establish a communication connection with the first device includes:
the first equipment circularly collects port information of equipment which establishes communication connection with the first equipment within preset time.
In the embodiment of the present application, port information can be collected only when communication connection has been established between two devices, but communication connection between two devices that can communicate with each other does not exist all the time, and communication connection is established only when communication is needed, so that the devices need to continuously and cyclically collect port information to ensure integrity of the collected port information.
In a third aspect, an embodiment of the present application provides a port information combing device, which includes a unit for executing the port information combing method according to any one of the first aspect and possible implementations thereof.
In a fourth aspect, an embodiment of the present application provides a port information combing server, where the server includes a unit configured to execute the port information combing method according to any one of the second aspect and possible implementations thereof.
In a fifth aspect, an embodiment of the present application provides an apparatus, including a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory is used to store a computer program, and the processor is configured to call the computer program to perform the port information combing method according to any one of the first aspect and possible implementation manners thereof.
In a sixth aspect, an embodiment of the present application provides a server, including a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory is used to store a computer program, and the processor is configured to call the computer program to execute the port information combing method according to any one of the second aspect and possible implementation manners.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the port information combing method according to any one of the above first aspect and possible implementations thereof.
In an eighth aspect, the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the port information combing method according to any one of the second aspect and possible implementation manners thereof.
To sum up, the embodiment of the application realizes the combing of the port information between the devices with closed firewall, avoids the complexity of manual combing, reduces the error rate of combing, improves the combing efficiency and saves the labor cost.
Drawings
The drawings to be used in the embodiments of the present application will be described below.
Fig. 1 is a schematic system architecture diagram of a port combing method according to an embodiment of the present application;
fig. 2 is an interaction flow diagram of a port combing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a logical structure of a port grooming device according to an embodiment of the present application;
fig. 4 is a schematic logical structure diagram of a port grooming server according to an embodiment of the present application;
fig. 5 is a schematic hardware structure diagram of an apparatus according to an embodiment of the present disclosure;
fig. 6 is a schematic hardware structure diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present invention better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The system architecture of the present solution is described first. Referring to fig. 1, fig. 1 is a schematic diagram of a system architecture of a port combing method according to an embodiment of the present disclosure. The system may include, but is not limited to: the system comprises a first network and a second network, wherein the first network comprises one or more servers (a plurality of servers can form a server cluster) and n devices from 1-1 to 1-n, the second network can comprise n devices from 2-1 to 2-n, and n is an integer greater than or equal to 1.
Normally, a firewall is opened between the first network and the second network, and if a certain device in the first network needs to communicate with a certain device in the second network, the firewall between the two devices needs to be closed first. As shown in fig. 1, it is assumed that device 1-1 in the first network can communicate with devices 2-1, 2-2, and 2-3 in the second network, i.e., indicating that the firewalls between device 1-1 and devices 2-1, 2-2, and 2-3, respectively, have been closed, but that device 1-1 and device 2-n cannot communicate with each other because the firewall is opened between device 1-1 and device 2-n. In fig. 1, the device of the first network and the device of the second network indicate that the firewall is closed and can communicate with each other if there is an arrow connection indicating that the devices can communicate with each other, and indicate that the firewall is opened and cannot communicate with each other if there is no arrow connection between the devices.
The related servers can include, but are not limited to, a background server, a component server, a port information combing server, and the like, and the servers can communicate with a plurality of devices in a network. The server provides port information combing service for the equipment. The server needs to run a corresponding server-side program to provide corresponding port information combing service, such as port information combing database service, data calculation, decision execution, and the like.
The device related to the embodiment of the application can install and run the related application (or APP). The application is a program corresponding to a server and providing a local service to a user. The device in the embodiment of the present application may include, but is not limited to, any electronic device based on an intelligent operating system, which can perform human-computer interaction with a user through an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as a smart phone, a tablet computer, a personal computer, and the like. The smart operating system includes, but is not limited to, any operating system that enriches the functionality of a device by providing various applications to the device.
It should be noted that the system architecture of the port combing method provided in the present application is not limited to the system architecture shown in fig. 1.
For traffic needs, firewalls of some devices in the first network and the second network need to be closed to enable intercommunication between the devices of the two networks. However, because the firewall plays a role in protecting the information network security and cannot be closed at will, only the information between the devices which close the firewall between the two networks is clearly combed, and the firewall between which devices can be closed can be determined after the information is clearly analyzed according to the combing result, the scheme provides a port information combing method.
Based on the system architecture of a port combing method provided by the present solution given in fig. 1, a port combing method is provided below, and an interaction flow chart of the method is shown in fig. 2. The method may comprise the steps of:
step 201, a first device collects port information of the first device and port information of one or more devices establishing communication connection with the first device.
Step 202, the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server.
In a specific embodiment, the first device is provided with a port information acquisition component, and the acquisition of the device port information is mainly completed through the acquisition component. Specifically, the first device operation acquisition component may acquire port information of a device that establishes a communication connection with the first device and port information of the first device itself. And the first equipment sends the collected port information of the first equipment and the port information of the equipment establishing communication connection with the first equipment to the server.
The first device may be any one of n devices, i.e., the device 1-1 to the device 1-n in the first network in fig. 1, the server may be a server in the first network in fig. 1, and the device that establishes a communication connection with the first device may be a device that establishes a communication connection with the first device in the second network in fig. 1. The collection component can be a port information collection component obtained by custom programming. Specifically, the collection component may be a port information collection function, and the first device may collect corresponding port information by executing the function.
For ease of understanding, referring to fig. 1, it is assumed that the device 1-1 is equipped with the above-mentioned acquisition component, and the acquisition component is operated to acquire the port information of the devices 2-1, 2-2, and 2-3 that establish communication connection with the device 1-1 and the port information of the device 1-1 itself.
Step 203, the server receives the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
Step 204, the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated manner.
In a specific embodiment, the server is provided with a port information analysis component, and the analysis component can be used for storing, querying and analyzing the port information of the device. After receiving port information of a first device and port information of one or more devices establishing communication connection with the first device, which are sent by the first device, a server stores the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in an analysis component in an associated manner, so that the port information can be inquired and analyzed when needed.
Specifically, the analysis component may be an elastic search component, and the elastic search is a distributed extensible real-time search and analysis engine, which not only includes a full-text search function, but also performs the following operations: distributed real-time file storage, and indexing each field so that it can be searched; a distributed search engine for real-time analysis; it can be extended to hundreds of servers, handling large amounts of structured or unstructured data.
In one possible implementation, the server stores, in an analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in association, where the port information includes: the server associates and matches the port information of the first device with a first preset field, associates and matches the port information of the one or more devices with a second preset field, wherein the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords; and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
Specifically, the server presets fields of search keywords in an analysis component, each field is associated with a certain type of data information, the first preset field is a field that can be associated with port information of the first device, for example, the first preset field may be "port information of a device in a first network", the second preset field may be port information that can be associated with one or more devices in a second network that establish communication connection with the first device, for example, the second preset field may be "port information of a device in a second network". The first preset field and the second preset field may be associated, for example, if the first preset field is associated with port information of the first device, the second preset field is associated with port information of one or more devices in the second network, which establish communication connection with the first device.
TABLE 1
Figure BDA0002228508160000081
For ease of understanding, the following is exemplified. Referring to table 1, table 1 is a part of example of port information associated with the first preset field and the second preset field in the analysis component. As can be seen in table 1, the port numbers of the devices in the first network are correspondingly classified in the column corresponding to the first preset field, and the port numbers of the devices in the second network are correspondingly classified in the column corresponding to the second preset field, and the devices in the first network and the devices in the second network establishing communication connection with the devices are correspondingly associated, for example, because the devices of the first network with port information of 192.168.1.2/1234 and the devices of the second network with port information of 192.168.1.3/3306, 192.168.1.5/3307 and 192.168.1.7/3308 respectively establish communication connection, the devices of the first network with port information of 192.168.1.2/1234 and the devices of the second network with port information of 192.168.1.3/3306, 192.168.1.5/3307 and 192.168.1.7/3308 respectively are correspondingly associated in table 1. That is, several port information "192.168.1.3/3306, 192.168.1.5/3307, and 192.168.1.7/3308" can be queried by searching "192.168.1.2/1234" in the first preset field.
According to the method and the device, the port information is matched with the preset field in an associated mode, the port information can be checked and inquired through the preset field, the inquiry efficiency can be improved, and the combing efficiency of the port information is further improved.
Step 205, the server obtains a query instruction of the device port information associated with the port information of the first device.
And step 206, the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In a specific embodiment, after the server stores the port information of the device in the first network and the port information of the device in the second network, which establishes a communication connection corresponding to the device, in the analysis component, the server may query and output the relevant port information through the analysis component.
For ease of understanding, see, for example, fig. 1 and table 2. Assume that the port information of the device 1-1 in fig. 1 is 192.168.1.2/1234, and the port information of the device 2-1, the device 2-2, and the device 2-3 are 192.168.1.3/3306, 192.168.1.5/3307, and 192.168.1.7/3308, respectively.
The server may obtain a query keyword in a query box of the analysis component, for example, port information "192.168.1.2/1234" of the device 1-1, according to the search keyword, the server matches corresponding port information in the database, may query for content in table 2, for example, and output and display the content in table 2.
TABLE 2
Figure BDA0002228508160000091
The device corresponding to the port information of the device in the first network in table 2 is device 1-1, and the devices corresponding to the port information of the device in the second network in table 2 are device 2-1, device 2-2, and device 2-3, respectively; that is, device 2-1, device 2-2, and device 2-3 in the second network have established communication with device 1-1 in the first network, either by closing the firewall.
In one possible implementation manner, after the server outputs the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction, the method further includes: the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network; and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
In a specific embodiment, after inquiring the port information of the first device and the port information of the one or more devices which establish communication connection with the first device, after receiving a firewall close command to close a firewall between the second device and the one or more devices, the remote login and operation of the second device can be realized through the sshpass command and the ssh command, specifically, the server logs in the second device through the two commands of the sshpass command and the ssh command, and then transmits the port information of the second device and the port information of the one or more devices to the second device through the sshpass command, the scp command and the ssh command, and then remotely controlling the second equipment to close the firewall between the second equipment and the one or more equipment according to the port information of the second equipment and the port information of the one or more equipment. The sshpass command, the scp command and the ssh command are commands commonly used for remote control.
For ease of understanding, the following are illustrated:
assuming that the device 1-3 in fig. 1 is the second device and the devices 2-1, 2-2 and 2-3 in fig. 1 are the one or more devices, since the device 1-1 in fig. 1 can establish communication with the device 2-1, 2-2 and 2-3, i.e. it indicates that there is no security risk in closing the firewall between the device in the first network and the device 2-1, 2-2 and 2-3. Thus, firewalls between device 1-3 and device 2-1, device 2-2, and device 2-3, respectively, may be closed, establishing a communication connection between device 1-3 and devices 2-1, 2-2, and 2-3, respectively. Under the condition, after the server receives an instruction for closing the firewalls between the device 1-3 and the devices 2-1, 2-2 and 2-3 respectively, the server can log in remotely through the sshpass command, the scp command and the ssh command and control the device 1-3 to complete the operation of closing the firewalls between the device and the devices 2-1, 2-2 and 2-3 respectively.
The port information combing method and device have the advantages that the port information between the devices with the firewall closed is combed, the complexity of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
To sum up, the device in the embodiment of the application collects the port information of the device which is in communication connection with the device, and then sends the collected port information to the server so as to be used for inquiry and analysis, so that the port information between the devices which close the firewall can be combed out, the complexity of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation, the acquiring, by the first device, port information of the first device and port information of one or more devices that establish a communication connection with the first device includes: the first equipment circularly collects port information of equipment which establishes communication connection with the first equipment within preset time.
In a specific embodiment, within a preset time period, the first device may cyclically acquire, through the acquisition component, port information of devices that establish communication connection with the first device multiple times to ensure that port information of some devices is not missed. The port information of the acquisition device of the operation acquisition component can be acquired only when the communication connection is established between the two devices, but the communication connection between the two devices which can communicate with each other does not exist all the time, and the communication connection is established only when the communication is needed, so that the first device needs to operate the operation collection component to continuously and circularly acquire the port information so as to ensure the integrity of the acquired port information.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes: the first device performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
Specifically, after the first device acquires the port information through the acquisition component, the repeatedly acquired port information may be subjected to deduplication processing.
For easy understanding, referring to fig. 1, it is assumed that the device 1-1 is installed with the above-mentioned collection component, the collection component collects port information of the device 1-1 and the device 2-1 twice, if the collected port information is stored in a list, there are port information of the two devices 1-1 and the two devices 2-1 in the list, the collection component will remove duplicate information and keep only one, for example, the collected partial port information shown in table 3, it is assumed that the device in the port information of the first network device in table 3 is the device 1-1 in fig. 1, and the devices in the port information of the second network device in table 3 are the device 2-1, the device 2-2 and the device 2-3, respectively, where the port information collected in number 1 is the same as the port information collected in number 4, the acquisition component deletes the information of one of the numbers 1 and 4 and saves only the port information of one number.
TABLE 3
Figure BDA0002228508160000121
In the embodiment of the application, before the collected port information is sent to the server, the collected port information is subjected to duplicate removal processing, redundant information is removed, the situation that the server needs to store redundant information after the collected port information is sent to the server is avoided, and the storage space of the server is saved.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes: the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in a message queue mode.
In a specific implementation manner, after the first device acquires the port information through the acquisition component, the first device may first send the port information to a cache component, where the cache component may temporarily store the port information acquired by the acquisition component in a message queue, and then queue and send the port information to the analysis component in the server in the message queue for storage so as to query and analyze the port information as needed.
Specifically, the cache component may be a kafka component, and the port information acquired by the acquisition component may be temporarily stored by using the kafka component, stored in a message queue, and then sent to the server according to the sequence of the queue. For example, referring to table 3, it is assumed that the port information in table 3 is collected in the order from number 1, number 2, number 3 to number 4, and therefore, the collected port information may be stored in the kafka component in the order of the numbers, and then the port information of number 1 may be sent to the server, and then the port information of number 2, number 3, and number 4 may be sent to the server in the order.
Because the amount of the collected port information data is huge, the pressure of the collection assembly for storing the port data can be relieved through the embodiment, and meanwhile, a buffer time can be given to the analysis assembly in the server, so that the pressure of the analysis assembly in the server for receiving and storing a large amount of port information is relieved.
In one possible implementation manner, after the server receives port information of the first device and port information of one or more devices that establish a communication connection with the first device, which are sent by the first device, and before the server stores the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device in the analysis component, the method further includes: and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
In a specific embodiment, after receiving port information of the first device and port information of one or more devices establishing communication connection with the first device, which are sent by the first device, the server may perform deduplication processing on the received port information through the analysis component, and then store the deduplicated port information in the analysis component. The detailed operation of deduplication can refer to the detailed implementation description of deduplication in table 3, and is not described here again.
In the embodiment of the application, before the server stores the receiving port information into the analysis component, the server firstly performs duplicate removal processing on the port information, removes redundant information, avoids the need of storing redundant information, and saves the storage space of the server.
It should be noted that, if the port information is deduplicated in the server, the first device may not perform deduplication processing after acquiring the port information, and may send the acquired original port information to the server. Therefore, the processing load of the first equipment can be reduced, and the data acquisition efficiency can be improved.
Fig. 3 is a schematic structural diagram of an apparatus 300, wherein the apparatus 300 comprises: an acquisition unit 301 and a transmission unit 302, wherein:
an acquisition unit 301, configured to acquire port information of the device 300 and port information of one or more devices that establish communication connection with the device 300; wherein the device 300 is a device in a first network, the one or more devices are devices in a second network, and a firewall between any one device in the first network and any one device in the second network is in an open state except that the firewall between the device 300 and the one or more devices is in a closed state;
a sending unit 302, configured to send, to a server, port information of the device 300 and port information of one or more devices that establish a communication connection with the device 300, where the port information of the device 300 and the port information of the one or more devices are stored in an analysis component of the server in an associated manner, and the analysis component is configured to query and analyze the port information.
In one possible implementation, the device 300 further includes a deduplication unit, configured to perform deduplication processing on the port information of the device 300 and the port information of the one or more devices that establish communication connection with the device 300 before the sending unit 302 sends the port information of the device 300 and the port information of the one or more devices that establish communication connection with the device 300 to the server after the collecting unit 301 collects the port information of the device 300 and the port information of the one or more devices that establish communication connection with the device 300.
In one possible implementation, the device 300 further includes a storage unit, configured to store the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 in a cache component, where the cache component is a storage component that stores the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 in the form of a message queue, before the acquisition unit 301 acquires the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 and the sending unit 302 sends the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 to a server.
In one possible implementation, the acquiring unit 301 acquires port information of the device 300 and port information of one or more devices that establish communication connection with the device 300, specifically:
and circularly collecting port information of the equipment which establishes communication connection with the equipment 300 in preset time.
The specific implementation and beneficial effects of each unit in the apparatus 300 shown in fig. 3 may correspond to the corresponding descriptions in the method embodiment shown in fig. 2, and are not described herein again.
Referring to fig. 4, fig. 4 is a block diagram illustrating a port information combing server 400 according to an embodiment of the present disclosure, where the port information combing server 400 may be the server illustrated in fig. 1; the server 400 includes: a receiving unit 401, a storage unit 402, an acquisition unit 403, and an output unit 404, wherein:
a receiving unit 401, configured to receive port information of a first device and port information of one or more devices that establish a communication connection with the first device, where the port information of the first device is sent by the first device; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
a storage unit 402, configured to store, in an analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in an associated manner, where the analysis component is configured to query and analyze the port information;
an obtaining unit 403, configured to obtain an inquiry instruction of device port information associated with port information of the first device;
an output unit 404, configured to output the port information of the one or more devices, which is queried according to the query instruction and stored in association with the port information of the first device.
In one possible implementation manner, the server 400 further includes a deduplication unit, configured to perform deduplication processing on the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device before the storage unit 402 stores the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device in association in the analysis component after the receiving unit 401 receives the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device, where the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device are sent by the first device.
In one possible implementation manner, the storage unit 402 stores, in the analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in an associated manner, specifically: the port information of the first device is associated and matched with a first preset field, the port information of the one or more devices is associated and matched with a second preset field, the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and storing the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
In one possible implementation manner, the server 400 further includes a remote control unit, and the output unit 404 is configured to, after outputting the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction,
an obtaining unit 403, further configured to obtain a firewall closing instruction, where the firewall closing instruction carries port information of a second device and port information of the one or more devices, and is used to close a firewall between the second device and the one or more devices; the second device is a device in the first network;
the remote control unit is used for remotely controlling the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
The specific implementation and beneficial effects of each unit in the server 400 shown in fig. 4 may correspond to the corresponding descriptions in the method embodiment shown in fig. 2, and are not described herein again.
Referring to fig. 5, fig. 5 is a device 500 according to an embodiment of the present application, where the device 500 may be the first device described in fig. 1 and fig. 2, the device 500 includes a processor 501, a memory 502, and a communication interface 503, and the processor 501, the memory 502, and the communication interface 503 are connected to each other through a bus 505.
The memory 502 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a portable read-only memory (CD-ROM), and the memory 502 is used for storing related instructions and data. The communication interface 503 is used to receive and transmit data.
The processor 501 may be one or more Central Processing Units (CPUs), and in the case that the processor 501 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.
The processor 501 in the device 500 is configured to read the program code stored in the memory 502 and perform the following operations:
acquiring port information of the equipment 500 and port information of one or more pieces of equipment which establish communication connection with the equipment 500; wherein the device 500 is a device in a first network, the one or more devices are devices in a second network, and a firewall between any one device in the first network and any one device in the second network is in an open state except that the firewall between the device 500 and the one or more devices is in a closed state;
and sending the port information of the device 500 and the port information of one or more devices establishing communication connection with the device 500 to a server, wherein the port information of the device 500 and the port information of the one or more devices are stored in an analysis component of the server in an associated manner, and the analysis component is used for inquiring and analyzing the port information.
In one possible implementation, after the processor 501 collects port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500, before the processor 501 sends the port information of the device 500 and the port information of the one or more devices that establish a communication connection with the device 500 to the server through the communication interface 503, the method further includes:
the port information of the device 500 and the port information of one or more devices that establish a communication connection with the device 500 are deduplicated.
In one possible implementation, after the processor 501 collects port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500, before the processor 501 sends the port information of the device 500 and the port information of the one or more devices that establish a communication connection with the device 500 to the server through the communication interface 503, the method further includes:
the port information of the device 500 and the port information of one or more devices establishing communication connection with the device 500 are stored in a buffer component, which is a storage component storing the port information of the device 500 and the port information of one or more devices establishing communication connection with the device 500 in the form of message queues.
In one possible implementation, the acquiring, by the processor 501, port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500 includes:
port information of the device that establishes a communication connection with the device 500 is collected cyclically within a preset time.
It should be noted that implementation of each operation of the apparatus 500 in fig. 5 may also correspond to corresponding description of the method embodiment shown in fig. 2, and is not described herein again.
Referring to fig. 6, fig. 6 is a server 600 according to an embodiment of the present application, where the server 600 may be the server described in fig. 1 and fig. 2, the server 600 includes a processor 601, a memory 602, and a communication interface 603, and the processor 601, the memory 602, and the communication interface 603 are connected to each other through a bus 606.
The memory 602 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a portable read-only memory (CD-ROM), and the memory 602 is used for storing related instructions and data. The communication interface 603 is used for receiving and transmitting data.
The processor 601 may be one or more Central Processing Units (CPUs), and in the case that the processor 601 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.
The processor 601 in the server 600 is configured to read the program code stored in the memory 602, and perform the following operations:
receiving port information of a first device and port information of one or more devices establishing communication connection with the first device, which are sent by the first device, through a communication interface 603; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
storing the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated manner, wherein the analysis component is used for inquiring and analyzing the port information;
acquiring a query instruction of the device port information associated with the port information of the first device;
and outputting the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In one possible implementation, after the processor 601 receives, through the communication interface 603, port information of the first device and port information of one or more devices that establish a communication connection with the first device, which are sent by the first device, before the processor 601 stores, in the analysis component, the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device in association, the method further includes: and carrying out deduplication processing on the port information of the first equipment and the port information of one or more pieces of equipment which establish communication connection with the first equipment.
In one possible implementation, the processor 601 stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in association in the analysis component, and includes: the port information of the first device is associated and matched with a first preset field, the port information of the one or more devices is associated and matched with a second preset field, the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and storing the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
In one possible implementation manner, after the processor 601 outputs the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction, the method further includes:
obtaining a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and remotely controlling the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
It should be noted that, implementation of each operation of the server 600 in fig. 6 may also correspond to corresponding description of the method embodiment shown in fig. 2, and details are not described here again.
An embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, where the computer program includes program instructions, and when the program instructions are executed by a processor, the method flow shown in fig. 2 is implemented.
To sum up, the embodiment of the application realizes the combing of the port information between the devices with closed firewall, avoids the complexity of manual combing, reduces the error rate of combing, improves the combing efficiency and saves the labor cost.
One of ordinary skill in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the above method embodiments.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A port information combing method is characterized by comprising the following steps:
the method comprises the steps that a server receives port information of first equipment and port information of one or more devices which establish communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; wherein the first device is a device in a first network and the one or more devices are devices in a second network; a firewall between any one of the devices in the first network and any one of the devices in the second network is in an open state, except that the firewall between the first device and the one or more devices is in a closed state;
the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated mode, and the analysis component is used for inquiring and analyzing the port information;
the server acquires a query instruction of the device port information associated with the port information of the first device;
and the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
2. The method of claim 1, wherein after the server receives the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device, which are sent by the first device, and before the server stores the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device in association in the analysis component, the method further comprises:
and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
3. The method of claim 1 or 2, wherein the server stores port information of the first device and port information of one or more devices establishing communication connection with the first device in association in an analysis component, and comprises:
the server associates and matches the port information of the first device with a first preset field, associates and matches the port information of the one or more devices with a second preset field, wherein the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
4. The method according to claim 3, wherein after the server outputs the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction, the method further comprises:
the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
5. A port information combing method is characterized by comprising the following steps:
the method comprises the steps that a first device collects port information of the first device and port information of one or more devices which establish communication connection with the first device; wherein the first device is a device in a first network and the one or more devices are devices in a second network; a firewall between any one of the devices in the first network and any one of the devices in the second network is in an open state, except that the firewall between the first device and the one or more devices is in a closed state;
the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server, the port information of the first device and the port information of the one or more devices are stored in an analysis component of the server in an associated mode, and the analysis component is used for inquiring and analyzing the port information.
6. The method of claim 5, wherein after the first device collects port information of the first device and port information of one or more devices that establish communication connections with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish communication connections with the first device to a server, the method further comprises:
the first device performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
7. The method of claim 5, wherein after the first device collects port information of the first device and port information of one or more devices that establish communication connections with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish communication connections with the first device to a server, the method further comprises:
the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in a message queue mode.
8. The method according to any one of claims 5 to 7, wherein the acquiring, by the first device, port information of the first device and port information of one or more devices that establish communication connection with the first device comprises:
the first equipment circularly collects port information of equipment which establishes communication connection with the first equipment within preset time.
9. A port information grooming device characterized by comprising means for carrying out the method according to any one of claims 5 to 8.
10. A port information grooming server characterized in that it comprises means for carrying out the method according to any one of claims 1 to 4.
CN201910961589.4A 2019-10-10 2019-10-10 Port information combing method, device and server Active CN110798340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910961589.4A CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910961589.4A CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Publications (2)

Publication Number Publication Date
CN110798340A true CN110798340A (en) 2020-02-14
CN110798340B CN110798340B (en) 2022-11-25

Family

ID=69439125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910961589.4A Active CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Country Status (1)

Country Link
CN (1) CN110798340B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070255861A1 (en) * 2006-04-27 2007-11-01 Kain Michael T System and method for providing dynamic network firewall with default deny
CN101753426A (en) * 2008-12-03 2010-06-23 北京天融信网络安全技术有限公司 Firewall multi-outlet intelligent route selection method
CN205407853U (en) * 2016-03-07 2016-07-27 国家电网公司 Double -link data transmission system
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal
CN108494771A (en) * 2018-03-23 2018-09-04 平安科技(深圳)有限公司 Electronic device, fire wall open verification method and storage medium
CN109639630A (en) * 2018-10-30 2019-04-16 国网陕西省电力公司信息通信公司 A kind of terminal prot managing and control system and management-control method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070255861A1 (en) * 2006-04-27 2007-11-01 Kain Michael T System and method for providing dynamic network firewall with default deny
CN101753426A (en) * 2008-12-03 2010-06-23 北京天融信网络安全技术有限公司 Firewall multi-outlet intelligent route selection method
CN205407853U (en) * 2016-03-07 2016-07-27 国家电网公司 Double -link data transmission system
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal
CN108494771A (en) * 2018-03-23 2018-09-04 平安科技(深圳)有限公司 Electronic device, fire wall open verification method and storage medium
CN109639630A (en) * 2018-10-30 2019-04-16 国网陕西省电力公司信息通信公司 A kind of terminal prot managing and control system and management-control method

Also Published As

Publication number Publication date
CN110798340B (en) 2022-11-25

Similar Documents

Publication Publication Date Title
CN106657213B (en) File transmission method and device
CN107391770B (en) Method, device and equipment for processing data and storage medium
KR102267441B1 (en) Method and system for archiving data using hybrid storage of data
CN111475705A (en) SQ L query-based network service monitoring method, device, equipment and storage medium
CN112154420A (en) Automatic intelligent cloud service testing tool
CN112732647B (en) Log searching method, device, equipment and storage medium
CN111740868A (en) Alarm data processing method and device and storage medium
WO2020237878A1 (en) Data deduplication method and apparatus, computer device, and storage medium
EP3388957A1 (en) Method and system for optimizing database system, electronic device, and storage medium
CN110618999A (en) Data query method and device, computer storage medium and electronic equipment
CN113282611A (en) Method and device for synchronizing stream data, computer equipment and storage medium
Chang et al. Cloud computing storage backup and recovery strategy based on secure IoT and spark
CN115329170A (en) Webpage crawling method, device, equipment and storage medium
CN110798340B (en) Port information combing method, device and server
CN112732663A (en) Log information processing method and device
CN110798222B (en) Data compression method and device
CN110430098B (en) Data processing system
CN114356712A (en) Data processing method, device, equipment, readable storage medium and program product
US11835989B1 (en) FPGA search in a cloud compute node
Rump et al. Distributed and collaborative malware analysis with MASS
CN111177704B (en) Binding identification method, binding identification device, binding identification equipment and binding identification medium
CN114721529B (en) Software compatibility control method and system based on artificial intelligence and cloud platform
CN115038089B (en) Multi-terminal data monitoring and collecting method based on information extraction
CN117407578B (en) Decentralized cloud resource data retrieval system and method
CN110955746B (en) Electromagnetic data collecting and processing device and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant