CN110933032A - SSH path tracking method, system and medium - Google Patents
SSH path tracking method, system and medium Download PDFInfo
- Publication number
- CN110933032A CN110933032A CN201911023403.7A CN201911023403A CN110933032A CN 110933032 A CN110933032 A CN 110933032A CN 201911023403 A CN201911023403 A CN 201911023403A CN 110933032 A CN110933032 A CN 110933032A
- Authority
- CN
- China
- Prior art keywords
- host
- ssh
- source
- link
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a system and a medium for tracking an SSH path, which comprises the following implementation steps: when the target host logs in at ssh of any host, sequentially splicing the target host and the source host which originally sends out the ssh login according to all connections to form a link between the target host and the source host; when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack. The invention can quickly locate the IP address of the host initiating the attack when SSH multi-level attack occurs under the condition of keeping the remote login security and convenience of the computer.
Description
Technical Field
The invention relates to computer network, network security and remote computer security access technology, in particular to an SSH path tracking method, a system and a medium.
Background
SSH is a set of connection tools used to securely access remote computers that encrypts all transmitted data, effectively preventing eavesdropping, connection hijacking, and other network-level attacks. SSH not only can be used for remote login between two machines, but also can be used for remote login between a plurality of machines through multi-level jump, and great convenience is provided for remote computer login maintenance. However, each level of login only records the source IP address and the destination IP address information of the level of login, and does not have the IP address information of the level of login. Therefore, when the internal system is subjected to SSH multi-level attack due to password leakage, the IP address of the host initiating the attack cannot be located, and an attacker cannot be processed in time.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides an SSH path tracking method, a system and a medium, which can quickly locate the IP address of a host initiating an attack when SSH multi-level attacks occur under the condition of keeping the remote login security and convenience of a computer.
In order to solve the technical problems, the invention adopts the technical scheme that:
an SSH path tracing method comprises the following implementation steps:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
Optionally, the detailed step of sequentially splicing in step 1) according to all connections between the target host and the source host that originally issued SSH login includes:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai;
1.2) search the current connection A from the system process treeiIf the search is successful, connect to AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
Optionally, linking A in step 1.2)iAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
In addition, the present invention also provides an SSH path tracing system, which is characterized by comprising:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
Furthermore, the present invention also provides an SSH path tracing system comprising a computer device programmed or configured to perform the steps of the SSH path tracing method.
Furthermore, the present invention also provides an SSH path tracing system, comprising a computer device, the computer device at least comprising a microprocessor and a memory, and the memory storing therein a computer program programmed or configured to execute the SSH path tracing method.
Furthermore, the present invention also provides a computer-readable storage medium having stored therein a computer program programmed or configured to execute the SSH path tracing method.
Compared with the prior art, the invention has the following advantages: the implementation steps of the invention comprise: when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host; when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack. The invention can trace the path of the SSH path from the source host to the target host when the SSH carries out multi-level jump login under the condition of keeping the remote login safety and convenience of the computer. When SSH login attack occurs, the source host IP which initiates the attack can be quickly positioned, and the security defense coefficient of the whole system is improved.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
FIG. 2 is a schematic diagram of an example of a method according to an embodiment of the invention.
Detailed Description
As shown in fig. 1, the steps of implementing the SSH path tracing method of this embodiment include:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
In this embodiment, the detailed steps of sequentially splicing in step 1) according to all connections between the target host and the source host that originally issued the SSH login include:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai;
1.2) searching the parent process of the current connection Ai from the system process tree, and if the search is successful, connecting AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
In this example, connection A is to be made in step 1.2)iAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
Each jump access of the SSH takes a link as a basic unit, and each link unit contains link information. The specific content of the link information includes a source IP of the upper link, a source port of the upper link, a destination IP of the upper link, a source IP of the present link, a source port of the present link, and a destination port of the present link. In this embodiment, by splicing a plurality of individual links, a plurality of links can be spliced into one link, and an SSH path from the source host to the destination host is generated. Each link is uniquely identified by a source IP, a source port and a destination IP, and for two-hop links A and B, the two links can be spliced by comparing whether the information of the link A at the current stage is the same as the information of the link B at the previous stage. If the comparison is the same, link A and link B are merged into the presence of three-hop link C. For a two-hop link D, the two links can be spliced by comparing whether the current-stage link information of the link D is the same as the last-stage link information of the link C. If the comparison is the same, then link C and link D are merged into the presence of four-hop link F. When there are n one-hop links, it can be merged into a n-1-hop multi-hop link.
Three specific examples will be described below in conjunction with fig. 2:
first, example 1:
referring to FIG. 2, attack host M1 logs into host M2 via SSH, and in this connection logs into host M3 from host M2 via SSH, resulting in link A (M1- > M2- > M3). When host M3 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single connections.
When logging in from host M1 to M2 via SSH, host M2 generates connection a1(M1- > M2) with values of connection a1 [ S1, P1, D1], where S1 is the IP of host M1, P1 is the port opened by host M1, and D1 is the IP of host M2, when logging in to host M3 again via SSH in connection a1, host M2 generates connection a2(M2- > M3) with values of connection a2 [ S2, P2, D2], where S2 is the IP of host M2, P2 is the port opened by host M2, and D2 is the IP of host M3, since connection a2 is connected in connection a1, connection a2 is a sub-process of connection a 1. Since the parent process of each process is unique, the parent process a1 of the connection a2 can be found from the system process tree, so that the connection a1(M1- > M2) and the connection a2(M2- > M3) can form a link a (M1- > M2-M3), the value of the link a is { [ S1, P1, D1], [ S2, P2, D2] }, and the link a records the link information at SSH multi-level login, that is, the source host address is S1, and the destination host address is D2.
II) locating to the host initiating the attack.
When the host M2 logs in to the host M3, the host M3 also generates a connection A3(M2- > M3), where A3 has values of [ S3, P3, D3], where S3 is the IP of the host M2, P3 is the open port of the host M2, and D3 is the IP of the host M3. Since each port on each host is unique, then (S3, P3) is unique, and similarly (S2, P2) is unique, since the values of (S3, P3) and (S2, P2) are equal, a unique link A can be found. When M3 is attacked, the corresponding link a can be found according to the source IP and the source port of the connection, and the source host address recorded by the link a is the IP of M1, thereby determining that the host initiating the attack is M1.
Second, example 2:
in example 1, host M1 has been connected to M3, and in this connection, it logs in from host M3 to host M4 via SSH, creating link B (M2- > M3- > M4), and links a and B are spliced to form link C (M1- > M2- > M3- > M4). When host M4 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single links.
In example 1, link A (M1- > M2-M3) is generated, the value of link A being { [ S1, P1, D1], [ S2, P2, D2] }. When logging in from host M3 to M4, host M3 generates connection a4(M3- > M4) and a4 has values (S4, P4, D4), where S4 is the IP of host M3, P4 is the port opened by host M3, and D4 is the IP of host M4, and according to connection A3(M2- > M3) and connection a4(M3- > M4), the same example 1 process may generate link B (M2- > M3- > M4) and the value of link B is { [ S3, P3, D3], [ S4, P4, D4] }. Since (S3, P3) is unique, [ S3, P3, D3] is also unique, and [ S2, P2, D2] is also unique in the same way. And since the values of [ S3, P3, D3] and [ S2, P2, D2] are equal, link A and link B can be concatenated into link C (M1- > M2- > M3- > M4), and the value of link C is { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4] }.
II) locating to the host initiating the attack.
When the host M3 logs in to the host M4, the host M4 also generates a connection a5(M3- > M4), where a5 has values of [ S5, P5, D5], where S5 is the IP of the host M3, P5 is the open port of the host M3, and D5 is the IP of the host M3. Since (S5, P5) and (S4, P4) are equal, the corresponding link C can be found. When M4 is attacked, the corresponding link C can be found according to the source IP and the source port of the connection, and the IP of the source host address M1 recorded according to the link C determines that the host initiating the attack is M1.
Third, example 3:
in example 2, host M1 has been connected to M4, and in this connection, it logs in from host M4 to host M5 via SSH, creating link D (M3- > M4- > M5), and links C and D are spliced to form link F (M1- > M2- > M3- > M4- > M5). When host M5 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single links.
In example 2, link C (M1- > M2- > M3- > M4) was produced,
the value of link C is { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4] }.
When logging in from host M4 to M5, host M4 generates connection a6(M4- > M5) and a6 has values (S6, P6, D6), where S6 is the IP of host M4, P6 is the port opened by host M4, and D6 is the IP of host M5, and according to connection A5(M3- > M4) and connection a6(M4- > M5), the same example 1 process may generate link D (M3- > M4- > M5) and the value of link D is { [ S5, P5, D5], [ S6, P6, D6] }. Since the values of [ S5, P5, D5] and [ S4, P4, D4] are equal, link D and link C can be spliced into link F (M1- > M2- > M3- > M4- >5),
the values of the link F are { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4], [ S6, P6, D6] }.
II) locating to the host initiating the attack.
When the host M4 logs in to the host M5, the host M5 also generates a connection a7(M4- > M5), where a7 has values of [ S7, P7, D7], where S7 is the IP of the host M4, P7 is the open port of the host M4, and D7 is the IP of the host M5. Since (S7, P7) and (S6, P6) are equal, a corresponding link F is enabled.
When M4 is attacked, the corresponding link F can be found according to the source IP and the source port of the connection, and the source host address recorded by the link F is the IP of M1, so that the host initiating the attack is determined to be M1.
As can be seen from the above 3 examples, the SSH path tracking method of the present embodiment regards SSH telnet as having upper link information and lower link information, and concatenates these link information to finally form a path from the source host IP to the destination host IP, thereby tracking the entire SSH path.
In addition, the present embodiment further provides an SSH path tracking system, including:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
In addition, the present embodiment further provides an SSH path tracing system, which includes a computer device programmed or configured to execute the steps of the SSH path tracing method according to the present embodiment.
In addition, the present embodiment further provides an SSH path tracing system, which includes a computer device, the computer device at least includes a microprocessor and a memory, and the memory stores a computer program programmed or configured to execute the SSH path tracing method of the present embodiment.
In addition, the present embodiment also provides a computer-readable storage medium, in which a computer program programmed or configured to execute the SSH path tracing method of the present embodiment is stored.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (7)
1. An SSH path tracing method, characterized by the implementation steps comprising:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
2. The SSH path tracing method according to claim 1, wherein the detailed step of sequentially splicing in step 1) according to all connections between the target host and the source host originally sending the SSH login comprises:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai;
1.2) search the current connection A from the system process treeiIf the search is successful, connect to AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
3. The SSH path tracing method according to claim 2, wherein in step 1.2) connection a is connectediAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
4. An SSH path tracing system, comprising:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
5. An SSH path tracing system comprising computer equipment, characterized in that the computer equipment is programmed or configured to perform the steps of the SSH path tracing method according to any of claims 1 to 3.
6. An SSH path tracing system comprising a computer device, wherein the computer device comprises at least a microprocessor and a memory, and the memory stores therein a computer program programmed or configured to perform the SSH path tracing method of any of claims 1 to 3.
7. A computer-readable storage medium having stored thereon a computer program programmed or configured to perform the SSH path tracing method of any of claims 1 to 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911023403.7A CN110933032B (en) | 2019-10-25 | 2019-10-25 | SSH path tracking method, system and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911023403.7A CN110933032B (en) | 2019-10-25 | 2019-10-25 | SSH path tracking method, system and medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110933032A true CN110933032A (en) | 2020-03-27 |
CN110933032B CN110933032B (en) | 2022-04-05 |
Family
ID=69849527
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911023403.7A Active CN110933032B (en) | 2019-10-25 | 2019-10-25 | SSH path tracking method, system and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110933032B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112702191A (en) * | 2020-12-11 | 2021-04-23 | 福建天晴在线互动科技有限公司 | Link tracking method and terminal |
CN112738044A (en) * | 2020-12-22 | 2021-04-30 | 湖南麒麟信安科技股份有限公司 | Multi-protocol link path tracking method and system |
CN114866455A (en) * | 2022-04-18 | 2022-08-05 | 北京凝思软件股份有限公司 | Construction method, system, terminal and medium for SSH multi-level jump path |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110185419A1 (en) * | 2010-01-26 | 2011-07-28 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for detecting ssh login attacks |
CN103916406A (en) * | 2014-04-25 | 2014-07-09 | 上海交通大学 | System and method for detecting APT attacks based on DNS log analysis |
US20170070530A1 (en) * | 2013-11-25 | 2017-03-09 | Level 3 Communications, Llc | System and method for a security asset manager |
CN106534195A (en) * | 2016-12-19 | 2017-03-22 | 杭州信雅达数码科技有限公司 | Network attacker behavior analyzing method based on attack graph |
CN106656640A (en) * | 2017-03-14 | 2017-05-10 | 北京深思数盾科技股份有限公司 | Early warning method and device of network attack |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
CN107135235A (en) * | 2017-07-05 | 2017-09-05 | 湖北鑫英泰系统技术股份有限公司 | A kind of multistage redirect after SSH connections source method for tracing and device |
-
2019
- 2019-10-25 CN CN201911023403.7A patent/CN110933032B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110185419A1 (en) * | 2010-01-26 | 2011-07-28 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for detecting ssh login attacks |
US20170070530A1 (en) * | 2013-11-25 | 2017-03-09 | Level 3 Communications, Llc | System and method for a security asset manager |
CN103916406A (en) * | 2014-04-25 | 2014-07-09 | 上海交通大学 | System and method for detecting APT attacks based on DNS log analysis |
CN106534195A (en) * | 2016-12-19 | 2017-03-22 | 杭州信雅达数码科技有限公司 | Network attacker behavior analyzing method based on attack graph |
CN106656640A (en) * | 2017-03-14 | 2017-05-10 | 北京深思数盾科技股份有限公司 | Early warning method and device of network attack |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
CN107135235A (en) * | 2017-07-05 | 2017-09-05 | 湖北鑫英泰系统技术股份有限公司 | A kind of multistage redirect after SSH connections source method for tracing and device |
Non-Patent Citations (2)
Title |
---|
IOANNIS KONIARIS等: ""Analysis and visualization of SSH attacks using honeypots"", 《 EUROCON 2013》 * |
汪颖: ""对于虚拟服务器 SSH 暴力登录攻击的防范", 《中国科技纵横》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112702191A (en) * | 2020-12-11 | 2021-04-23 | 福建天晴在线互动科技有限公司 | Link tracking method and terminal |
CN112738044A (en) * | 2020-12-22 | 2021-04-30 | 湖南麒麟信安科技股份有限公司 | Multi-protocol link path tracking method and system |
CN114866455A (en) * | 2022-04-18 | 2022-08-05 | 北京凝思软件股份有限公司 | Construction method, system, terminal and medium for SSH multi-level jump path |
Also Published As
Publication number | Publication date |
---|---|
CN110933032B (en) | 2022-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110933032B (en) | SSH path tracking method, system and medium | |
US8997236B2 (en) | System, method and computer readable medium for evaluating a security characteristic | |
US7958549B2 (en) | Attack defending system and attack defending method | |
CN108183916A (en) | A kind of network attack detecting method and device based on log analysis | |
CN107122221A (en) | Compiler for regular expression | |
CN103634786A (en) | Method and system for security detection and repair of wireless network | |
US8543528B2 (en) | Exploitation of transition rule sharing based on short state tags to improve the storage efficiency | |
CN110768951B (en) | Method and device for verifying system vulnerability, storage medium and electronic device | |
CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
CN101009660A (en) | Universal method and device for processing the match of the segmented message mode | |
CN111182060A (en) | Message detection method and device | |
US11934674B2 (en) | Method, electronic device, and computer program product for storing and accessing data across multiple servers utilizing metadata of a distributed hash table | |
CN114338510B (en) | Data forwarding method and system for controlling and forwarding separation | |
CN103971059A (en) | Cookie local storage and usage method | |
JP2007325293A (en) | System and method for attack detection | |
JP2006067605A (en) | Attack detecting system and attack detecting method | |
CN113489770B (en) | Inter-container communication method, electronic device, and computer-readable storage medium | |
CN105491094A (en) | HTTP request handling method and device | |
CN112511559B (en) | Method and system for detecting intranet lateral movement attack | |
CN113922972B (en) | Data forwarding method and device based on MD5 identification code | |
EP4154144B1 (en) | Cyber attack coverage | |
CN111431732B (en) | Method and system for carrying out increment verification on computer network data plane | |
CN107547497A (en) | A kind of unaware PORTAL authentication methods and device | |
CN112738044B (en) | Multi-protocol link path tracking method and system | |
CN114268473B (en) | Method, system, terminal and storage medium for resisting DDOS attack by IKEv1 protocol main mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000 Applicant after: Hunan Qilin Xin'an Technology Co., Ltd Address before: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000 Applicant before: HUNAN KYLIN XINAN TECHNOLOGY Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |