CN111131429A - Efficient and accurate database service discovery method - Google Patents
Efficient and accurate database service discovery method Download PDFInfo
- Publication number
- CN111131429A CN111131429A CN201911313900.0A CN201911313900A CN111131429A CN 111131429 A CN111131429 A CN 111131429A CN 201911313900 A CN201911313900 A CN 201911313900A CN 111131429 A CN111131429 A CN 111131429A
- Authority
- CN
- China
- Prior art keywords
- database
- port
- service
- database service
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Abstract
The invention relates to an efficient and accurate database service discovery method, which is technically characterized by comprising the following steps: specifying a database service IP range; appointing the mapping relation between the port range of different database type services and the database type; detecting surviving hosts within the network; detecting the port state of the surviving host, and establishing connection with the surviving port; and determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics. The invention has reasonable design, can efficiently and accurately discover the database service surviving in the network by the modes of living host screening, active port detection, database service type determination and the like, and can be widely applied to the fields of database management, database operation and maintenance, database carding, database detection, database vulnerability scanning and the like.
Description
Technical Field
The invention belongs to the technical field of database operation and maintenance management, and particularly relates to an efficient and accurate database service discovery method.
Background
In a huge information network, there are a large number of various information systems. In the process of upgrading, replacing and eliminating in daily management, the complex information system often generates the phenomenon of chaos of database service management.
The traditional database service management is realized by manually maintaining tables, and the traditional database service management is maintained by an information system. When the operation and maintenance modes are missed or periodically checked, the operation and maintenance methods are time-consuming and labor-consuming, and errors are easy to occur.
At present, whether a port designated in a host is opened or not can be found through a known service port discovery technology, so that the type of a database can be found through a default port, but the method usually has a very high false alarm rate and has a limited practical application value.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides an efficient and accurate database service discovery method, and solves the problems of high false alarm rate and low efficiency of the conventional database discovery method.
The technical problem to be solved by the invention is realized by adopting the following technical scheme:
an efficient and accurate database service discovery method comprises the following steps:
step 1, appointing a database service IP range;
step 2, appointing the mapping relation between the port range of different database type services and the database type;
step 3, detecting the survival host in the network;
step 4, detecting the port state of the surviving host, and establishing connection with the surviving port;
and 5, determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics.
The implementation method of the step 3 comprises the following steps: sending an arping, icmp or tcping request to the network, and judging which hosts survive within the network range according to the feedback.
The implementation method of the step 4 comprises the following steps: the implementation method of the step 4 comprises the following steps: and respectively trying to carry out TCP/IP connection within the port range of different database type services specified in the step 2.
The specific implementation method of the step 5 is as follows:
⑴ attempting to read the response message of the database;
⑵ if the response message is read successfully, analyzing the content characteristics in the response message, determining the service type of the database, if the determination is successful, going to step ⑻, otherwise going to step ⑶;
⑶, sending detection message to database service, if abnormal message is read, turning to step ⑷, otherwise, turning to step ⑸;
⑷ analyzing abnormal message characteristics, determining the database service type, if the determination is successful, turning to step ⑻, otherwise, turning to step ⑸;
⑸ for other unknown network targets, providing mapping relation to find out possible database service type of each unknown network target through step 2;
⑹, using the corresponding client to try connection, if abnormal message is read, turning to step ⑷, otherwise, turning to step ⑺;
⑺ determining that the network object is not a database service, the process ends;
⑻ the database service type determination is successful, and the process ends.
The step ⑹ uses the client's possible database types to connect to the destination address and port in turn for client connection attempts and uses default parameters for service name, instance name, database name, user name or password parameters when connecting.
The invention has the advantages and positive effects that:
1. the invention reduces unnecessary expenses by appointing the IP range of the database service and the PORT range of different database types of service; the effective target number is reduced through host survival detection and port state detection; rapidly determining the type of part of database services by analyzing the characteristics of active response messages of part of database services; by sending the detection message to the unknown target collection database response message and analyzing the characteristics of the detection message, part of database service type information can be further determined, and the connection performance is better because the same Socket is used; and for other unknown targets, all database service types can be accurately and uninterruptedly determined by analyzing response messages generated when the database client establishes connection.
2. The invention has reasonable design, can efficiently and accurately discover the database service surviving in the network by the modes of living host screening, active port detection, database service type determination and the like, and can be widely applied to the fields of database management, database operation and maintenance, database carding, database detection, database vulnerability scanning and the like.
Drawings
FIG. 1 is an overall flow diagram of the present invention;
FIG. 2 is a flow chart of the present invention for determining a network object database service type.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
An efficient and accurate database service discovery method, as shown in fig. 1, includes the following steps:
step 1, appointing a database service IP range.
And 2, appointing the mapping relation between PORT ranges of different database type services and the database types.
And 3, detecting the survival host in the network.
The specific method of the step is as follows: and sending requests such as arping, icmp, tcping and the like to the network, and judging which hosts survive within the network range according to the feedback.
And 4, detecting the port state of the surviving host, and establishing connection with the port.
The specific method of the step is as follows: and respectively trying to carry out TCP/IP connection within the specified port range of the step 2. If the Socket connection is successfully established, the port is considered to be in an active state.
The database service type is then determined according to steps 5-12, as shown in FIG. 2.
And 5, trying to read the response message of the database.
And 6, if the response message is read successfully, analyzing content characteristics in the response message, determining the service type of the database (for example, the Mysql-series database can actively send version information and other contents to the client), if the determination is successful, turning to the step 12, and if the determination is not successful, turning to the step 7.
And 7, sending a detection message to the database service by using the connection, if an abnormal message is read, turning to the step 8, and if not, turning to the step 9.
And 8, analyzing the abnormal message characteristics, determining the service type of the database, and if the determination is successful, turning to the step 12, otherwise, turning to the step 9.
Because the partial database responds when receiving the abnormal message, the abnormal information message is sent, and the service type of the database can be further determined by analyzing the characteristics in the abnormal message.
And 9, for other unknown network targets, finding out the possible database service type of each unknown network target through the port and database service type mapping relation provided in the step 2.
And step 10, using the corresponding client to try connection, if an abnormal message is read, turning to step 8, and otherwise, turning to step 11.
In this step, the client using the possible database service types connects the destination address and the port in turn, and the necessary information may use default parameters, such as service name, instance name, database name, user name, password, and so on.
Step 11, the network object is not a database service.
Through the judgment, the expected connection failure is indicated, the returned abnormal information is read at the moment, whether the client type is matched with the database service type or not is determined according to the fed back abnormal content characteristics, and whether the target is the database service and the database type of the database service or not is determined; the discovery process ends.
And step 12, determining the service type of the database successfully, and finishing the discovery process.
It should be emphasized that the embodiments described herein are illustrative rather than restrictive, and thus the present invention is not limited to the embodiments described in the detailed description, but other embodiments derived from the technical solutions of the present invention by those skilled in the art are also within the scope of the present invention.
Claims (5)
1. An efficient and accurate database service discovery method is characterized by comprising the following steps:
step 1, appointing a database service IP range;
step 2, appointing the mapping relation between the port range of different database type services and the database type;
step 3, detecting the survival host in the network;
step 4, detecting the port state of the surviving host, and establishing connection with the surviving port;
and 5, determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics.
2. The method for efficiently and accurately discovering database services according to claim 1, wherein the method comprises the following steps: the implementation method of the step 3 comprises the following steps: sending an arping, icmp or tcping request to the network, and judging which hosts survive within the network range according to the feedback.
3. The method for efficiently and accurately discovering database services according to claim 1, wherein the method comprises the following steps: the implementation method of the step 4 comprises the following steps: the implementation method of the step 4 comprises the following steps: and respectively trying to carry out TCP/IP connection within the port range of different database type services specified in the step 2.
4. An efficient and accurate database service discovery method according to any one of claims 1 to 3, characterized by: the specific implementation method of the step 5 is as follows:
⑴ attempting to read the response message of the database;
⑵ if the response message is read successfully, analyzing the content characteristics in the response message, determining the service type of the database, if the determination is successful, going to step ⑻, otherwise going to step ⑶;
⑶, sending detection message to database service, if abnormal message is read, turning to step ⑷, otherwise, turning to step ⑸;
⑷ analyzing abnormal message characteristics, determining the database service type, if the determination is successful, turning to step ⑻, otherwise, turning to step ⑸;
⑸ for other unknown network targets, providing mapping relation to find out possible database service type of each unknown network target through step 2;
⑹, using the corresponding client to try connection, if abnormal message is read, turning to step ⑷, otherwise, turning to step ⑺;
⑺ determining that the network object is not a database service, the process ends;
⑻ the database service type determination is successful, and the process ends.
5. The method of claim 4, wherein the step ⑹ is to use the client with the possible database types to connect to the target address and port in turn for client connection attempt, and to use the default parameters of service name, instance name, database name, user name or password when connecting.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911313900.0A CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911313900.0A CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111131429A true CN111131429A (en) | 2020-05-08 |
CN111131429B CN111131429B (en) | 2022-03-08 |
Family
ID=70498406
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911313900.0A Active CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111131429B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835596A (en) * | 2020-07-21 | 2020-10-27 | 北京长亭未来科技有限公司 | Target state detection method and device and electronic equipment |
CN112711574A (en) * | 2021-01-15 | 2021-04-27 | 光通天下网络科技股份有限公司 | Database security detection method and device, electronic equipment and medium |
CN115086448A (en) * | 2022-06-28 | 2022-09-20 | 平安银行股份有限公司 | Database management method and device, computer equipment and readable storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
US20100046393A1 (en) * | 2008-08-20 | 2010-02-25 | Stephen Knapp | Methods and systems for internet protocol (ip) traffic conversation detection and storage |
US7890626B1 (en) * | 2008-09-11 | 2011-02-15 | Gadir Omar M A | High availability cluster server for enterprise data management |
CN102647302A (en) * | 2012-04-28 | 2012-08-22 | 浪潮电子信息产业股份有限公司 | Monitoring and managing method aiming at cluster node network and ports |
CN104243408A (en) * | 2013-06-14 | 2014-12-24 | 中国移动通信集团公司 | Method, device and system for monitoring messages in domain name resolution service DNS system |
CN108400879A (en) * | 2017-02-06 | 2018-08-14 | 北京上元信安技术有限公司 | The discovery method and system of information assets based on gateway |
CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
CN108833430A (en) * | 2018-06-29 | 2018-11-16 | 华中科技大学 | A kind of topological guard method of software defined network |
CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
CN110198248A (en) * | 2018-02-26 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus for detecting IP address |
-
2019
- 2019-12-19 CN CN201911313900.0A patent/CN111131429B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
US20100046393A1 (en) * | 2008-08-20 | 2010-02-25 | Stephen Knapp | Methods and systems for internet protocol (ip) traffic conversation detection and storage |
US7890626B1 (en) * | 2008-09-11 | 2011-02-15 | Gadir Omar M A | High availability cluster server for enterprise data management |
CN102647302A (en) * | 2012-04-28 | 2012-08-22 | 浪潮电子信息产业股份有限公司 | Monitoring and managing method aiming at cluster node network and ports |
CN104243408A (en) * | 2013-06-14 | 2014-12-24 | 中国移动通信集团公司 | Method, device and system for monitoring messages in domain name resolution service DNS system |
CN108400879A (en) * | 2017-02-06 | 2018-08-14 | 北京上元信安技术有限公司 | The discovery method and system of information assets based on gateway |
CN110198248A (en) * | 2018-02-26 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus for detecting IP address |
CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
CN108833430A (en) * | 2018-06-29 | 2018-11-16 | 华中科技大学 | A kind of topological guard method of software defined network |
CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
Non-Patent Citations (6)
Title |
---|
SUDHIR KUMAR PANDEY: "Implementation of a new framework for automated network security checking and alert system", 《IEEE》 * |
冯子豪: "Snort在工业控制系统入侵检测领域的改进及应用", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
李庆红: "一种追踪DDoS攻击源的算法", 《电脑知识与技术》 * |
汪生: "基于策略的网络脆弱性探测系统的研究与实现", 《计算机工程》 * |
郑燕燕: "NTP时间同步网络弱电系统安全监测平台研究", 《地下工程与隧道》 * |
魏翠红: "漏洞扫描技术分析", 《信息与电脑(理论版)》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835596A (en) * | 2020-07-21 | 2020-10-27 | 北京长亭未来科技有限公司 | Target state detection method and device and electronic equipment |
CN111835596B (en) * | 2020-07-21 | 2022-03-18 | 北京长亭未来科技有限公司 | Target state detection method and device and electronic equipment |
CN112711574A (en) * | 2021-01-15 | 2021-04-27 | 光通天下网络科技股份有限公司 | Database security detection method and device, electronic equipment and medium |
CN115086448A (en) * | 2022-06-28 | 2022-09-20 | 平安银行股份有限公司 | Database management method and device, computer equipment and readable storage medium |
CN115086448B (en) * | 2022-06-28 | 2024-02-02 | 平安银行股份有限公司 | Database management method, device, computer equipment and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN111131429B (en) | 2022-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111131429B (en) | Efficient and accurate database service discovery method | |
CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
CN102594623B (en) | The data detection method of fire compartment wall and device | |
CN103607399B (en) | Private IP network network safety monitoring system and method based on darknet | |
US9438679B2 (en) | Method, apparatus, name server and system for establishing FCOE communication connection | |
EP3751811A1 (en) | Vulnerability scanning method and system, and server | |
WO2009093226A2 (en) | A method and apparatus for fingerprinting systems and operating systems in a network | |
JP7109391B2 (en) | Unauthorized communication detection device and unauthorized communication detection program | |
CN106101297B (en) | A kind of message answer method and device | |
CN111683162B (en) | IP address management method based on flow identification | |
US20210029149A1 (en) | Abnormal traffic analysis apparatus, abnormal traffic analysis method, and abnormal traffic analysis program | |
US10097418B2 (en) | Discovering network nodes | |
CN109286684B (en) | Communication connection processing method and device, proxy server and storage medium | |
CN106878240B (en) | Zombie host identification method and device | |
US10187414B2 (en) | Differential malware detection using network and endpoint sensors | |
CN112020862A (en) | Identifying devices on a remote network | |
WO2016061974A1 (en) | Method for processing application software in san storage system, server, host and system | |
CN111010362B (en) | Monitoring method and device for abnormal host | |
CN115378841B (en) | Method and device for detecting state of equipment accessing cloud platform, storage medium and terminal | |
WO2019181551A1 (en) | Abnormal traffic analysis apparatus, abnormal traffic analysis method, and abnormal traffic analysis program | |
CN111866216B (en) | NAT equipment detection method and system based on wireless network access point | |
US20230058549A1 (en) | Device tracing architecture | |
US8769062B2 (en) | Determining a network address for managed devices to use to communicate with manager server in response to a change in a currently used network address | |
CN113872931A (en) | Method and system for detecting port scanning behavior, server and proxy node | |
KR100432166B1 (en) | Apparatus for transmission message for the transmission of security policy for global intrusion detection system and method for processing transmission of security policy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |