CN111131429B - Efficient and accurate database service discovery method - Google Patents
Efficient and accurate database service discovery method Download PDFInfo
- Publication number
- CN111131429B CN111131429B CN201911313900.0A CN201911313900A CN111131429B CN 111131429 B CN111131429 B CN 111131429B CN 201911313900 A CN201911313900 A CN 201911313900A CN 111131429 B CN111131429 B CN 111131429B
- Authority
- CN
- China
- Prior art keywords
- database
- type
- service
- turning
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an efficient and accurate database service discovery method, which is technically characterized by comprising the following steps: specifying a database service IP range; appointing the mapping relation between the port range of different database type services and the database type; detecting surviving hosts within the network; detecting the port state of the surviving host, and establishing connection with the surviving port; and determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics. The invention has reasonable design, can efficiently and accurately discover the database service surviving in the network by the modes of living host screening, active port detection, database service type determination and the like, and can be widely applied to the fields of database management, database operation and maintenance, database carding, database detection, database vulnerability scanning and the like.
Description
Technical Field
The invention belongs to the technical field of database operation and maintenance management, and particularly relates to an efficient and accurate database service discovery method.
Background
In a huge information network, there are a large number of various information systems. In the process of upgrading, replacing and eliminating in daily management, the complex information system often generates the phenomenon of chaos of database service management.
The traditional database service management is realized by manually maintaining tables, and the traditional database service management is maintained by an information system. When the operation and maintenance modes are missed or periodically checked, the operation and maintenance methods are time-consuming and labor-consuming, and errors are easy to occur.
At present, whether a port designated in a host is opened or not can be found through a known service port discovery technology, so that the type of a database can be found through a default port, but the method usually has a very high false alarm rate and has a limited practical application value.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides an efficient and accurate database service discovery method, and solves the problems of high false alarm rate and low efficiency of the conventional database discovery method.
The technical problem to be solved by the invention is realized by adopting the following technical scheme:
an efficient and accurate database service discovery method comprises the following steps:
step 1, appointing a database service IP range;
step 2, appointing the mapping relation between the port range of different database type services and the database type;
step 3, detecting the survival host in the network;
step 4, detecting the port state of the surviving host, and establishing connection with the surviving port;
and 5, determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics.
The implementation method of the step 3 comprises the following steps: sending an arping, icmp or tcping request to the network, and judging which hosts survive within the network range according to the feedback.
The implementation method of the step 4 comprises the following steps: the implementation method of the step 4 comprises the following steps: and respectively trying to carry out TCP/IP connection within the port range of different database type services specified in the step 2.
The specific implementation method of the step 5 is as follows:
the method comprises the steps of trying to read a response message of a database;
secondly, if the response message is read successfully, analyzing the content characteristics in the response message, determining the type of the database service, and if the determination is successful, turning to the step, otherwise, turning to the step;
sending a detection message to the database service, if an abnormal message is read, turning to the fourth step, and if not, turning to the step fife;
fourthly, analyzing the abnormal message characteristics, determining the type of the database service, if the determination is successful, turning to the step fifthly, and if not, turning to the step fifthly;
for other unknown network targets, the mapping relation is provided in the step 2 to find out possible database service types of each unknown network target;
sixthly, connecting by using a corresponding client side, if an abnormal message is read, turning to the fourth step, and if the abnormal message is not read, turning to the fourth step;
determining that the network target is not a database service, the process ends;
and the database service type determination is successful, the process ends.
Using a client with a possible database type to sequentially connect a target address and a port to try connection of the client, and using the following default parameters during connection: a service name, instance name, database name, user name, or password parameter.
The invention has the advantages and positive effects that:
1. the invention reduces unnecessary expenses by appointing the IP range of the database service and the PORT range of different database types of service; the effective target number is reduced through host survival detection and port state detection; rapidly determining the type of part of database services by analyzing the characteristics of active response messages of part of database services; by sending the detection message to the unknown target collection database response message and analyzing the characteristics of the detection message, part of database service type information can be further determined, and the connection performance is better because the same Socket is used; and for other unknown targets, all database service types can be accurately and uninterruptedly determined by analyzing response messages generated when the database client establishes connection.
2. The invention has reasonable design, can efficiently and accurately discover the database service surviving in the network by the modes of living host screening, active port detection, database service type determination and the like, and can be widely applied to the fields of database management, database operation and maintenance, database carding, database detection, database vulnerability scanning and the like.
Drawings
FIG. 1 is an overall flow diagram of the present invention;
FIG. 2 is a flow chart of the present invention for determining a network object database service type.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
An efficient and accurate database service discovery method, as shown in fig. 1, includes the following steps:
step 1, appointing a database service IP range.
And 2, appointing the mapping relation between PORT ranges of different database type services and the database types.
And 3, detecting the survival host in the network.
The specific method of the step is as follows: and sending requests such as arping, icmp, tcping and the like to the network, and judging which hosts survive within the network range according to the feedback.
And 4, detecting the port state of the surviving host, and establishing connection with the port.
The specific method of the step is as follows: and respectively trying to carry out TCP/IP connection within the specified port range of the step 2. If the Socket connection is successfully established, the port is considered to be in an active state.
The database service type is then determined according to steps 5-12, as shown in FIG. 2.
And 5, trying to read the response message of the database.
And 6, if the response message is read successfully, analyzing content characteristics in the response message, determining the service type of the database (for example, the Mysql-series database can actively send version information and other contents to the client), if the determination is successful, turning to the step 12, and if the determination is not successful, turning to the step 7.
And 7, sending a detection message to the database service by using the connection, if an abnormal message is read, turning to the step 8, and if not, turning to the step 9.
And 8, analyzing the abnormal message characteristics, determining the service type of the database, and if the determination is successful, turning to the step 12, otherwise, turning to the step 9.
Because the partial database responds when receiving the abnormal message, the abnormal information message is sent, and the service type of the database can be further determined by analyzing the characteristics in the abnormal message.
And 9, for other unknown network targets, finding out the possible database service type of each unknown network target through the port and database service type mapping relation provided in the step 2.
And step 10, using the corresponding client to try connection, if an abnormal message is read, turning to step 8, and otherwise, turning to step 11.
In this step, the client using the possible database service types connects the destination address and the port in turn, and the necessary information may use default parameters, such as service name, instance name, database name, user name, password, and so on.
Step 11, the network object is not a database service.
Through the judgment, the expected connection failure is indicated, the returned abnormal information is read at the moment, whether the client type is matched with the database service type or not is determined according to the fed back abnormal content characteristics, and whether the target is the database service and the database type of the database service or not is determined; the discovery process ends.
And step 12, determining the service type of the database successfully, and finishing the discovery process.
It should be emphasized that the embodiments described herein are illustrative rather than restrictive, and thus the present invention is not limited to the embodiments described in the detailed description, but other embodiments derived from the technical solutions of the present invention by those skilled in the art are also within the scope of the present invention.
Claims (4)
1. An efficient and accurate database service discovery method is characterized by comprising the following steps:
step 1, appointing a database service IP range;
step 2, appointing the mapping relation between the port range of different database type services and the database type;
step 3, detecting the survival host in the network;
step 4, detecting the port state of the surviving host, and establishing connection with the surviving port;
step 5, determining the service type of the database by analyzing the message characteristics and the abnormal message characteristics;
the specific implementation method of the step 5 is as follows:
the method comprises the steps of trying to read a response message of a database;
secondly, if the response message is read successfully, analyzing the content characteristics in the response message, determining the type of the database service, and if the determination is successful, turning to the step, otherwise, turning to the step;
sending a detection message to the database service, if an abnormal message is read, turning to the fourth step, and if not, turning to the step fife;
fourthly, analyzing the abnormal message characteristics, determining the type of the database service, if the determination is successful, turning to the step fifthly, and if not, turning to the step fifthly;
for other unknown network targets, the mapping relation is provided in the step 2 to find out possible database service types of each unknown network target;
sixthly, connecting by using a corresponding client side, if an abnormal message is read, turning to the fourth step, and if the abnormal message is not read, turning to the fourth step;
determining that the network target is not a database service, the process ends;
and the database service type determination is successful, the process ends.
2. The method for efficiently and accurately discovering database services according to claim 1, wherein the method comprises the following steps: the implementation method of the step 3 comprises the following steps: sending an arping, icmp or tcping request to the network, and judging which hosts survive within the network range according to the feedback.
3. The method for efficiently and accurately discovering database services according to claim 1, wherein the method comprises the following steps: the implementation method of the step 4 comprises the following steps: the implementation method of the step 4 comprises the following steps: and respectively trying to carry out TCP/IP connection within the port range of different database type services specified in the step 2.
4. The method for efficiently and accurately discovering database services according to claim 1, wherein the method comprises the following steps: sixthly, connecting the client with a target address and a port in sequence by using the client with a possible database type to try connection of the client, and using the following default parameters during connection: a service name, instance name, database name, user name, or password parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911313900.0A CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911313900.0A CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111131429A CN111131429A (en) | 2020-05-08 |
| CN111131429B true CN111131429B (en) | 2022-03-08 |
Family
ID=70498406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911313900.0A Active CN111131429B (en) | 2019-12-19 | 2019-12-19 | Efficient and accurate database service discovery method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131429B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835596B (en) * | 2020-07-21 | 2022-03-18 | 北京长亭未来科技有限公司 | Target state detection method and device and electronic equipment |
| CN112711574A (en) * | 2021-01-15 | 2021-04-27 | 光通天下网络科技股份有限公司 | Database security detection method and device, electronic equipment and medium |
| CN115086448B (en) * | 2022-06-28 | 2024-02-02 | 平安银行股份有限公司 | Database management method, device, computer equipment and readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7890626B1 (en) * | 2008-09-11 | 2011-02-15 | Gadir Omar M A | High availability cluster server for enterprise data management |
| CN102647302A (en) * | 2012-04-28 | 2012-08-22 | 浪潮电子信息产业股份有限公司 | Monitoring and managing method aiming at cluster node network and ports |
| CN104243408A (en) * | 2013-06-14 | 2014-12-24 | 中国移动通信集团公司 | Method, device and system for monitoring messages in domain name resolution service DNS system |
| CN108400879A (en) * | 2017-02-06 | 2018-08-14 | 北京上元信安技术有限公司 | The discovery method and system of information assets based on gateway |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN108833430A (en) * | 2018-06-29 | 2018-11-16 | 华中科技大学 | A kind of topological guard method of software defined network |
| CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
| CN110198248A (en) * | 2018-02-26 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus for detecting IP address |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193943A1 (en) * | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
| US7995496B2 (en) * | 2008-08-20 | 2011-08-09 | The Boeing Company | Methods and systems for internet protocol (IP) traffic conversation detection and storage |
-
2019
- 2019-12-19 CN CN201911313900.0A patent/CN111131429B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7890626B1 (en) * | 2008-09-11 | 2011-02-15 | Gadir Omar M A | High availability cluster server for enterprise data management |
| CN102647302A (en) * | 2012-04-28 | 2012-08-22 | 浪潮电子信息产业股份有限公司 | Monitoring and managing method aiming at cluster node network and ports |
| CN104243408A (en) * | 2013-06-14 | 2014-12-24 | 中国移动通信集团公司 | Method, device and system for monitoring messages in domain name resolution service DNS system |
| CN108400879A (en) * | 2017-02-06 | 2018-08-14 | 北京上元信安技术有限公司 | The discovery method and system of information assets based on gateway |
| CN110198248A (en) * | 2018-02-26 | 2019-09-03 | 北京京东尚科信息技术有限公司 | The method and apparatus for detecting IP address |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN108833430A (en) * | 2018-06-29 | 2018-11-16 | 华中科技大学 | A kind of topological guard method of software defined network |
| CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
Non-Patent Citations (6)
| Title |
|---|
| Implementation of a new framework for automated network security checking and alert system;Sudhir Kumar Pandey;《IEEE》;20141016;全文 * |
| NTP时间同步网络弱电系统安全监测平台研究;郑燕燕;《地下工程与隧道》;20111230(第04期);全文 * |
| Snort在工业控制系统入侵检测领域的改进及应用;冯子豪;《中国优秀硕士学位论文全文数据库信息科技辑》;20180331;全文 * |
| 一种追踪DDoS攻击源的算法;李庆红;《电脑知识与技术》;20110625(第18期);全文 * |
| 基于策略的网络脆弱性探测系统的研究与实现;汪生;《计算机工程》;20060531;全文 * |
| 漏洞扫描技术分析;魏翠红;《信息与电脑(理论版)》;20160323(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111131429A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131429B (en) | Efficient and accurate database service discovery method | |
| CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
| US9832082B2 (en) | Monitoring wireless access point events | |
| US6925079B2 (en) | IP address duplication detection method using address resolution protocol | |
| CN110401662B (en) | Industrial control equipment fingerprint identification method and storage medium | |
| US9438679B2 (en) | Method, apparatus, name server and system for establishing FCOE communication connection | |
| CN106713449A (en) | Method for quickly identifying networked industrial control device | |
| JP7109391B2 (en) | Unauthorized communication detection device and unauthorized communication detection program | |
| CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
| WO2009093226A2 (en) | A method and apparatus for fingerprinting systems and operating systems in a network | |
| CN111683162B (en) | IP address management method based on flow identification | |
| US11784902B2 (en) | Network management device, network management system and network management method | |
| CN111405059A (en) | Data transmission method of cloud equipment, electronic equipment and Internet of things system | |
| CN112180757B (en) | Intelligent household system and strategy management method thereof | |
| WO2024113953A1 (en) | C2 server identification method and apparatus, electronic device, and readable storage medium | |
| US10187414B2 (en) | Differential malware detection using network and endpoint sensors | |
| CN115604160B (en) | Network detection processing method and device, electronic equipment and storage medium | |
| CN116070218A (en) | Industrial asset detection method, terminal equipment and storage medium | |
| CN112910706B (en) | Automatic configuration method, system, device and readable storage medium | |
| US20060206593A1 (en) | Use of discovery scanning and method of IP only communication to identify owners and administrators of network attached devices | |
| US8832242B2 (en) | Determining a network address for managed devices to use to communicate with manager server in response to a change in a currently used network address | |
| CN114338183A (en) | Method, system, terminal and storage medium for rapidly discovering and identifying assets | |
| CN110809033A (en) | Message forwarding method and device and switching server | |
| CN114095471A (en) | Address translation method and device and address tracing method and device | |
| CN109684353B (en) | Numerical value transfer request processing method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |