CN111385250B - Safe access method and system for equipment port - Google Patents
Safe access method and system for equipment port Download PDFInfo
- Publication number
- CN111385250B CN111385250B CN201811622563.9A CN201811622563A CN111385250B CN 111385250 B CN111385250 B CN 111385250B CN 201811622563 A CN201811622563 A CN 201811622563A CN 111385250 B CN111385250 B CN 111385250B
- Authority
- CN
- China
- Prior art keywords
- access
- port
- client
- rule
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and a system for safely accessing an equipment port.A device end and a client end generate an effective access port within a period of time according to the same port generation rule and a preset change period on the basis of the unique identifier and the time of the device end, the port access interception is started at the port, the port is changed in a certain period of time, and the access port generated by the client end accessing the device end is released or forbidden according to the preset access rule. The invention solves the hidden danger of the safe access of the operation and maintenance port of the equipment, the operation and maintenance port changes randomly, the access of the operation and maintenance port needs to meet the preset rule, the attack of hackers is avoided, and the operation and maintenance safety is effectively enhanced without adding new equipment.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a method and a system for safely accessing a device port.
Background
Video monitoring is an important component of a security system, and is widely applied to many occasions due to intuition, accuracy, timeliness and rich information content. In recent years, with the rapid development of computers, networks, image processing and transmission technologies, the popularization trend of video monitoring is more and more obvious.
In the popularization process of video monitoring, users pay more and more attention to the safety protection of a video monitoring system, and how to prevent privacy leakage caused by outflow of video records is a concern of each user.
The outflow of video recordings is due in large part to the intrusion of illegal users into the system. Usually, an intruder firstly uses a vulnerability scanning tool to perform port scanning on a target device, the port scanning generally sends a connection message to each known port and part of common service interception ports of the target device, and whether the device uses the port is judged according to the response type of the received message. And then further initiating an intrusion attack by analyzing the port vulnerability providing the service.
Therefore, users with high requirements for security may close the high-risk ports 21, 22, 23, 445 of the device host, or directly prohibit the network device from passing the messages through the ports, and such a setting may cause the SSH port 22 of the daily operation and maintenance to be unusable.
When a port needs to be used in daily operation and maintenance, the method is sometimes implemented by modifying the port, that is, setting another port as an SSH port of the daily operation and maintenance. But because the port is fixed, as long as the full port scans, the modified SSH port can still be found, and the potential safety hazard still exists.
Disclosure of Invention
The invention aims to provide a method and a system for safely accessing an equipment port, which solve the problem that the potential safety hazard cannot be eliminated when the SSH port of the daily operation and maintenance is closed or modified in the prior art.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a security access method of an equipment port is used for realizing security access of a client to the equipment port, and comprises the following steps:
the equipment end generates an access port according to a preset change cycle, the unique identifier and time of the equipment end and a preset port generation rule, and monitors the port specified by a set first access rule;
the client generates an access port according to the unique identifier and time of the equipment end and the preset port generation rule according to the preset change cycle, and accesses the port according to the port specified by the set first access rule;
and the equipment receives the access of the client, judges according to a set first access rule, allows the client to access the generated access port if the access of the client accords with the first access rule, and refuses the access if the access of the client accords with the first access rule.
Further, the method for the secure access of the video monitoring port further includes:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
Further, the method for the secure access of the video monitoring port further includes:
the client accesses the port specified by the set second access rule;
and the equipment receives the access of the client, judges according to the set second access rule, and refuses the access to the access port if the access of the client conforms to the set second access rule.
Further, the access ports generated by the device side and the user side include a preset number of temporary access ports and a formal access port, and the first access rule includes:
sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold;
the second access rule includes:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
Further, the method for the secure access of the video monitoring port further includes:
and when port conflicts exist in the preset number of temporary access ports, carrying out incremental processing on the conflicting temporary access ports according to a preset incremental threshold.
The invention also provides a security access system of the equipment port, which is used for realizing the security access of the client to the equipment end, and the security access system of the video monitoring port comprises the equipment end and the client, wherein:
the equipment end generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and monitors the port specified by a set first access rule;
the client generates an access port according to the unique identifier and time of the equipment end and the preset port generation rule according to the preset change cycle, and accesses the port according to the port specified by the set first access rule;
and the equipment receives the access of the client, judges according to a set first access rule, allows the client to access the generated access port if the access of the client accords with the first access rule, and refuses the access if the access of the client accords with the first access rule.
Further, the system for the secure access of the video monitoring port further comprises an operation and maintenance server, wherein:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
Furthermore, the client accesses a port specified by a set second access rule; and the equipment receives the access of the client, judges according to the set second access rule, and refuses the access to the access port if the access of the client conforms to the set second access rule.
Further, the access ports generated by the device side and the user side include a preset number of temporary access ports and a formal access port, and the first access rule includes:
sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold;
the second access rule includes:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
Further, when there is a port conflict in the preset number of temporary access ports, the device side and the client side perform incremental processing on the conflicting temporary access ports according to a preset incremental threshold.
The invention provides a safe access method and a system of an equipment port, wherein the equipment end and a client end generate a valid access port within a period of time according to the same port generation rule and a preset change period based on the unique identifier and the time of the equipment end, the port access interception is started at the port, the port is changed in a certain period of time, and the access port generated by the client end accessing the equipment end is released or forbidden according to the preset access rule. The invention solves the hidden danger of safe access of the operation and maintenance port of the equipment, the operation and maintenance port changes randomly, the access of the operation and maintenance port needs to meet the preset rule, the attack of hackers is avoided, and the operation and maintenance safety is effectively enhanced without adding new equipment.
Drawings
Fig. 1 is a flowchart of a method for secure access to a device port according to an embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail with reference to the drawings and examples, which should not be construed as limiting the invention.
The general idea of the invention is to generate an access port valid for a period of time based on certain rules, such as based on the unique device identifier and time, to initiate interception of maintenance services at the port, and to change the port for a certain period of time. The client generates an access port according to the same rule, and logs in the maintenance service through the port. The access port generated by the method is not allowed to be accessed by any client under the default condition, and the device can release or forbid the client to access the random maintenance port according to the access rule of presetting a specific variable port sequence for the device by the client.
In this embodiment, a daily operation and maintenance port is taken as an example for description, and secure access to a port can be realized in the same manner for other ports. Meanwhile, in this embodiment, a device where the port is located is referred to as a device side, and a device accessing the port is referred to as a client side, which will not be described below.
As shown in fig. 1, an embodiment of a method for secure access of a device port includes:
the equipment end generates an access port according to a preset change cycle, the unique identifier and time of the equipment end and a preset port generation rule, and monitors the port specified by a set first access rule;
the client generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and accesses the port according to a port specified by a set first access rule;
and the equipment receives the access of the client, judges according to the first access rule, allows the client to access the generated access port if the access of the client list conforms to the first access rule, and refuses the access if the access of the client list does not conform to the first access rule.
The following is a detailed description by way of specific examples.
In this embodiment, the device side and the client side generate the same port according to the same port generation rule, and generate the port by using the unique identifier and time of the device side, so that the access port generated by the device side is the same as the access port generated by the client side.
The unique identifier of the device end may be an IP address of the device end, an ID of the device end, an MAC address of the device end, a device serial number of the device end, or the like, as long as the unique identifier of the device end is provided, which is not limited in the present invention. Further, the time is the current time at which the port is generated. The port generation rule may be preset on the device side and the client side, and may be, for example, logged in to the same operation and maintenance server to obtain the port generation rule, or loaded to the device side and the client side by using other tools.
The client can acquire the unique identifier, the time and the change period of the equipment terminal in various ways.
Embodiment 1, acquisition by an operation and maintenance server.
And setting an operation and maintenance server, such as an operation and maintenance server or other management servers, which can be logged in by both the equipment side and the client side, and synchronizing the unique identifier and time of the equipment side and the change period. The specific process is as follows:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
Example 2, acquisition by scanning a two-dimensional code or by manual input.
The operation and maintenance personnel need to know specific rules in advance, input the unique identifier and the change period of the equipment end into the client, and manually input time to synchronize with the equipment end. Namely, under the condition that operation and maintenance personnel know information such as the unique identifier of the equipment terminal, the port change cycle and the like, the unique identifier, the port change cycle and the current time parameter can be independently and manually filled in at the client terminal, and the access port is locally generated.
Preferably, the client of the present invention obtains the unique identifier, time, and change period of the device end by using the scheme of embodiment 1, and can effectively ensure the security of the port generation rule.
In an embodiment of the present invention, the port generation rules of the client and the device are shown in the following table:
TABLE 1
It is easy to understand that only one port generation rule is listed in table 1, and a hash algorithm may also be used to generate a port, and the present invention is not limited to a specific port generation rule and is not described herein again.
In addition, if the change period is 15 minutes, the Time is 201811281600, 201811281615, 201811281630 and 201811281645 according to the hour Time of the current Time, which is 4 segments. The invention is also not limited to what specific modification period is.
After the device side generates an access port, a maintenance service snooping is started on the port, and the port is changed according to a preset change cycle, for example:
from 16 to 16, 59 minutes and 59 seconds, the terminal listens at 18470.
The port listening at 18470 is cancelled from 17 to 16 at 59 minutes and 59 seconds, and the port listening at 18931 is switched.
In this embodiment, to further increase security, the access port generated in the default case does not allow any client to access, and only when a certain client sends a specific message to a specific port sequence generated in table one according to a certain rule (a first access rule), the device releases the access of the client to the access port.
Example 3, the first row of table 1 is taken as an example.
16 o 'clock-17 o' clock on 28 th 11/h 2018, DATA1 ═ 1709; DATA2 ═ 31479; DATA3 ═ 3753; DATA4 is 27599, with 1709, 31479, 3753, 275994 as specific port sequences.
The device side listens at 1709, 31479, 3753, 275994 four ports.
The client needs to send TCP connection packets to 1709, 31479, 3753, and 27599 four ports in sequence, and the connection packet time of every two ports can be set, for example, it is not allowed to exceed 5 seconds. That is, after the TCP connection packet is sent to the 1709 port, the TCP connection packet needs to be sent to 31479 within 5 seconds, and so on.
And the equipment side judges that the client side sequentially initiates TCP connection to the 4 ports, and the connection sequence and the connection interval meet the preset rule, and issues a firewall configuration rule to release the access of the client side to the port 18470 of the equipment side. The client then accesses 18470 to implement the login access.
Example 4 the second example of the behavior of table 1 is given.
17 o-18 o at 28 h 11/2018: DATA1 ═ 8461; DATA2 ═ 24576; DATA3 ═ 761; DATA4 is 41927, with 8461, 24576, 761, 41927 as specific port sequences.
The device side listens at the four ports 8461, 24576, 761, 41927.
The client needs to send a TCP syn connection message to the four ports 8461, 24576, 761 and 41927 in sequence, and the time interval of the connection message of every two ports does not exceed 5 seconds. And the equipment side judges that the client side sequentially initiates TCP connection to the 4 ports, and if the connection sequence and the connection interval meet the preset rule, the equipment side issues a firewall configuration rule to release the access of the client side to the port 18931 of the equipment side. The client then accesses 18931 to implement login access.
In embodiment 3 and embodiment 4, it is obvious that when the device side and the client side generate ports, there are 4 temporary access ports and one formal access port, and the first four temporary access ports are used for intercepting and judging whether the access of the client side meets the first access rule and the second access rule.
Therefore, in an embodiment of the present invention, the access ports generated by the device side and the user side include a preset number of temporary access ports and a formal access port, and the first access rule includes:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
In an embodiment of the present invention, the method for secure access to a device port further includes:
the client accesses the port specified by the set second access rule;
and after receiving the login request, the equipment side judges according to the set second access rule, and if the equipment side accords with the set second access rule, the equipment side refuses the access to the access port.
That is, after receiving the access of the client according to the second access rule, the device side restores the port to the state of not allowing the access. That is to say, after the operation and maintenance operation is completed, the client sends the login request according to the second access rule, so that the device recovers the port to a state that access is not allowed, thereby thoroughly ensuring the security of the device.
And in the embodiment 5, the state that the equipment side does not allow the access is returned according to the set access rule.
17-18 points on 11/28/2018: DATA1 ═ 8461; DATA2 ═ 24576; DATA3 ═ 761; DATA4 is 41927.
The device side listens at the four ports 8461, 24576, 761, 41927.
The client needs to send the TCP syn connection message to the 41927, 761, 24576 and 8461 four ports in the reverse order, and the connection message time interval of every two ports does not exceed 5 seconds. And the equipment side judges that the client side initiates TCP connection to the 4 ports, the connection sequence and the connection interval meet the preset rules, and then the equipment side issues a configuration rule to cancel the access rule of allowing the client side to access the port 18931 of the equipment side and returns to the state that the equipment side does not allow access.
I.e. the second access rule comprises: and sending the connection messages to the temporary access ports in a reverse order, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
It should be noted that the first access rule and the second access rule are only specific embodiments under a specific port generation rule, and when the port generation rules are different, the generation methods of the temporary access ports in the corresponding first access rule and second access rule are also different, which is not described herein again. Furthermore, the first access rules may not be sent sequentially, for example, the first access rules may be sent in the order of 8461, 761, 24576, 41927, and the invention is not limited to a specific embodiment of the access rules, as is the second access rules. In addition, the first access rule and the second access rule may also specify the rule in a manner of sending different connection messages, where the connection messages carry special characters, which is not repeated herein.
In addition, since there is a possibility that the temporary ports may be duplicated in the first access rule and the second access rule, in order to prevent port collision, the following processing mechanism is adopted in the present embodiment:
if the generated temporary access port conflicts, the conflict temporary access port is processed in an increasing mode according to a preset increasing threshold value, the increasing threshold value can be 1, 10 and 100, the threshold value can be preset until a non-conflict port is found, and the client side processes the conflict temporary access port by using the same rule when accessing.
For example: four temporary access ports 14000, 578, 32390 are generated, one of which conflicts, incrementing by an order of 100, changing the four temporary access ports to 14000, 14100, 578, 32390, if available, and if not available, continuing the incrementing process.
The technical scheme of the invention solves the hidden danger of safe access of the operation and maintenance port of the equipment, the operation and maintenance port changes randomly, the access of the operation and maintenance port needs to meet the preset rule, the attack of hackers is avoided, and the operation and maintenance safety is effectively enhanced without adding new equipment.
Corresponding to the foregoing method, an embodiment of a secure access system of an equipment port is also provided herein, where the secure access system of an equipment port is used to implement secure access of a client to an equipment port, and the secure access system of a video monitoring port includes the equipment port and the client, where:
the equipment end generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and monitors the port specified by a set first access rule;
the client generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and accesses the port according to a port specified by a set first access rule;
and the equipment receives the access of the client, judges according to a set first access rule, allows the client to access the generated access port if the access of the client accords with the first access rule, and refuses the access if the access of the client accords with the first access rule.
It should be noted that, the secure access system of the device port in this embodiment is the same as the secure access method of the device port, and only the preferred embodiments are listed in this embodiment.
Preferably, the system for secure access of a video monitoring port further includes an operation and maintenance server, where:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
Preferably, the client further performs access according to a port specified by a set second access rule; and the equipment receives the access of the client, judges according to the set second access rule, and refuses the access to the access port if the access of the client conforms to the set second access rule.
Preferably, the access ports generated by the device side and the user side include a preset number of temporary access ports and a formal access port, and the first access rule includes:
sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold;
the second access rule includes:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
Preferably, the device side and the client side further perform incremental processing on the conflicting temporary access ports according to a preset incremental threshold when there is a port conflict in the preset number of temporary access ports.
The above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and those skilled in the art can make various corresponding changes and modifications according to the present invention without departing from the spirit and the essence of the present invention, but these corresponding changes and modifications should fall within the protection scope of the appended claims.
Claims (8)
1. A security access method of an equipment port is used for realizing security access of a client to the equipment port, and is characterized in that the security access method of the equipment port comprises the following steps:
the equipment end generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and monitors the port specified by a set first access rule;
the client generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and accesses the port according to a port specified by a set first access rule;
the equipment receives the access of the client, judges according to a set first access rule, allows the client to access the generated access port if the access of the client accords with the first access rule, and refuses the access if the access of the client accords with the first access rule;
the access ports generated by the equipment end and the user end comprise a preset number of temporary access ports and a formal access port, and when port conflicts exist in the preset number of temporary access ports, the conflicting temporary access ports are subjected to incremental processing according to a preset incremental threshold.
2. The method for securing access to a device port of claim 1, further comprising:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
3. The method for securing access to a device port of claim 1, further comprising:
the client accesses the port specified by the set second access rule;
and the equipment receives the access of the client, judges according to the set second access rule, and refuses the access to the access port if the access of the client conforms to the set second access rule.
4. A method for secure access to a device port according to claim 3, wherein the first access rule comprises:
sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold;
the second access rule comprises:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
5. A security access system of an equipment port is used for realizing security access of a client to an equipment end, and is characterized in that the security access system of the equipment port comprises the equipment end and the client, wherein:
the equipment end generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and monitors the port specified by a set first access rule;
the client generates an access port according to a preset port generation rule by using the unique identifier and time of the equipment end according to a preset change cycle, and accesses the port according to a port specified by a set first access rule;
the equipment receives the access of the client, judges according to a set first access rule, allows the client to access the generated access port if the access of the client accords with the first access rule, and refuses the access if the access of the client accords with the first access rule;
the access ports generated by the equipment side and the user side comprise a preset number of temporary access ports and a formal access port, and when port conflicts exist in the preset number of temporary access ports, the conflicting temporary access ports are subjected to incremental processing according to a preset incremental threshold.
6. The system of claim 5, further comprising an operation and maintenance server, wherein:
the device end reports the unique identification and the change period of the device end to an operation and maintenance server, and synchronizes time;
and the client accesses the operation and maintenance server, acquires the unique identifier and the change cycle of the equipment terminal and synchronizes the time.
7. The system for secure access to a device port according to claim 5, wherein the client further performs access to a port specified by a set second access rule; and the equipment receives the access of the client, judges according to the set second access rule, and refuses the access to the access port if the access of the client conforms to the set second access rule.
8. The system of claim 7, wherein the first access rule comprises:
sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold;
the second access rule includes:
and sending connection messages to the temporary access ports in sequence, wherein the time interval of the connection messages of every two ports does not exceed a set time threshold.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811622563.9A CN111385250B (en) | 2018-12-28 | 2018-12-28 | Safe access method and system for equipment port |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811622563.9A CN111385250B (en) | 2018-12-28 | 2018-12-28 | Safe access method and system for equipment port |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111385250A CN111385250A (en) | 2020-07-07 |
| CN111385250B true CN111385250B (en) | 2022-07-19 |
Family
ID=71220777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811622563.9A Active CN111385250B (en) | 2018-12-28 | 2018-12-28 | Safe access method and system for equipment port |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111385250B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005053242A2 (en) * | 2003-11-19 | 2005-06-09 | Honeywell International Inc. | Port driven authentication in a tdma based network |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| CN103226531A (en) * | 2013-04-07 | 2013-07-31 | 北京工业大学 | Dual-port peripheral configuration interface circuit |
| CN104243253A (en) * | 2014-09-28 | 2014-12-24 | 福建星网锐捷安防科技有限公司 | Method and system for controlling client access equipment |
| CN105187567A (en) * | 2015-06-24 | 2015-12-23 | 东莞市南星电子有限公司 | Audio-video communication method based on SIP and ICE |
| CN107094183A (en) * | 2017-06-02 | 2017-08-25 | 中国石油大学(华东) | A kind of ftp file method for reliable transmission based on port-hopping |
| CN107241406A (en) * | 2017-06-02 | 2017-10-10 | 中国石油大学(华东) | A kind of red fox browser plug-in implementation method of end hopping Web system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180359639A1 (en) * | 2017-06-12 | 2018-12-13 | Francesco Trama | Methods and Systems for Protecting Computer Networks by Masking Ports |
-
2018
- 2018-12-28 CN CN201811622563.9A patent/CN111385250B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005053242A2 (en) * | 2003-11-19 | 2005-06-09 | Honeywell International Inc. | Port driven authentication in a tdma based network |
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| CN103226531A (en) * | 2013-04-07 | 2013-07-31 | 北京工业大学 | Dual-port peripheral configuration interface circuit |
| CN104243253A (en) * | 2014-09-28 | 2014-12-24 | 福建星网锐捷安防科技有限公司 | Method and system for controlling client access equipment |
| CN105187567A (en) * | 2015-06-24 | 2015-12-23 | 东莞市南星电子有限公司 | Audio-video communication method based on SIP and ICE |
| CN107094183A (en) * | 2017-06-02 | 2017-08-25 | 中国石油大学(华东) | A kind of ftp file method for reliable transmission based on port-hopping |
| CN107241406A (en) * | 2017-06-02 | 2017-10-10 | 中国石油大学(华东) | A kind of red fox browser plug-in implementation method of end hopping Web system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111385250A (en) | 2020-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10999302B2 (en) | System and method for providing data and device security between external and host devices | |
| US8230480B2 (en) | Method and apparatus for network security based on device security status | |
| US8918875B2 (en) | System and method for ARP anti-spoofing security | |
| US9391956B2 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| CN101378395B (en) | Method and apparatus for preventing reject access aggression | |
| CN107347047B (en) | Attack protection method and device | |
| CN101621428B (en) | Botnet detection method, botnet detection system and related equipment | |
| EP2109986A2 (en) | Approach for mitigating the effects of rogue wireless access points | |
| CN108881233B (en) | Anti-attack processing method, device, equipment and storage medium | |
| CN100420197C (en) | Method for guarding against attack realized for networked devices | |
| CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
| Schepers et al. | On the robustness of Wi-Fi deauthentication countermeasures | |
| CN109005164B (en) | Network system, equipment, network data interaction method and storage medium | |
| CN110868392A (en) | Block chain safety control method and device based on SDN and block chain network | |
| CN107040507B (en) | Network blocking method and equipment | |
| CN111385250B (en) | Safe access method and system for equipment port | |
| CN115134175B (en) | Security communication method and device based on authorization strategy | |
| CN110831009A (en) | Wireless AP (access point) wireless DOS (direction of arrival) attack prevention test method and test system | |
| CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
| US11683337B2 (en) | Harvesting fully qualified domain names from malicious data packets | |
| Buriachok et al. | Using 2.4 GHz Wireless Botnets to Implement Denial-of-Service Attacks | |
| Бурячок et al. | Using 2.4 GHz wireless botnets to implement denial-of-service attacks | |
| CN112395586A (en) | File access control method, device, system, storage medium and electronic device | |
| CN113812125A (en) | Login behavior verification method, device and system, storage medium and electronic device | |
| CN113347136B (en) | Access authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |