CN111417120A - WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction - Google Patents
WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction Download PDFInfo
- Publication number
- CN111417120A CN111417120A CN202010228662.XA CN202010228662A CN111417120A CN 111417120 A CN111417120 A CN 111417120A CN 202010228662 A CN202010228662 A CN 202010228662A CN 111417120 A CN111417120 A CN 111417120A
- Authority
- CN
- China
- Prior art keywords
- wifi hotspot
- authentication
- terminal
- message
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention belongs to the technical field of wireless communication, and discloses a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction, which comprises the following steps: setting the message type and subtype content of a frame control field in the frame format of the de-authentication message according to the message type of the de-authentication message; reconstructing the de-authentication message according to the characteristic parameters of the target WiFi hotspot or the target terminal based on the frame format of the de-authentication message; and periodically sending a de-authentication message to enable the target WiFi hotspot or the target terminal to be in a de-authentication process all the time, so that communication blockage of the target WiFi hotspot or the target terminal is realized. The invention supports all protocol versions of the current 802.11a/b/g/n/ac/ax, and only implements communication blocking on the target WiFi hotspot and the target terminal set in the reconstructed message without influencing normal communication of other WiFi hotspots and other terminals, thereby realizing the effect of refined communication blocking.
Description
Technical Field
The invention belongs to the technical field of wireless communication, and particularly relates to a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction.
Background
With the continuous development of computer and communication technologies, Wireless networks become more and more mature and convenient in technology and play more and more important roles in social informatization change, especially Wireless local Area networks (W L AN) represented by WiFi are developed at a high speed and are applied more and more widely in social life.
Specifically, for example, in a large mall or a hotel, an illegal user deploys a phishing hotspot, and the transmission power is increased to entice the user to access and steal the account number and the password of the user such as a payment treasure, a panning treasure, a mailbox and the like and browse the privacy information such as the webpage content, the identity card number and the like. How to prevent the terminal user from accessing the illegal hot spot and effectively protecting the privacy information of the user is one of the important works of the management of the public security place. In addition, in important sensitive areas such as conference rooms and security rooms of party administration institutions, all WiFi networks in the areas need to be effectively shielded in order to avoid secret divulgence. Therefore, how to effectively implement communication blocking on the WiFi hotspot and the terminal and prevent the privacy information of the user from being leaked has great significance in real life.
The existing communication blocking of The WiFi hotspot and The terminal mainly adopts a method Based on channel occupation, but such methods have The disadvantages of large power consumption, poor flexibility, interference to other communication Devices in The same frequency band, and The like (Ilkka Harjula, JarnoPinola, et al.performance of IEEE 802.11Based W L AN Devices Under radio variance jamming Signals, The 2011 millitary communication reference-Track 5-communication and Network Systems.) (lismni, Wi-Fi wireless Network signal adaptive blocking system design research, "information technology", 2016 No. 2.) therefore, Under The condition that The communication of The legal hotspot and The terminal is not affected, how to realize The refined blocking of The specified WiFi hotspot and The terminal has important research significance.
Disclosure of Invention
The invention provides a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction, aiming at the problems of high power consumption, poor flexibility, interference on other communication equipment in the same frequency band and the like of the conventional WiFi hotspot and terminal communication blocking method.
In order to achieve the purpose, the invention adopts the following technical scheme:
a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction comprises the following steps:
step A: setting the message type and subtype content of a frame control field in the frame format of the de-authentication message according to the message type of the de-authentication message;
and B: reconstructing the de-authentication message according to the characteristic parameters of the target WiFi hotspot or the target terminal based on the frame format of the de-authentication message;
and C: and periodically sending a de-authentication message to enable the target WiFi hotspot or the target terminal to be in a de-authentication process all the time, so that communication blockage of the target WiFi hotspot or the target terminal is realized.
Further, in the step a, according to the message type to which the de-authentication message belongs specified by the 802.11 protocol, the message type content of the frame control field in the frame format of the de-authentication message is set to 0x00, and the subtype content is set to 0x 1100.
Further, in step B, the target WiFi hotspot characteristic parameter refers to a BSSID of the WiFi hotspot, and the target terminal characteristic parameter refers to a MAC address of the terminal.
Further, in the step B, the reconstructing of the de-authentication message includes:
step B1: if the terminal is blocked from communication, setting a DA field in a frame format of the de-authentication message as an MAC address of the target terminal, and setting an SA field and a BSSID field as BSSID of a WiFi hotspot connected with the SA field and the BSSID field;
step B2: if communication blocking is carried out on the WiFi hotspot, an SA field and a BSSID field in the frame format of the de-authentication message are set as BSSIDs of the target WiFi hotspot;
step B3: the frame body field of the deauthentication message is filled with the originating deauthentication reason identification specified by the 802.11 protocol.
Further, the step C includes:
step C1: setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B1 to enable the target terminal and the connected WiFi hotspot to be in the authentication removal process all the time, so as to realize communication blockage of the target terminal, and other legal terminals keep normal communication with the WiFi hotspot;
step C2: and setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B2 to enable the target WiFi hotspot and the connected terminal to be in the authentication removal process all the time, so as to realize communication blocking of the target WiFi hotspot.
Further, in the steps C1 and C2, the broadcast period is less than a time interval in which the WiFi hotspot and the terminal disconnect from re-initiating the authentication request.
Compared with the prior art, the invention has the following beneficial effects:
the WiFi hotspot and terminal blocking method based on de-authentication message reconstruction supports all protocol versions of the current 802.11a/b/g/n/ac/ax, and only carries out communication blocking on the target WiFi hotspot and the target terminal set in the reconstructed message without influencing normal communication of other hotspots and terminals, thereby realizing the effect of refined communication blocking. The invention can realize communication shielding of all WiFi hotspots and terminals in the control area, avoid the occurrence of secret divulging events and prevent illegal fishing hotspots from stealing privacy information of the user terminal.
Drawings
Fig. 1 is a basic flowchart of a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction according to an embodiment of the present invention;
FIG. 2 is a diagram of a frame format of a WiFi de-authentication message;
fig. 3 is a state transition diagram of an authentication procedure specified in the 802.11 protocol.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
as shown in fig. 1, a WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction is implemented based on an identity authentication process in an 802.11 protocol, where the process specifies that after a hotspot or a terminal receives a de-authentication message, an original authenticated state is released and the connection is disconnected, so that it cannot communicate normally; the de-authentication message has attribute fields for identifying the hot spots and the terminal characteristic parameters, so that the specific hot spots and the terminal can be finely blocked, namely, the communication blockage can be implemented on a single or a plurality of specific hot spots and a single or a plurality of specific terminals without influencing other normal communication; the method specifically comprises the following steps:
step A: setting the message type and subtype content of a frame control field in the frame format of the de-authentication message according to the message type of the de-authentication message;
and B: reconstructing the de-authentication message according to the characteristic parameters of the target WiFi hotspot or the target terminal based on the frame format of the de-authentication message;
and C: and periodically sending a de-authentication message to enable the target WiFi hotspot or the target terminal to be in a de-authentication process all the time, so that communication blockage of the target WiFi hotspot or the target terminal is realized.
Further, in the step a, according to the message (frame) type to which the de-authentication message belongs specified by the 802.11 protocol, the message type content of the frame control field in the frame format of the de-authentication message is set to 0x00, and the subtype content is set to 0x 1100.
Further, in step B, the target WiFi hotspot characteristic parameter refers to a BSSID of the WiFi hotspot, and the target terminal characteristic parameter refers to a MAC address of the terminal.
Further, in the step B, the reconstructing of the de-authentication message includes:
step B1: if communication blocking is carried out on a (specific) terminal, a DA field in a frame format of the de-authentication message is set as the MAC address of a target terminal, and an SA field and a BSSID field are set as BSSIDs of connected WiFi hotspots;
step B2: if communication blocking is carried out on a (certain specific) WiFi hotspot, setting an SA field and a BSSID field in a frame format of the de-authentication message as BSSID of the target WiFi hotspot;
step B3: the frame body field of the deauthentication message is filled with the originating deauthentication reason identification specified by the 802.11 protocol.
Further, the step C includes:
step C1: setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B1 to enable the target terminal and the connected WiFi hotspot to be in the authentication removal process all the time, so as to realize communication blockage of the target terminal, and other legal terminals keep normal communication with the WiFi hotspot;
step C2: and setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B2 to enable the target WiFi hotspot and the connected terminal to be in the authentication removal process all the time, so as to realize communication blocking of the target WiFi hotspot.
Further, in the steps C1 and C2, the broadcast period is less than a time interval in which the WiFi hotspot and the terminal disconnect from re-initiating the authentication request.
Fig. 2 shows a frame format diagram of a de-authentication message. The setting of the main fields in the de-authentication message reconstruction process is explained here. As shown in fig. 2, an example of the Frame Control field is given, where Type and Subtype represent message Type and Subtype, respectively, and table 1 shows the message Type and Subtype combinations specified in the 802.11 protocol. As can be seen from table 1, the Type and Sub Type fields of the de-authentication message are set to 0x00 and 0x 1100. DA. The SA field and the BSSID field respectively represent a destination address and a source address of a sent message and BSSID of a WiFi hotspot, and the fields need to be respectively set according to characteristic parameters of a target WiFi hotspot and a target terminal for implementing communication blocking. The method specifically comprises the following steps: if communication blocking is carried out on a specific terminal, a DA field in a frame format of the de-authentication message is set as an MAC address of a target terminal, and an SA field and a BSSID field are set as BSSIDs of WiFi hotspots connected with the SA field and the BSSID field; and if the communication blocking is carried out on the specific WiFi hotspot, setting the SA field and the BSSID field in the frame format of the de-authentication message as the BSSID of the target WiFi hotspot. Then, the ReasonCode in the Frame Bode field is set as a certain reason identifier specified in the protocol in table 2 for sending the de-authentication message, and other fields may refer to the 802.11 protocol to select default values, which is not described herein.
Table 1802.11 specifies the frame type and subtype to which a message belongs
Identification of the reason for sending the deauthentication message as specified in the protocol of Table 2802.11
Reason identification | Description of the invention |
0 | Retention |
1 | For |
2 | The former authentication is no longer valid |
3 | Being de-authenticated due to the transmitting STA leaving (or having left) the IBSS or |
4 | Disassociation due to inactivity |
……. | ……. |
Fig. 3 shows a state transition diagram of the authentication flow specified in the 802.11 protocol. As shown in fig. 3, the terminal can communicate with the hotspot to transmit data only after reaching state 3. When the terminal in the state 2 or the state 3 receives the constructed de-authentication message broadcast, the terminal transitions to the state 1 and is in a de-authentication/unassociated state, and the terminal cannot normally communicate. If the terminal wants to communicate with the hotspot, the authentication request message needs to be sent again, but a certain time interval is needed for disconnecting the terminal from the authentication request again. Therefore, when the reconstructed broadcast period of the de-authentication message is less than the time interval of re-requesting authentication, the target WiFi hotspot and the target terminal are always in the de-authentication process, and normal communication cannot be achieved to achieve the effect of communication blocking. And the reconstruction message is only effective for constructing the set target WiFi hotspot and the target terminal, and the normal communication of other WiFi hotspots and other terminals is not affected, so that the effect of fine communication blocking can be achieved.
The WiFi hotspot and terminal blocking method based on de-authentication message reconstruction supports all protocol versions of 802.11a/b/g/n/ac/ax at present, can be applied to confidential places such as party administration conference rooms, confidential rooms and the like, realizes communication shielding of all WiFi hotspots and terminals in a control area, and avoids secret leakage loss; and the method can realize refined communication blocking of specific hotspots and terminals, and can be applied to important places such as hotels, shopping malls and the like, so that the illegal fishing hotspots are prevented from stealing the privacy information of the user terminals.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.
Claims (6)
1. A WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction is characterized by comprising the following steps:
step A: setting the message type and subtype content of a frame control field in the frame format of the de-authentication message according to the message type of the de-authentication message;
and B: reconstructing the de-authentication message according to the characteristic parameters of the target WiFi hotspot or the target terminal based on the frame format of the de-authentication message;
and C: and periodically sending a de-authentication message to enable the target WiFi hotspot or the target terminal to be in a de-authentication process all the time, so that communication blockage of the target WiFi hotspot or the target terminal is realized.
2. The WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction of claim 1, wherein in step a, according to the message type to which the de-authentication message belongs specified by 802.11 protocol, the message type content of the frame control field in the frame format of the de-authentication message is set to 0x00, and the subtype content is set to 0x 1100.
3. The method according to claim 1, wherein in step B, the target WiFi hotspot characteristic parameter refers to BSSID of the WiFi hotspot, and the target terminal characteristic parameter refers to MAC address of the terminal.
4. The method according to claim 1, wherein in step B, the reconstructing of the de-authentication message comprises:
step B1: if the terminal is blocked from communication, setting a DA field in a frame format of the de-authentication message as an MAC address of the target terminal, and setting an SA field and a BSSID field as BSSID of a WiFi hotspot connected with the SA field and the BSSID field;
step B2: if communication blocking is carried out on the WiFi hotspot, an SA field and a BSSID field in the frame format of the de-authentication message are set as BSSIDs of the target WiFi hotspot;
step B3: the frame body field of the deauthentication message is filled with the originating deauthentication reason identification specified by the 802.11 protocol.
5. The method for blocking communication between the WiFi hotspot and the terminal based on de-authentication message reconstruction as claimed in claim 4, wherein the step C comprises:
step C1: setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B1 to enable the target terminal and the connected WiFi hotspot to be in the authentication removal process all the time, so as to realize communication blockage of the target terminal, and other legal terminals keep normal communication with the WiFi hotspot;
step C2: and setting a broadcast period, and broadcasting the authentication removal message reconstructed in the step B2 to enable the target WiFi hotspot and the connected terminal to be in the authentication removal process all the time, so as to realize communication blocking of the target WiFi hotspot.
6. The WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction as claimed in claim 5, wherein in the steps C1 and C2, the broadcasting period is less than the time interval for the WiFi hotspot and the terminal to disconnect from re-initiating the authentication request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010228662.XA CN111417120A (en) | 2020-03-27 | 2020-03-27 | WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010228662.XA CN111417120A (en) | 2020-03-27 | 2020-03-27 | WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111417120A true CN111417120A (en) | 2020-07-14 |
Family
ID=71494495
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010228662.XA Pending CN111417120A (en) | 2020-03-27 | 2020-03-27 | WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111417120A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112118576A (en) * | 2020-09-22 | 2020-12-22 | 上海连尚网络科技有限公司 | Method and apparatus for networking over wireless hotspots |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090300188A1 (en) * | 2008-05-30 | 2009-12-03 | Fujitsu Limited | Wireless communication system, wireless communication apparatus, method for disconnection process thereof, and storage medium |
CN104333858A (en) * | 2013-07-22 | 2015-02-04 | 中国科学院信息工程研究所 | Channel resource control method based on disassociation/deauthentication frame |
CN105657713A (en) * | 2016-03-25 | 2016-06-08 | 珠海网博信息科技股份有限公司 | False-AP detecting and blocking method, wireless device and router |
CN106572464A (en) * | 2016-11-16 | 2017-04-19 | 上海斐讯数据通信技术有限公司 | Illegal AP monitoring method in wireless local area network, suppression method thereof, and monitoring AP |
CN107094295A (en) * | 2017-04-28 | 2017-08-25 | 杭州亚古科技有限公司 | The blocking-up method and device of WiFi module |
-
2020
- 2020-03-27 CN CN202010228662.XA patent/CN111417120A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090300188A1 (en) * | 2008-05-30 | 2009-12-03 | Fujitsu Limited | Wireless communication system, wireless communication apparatus, method for disconnection process thereof, and storage medium |
CN104333858A (en) * | 2013-07-22 | 2015-02-04 | 中国科学院信息工程研究所 | Channel resource control method based on disassociation/deauthentication frame |
CN105657713A (en) * | 2016-03-25 | 2016-06-08 | 珠海网博信息科技股份有限公司 | False-AP detecting and blocking method, wireless device and router |
CN106572464A (en) * | 2016-11-16 | 2017-04-19 | 上海斐讯数据通信技术有限公司 | Illegal AP monitoring method in wireless local area network, suppression method thereof, and monitoring AP |
CN107094295A (en) * | 2017-04-28 | 2017-08-25 | 杭州亚古科技有限公司 | The blocking-up method and device of WiFi module |
Non-Patent Citations (2)
Title |
---|
章晨衍: "基于IEEE 802.11的无线阻断及数据伪装技术研究", 《计算机系统应用》 * |
胡亚光: "非法无线连接识别与阻断方法的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112118576A (en) * | 2020-09-22 | 2020-12-22 | 上海连尚网络科技有限公司 | Method and apparatus for networking over wireless hotspots |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104301884B (en) | A kind of method of Configuration network video camera access wireless router | |
US9060270B2 (en) | Method and device for establishing a security mechanism for an air interface link | |
US11510052B2 (en) | Identity information processing method, device, and system | |
US20210044427A1 (en) | Access technology agnostic service network authentication | |
JPH11504789A (en) | Improvement of Packet Mode Transmission Security in Mobile Communication System | |
US11805416B2 (en) | Systems and methods for multi-link device privacy protection | |
CN103856903B (en) | A kind of cluster access net, terminal device and the method for adding in cluster group | |
CN112804680B (en) | Mobile terminal equipment safety authentication method and system based on chaotic mapping | |
CN107659935B (en) | Authentication method, authentication server, network management system and authentication system | |
CN108235300B (en) | Method and system for protecting user data security of mobile communication network | |
CN102217239B (en) | Method, apparatus and system for updating group transient key | |
CN111263361B (en) | Connection authentication method and device based on block chain network and micro base station | |
CN111417120A (en) | WiFi hotspot and terminal communication blocking method based on de-authentication message reconstruction | |
CN104661213A (en) | Novel unit and user equipment for providing scheduled network resources by WiFi network | |
Khasanova | Detection of attacks on Wi-Fi access points | |
US20210136587A1 (en) | Detecting rogue-access-point attacks | |
CN104333858B (en) | It is a kind of based on the channel resource control method for going association/de-authentication frames | |
WO2021020834A1 (en) | Method for accessing network by terminal | |
CN103986593B (en) | Multicast message sending method and dispensing device in dynamic vlan | |
CN104640094B (en) | A kind of cell accessing method, convergence terminal and access terminal | |
CN104735626A (en) | Achieving method and device for trunking group communication public security | |
CN106254029A (en) | The cooperation interference method of analog network coding system | |
EP4135376A1 (en) | Method and device for secure communication | |
KR102627393B1 (en) | Method and apparatus for preventing wireless intrusion | |
CN111586694B (en) | Malignant paging monitoring method, core network server and communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200714 |