CN112153645A - Anti-network-rubbing method and device and router - Google Patents

Anti-network-rubbing method and device and router Download PDF

Info

Publication number
CN112153645A
CN112153645A CN201910573479.0A CN201910573479A CN112153645A CN 112153645 A CN112153645 A CN 112153645A CN 201910573479 A CN201910573479 A CN 201910573479A CN 112153645 A CN112153645 A CN 112153645A
Authority
CN
China
Prior art keywords
user terminal
message
mac address
networking
source mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910573479.0A
Other languages
Chinese (zh)
Inventor
秦明闯
曹鸿健
柴坤哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201910573479.0A priority Critical patent/CN112153645A/en
Publication of CN112153645A publication Critical patent/CN112153645A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Abstract

The application provides a method and a device for preventing network from being rubbed and a router, wherein the method comprises the following steps: receiving a wireless signal, and generating a first message according to the wireless signal; extracting a source MAC address in the first message; judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address; if not, discarding the first message, or limiting the forwarding of the response message to the user terminal; wherein: the response message is a message generated by the network side in response to the first message. According to the network stealing prevention method, the source MAC address is used as the identifier of the user terminal, whether the user terminal has the networking authority or not is determined by the MAC address, then the message sent by the user terminal is processed, and the problem that network resources are occupied due to malicious networking is solved.

Description

Anti-network-rubbing method and device and router
Technical Field
The application relates to the technical field of wireless local area networks, in particular to a method and a device for preventing network rubbing; in addition, the application also provides a router for realizing the anti-network-rubbing method.
Background
In order to facilitate users to obtain network resources, public places such as libraries, coffee shops and the like provide free wireless networks for the public, and the wireless networks can cover the areas around the public places; malicious users in the peripheral area of the public place can be connected with the wireless network for a long time and occupy network resources; in addition, some users in public places may occupy network resources for a long time, and affect the network use experience of other users.
Disclosure of Invention
The application provides a method and a device for preventing network from being stolen, which judge whether a terminal sending a corresponding wireless signal has the permission of continuing to network or not by analyzing a received first message or a wireless signal bearing the first message.
In one aspect, the application provides a method for preventing a network from being rubbed, comprising:
receiving a wireless signal, and generating a first message according to the wireless signal;
extracting a source MAC address in the first message;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
Optionally, the determining, according to the source MAC address, whether the corresponding user terminal has a permission to continue networking includes:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address;
or inquiring whether the network flow of the user terminal is smaller than the preset flow according to the source MAC address.
Optionally, the determining, according to the source MAC address, whether the corresponding user terminal has a right to continue networking further includes:
after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow, generating a verification request;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
Optionally, in the process of determining whether the user terminal has the permission to continue networking according to the source MAC address, forwarding of a data packet sent by the user terminal is temporarily blocked.
Optionally, the method further includes: detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
and judging whether the signal intensity is greater than a preset intensity.
Optionally, the method further includes:
detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
Optionally, the method further includes receiving a wireless signal, and generating a first packet according to the wireless signal, including: receiving the wireless signals by adopting a plurality of wireless receivers and generating a first message;
the method further comprises the following steps: detecting the signal strength of the wireless signal received by each wireless receiver;
determining the coordinates of the user terminal according to the signal strength of the wireless signal;
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
Optionally, the determining the coordinates of the user terminal according to the signal strength of the wireless signal includes:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
On the other hand, this application provides a prevent rubbing net device, includes:
the wireless receiver is used for receiving a wireless signal and generating a first message according to the wireless signal;
an address extracting unit, configured to extract a source MAC address in the first message;
a judging unit, configured to judge whether a corresponding user terminal has a permission to continue networking according to the source MAC address;
an execution unit, configured to discard the first packet or limit forwarding of a response packet to the user terminal when the user terminal does not have networking permission;
wherein: the response message is a message generated by the network side in response to the first message.
Optionally, the determining unit determines whether the corresponding ue has the right to continue networking according to the source MAC address, including:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; alternatively, the first and second electrodes may be,
and inquiring whether the network flow of the user terminal is smaller than the preset flow or not according to the source MAC address.
Optionally, the determining unit is further configured to:
generating a verification request after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
Optionally, in the process of determining whether the user terminal has the permission to continue networking according to the source MAC address, the execution unit temporarily blocks forwarding of a data packet sent by the user terminal.
Optionally, the apparatus further comprises: a strength detection unit for detecting a signal strength of the wireless signal;
the judging unit judges whether the user terminal has the authority of continuing networking according to the source MAC address;
and judging whether the signal intensity is greater than a preset intensity.
Optionally, the apparatus further comprises: a strength detection unit for detecting a signal strength of the wireless signal;
the judging unit judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the judging unit comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
Optionally, the number of the wireless receivers is multiple, and the multiple wireless receivers are all used for receiving the wireless signal and generating a first message;
the device also comprises a strength detection unit for detecting the signal strength of the wireless signals received by each wireless receiver;
the judging unit judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the judging unit comprises the following steps:
judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
Optionally, the determining the coordinates of the user terminal according to the signal strength of the wireless signal includes:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
In another aspect, the present application provides a router comprising a wireless receiver and a processor;
the wireless receiver is to: receiving a wireless signal, and generating a first message according to the wireless signal;
the processor is configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
Optionally, the determining, by the processor, whether the corresponding user terminal has a permission to continue networking according to the source MAC address includes:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; alternatively, the first and second electrodes may be,
and inquiring whether the network flow of the user terminal is smaller than the preset flow or not according to the source MAC address.
Optionally, the processor determines whether the corresponding user terminal has a permission to continue networking according to the source MAC address, further including:
after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow, generating a verification request;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
Optionally, in the process of determining whether the user terminal has the networking right according to the source MAC address, forwarding of a data packet sent by the user terminal is temporarily blocked.
Optionally, the wireless receiver is further configured to detect a signal strength of the wireless signal;
the processor is further configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
and judging whether the signal intensity is greater than a preset intensity.
Optionally, the wireless receiver is further configured to detect a signal strength of the wireless signal;
the processor judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the method comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
Optionally, the number of the wireless receivers is multiple, and the multiple wireless receivers are all used for receiving the wireless signal and generating a first message;
the wireless receiver is further used for detecting the signal strength of the received wireless signal;
the processor is further configured to: determining the coordinates of the user terminal according to the signal strength of the wireless signal;
the judging whether the corresponding user terminal has the networking authority according to the source MAC address comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
Optionally, the determining the coordinates of the user terminal according to the signal strength of the wireless signal includes:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
According to the network stealing prevention method, the source MAC address is used as the identifier of the user terminal, whether the user terminal has the networking authority or not is determined by the MAC address, then the message sent by the user terminal is processed, and the problem that network resources are occupied due to malicious networking is solved.
Drawings
Fig. 1 is a flowchart of a method for preventing a network from being stolen according to an embodiment;
fig. 2 is a flowchart of the method for preventing network from being stolen according to the second embodiment;
fig. 3 is a flowchart of a method for preventing a network from being scratched according to the third embodiment;
fig. 4 is a flowchart of a method for preventing a network from being scratched according to the fourth embodiment;
FIG. 5 is a schematic diagram of the coordinate determination of the device according to the fourth embodiment;
fig. 6 is a schematic view of the anti-setoff device provided in the fifth embodiment;
wherein: 11-wireless receiver, 12-address extraction unit, 13-judgment unit and 14-execution unit.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
The application provides a method for preventing network from being stolen, which judges whether a terminal sending a corresponding wireless signal has the permission of continuing to network or not by analyzing a received first message or a wireless signal bearing the first message. In the current application, the WIFI wireless communication technology based on the 802.11 protocol is widely applied, so that the method provided by the embodiment of the application is mainly applied to preventing the network from being scratched in the WIFI network; the method of the present application may also be applied in other wireless networks.
Example one
Fig. 1 is a flowchart of a method for preventing a network from being stolen according to an embodiment; the method is applied to a wireless router which is connected with network resources and realizes the connection between a user terminal and the network resources; the method of this embodiment will be described below with a router as an implementation subject. Referring to fig. 1, in the present embodiment, the method for prompting intrusion includes steps S101-S104.
S101: and receiving a wireless signal, and generating a first message according to the wireless signal.
When the router works, various user terminals are connected to the router through password authentication or other authentication methods, and send wireless signals to the router through own wireless transceiver modules. After a wireless receiver in the router receives a wireless signal through electromagnetic induction, a first message is generated through processing the wireless signal.
In practical application, the wireless receiver of the router comprises a modulation and demodulation module and an antenna; the antenna acquires wireless signals in the environment through resonance and sends the wireless signals to the modulation and demodulation module; the modulation and demodulation module obtains a first message through processing processes of analog-to-digital conversion, band-pass filtering and the like.
S102: the source MAC address in the first message is extracted.
After the first message is obtained, a data processing module (mostly a CPU in the router) in the router analyzes a corresponding field in the first message, and obtains a source MAC address in the message. The source MAC address is an address that identifies the device's own device hardware. At present, source MAC addresses of most devices are directly burned in a network card of the device, so that the device can be determined by the source MAC addresses.
S103: judging whether a user terminal corresponding to the source MAC address has the authority of continuing networking or not; if yes, go to step S104.
In step S103, it is determined whether the device corresponding to the source MAC address has the right to continue networking, and whether the user terminal has the right to continue networking is determined according to the state of the received wireless signal, which is found before the wireless signal at the current time is received by the MAC address, or according to the stored right setting rule.
In some applications, whether the user terminal corresponding to the source MAC address has the networking right is determined, and the source MAC address is compared with the source MAC address in the pre-stored database, and whether the source MAC address is the pre-stored source MAC address is determined, and then whether the user terminal has the networking right.
In some applications, the judgment of whether the user terminal corresponding to the source MAC address has the authority to continue networking is to count the length of time for receiving the first message including the source MAC address, that is, to judge whether the user terminal has the authority to continue networking according to the time that the user terminal has been networked, that is, to judge whether the networking duration of the user terminal is less than a preset duration. The aforementioned preset duration is a preset duration for a time period, wherein the time period may be one day. For example, in a place such as a cafe, a restaurant, etc., a single customer may be in these places for a length of time not exceeding 2 hours per day (under normal circumstances), and thus the preset time period may be set to 2 hours.
In other applications, the determination of whether the user terminal corresponding to the source MAC address has the permission to continue networking is performed by counting the number of times of networking of the first packet including the source MAC address, that is, determining whether the user terminal has the permission to continue networking according to the number of times of connecting the user terminal to the router. Still take places such as cafes, restaurants and the like as examples, under normal conditions, the number of times that a user visits each day is not too large, and the user cannot be disconnected unless leaving after connecting with a router of a cafe restaurant; only some user terminals which maliciously collect the types of clients connected in the current router or router terminals which illegally collect wireless network information can be connected with the router for a plurality of times. Therefore, whether the user terminal has malice or not can be generally judged according to whether the networking times of the user terminal are smaller than the preset times or not, and then whether the user terminal has the networking authority or not is judged.
In other applications, it is determined whether the user terminal corresponding to the source MAC address has the right to continue networking, and whether the network traffic for the user terminal corresponding to the source MAC address is smaller than the preset traffic is counted. Under normal conditions, when a user watches videos and webpages in a networking manner, the data flow is in a reasonable paradigm; if the network traffic of a certain user terminal is much larger than the preset traffic (the preset traffic is a reasonable value), the user terminal performs irregular operation, so that the user terminal can be judged not to have the permission to continue networking.
S104: and discarding the first message.
After determining that the user terminal corresponding to the source MAC address does not have the authority to continue networking, the router can discard the first message, and then the generation of a corresponding first message by triggering a response of the network side is avoided.
According to the method for preventing the network from being stolen, the source MAC address is used as the identification of the user terminal, whether the user terminal has the networking authority or not is determined by the MAC address, then the message sent by the user terminal is processed, and the problem that network resources are occupied due to malicious networking is solved.
In the embodiment of the application, after the fact that the user terminal does not have the networking authority is determined, a first message sent by the user terminal is discarded; in other embodiments, the user terminal may be restricted from acquiring the network resource by restricting the forwarding of the response message to the user terminal; the response message is a message generated by the network side in response to a first message sent by the user headquarters.
Example two
Fig. 2 is a flowchart of the method for preventing network skimming provided in the second embodiment. As shown in fig. 2, in the embodiment of the present application, the method for prompting intrusion includes steps S201 to S207.
S201: and receiving a wireless signal, and generating a first message according to the wireless signal.
When the router works, various user terminals are connected to the router through password authentication or other authentication methods, and send wireless signals to the router through own wireless transceiver modules. After a wireless receiver in the router receives a wireless signal through electromagnetic induction, a first message is generated through processing the wireless signal.
S202: the source MAC address in the first message is extracted.
After the first message is obtained, a data processing module (mostly a CPU in the router) in the router analyzes a corresponding field in the first message, and obtains a source MAC address in the message.
S203: and judging whether the networking time length of the user terminal corresponding to the source MAC address exceeds the preset time length. If yes, go to step S204.
S204: generating a verification message and sending the verification message to a user terminal; the verification message includes a verification request.
In some applications, the judgment of whether the user terminal corresponding to the source MAC address has the authority to continue networking is to count the length of time for receiving the first message including the source MAC address, that is, to judge whether the user terminal has the authority to continue networking according to the time that the user terminal has been networked, that is, to judge whether the networking duration of the user terminal is less than a preset duration. The aforementioned preset duration is a preset duration for a time period, wherein the time period may be one day. For example, in a place such as a cafe, a restaurant, etc., a single customer may be in these places for a length of time not exceeding 2 hours per day (under normal circumstances), and thus the preset time period may be set to 2 hours.
In special cases, for example, some users need to work temporarily in a coffee shop, and when the networking time duration exceeds the preset time duration, the users still need to use network resources; at the moment, if the network is directly disconnected, the use experience of the user can be seriously reduced; while some unattended servers may access the router and use the network, such servers do not have the function of responding to the authentication request. Therefore, in some applications, the method for judging whether the user terminal correctly responds to the request by initiating the verification request can judge whether the user terminal is endowed with the authority of continuing networking.
S205: receiving a second message sent by the user terminal subsequently;
s206: judging whether the second message comprises verification information or not; if not, go to step S207.
After sending the verification message to the user terminal, then, waiting for the receiving user terminal to return a second message, where the second message is a message including the verification information. If the user terminal does not return the second message, it is determined that the user terminal may be an unattended terminal or that the user terminal is some illegal terminal, and S207 is performed
S207: and discarding the first message.
After determining that the user terminal corresponding to the source MAC address does not have the authority to continue networking, the router can discard the first message, and then the generation of a corresponding first message by triggering a response of the network side is avoided.
In some other embodiments, after receiving the verification message, the user terminal may generate a second message including the verification information, but the verification information does not conform to the verification rule, so that it may be determined whether the user terminal has the authority to continue networking by determining whether the verification information is legal or not by determining the verification information.
According to the method for preventing the network from being stolen, after the fact that the networking time of the user terminal exceeds the preset time is judged, the request message is sent to the user terminal, whether the user terminal is a terminal such as some unattended servers or not is judged by checking whether the user terminal sends the second message or not, and then whether the user terminal is endowed with the right of surfing the internet or not is determined.
In other embodiments, the aforementioned determining whether the networking duration of the user terminal exceeds the preset duration may be replaced by: and judging whether the networking times of the user terminal exceed the preset times or not, or judging whether the network flow of the user terminal exceeds the preset flow or not.
In the method provided by the embodiment of the present application, in order to avoid the user terminal from sending the data packet to the network side and cracking the response request, the forwarding of the data packet sent by the user terminal may be temporarily blocked, or the forwarding of the response packet to the user terminal may be temporarily blocked.
In the method provided by the embodiment of the present application, in order to avoid the user terminal from sending the data packet to the network side and cracking the response request, the forwarding of the data packet sent by the user terminal may be temporarily blocked, or the forwarding of the response packet to the user terminal may be temporarily blocked.
EXAMPLE III
Fig. 3 is a flowchart of the method for preventing network skimming provided in the third embodiment. As shown in fig. 3, the method provided in the third embodiment includes steps S301 to S304.
S301: the method comprises the steps of receiving a wireless signal, generating a first message according to the wireless signal, and detecting the signal intensity of the wireless signal.
When the router works, various user terminals are connected to the router through password authentication or other authentication methods, and send wireless signals to the router through own wireless transceiver modules. After a wireless receiver in the router receives a wireless signal through electromagnetic induction, a first message is generated through processing the wireless signal.
And simultaneously when the wireless signal is received, the wireless signal receiver in the router also measures the strength of the wireless signal and determines the signal strength of the wireless signal.
S302: the source MAC address in the first message is extracted.
After the first message is obtained, a data processing module (mostly a CPU in the router) in the router analyzes a corresponding field in the first message, and obtains a source MAC address in the message.
S303: judging whether the intensity of the wireless signal corresponding to the source MAC address is greater than the preset intensity; if not, go to step S304.
After the MAC address of the first message is determined, the router judges whether the strength of the wireless signal corresponding to the MAC address is greater than the preset strength.
According to the transmission principle of wireless signals, under the condition that the transmitting power of a transmitting source is constant, the distance between a router and the transmitting source is about long, the intensity of the wireless signals received by the router is smaller, namely the intensity of the wireless signals is in inverse proportion to the distance between the router and a user terminal.
In the embodiment of the application, assuming that the power of the wireless signals transmitted by each user terminal is the same and the environmental influence is ignored, the distance from the user terminal to the wireless router can be judged according to the signal strength of the wireless signals. In the occasions such as cafes, restaurants and the like, wireless network services are generally provided only for users within the business range of the users, and after wireless signals sent by user terminals within the business range are received by the router, the signal strength is smaller than a set strength, so that the preset strength can be used as a judgment standard, the signal strength is compared with the preset strength to determine whether the user terminals are within the business range, and then whether the user terminals have the authority of continuously connecting the router and accessing the network is judged.
S304: and blocking the forwarding of the first message.
After determining that the user terminal corresponding to the source MAC address does not have the authority to continue networking, the router can discard the first message, and then the generation of a corresponding first message by triggering a response of the network side is avoided.
According to the method for preventing the network from being rubbed, whether the signal intensity of the user terminal corresponding to the MAC address is greater than the preset intensity or not is determined, and whether the user terminal has the networking permission or not is determined whether the user terminal is in a business range or not is then determined.
In another embodiment, the step S303 may be replaced by:
S303A: determining the distance from the user terminal to the router according to the signal intensity;
S303A: and judging whether the distance is smaller than a preset distance.
That is, in other embodiments, the router first determines the distance from the ue to the router according to the signal strength, and then determines whether the ue is within a preset range (i.e., determines whether the ue is within a range centered on the router) according to the distance to determine whether the ue has the right to access the network.
Example four
Fig. 4 is a flowchart of the method for preventing network skimming provided in the fourth embodiment. As shown in fig. 4, in the present embodiment, the method for preventing network from being stolen includes steps S401 to S405.
S401: receiving wireless signals by adopting a plurality of wireless receivers and generating a first message; meanwhile, the signal strength of the wireless signal received by each wireless receiver is detected.
In the embodiment of the application, the number of the wireless receivers is three, the positions of the three wireless receivers are different, and the three wireless receivers are not on the same straight line.
When the router works, various user terminals are connected to the router through password authentication or other authentication methods, and send wireless signals to the router through own wireless transceiver modules. After a wireless receiver in the router receives a wireless signal through electromagnetic induction, a first message is generated through processing the wireless signal.
And simultaneously when the wireless signal is received, the wireless signal receiver in the router also measures the strength of the wireless signal and determines the signal strength of the wireless signal.
S402: extracting a source MAC address in the first message, and judging whether wireless signals received by each wireless receiver are wireless information numbers sent by the same user terminal; if yes, go to step S403.
And extracting the source MAC address in the first message to determine whether the wireless signals received by each wireless receiver are the wireless signals transmitted by the same user terminal, and then determining whether the subsequent steps can be carried out.
S403: and determining the coordinates of the user terminal according to the signal strength of the wireless signal.
The implementation of S403 is based on a preset premise that the power of the wireless signal sent by the user terminal is at a certain specific strength; as the number of devices increases from one wireless receiver to another, the strength of the wireless signal obtained by each wireless receiver gradually decreases additively; after the distances from the user terminal to the wireless receiver under the known signal strengths are known, the distances from the user terminal to the wireless receiver can be determined according to the obtained signal strengths; and the user terminal must be located on a circle with the radio receiver as the center and the corresponding distance as the radius.
Fig. 5 is a schematic diagram of the coordinate determination of the device according to the fourth embodiment. As shown in fig. 5, A, B, C represents the positions of three monitoring components, and the coordinates are (x)ax,ya,za)、(xb,yb,zb) And (x)c,yc,zc) (ii) a Knowing the distances of the device to A, B and the three listening components C, Da, Db and Dc, respectively, the coordinates of the device can be determined as D (x, y, z) by the operation of equation (1).
Figure BDA0002111460000000131
S404: judging whether the coordinates of the user terminal are in a preset coordinate range or not; if not, go to S405.
The embodiment of the application can be applied to places such as cafes, restaurants and the like, and the actual area range of the cafes and the restaurants is set as the preset coordinate range; if the user terminal is in the preset coordinate range, namely the user is proved to be still in the coffee shop or the restaurant area, the user terminal can be allowed to have the authority of continuing to connect the network; if the coordinates of the user terminal are not within the preset coordinate range, the user terminal is judged not to be within the range of the coffee shop or the restaurant area, and the user terminal does not have the authority of continuing to connect to the network.
S405: and blocking the forwarding of the first message.
After determining that the user terminal corresponding to the source MAC address does not have the authority to continue networking, the router can discard the first message, and then the generation of a corresponding first message by triggering a response of the network side is avoided.
According to the method for preventing the network from being rubbed off, the wireless signals sent by the user terminal are received through the plurality of wireless receivers, the position coordinates of the user terminal are determined by utilizing the strength of the wireless signals, whether the user terminal is in the preset coordinate range or not is judged according to the position coordinates of the user terminal, and whether the user terminal is endowed with the authority of continuing the network connection or not is judged. By adopting the method, the user terminal in the preset coordinate range can be prevented from being networked, and the network resources are prevented from being used maliciously.
In the embodiment of the application, after the fact that the user terminal does not have the networking authority is determined, a first message sent by the user terminal is discarded; in other embodiments, the user terminal may be restricted from acquiring the network resource by restricting the forwarding of the response message to the user terminal; the response message is a message generated by the network side in response to a first message sent by the user headquarters.
In the method provided by the embodiment of the application, monitoring is realized by using three wireless receivers, and each wireless receiver can position one dimensional coordinate of the user terminal, so that the three wireless receivers can determine the three-dimensional position coordinate of the user terminal. Therefore, the method can be applied to multi-storey buildings, and the router is prevented from still having the authority of using network resources on other floors.
Of course, in other embodiments, the number of wireless receivers may be set to two or more; in the case of two wireless receivers, the general location of the ue may be only possible, and accurate positioning cannot be achieved. Under the condition that the number of the wireless receivers is larger, the positions and the number of the wireless receivers can be arranged according to the actual scene, so that the problem that the distance from the signal to the wireless receivers cannot be determined by utilizing the signal strength due to reflection and refraction of the wireless signals caused by environmental reasons is solved.
Except providing the aforesaid prevent rubbing to net method, this application still provides prevent rubbing to net device and router.
EXAMPLE five
Fig. 6 is a schematic view of the anti-mesh-rubbing device provided in the fifth embodiment. As shown in fig. 6, the network skimming prevention device provided in the embodiment of the present application includes a wireless receiver 11, an address extraction unit 12, a determination unit 13, and an execution unit 14. The wireless receiver 11 is configured to receive a wireless signal, and generate a first message according to the wireless signal; an address extracting unit 12, configured to extract a source MAC address in the first message; the judging unit 13 is configured to judge whether the corresponding user terminal has a permission to continue networking according to the source MAC address; the execution unit 14 is configured to discard the first message or limit forwarding of the response message to the user terminal if the user terminal does not have the networking right; wherein: the response message is a message generated by the network side in response to the first message.
In an embodiment, the improved network setup prevention apparatus, where the determining unit 13 determines whether the corresponding user terminal has the right to continue networking according to the source MAC address, includes: inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; or inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; or, inquiring whether the network flow of the user terminal is smaller than the preset flow according to the source MAC address.
In an embodiment, the improved anti-setback device is further configured to: after determining that the networking time of the user terminal exceeds the preset time, or the networking times exceed the preset times, or the network flow exceeds the preset flow, generating a verification request; generating a verification message and sending the verification message to a user terminal; the verification message comprises a verification request; after sending the verification message, receiving a second message sent by the user terminal subsequently; judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information in response to the authentication request.
In the improved anti-network-clashing device provided in an embodiment, in the process of determining whether the user terminal has the authority to continue to network according to the source MAC address, the execution unit 14 temporarily blocks forwarding of the data packet sent by the user terminal.
In an embodiment, the improved anti-setoff device further comprises an intensity detection unit. The intensity detection unit is used for detecting the signal intensity of the wireless signal; the judging unit 13, judge whether the user terminal has the authority to continue networking according to the source MAC address, includes: and judging whether the signal intensity is greater than the preset intensity.
In an embodiment, the improved anti-setoff device further comprises an intensity detection unit. A strength detection unit for detecting a signal strength of the wireless signal; the judging unit 13 judges whether the corresponding user terminal has the authority to continue networking according to the source MAC address, including: determining the distance from the user terminal to the wireless receiver 11 according to the signal strength; judging whether the distance is smaller than a preset distance; wherein: the wireless receiver 11 is used for receiving wireless signals.
In the improved anti-network-skimming device provided in one embodiment, the number of the wireless receivers 11 is multiple, and the multiple wireless receivers 11 are all used for receiving wireless signals and generating first messages; the apparatus further includes a strength detection unit for detecting the signal strength of the wireless signal received by each wireless receiver 11; the judging unit 13 judges whether the corresponding user terminal has the authority to continue networking according to the source MAC address, including: judging whether the coordinates of the user terminal are in a preset coordinate range or not; wherein: the coordinates of the respective wireless receivers 11 are different.
More specifically, determining the coordinates of the user terminal according to the signal strength of the wireless signal may include:
determining the distance from the user terminal to each wireless receiver 11 according to the signal strength;
the coordinates of the user terminal are determined from the distance and the position coordinates of the wireless receiver 11.
Some embodiments of the present application also provide a router comprising a wireless receiver 11 and a processor. The wireless receiver 11 is configured to: receiving a wireless signal, and generating a first message according to the wireless signal;
the processor is configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address; if not, discarding the first message, or limiting the forwarding of the response message to the user terminal; wherein: the response message is a message generated by the network side in response to the first message.
In some improved embodiments, the determining, by the processor in the router, whether the corresponding user terminal has the right to continue networking according to the source MAC address includes:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; alternatively, the first and second electrodes may be,
and inquiring whether the network flow of the user terminal is smaller than the preset flow or not according to the source MAC address.
In an improved embodiment, the processor in the router determines whether the corresponding user terminal has the authority to continue networking according to the source MAC address, further comprising: after determining that the networking time of the user terminal exceeds the preset time, or the networking times exceed the preset times, or the network flow exceeds the preset flow, generating a verification request; generating a verification message and sending the verification message to a user terminal; the verification message comprises a verification request; after sending the verification message, receiving a second message sent by the user terminal subsequently; judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information in response to the authentication request.
In some improved embodiments, in the process of judging whether the user terminal has the networking authority according to the source MAC address, the forwarding of the data message sent by the user terminal is temporarily blocked.
In another improved embodiment, the wireless receiver 11 is further used for detecting the signal strength of the wireless signal; the processor is further configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps: and judging whether the signal intensity is greater than the preset intensity.
In some further improved embodiments, the wireless receiver 11 is further configured to detect a signal strength of the wireless signal; the processor judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the method comprises the following steps: determining the distance from the user terminal to the wireless receiver 11 according to the signal strength; judging whether the distance is smaller than a preset distance; wherein: the wireless receiver 11 is used for receiving wireless signals.
In other improved embodiments, the number of the wireless receivers 11 is multiple, and multiple wireless receivers 11 are all used for receiving wireless signals and generating first messages; the wireless receiver 11 is also used for detecting the signal strength of the received wireless signal; the processor is further configured to: determining the coordinates of the user terminal according to the signal intensity of the wireless signal; judging whether the corresponding user terminal has the networking authority according to the source MAC address, which comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not; wherein: the coordinates of the respective wireless receivers 11 are different.
More specifically, determining the coordinates of the user terminal according to the signal strength of the wireless signal includes: determining the distance from the user terminal to each wireless receiver 11 according to the signal strength; the coordinates of the user terminal are determined from the distance and the position coordinates of the wireless receiver 11.
A1. An anti-mesh-rub method comprising:
receiving a wireless signal, and generating a first message according to the wireless signal;
extracting a source MAC address in the first message;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
A2. According to the method for preventing network from being stolen, which is described in a1, the method for judging whether the corresponding user terminal has the authority to continue networking according to the source MAC address includes:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address;
or inquiring whether the network flow of the user terminal is smaller than the preset flow according to the source MAC address.
A3. According to the method for preventing netting twitching described in a2,
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address further comprises the following steps:
after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow, generating a verification request;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
A4. According to the method for preventing netting twitching described in a3,
and temporarily blocking the forwarding of the data message sent by the user terminal in the process of judging whether the user terminal has the authority of continuing the networking according to the source MAC address.
A5. According to the method for preventing netting twitching described in a1,
further comprising: detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
and judging whether the signal intensity is greater than a preset intensity.
A6. The method for preventing netting twitching, according to a1, further comprising:
detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
A7. According to the method for preventing network from being stolen, which is described in A1, the method for receiving wireless signals and generating a first message according to the wireless signals comprises the following steps: receiving the wireless signals by adopting a plurality of wireless receivers and generating a first message;
the method further comprises the following steps: detecting the signal strength of the wireless signal received by each wireless receiver;
determining the coordinates of the user terminal according to the signal strength of the wireless signal;
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
A8. The method for preventing network from being rubbed according to a7, wherein the determining the coordinates of the user terminal according to the signal strength of the wireless signal comprises:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
A9. An anti-mesh rub device comprising:
the wireless receiver is used for receiving a wireless signal and generating a first message according to the wireless signal;
an address extracting unit, configured to extract a source MAC address in the first message;
a judging unit, configured to judge whether a corresponding user terminal has a permission to continue networking according to the source MAC address;
an execution unit, configured to discard the first packet or limit forwarding of a response packet to the user terminal when the user terminal does not have networking permission;
wherein: the response message is a message generated by the network side in response to the first message.
A10. According to a9, the determining unit determines whether the corresponding ue has the right to continue networking according to the source MAC address, including:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; alternatively, the first and second electrodes may be,
and inquiring whether the network flow of the user terminal is smaller than the preset flow or not according to the source MAC address.
A11. According to A10 the prevent rubbing net device, the judgement unit is still used for:
generating a verification request after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
A12. According to the anti-setback device described in a11,
and in the process of judging whether the user terminal has the authority of continuing networking according to the source MAC address, the execution unit temporarily blocks the forwarding of the data message sent by the user terminal.
A13. The device of preventing rubbing net according to A9, still include: a strength detection unit for detecting a signal strength of the wireless signal;
the judging unit judges whether the user terminal has the authority of continuing networking according to the source MAC address;
and judging whether the signal intensity is greater than a preset intensity.
A14. The device of preventing rubbing net according to A9, still include: a strength detection unit for detecting a signal strength of the wireless signal;
the judging unit judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the judging unit comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
A15. According to the network-rubbing prevention device of a9, the number of the wireless receivers is multiple, and the multiple wireless receivers are all used for receiving the wireless signals and generating first messages;
the device also comprises a strength detection unit for detecting the signal strength of the wireless signals received by each wireless receiver;
the judging unit judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the judging unit comprises the following steps:
judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
A16 the device for preventing network from being rubbed according to a15, said determining coordinates of said user terminal according to signal strength of said wireless signal, comprising:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
A17. A router comprising a wireless receiver and a processor;
the wireless receiver is to: receiving a wireless signal, and generating a first message according to the wireless signal;
the processor is configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
A18. According to the router described in a17, the processor determining whether the corresponding ue has the right to continue networking according to the source MAC address includes:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address; alternatively, the first and second electrodes may be,
and inquiring whether the network flow of the user terminal is smaller than the preset flow or not according to the source MAC address.
A19. According to the router described in a18, the processor determines whether the corresponding user terminal has the right to continue networking according to the source MAC address, further including:
after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow, generating a verification request;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
A20. According to the router described in a19,
and temporarily blocking the forwarding of the data message sent by the user terminal in the process of judging whether the user terminal has the networking authority according to the source MAC address.
A21. The router of a17, the wireless receiver further configured to detect a signal strength of the wireless signal;
the processor is further configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
and judging whether the signal intensity is greater than a preset intensity.
A22. The router of a17, the wireless receiver further configured to detect a signal strength of the wireless signal;
the processor judges whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, and the method comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
A23. The router according to a17, wherein the number of the wireless receivers is multiple, and the multiple wireless receivers are all configured to receive the wireless signal and generate a first packet;
the wireless receiver is further used for detecting the signal strength of the received wireless signal;
the processor is further configured to: determining the coordinates of the user terminal according to the signal strength of the wireless signal;
the judging whether the corresponding user terminal has the networking authority according to the source MAC address comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
A24. The router of a23, the determining coordinates of the user terminal from the signal strength of the wireless signal, comprising:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus for controlling network usage behavior described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
It should be noted that the algorithms and displays provided in the embodiments are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

Claims (10)

1. A method for preventing a net from being rubbed, which is characterized by comprising the following steps:
receiving a wireless signal, and generating a first message according to the wireless signal;
extracting a source MAC address in the first message;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
2. The method of preventing set-off of a net according to claim 1, wherein:
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address comprises the following steps:
inquiring whether the networking time of the user terminal is less than a preset time according to the source MAC address; alternatively, the first and second electrodes may be,
inquiring whether the networking times of the user terminal are less than the preset times or not according to the source MAC address;
or inquiring whether the network flow of the user terminal is smaller than the preset flow according to the source MAC address.
3. The method of preventing set-off of a net according to claim 2,
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address further comprises the following steps:
after determining that the networking time of the user terminal exceeds a preset time, or the networking times exceed a preset time, or the network flow exceeds a preset flow, generating a verification request;
generating a verification message and sending the verification message to a user terminal; the verification message comprises the verification request;
after sending the verification message, receiving a second message sent by the user terminal subsequently;
judging whether the second message comprises verification information and/or judging whether the verification information is legal; the authentication information is information responding to the authentication request.
4. The method of preventing set-off of a net according to claim 3,
and temporarily blocking the forwarding of the data message sent by the user terminal in the process of judging whether the user terminal has the authority of continuing the networking according to the source MAC address.
5. The method of preventing set-off of a net according to claim 1,
further comprising: detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
and judging whether the signal intensity is greater than a preset intensity.
6. The method of preventing a web rub according to claim 1, further comprising:
detecting a signal strength of the wireless signal;
judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address, wherein the method comprises the following steps:
determining the distance from the user terminal to a wireless receiver according to the signal strength;
judging whether the distance is smaller than a preset distance;
wherein: the wireless receiver is used for receiving the wireless signal.
7. The method of preventing set-off of a net according to claim 1,
receiving a wireless signal, and generating a first message according to the wireless signal, including: receiving the wireless signals by adopting a plurality of wireless receivers and generating a first message;
the method further comprises the following steps: detecting the signal strength of the wireless signal received by each wireless receiver;
determining the coordinates of the user terminal according to the signal strength of the wireless signal;
the judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address comprises the following steps: judging whether the coordinates of the user terminal are in a preset coordinate range or not;
wherein: the coordinates of each of the wireless receivers are different.
8. The method of preventing set-off of a net according to claim 7, wherein:
the determining the coordinates of the user terminal according to the signal strength of the wireless signal includes:
determining the distance from the user terminal to each wireless receiver according to the signal strength;
and determining the coordinates of the user terminal according to the distance and the position coordinates of the wireless receiver.
9. The utility model provides an prevent rubbing net device which characterized in that includes:
the wireless receiver is used for receiving a wireless signal and generating a first message according to the wireless signal;
an address extracting unit, configured to extract a source MAC address in the first message;
a judging unit, configured to judge whether a corresponding user terminal has a permission to continue networking according to the source MAC address;
an execution unit, configured to discard the first packet or limit forwarding of a response packet to the user terminal when the user terminal does not have networking permission;
wherein: the response message is a message generated by the network side in response to the first message.
10. A router, comprising a wireless receiver and a processor;
the wireless receiver is to: receiving a wireless signal, and generating a first message according to the wireless signal;
the processor is configured to: judging whether the corresponding user terminal has the authority of continuing networking according to the source MAC address;
if not, discarding the first message, or limiting the forwarding of the response message to the user terminal;
wherein: the response message is a message generated by the network side in response to the first message.
CN201910573479.0A 2019-06-28 2019-06-28 Anti-network-rubbing method and device and router Pending CN112153645A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910573479.0A CN112153645A (en) 2019-06-28 2019-06-28 Anti-network-rubbing method and device and router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910573479.0A CN112153645A (en) 2019-06-28 2019-06-28 Anti-network-rubbing method and device and router

Publications (1)

Publication Number Publication Date
CN112153645A true CN112153645A (en) 2020-12-29

Family

ID=73869185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910573479.0A Pending CN112153645A (en) 2019-06-28 2019-06-28 Anti-network-rubbing method and device and router

Country Status (1)

Country Link
CN (1) CN112153645A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114866265A (en) * 2021-01-20 2022-08-05 晶晨半导体(上海)股份有限公司 Network connection method, router, administrator terminal device, and communication device

Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009009936A1 (en) * 2007-07-18 2009-01-22 Zte Corporation An access method for a digital subscriber line access multiplexer, and an access system and apparatus thereof
CN104254097A (en) * 2013-06-27 2014-12-31 腾讯科技(深圳)有限公司 Flow control method and device
CN105228145A (en) * 2014-06-24 2016-01-06 中兴通讯股份有限公司 The method for authenticating of wireless access and device
CN105323757A (en) * 2014-06-27 2016-02-10 中兴通讯股份有限公司 WIFI squatter prevention wireless routing equipment and method
CN105338481A (en) * 2014-06-30 2016-02-17 奇点新源国际技术开发(北京)有限公司 Data processing method and device for mines
CN105516396A (en) * 2016-01-14 2016-04-20 广州市万联信息科技有限公司 Wechat opened and mobile phone MAC address binding method and unbinding method
CN105516093A (en) * 2015-11-30 2016-04-20 上海斐讯数据通信技术有限公司 Method and router for preventing illegal access to Internet through wireless routers of other people
CN105657712A (en) * 2016-01-06 2016-06-08 广东欧珀移动通信有限公司 Access control method and device of WiFi hotspot
CN105682093A (en) * 2014-11-20 2016-06-15 中兴通讯股份有限公司 Wireless network access method and access device, and client
CN105722182A (en) * 2016-02-25 2016-06-29 上海斐讯数据通信技术有限公司 Automatic internet stealing prevention method and routing equipment
EP3048830A1 (en) * 2015-01-23 2016-07-27 Alcatel Lucent Method, system and computer program product of wireless user device authentication in a wireless network
CN106027522A (en) * 2016-05-20 2016-10-12 福建星网锐捷通讯股份有限公司 Method for obtaining access permissions by wireless terminal touching router
WO2016184380A1 (en) * 2015-05-19 2016-11-24 中兴通讯股份有限公司 Processing method and device for network access
CN106603422A (en) * 2016-12-09 2017-04-26 上海斐讯数据通信技术有限公司 Network steal prevention method of wireless router, and wireless router
CN107623898A (en) * 2017-08-29 2018-01-23 广州中国科学院计算机网络信息中心 Method for monitoring instruction, device and equipment
CN108769990A (en) * 2018-05-30 2018-11-06 郑州易湃科技有限公司 Management method, managing device and the wireless telecom equipment of wireless telecom equipment
CN108882227A (en) * 2018-06-15 2018-11-23 上海康斐信息技术有限公司 A kind of wireless router and anti-loiter network method
CN108966225A (en) * 2018-06-11 2018-12-07 四川斐讯信息技术有限公司 A kind of method and system of the anti-loiter network of router
CN109121104A (en) * 2018-08-27 2019-01-01 广东工业大学 A kind of shared WiFi management method and system of decentralization
CN109168160A (en) * 2018-09-21 2019-01-08 徐英杰 A kind of anti-loiter network method under wireless routing network environment
CN109756915A (en) * 2017-11-03 2019-05-14 阿里巴巴集团控股有限公司 A kind of wireless network management method and system

Patent Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009009936A1 (en) * 2007-07-18 2009-01-22 Zte Corporation An access method for a digital subscriber line access multiplexer, and an access system and apparatus thereof
CN104254097A (en) * 2013-06-27 2014-12-31 腾讯科技(深圳)有限公司 Flow control method and device
CN105228145A (en) * 2014-06-24 2016-01-06 中兴通讯股份有限公司 The method for authenticating of wireless access and device
CN105323757A (en) * 2014-06-27 2016-02-10 中兴通讯股份有限公司 WIFI squatter prevention wireless routing equipment and method
CN105338481A (en) * 2014-06-30 2016-02-17 奇点新源国际技术开发(北京)有限公司 Data processing method and device for mines
CN105682093A (en) * 2014-11-20 2016-06-15 中兴通讯股份有限公司 Wireless network access method and access device, and client
EP3048830A1 (en) * 2015-01-23 2016-07-27 Alcatel Lucent Method, system and computer program product of wireless user device authentication in a wireless network
WO2016184380A1 (en) * 2015-05-19 2016-11-24 中兴通讯股份有限公司 Processing method and device for network access
CN105516093A (en) * 2015-11-30 2016-04-20 上海斐讯数据通信技术有限公司 Method and router for preventing illegal access to Internet through wireless routers of other people
CN105657712A (en) * 2016-01-06 2016-06-08 广东欧珀移动通信有限公司 Access control method and device of WiFi hotspot
CN105516396A (en) * 2016-01-14 2016-04-20 广州市万联信息科技有限公司 Wechat opened and mobile phone MAC address binding method and unbinding method
CN105722182A (en) * 2016-02-25 2016-06-29 上海斐讯数据通信技术有限公司 Automatic internet stealing prevention method and routing equipment
CN106027522A (en) * 2016-05-20 2016-10-12 福建星网锐捷通讯股份有限公司 Method for obtaining access permissions by wireless terminal touching router
CN106603422A (en) * 2016-12-09 2017-04-26 上海斐讯数据通信技术有限公司 Network steal prevention method of wireless router, and wireless router
CN107623898A (en) * 2017-08-29 2018-01-23 广州中国科学院计算机网络信息中心 Method for monitoring instruction, device and equipment
CN109756915A (en) * 2017-11-03 2019-05-14 阿里巴巴集团控股有限公司 A kind of wireless network management method and system
CN108769990A (en) * 2018-05-30 2018-11-06 郑州易湃科技有限公司 Management method, managing device and the wireless telecom equipment of wireless telecom equipment
CN108966225A (en) * 2018-06-11 2018-12-07 四川斐讯信息技术有限公司 A kind of method and system of the anti-loiter network of router
CN108882227A (en) * 2018-06-15 2018-11-23 上海康斐信息技术有限公司 A kind of wireless router and anti-loiter network method
CN109121104A (en) * 2018-08-27 2019-01-01 广东工业大学 A kind of shared WiFi management method and system of decentralization
CN109168160A (en) * 2018-09-21 2019-01-08 徐英杰 A kind of anti-loiter network method under wireless routing network environment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YONGSEN MA ECT.: "WiFi Sensing with Channel State Information: A Survey", 《ACM COMPUTING SURVEYS》, 18 June 2019 (2019-06-18) *
山德鲁;: "简单设置防止网络资源被"侵占"", 电脑知识与技术(经验技巧), no. 05, 5 May 2015 (2015-05-05) *
邹永进;程方;: "广电WiFi在银行网点的覆盖与应用", 中国有线电视, no. 04 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114866265A (en) * 2021-01-20 2022-08-05 晶晨半导体(上海)股份有限公司 Network connection method, router, administrator terminal device, and communication device
CN114866265B (en) * 2021-01-20 2024-04-19 晶晨半导体(上海)股份有限公司 Network connection method, router, administrator terminal device, and communication device

Similar Documents

Publication Publication Date Title
US10069793B2 (en) Identity verification method, internet of thins gateway device, and verification gateway device using the same
US20070186276A1 (en) Auto-detection and notification of access point identity theft
US7710933B1 (en) Method and system for classification of wireless devices in local area computer networks
CN107197456B (en) Detection method and detection device for identifying pseudo AP (access point) based on client
US10097546B2 (en) Authentication of a user device using traffic flow information
US7764648B2 (en) Method and system for allowing and preventing wireless devices to transmit wireless signals
CN104270366B (en) method and device for detecting karma attack
WO2019237813A1 (en) Method and device for scheduling service resource
US20130007848A1 (en) Monitoring of smart mobile devices in the wireless access networks
US20080009266A1 (en) Communication Device, Wireless Network, Program, And Storage Medium
CN105681272A (en) Method for detecting and defensing fishing WiFi of mobile terminal
EP3014842A1 (en) Validating presence of a communication device using a wireless local area network
KR20190129937A (en) Smart broadcast device
CN108353283B (en) Method and apparatus for preventing attacks from a pseudo base station
CN110213761B (en) Multi-model pseudo AP detection method and detection device based on bidirectional SYN reflection
WO2017128546A1 (en) Method and apparatus for securely accessing wifi network
WO2016131289A1 (en) Method, device and user equipment for testing security of wireless hotspot
CN112469044A (en) Edge access control method and controller for heterogeneous terminal
CN106657154B (en) Wireless access method, system, WiFi platform and operator number taking platform
CN109327465B (en) Method for safely resisting network hijacking
US20210029543A1 (en) Method and device for authenticating device using wireless lan service
CN112153645A (en) Anti-network-rubbing method and device and router
CN111405548B (en) Fishing wifi detection method and device
US8724506B2 (en) Detecting double attachment between a wired network and at least one wireless network
CN109428870A (en) Network attack processing method based on Internet of Things, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination