CN113037765A - Port scanning device - Google Patents
Port scanning device Download PDFInfo
- Publication number
- CN113037765A CN113037765A CN202110307400.7A CN202110307400A CN113037765A CN 113037765 A CN113037765 A CN 113037765A CN 202110307400 A CN202110307400 A CN 202110307400A CN 113037765 A CN113037765 A CN 113037765A
- Authority
- CN
- China
- Prior art keywords
- port
- scanning
- data
- module
- task
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a port scanning device, comprising; the scanning module is used for acquiring an IP section to be detected after the scanning module is in butt joint with a port to be scanned, grouping ports corresponding to each single IP and obtaining a task group; sequentially carrying out port scanning on the task groups to obtain scanning results; the data scheduling module is used for scheduling the data in the scanning result to generate a data queue; the data processing module is used for integrating the scanning data in the data queue and carrying out multi-thread data operation on the scanning data; and the data comparison module is used for comparing the operation result of the data processing module with the pre-stored network security data and generating a security report according to the comparison result. By adopting the technical scheme of the invention, after the port to be scanned is in butt joint with the port to be scanned, the scanning, data scheduling, operation and safety report of the port are automatically completed, and the accuracy of the port scanning result is improved.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a port scanning device.
Background
The modern era belongs to the information age, and information equipment is connected through a network, but the network security situation is very severe. Regardless of the network devices of the national departments, companies and enterprises or individuals, various network risks are enriched, so network security evaluation is performed on the network devices and the server network, and in the process of evaluating the network security, the security of opening the ports of the network devices and the server network is important for guaranteeing the network security.
Port scanning is one way for a client to acknowledge a range of server ports that a port can be used. While port scanning is not itself a malicious network activity, it is also an important means for network attackers to detect known vulnerabilities of target host services. When detecting a vulnerability, it is necessary to accurately and comprehensively obtain port opening information and service information of a target network. However, existing port scanning is typically performed by a single client simultaneously detecting a large number of ports on a server. When a target protected by an intrusion detection system is met, the scanning behavior of the port is easily identified and intercepted, so that the port scanning result is inaccurate, and the problem of incomplete vulnerability detection coverage is caused.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a port scanning device, which overcomes the problem that the port scanning behavior is easily identified and intercepted.
In order to achieve the purpose, the invention adopts the following technical scheme
A port scanning device comprising;
the scanning module is used for acquiring an IP section to be detected after the scanning module is in butt joint with a port to be scanned, grouping ports corresponding to each single IP and obtaining a task group; sequentially carrying out port scanning on the task groups to obtain scanning results;
the data scheduling module is used for scheduling the data in the scanning result to generate a data queue;
the data processing module is used for integrating the scanning data in the data queue and carrying out multi-thread data operation on the scanning data;
and the data comparison module is used for comparing the operation result of the data processing module with the pre-stored network security data and generating a security report according to the comparison result.
Preferably, the scanning module includes:
the first receiving unit is used for receiving a preset random number value n;
a second receiving unit, configured to obtain a port set corresponding to the single IP;
the extraction unit is used for circularly executing the random extraction of n ports in the port collection set and forming a task group, the extracted ports are deleted from the port collection set, and the number of the ports in the port collection set is less than or equal to n;
and the combining unit is used for combining the rest ports in the port collection into a corresponding task group.
Preferably, the random number n is the same for each individual IP.
Preferably, the scanning module includes:
the dividing unit is used for dividing the task groups with the same serial number and different single IPs into the same task collection, and the task groups in the task collection are arranged according to the arrangement rule of the single IPs in the IP section;
the arranging unit is used for queuing the task collection according to the number and obtaining a task queue;
and the scanning unit is used for sequentially carrying out port scanning on the task queue.
Preferably, all task groups of the same single IP are not numbered the same.
Preferably, the method further comprises the following steps: and the power switch control module is connected with the data processing module.
Preferably, the method further comprises the following steps: and the power supply module is connected with the power supply switch control module.
Preferably, the system further comprises a report generation module for generating a data report according to the operation result of the data processing module.
After the invention is in butt joint with the port to be scanned, the invention automatically finishes the scanning, data scheduling, operation and safety report of the port, obtains a task group by grouping each single IP, and then sequentially scans the port of the task group. In other words, only one task group is scanned by the executed ports in the same time period, so that the number of the ports which are executing port scanning is reduced, the probability that the port scanning behaviors are identified and intercepted is reduced, and the accuracy of the port scanning result is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of a port scanning device according to the present invention;
fig. 2 is a schematic structural diagram for implementing grouping of ports corresponding to a single IP;
fig. 3 is a schematic structural diagram for implementing port scanning on task groups in sequence.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
The invention provides a port scanning device, comprising; the device comprises a scanning module, a data scheduling module, a data processing module, a data comparison module, a power switch control module, a power supply module, a report generation module and a USB module, wherein the scanning module, the data scheduling module, the data comparison module, the power switch control module, the power supply module, the report generation module and the USB module are respectively connected with the data processing module; the power switch control module is connected with the power module; wherein the content of the first and second substances,
the scanning module is used for acquiring an IP section to be detected after the scanning module is in butt joint with a port to be scanned, grouping ports corresponding to each single IP and obtaining a task group; sequentially carrying out port scanning on the task groups to obtain scanning results;
the data scheduling module is used for scheduling the data in the scanning result to generate a data queue;
the data processing module is used for integrating the scanning data in the data queue and carrying out multi-thread data operation on the scanning data;
the data comparison module is used for comparing the operation result of the data processing module with the pre-stored network security data and generating a security report according to the comparison result;
and the report generation module is used for generating a data report according to the operation result of the data processing module.
Further, in the IP segment to be detected obtained by the scanning module, the IP segment may include one or more single IPs. The device for acquiring the to-be-detected IP segment may be a desktop computer, a notebook computer, a server (an entity server or a cloud server), or even a mobile phone or a tablet computer, and the operations such as processing, extracting, and scanning the IP segment in the following steps may be performed in the device for acquiring the to-be-detected IP segment, and of course, one or more devices may be used for acquiring the to-be-detected IP segment. It should be noted that each single IP corresponds to a device having ports, and there may be as many as 65536 ports, since the ports are marked by port numbers, and the port numbers are also only integers, so that the range of the port numbers is from 0 to 65535, where the port with port number 0 is usually in an empty state, i.e. the available port number 65535.
Further, the scanning module groups the ports corresponding to each single IP to obtain a task group, and the grouping rules of different single IPs may be the same or different; the number of ports included in a task group may or may not be the same. The port corresponding to the single IP is a port of a device corresponding to the single IP for short, and the port corresponding to the single IP or the port set corresponding to the single IP mentioned in the present invention is the port or the port set corresponding to the device corresponding to the single IP.
Further, in the sequential port scanning of the task group by the scanning module, since the partial IDS detects that the port scanning trigger rule is 10 ports, the number of the ports in the task group should be less than 10. It should be noted that, by setting an ordering rule for the task groups, the task groups can be ordered to ensure the ordered scanning of the task groups.
Further, as shown in fig. 2, in order to implement grouping ports corresponding to a single IP, the scanning module includes:
the first receiving unit is used for receiving a preset random number value n;
a second receiving unit, configured to obtain a port set corresponding to the single IP;
the extraction unit is used for circularly executing the random extraction of n ports in the port collection set and forming a task group, the extracted ports are deleted from the port collection set, and the number of the ports in the port collection set is less than or equal to n;
and the combining unit is used for combining the rest ports in the port collection into a corresponding task group.
Further, the random number n corresponding to each single IP is the same.
Further, as shown in fig. 3, in order to sequentially perform port scanning on the task groups, the scanning module includes:
the dividing unit is used for dividing the task groups with the same serial number and different single IPs into the same task collection, and the task groups in the task collection are arranged according to the arrangement rule of the single IPs in the IP section;
the arranging unit is used for queuing the task collection according to the number and obtaining a task queue;
and the scanning unit is used for sequentially carrying out port scanning on the task queue.
Further, the numbers of all task groups of the same single IP are different.
Furthermore, the power circuit is used for supplying power to the whole port scanning device, and the power control switch circuit is used for controlling the port scanning device to be powered on. The power supply circuit comprises a short-circuit protection circuit, an anti-reverse connection circuit and a power supply interface circuit which are sequentially connected, wherein the short-circuit protection circuit is connected with the power supply control switch circuit. The short-circuit protection circuit is used for performing circuit protection on the whole port scanning device, and preferably, the circuit current of the whole port scanning device can be limited below 3A, so that the danger caused by overlarge external power supply current due to the short circuit of the port scanning device is prevented. The anti-reverse connection circuit uses a metal-oxide semiconductor field effect transistor (MOS tube) to prevent reverse connection, has low power consumption and can prolong the service time of a power supply. The reverse connection preventing circuit is used for automatically disconnecting the circuit connection when the power end and the ground end of the power interface circuit are reversely connected so as to prevent the damage of a rear-stage circuit. The power interface circuit is used for supplying power to the whole port scanning device.
Further, the USB circuit comprises a USB-to-UART circuit, a USB port protection circuit and a USB interface circuit which are connected in sequence, wherein the USB-to-UART circuit is connected with the data processing module. The USB port protection circuit adopts a Transient Voltage Suppressor (TVS) for protection. The circuit has quick response to electrostatic discharge, can prevent the circuit damage of the interface part caused by human static electricity, simultaneously limits the current of the controller for getting electricity from the USB interface circuit, and effectively prevents the damage of the USB equipment for power supply. The USB-to-UART circuit is used for realizing the conversion from the USB to the UART interface protocol. And the USB interface circuit is used for programming a prestored firmware program for the data processing module.
After the invention is in butt joint with the port to be scanned, the invention automatically finishes the scanning, data scheduling, operation and safety report of the port, obtains a task group by grouping each single IP, and then sequentially scans the port of the task group. In other words, only one task group is scanned by the executed ports in the same time period, so that the number of the ports which are executing port scanning is reduced, the probability that the port scanning behaviors are identified and intercepted is reduced, and the accuracy of the port scanning result is improved.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (8)
1. A port scanning device, comprising;
the scanning module is used for acquiring an IP section to be detected after the scanning module is in butt joint with a port to be scanned, grouping ports corresponding to each single IP and obtaining a task group; sequentially carrying out port scanning on the task groups to obtain scanning results;
the data scheduling module is used for scheduling the data in the scanning result to generate a data queue;
the data processing module is used for integrating the scanning data in the data queue and carrying out multi-thread data operation on the scanning data;
and the data comparison module is used for comparing the operation result of the data processing module with the pre-stored network security data and generating a security report according to the comparison result.
2. The port scanning device of claim 1, wherein the scanning module comprises:
the first receiving unit is used for receiving a preset random number value n;
a second receiving unit, configured to obtain a port set corresponding to the single IP;
the extraction unit is used for circularly executing the random extraction of n ports in the port collection set and forming a task group, the extracted ports are deleted from the port collection set, and the number of the ports in the port collection set is less than or equal to n;
and the combining unit is used for combining the rest ports in the port collection into a corresponding task group.
3. The port scanning device of claim 2, wherein the random number n is the same for each single IP.
4. A port scanning arrangement according to any of claims 1 to 3, wherein said scanning module comprises:
the dividing unit is used for dividing the task groups with the same serial number and different single IPs into the same task collection, and the task groups in the task collection are arranged according to the arrangement rule of the single IPs in the IP section;
the arranging unit is used for queuing the task collection according to the number and obtaining a task queue;
and the scanning unit is used for sequentially carrying out port scanning on the task queue.
5. The port scanning device of claim 4, wherein all task groups of the same single IP are not numbered the same.
6. The port scanning device of claim 1, further comprising: and the power switch control module is connected with the data processing module.
7. The port scanning device of claim 6, further comprising: and the power supply module is connected with the power supply switch control module.
8. The port scanning device according to claim 1, further comprising a report generation module for generating a data report according to an operation result of said data processing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110307400.7A CN113037765A (en) | 2021-03-23 | 2021-03-23 | Port scanning device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110307400.7A CN113037765A (en) | 2021-03-23 | 2021-03-23 | Port scanning device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113037765A true CN113037765A (en) | 2021-06-25 |
Family
ID=76472765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110307400.7A Pending CN113037765A (en) | 2021-03-23 | 2021-03-23 | Port scanning device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113037765A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113766047A (en) * | 2021-09-16 | 2021-12-07 | 北京恒安嘉新安全技术有限公司 | Task grouping method and device, computer equipment and storage medium |
| CN115296928A (en) * | 2022-09-28 | 2022-11-04 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110691072A (en) * | 2019-09-11 | 2020-01-14 | 光通天下网络科技股份有限公司 | Distributed port scanning method, device, medium and electronic equipment |
| US20200059480A1 (en) * | 2016-11-04 | 2020-02-20 | Nagravision S.A. | Port Scanning |
| CN210469378U (en) * | 2019-10-29 | 2020-05-05 | 北京市农林科学院 | Network port scanning device |
-
2021
- 2021-03-23 CN CN202110307400.7A patent/CN113037765A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200059480A1 (en) * | 2016-11-04 | 2020-02-20 | Nagravision S.A. | Port Scanning |
| CN110691072A (en) * | 2019-09-11 | 2020-01-14 | 光通天下网络科技股份有限公司 | Distributed port scanning method, device, medium and electronic equipment |
| CN210469378U (en) * | 2019-10-29 | 2020-05-05 | 北京市农林科学院 | Network port scanning device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113766047A (en) * | 2021-09-16 | 2021-12-07 | 北京恒安嘉新安全技术有限公司 | Task grouping method and device, computer equipment and storage medium |
| CN113766047B (en) * | 2021-09-16 | 2024-03-22 | 北京恒安嘉新安全技术有限公司 | Task grouping method and device, computer equipment and storage medium |
| CN115296928A (en) * | 2022-09-28 | 2022-11-04 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
| CN115296928B (en) * | 2022-09-28 | 2023-02-03 | 北京源堡科技有限公司 | Port scanning method and device, computer equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10585731B2 (en) | KVM having blue screen of death detection and warning functions | |
| US10652274B2 (en) | Identifying and responding to security incidents based on preemptive forensics | |
| CN110933103B (en) | Anti-crawler method, device, equipment and medium | |
| CN108038130B (en) | Automatic false user cleaning method, device, equipment and storage medium | |
| EP3068095A2 (en) | Monitoring apparatus and method | |
| CN113037765A (en) | Port scanning device | |
| EP2854362B1 (en) | Software network behavior analysis and identification system | |
| CN108293044A (en) | System and method for detecting malware infection via domain name service flow analysis | |
| CN107276851B (en) | Node abnormity detection method and device, network node and console | |
| EP3343421A1 (en) | System to detect machine-initiated events in time series data | |
| CN110691072A (en) | Distributed port scanning method, device, medium and electronic equipment | |
| US20200226249A1 (en) | Method and system for autonomous malware analysis | |
| CN101902349A (en) | Method and system for detecting scanning behaviors of ports | |
| US11556652B2 (en) | End-point visibility | |
| CN106775971B (en) | Data processing apparatus | |
| CN111193616A (en) | Automatic operation and maintenance method, device and system, storage medium and automatic operation and maintenance server | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN104735069A (en) | High-availability computer cluster based on safety and reliability | |
| US10075454B1 (en) | Using telemetry data to detect false positives | |
| CN112464238A (en) | Vulnerability scanning method and electronic equipment | |
| CN109586788B (en) | Monitoring system fault diagnosis method and device, computer equipment and storage medium | |
| US20220292201A1 (en) | Backdoor inspection apparatus, backdoor inspection method, and non-transitory computer readable medium | |
| US11677582B2 (en) | Detecting anomalies on a controller area network bus | |
| CN104580135A (en) | UEFI-based terminal real-time control system and method | |
| US20210160254A1 (en) | Live process migration in conjunction with electronic security attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210625 |