CN113067818A - Probe distribution method and device based on network asset checking - Google Patents
Probe distribution method and device based on network asset checking Download PDFInfo
- Publication number
- CN113067818A CN113067818A CN202110290269.8A CN202110290269A CN113067818A CN 113067818 A CN113067818 A CN 113067818A CN 202110290269 A CN202110290269 A CN 202110290269A CN 113067818 A CN113067818 A CN 113067818A
- Authority
- CN
- China
- Prior art keywords
- probe
- scanning
- determining
- probe carrier
- carrier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a probe distribution method and a probe distribution device based on network asset checking, wherein the method comprises the following steps: determining at least one probe carrier required by the current inventory check according to the previous asset check result, and determining whether the probe carrier is in an active state; sending a container installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container; determining scanning load according to the previous asset checking result, and determining the probe type corresponding to the probe carrier according to the scanning load; correspondingly sending a probe working module mirror image corresponding to the probe type to the probe carrier so as to enable the probe carrier to be correspondingly provided with a rapid probe working module; and receiving a scanning result returned by the probe carrier. The network asset checking and port safety scanning can be rapidly and accurately carried out.
Description
Technical Field
The invention belongs to the technical field of network asset checking, and particularly relates to a probe distribution method and device based on network asset checking.
Background
In recent years, network technology is developed, network information technology is developed vigorously, electronic conversion of offices and services is accelerated in government, electric power, finance, public security, education and other industries, facilities or equipment using computers, servers, networks and the like are increased rapidly, and after a long time, enterprises are not clear about own assets. Especially for large enterprises. Currently, network asset detection is commonly employed to address the above problems. The network asset detection refers to a process of tracking and mastering network asset conditions, generally comprises host discovery, operating system identification, service identification and the like, is an important premise for realizing network security management, and has wide application value in network security related work.
Currently, network devices and subnets are typically discovered using probing methods based on network protocols such as ICMP, SNMP, LLDP, OSPF, etc. After the detection results of the network equipment and the subnet are finished, the detection results of the network equipment and the subnet are stored in a database, and the network topology is presented by utilizing the front js in the web.
For large enterprises, especially large power enterprises, due to the numerous subnets, when performing network asset checking, probes need to be distributed in the subnets in advance for capturing, filtering and analyzing data packets in the subnets. And then determine assets and network vulnerabilities. Meanwhile, as the number of devices in the subnet is large, the nodes in the subnet also need to be selected, and the probes are effectively managed. In the process of implementing the invention, the inventor finds the following technical problems: because computers in the sub-network are changed frequently, the original distributed probes may not work normally in the process of checking the network assets, or the accuracy of checking the network assets is influenced for a long time because the distribution of the probes is unreasonable.
Disclosure of Invention
In view of the above, the present invention is directed to a probe distribution method and apparatus based on network asset checking, so as to solve the technical problem in the prior art that the network asset checking accuracy of large enterprises, especially power enterprises, is low.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in one aspect, an embodiment of the present invention provides a probe allocation method based on network asset checking, including:
determining at least one probe carrier required by the current inventory check according to the previous asset check result, wherein each probe carrier corresponds to one probe type;
sending an instruction for scanning an active host to the probe carrier, and determining whether the probe carrier is in an active state;
sending a container installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container;
determining scanning load according to the previous asset checking result, and determining the probe type corresponding to the probe carrier according to the scanning load;
correspondingly sending a probe working module mirror image corresponding to the probe type to the probe carrier so as to enable the probe carrier to be correspondingly provided with a rapid probe working module;
the probe work module mirror image includes: a feedback module for scanning the port and directly using TCP or UDP message in the session layer and receiving the feedback result in the application layer;
and receiving a scanning result returned by the probe carrier.
Further, the determining at least one probe carrier required by the current inventory check according to the previous asset check result includes:
and selecting the host with a plurality of services in the previous checking result as a probe carrier.
Further, the determining a scanning load according to the previous asset checking result, and the determining a probe type corresponding to the probe carrier according to the scanning load, includes:
determining the number of scanning operation systems and scanning ports according to the previous asset checking result;
and determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length, and randomly distributing corresponding probe carriers.
Further, the determining the number of the probes of the scan operation system and the number of the probes of the scan port according to the number of the scan operation system and the number of the scan ports and the corresponding scan unit time length includes:
determining the maximum scanning line number of the probe carrier according to the system resources distributed by the container;
determining the number of the ports to be scanned simultaneously according to the maximum scanning thread number;
and determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports.
On the other hand, the embodiment of the invention also provides a probe distribution device based on network asset checking, which comprises:
the probe carrier determining module is used for determining at least one probe carrier required by the current inventory check according to the previous asset check result, and each probe carrier corresponds to one probe type;
the active state determining module is used for sending an instruction of scanning an active host to the probe carrier and determining whether the probe carrier is in an active state;
the probe carrier installation instruction sending module is used for sending a probe carrier installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container;
the probe type determining module is used for determining scanning load according to the previous asset checking result and determining the probe type corresponding to the probe carrier according to the scanning load;
a work module mirror image sending module, configured to send, to the probe carrier, a probe work module mirror image corresponding to the probe type, so that the probe carrier correspondingly mounts a quick-mount probe work module, where the probe work module mirror image includes: a feedback module for scanning the port and directly using TCP or UDP message in the session layer and receiving the feedback result in the application layer;
and the receiving module is used for receiving the scanning result returned by the probe carrier.
Further, the probe carrier determination module includes:
and the selecting unit is used for selecting the host with a plurality of services in the previous checking result as a probe carrier.
Further, the probe type determination module includes:
the quantity determining unit is used for determining the quantity of scanning operation systems and scanning ports according to the previous asset checking result;
and the distribution unit is used for determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length, and randomly distributing the corresponding probe carriers.
Further, the distribution unit includes:
the scanning thread number determining subunit is used for determining the maximum scanning thread number of the probe carrier according to the system resources distributed by the container;
the port number determining subunit determines the number of the ports to be scanned simultaneously according to the maximum scanning thread number;
and the probe number determining subunit is used for determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports.
Compared with the prior art, the probe distribution method and device based on network asset checking have the following advantages:
the invention relates to a probe distribution method and a probe distribution device based on network asset checking, which select a probe carrier according to a previous asset checking result and a current determined activity state through a preset node, send a probe environment installation instruction to the selected probe carrier, and correspondingly send a corresponding function module according to a pre-selected probe type after the probe carrier completes the installation of the probe environment, so that the probe carrier completes asset checking and safety scanning according to corresponding functions. The appropriate probe carrier can be selected according to the actual situation of the subnet, and the corresponding functional module is correspondingly sent according to the actual checking task situation, so that probes with different functions can be rapidly deployed, and rapid and accurate network asset checking and port safety scanning can be realized.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic flow chart of a probe distribution method based on network asset checking according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a probe distribution device based on network asset checking according to a second embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Example one
Fig. 1 is a schematic flow chart of a probe distribution method based on network asset checking according to an embodiment of the present invention, where the probe distribution method based on network asset checking is applicable to a distribution scenario of probes during network asset checking and can be implemented by using a probe distribution device for network asset checking, and referring to fig. 1, the probe distribution method based on network asset checking includes:
and S110, determining at least one probe carrier required by the current inventory check according to the previous inventory check result, wherein each probe carrier corresponds to one probe type.
In this embodiment, the probe carrier may be a node that serves as a carrier probe in a subnet. May be a device of various operating systems. For example: a computer, mobile terminal, or other computing device having network communication capabilities. The probe type can be a scanning function corresponding to each function to be achieved according to asset inventory, for example: and executing the function of scanning the operating system of all the nodes in the subnet or the function of scanning the port opening of all the nodes in the subnet.
Optionally, in this embodiment, the main body for performing the above operation may be a computer set in a certain fixed active state in the subnet, and according to the asset audit command sent by the asset audit server, the computer performs subsequent asset audit scanning work on the subnet in charge of.
Correspondingly, after the received asset checking instruction sent by the asset checking server, at least one probe carrier required by the current checking can be determined according to the previous checking result. Previous scan results may indicate the approximate number and type of inventory that needs to be inventoried within the ad hoc network. Thus, the number of probes and the type of probes required can be determined from the results of the previous disc examination.
Optionally, the determining, according to the previous asset checking result, at least one probe carrier required by the current checking may include: and selecting the host with a plurality of services in the previous checking result as a probe carrier. Hosts with multiple services typically have higher performance. Therefore, the method can be used as a probe carrier, and can efficiently finish the network asset checking work in the subnet without influencing the working performance of the probe carrier. Alternatively, the probe carrier may be plural, and each probe carrier may correspond to one scanning type.
And S120, sending an instruction for scanning the active host to the probe carrier, and determining whether the probe carrier is in an active state.
Because the previous inventory and the current inventory have different dimensions in time, the host in the active state of the previous inventory may be in an inactive state during the current inventory, and the function of network asset inventory cannot be realized. Therefore, in this embodiment, the computer in the fixed active state may be used to perform heartbeat detection on the probe carrier according to a preset ip list, so as to determine whether the probe carrier is in the active state. Optionally, the ip list may be a predetermined maximum possible address range. For example: 192.168.1.1-192.168.1.10000, etc. Compared with the existing method for acquiring the ip address list by adopting previous checking, the method can effectively avoid omission caused by the change of the ip address of the part of network equipment in the subnet or the increase/decrease of the part of network equipment.
S130, sending a probe environment pre-installation instruction to the probe carrier in the active state, so that the probe carrier realizes a probe installation environment according to the probe environment pre-installation instruction.
After the probe carrier is determined, the probe carrier is enabled to have a corresponding scanning function so as to achieve the purpose of checking the network assets in the subnet section. In the embodiment, the timeliness of the network asset checking is considered, and the influence on the self working resource of the probe carrier is reduced as much as possible in the asset checking. The sending of the probe environment preinstallation instruction to the probe carrier in the active state may include: and sending a container installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container.
The container may be a series of processes isolated from the rest of the system. All files needed to run these processes are provided by another image, and the containers are portable and consistent. The vessel runs much faster. The containers are relatively common and easy to use. The containers may then share the same operating system kernel, isolating the application process from the rest of the system. Various resources required by the probe carrier can be rapidly transplanted to a plurality of nodes by using the container technology. Alternatively, the container may be a docker container.
S140, determining a scanning load according to the previous asset checking result, determining a probe type corresponding to the probe carrier according to the scanning load, and correspondingly sending a probe working module corresponding to the probe type to the probe carrier, so that the probe working module is correspondingly installed on the probe carrier.
After all probe carriers have completed the container installation, it is necessary to determine the scanning function that each probe carrier correspondingly performs. Accordingly, the scanning function is associated with the working module to which it is correspondingly mounted. Optionally, a corresponding working module may be set in the container, and a corresponding scanning function may be correspondingly executed. So as to realize synchronous completion of various scanning requirements in network asset checking.
Optionally, the determining a scanning load according to the previous asset checking result, and the determining a probe type corresponding to the probe carrier according to the scanning load may include: determining the number of scanning operation systems and scanning ports according to the previous asset checking result; calculating the total time length of the scanning operation system according to the number of the scanning operation systems and the unit time length of the scanning operation systems; calculating the total time length of the scanning ports according to the number of the scanning ports and the unit time length of the scanning ports; determining the number of the probes of the scanning operation system and the probes of the scanning ports according to the total time length of the scanning operation system and the total time length of the scanning ports; and determining the probe type corresponding to the probe carrier according to the number of the scanning operation system probes and the scanning port probes.
Optionally, the number of scans required for the operating systems of the devices in the sub-network may be determined according to the previous asset inventory check result. Since the operating system can reflect the corresponding functions of each host in the subnet. Therefore, in the process of checking the network assets, the estimated number of the operating systems to be scanned needs to be determined, and the number of the probe carriers applied to the scanning of the operating systems is determined according to the estimated number of the scanning operating systems.
Similarly, the number of port scanning at this time can be estimated according to the previous asset checking result, and the number of probe carriers for executing the port scanning can be determined according to the estimated number. Different from the scanning operation system, the method needs to perform comprehensive scanning on the ports of all the devices in the subnet in the previous time, rather than performing scanning only on a specific port, so as to achieve the purpose of scanning whether a bug exists.
Therefore, the number of devices in the subnet which may need to scan the operating system can be determined according to the previous asset inventory result, and the number of scanned ports can be estimated according to the number of the devices.
In the embodiment, the probe carrier is realized by adopting a container technology. In addition, considering the performance of the equipment in the subnet, extra workload and time are needed, so the computing capability of the probe carrier is not considered. The allocated computing power of all containers, such as CPU footprint and memory footprint, is consistent. Thus, the process completion time for scanning the operating system of a device in the subnet is the same. Accordingly, the same is true for the process completion time for scanning a port of a device in the subnet. The number of the scanning operation system probes and the number of the scanning port probes can be determined according to the total scanning operation system duration and the total scanning port duration. In this embodiment, the scan operating system and the scan port should be made to complete synchronously. Therefore, the number of the scanning operation system probes and the number of the scanning port probes can be determined according to the number of the scanning operation system probes and the scanning port probes and the corresponding scanning unit time length.
Further, the determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length may include: determining the maximum scanning line number of the probe carrier according to the system resources distributed by the container; determining the number of the ports to be scanned simultaneously according to the maximum scanning thread number; and determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports. Because multiple scan threads can be executed in the container, each scan thread can individually complete a port scan and be destroyed after the scan is completed. Therefore, the number of the scanning operation system probes and the number of the scanning port probes can be accurately calculated according to the number of the simultaneous concurrent scanning threads.
After the number of probes with different functions is determined, the specific network addresses of the probe carriers are not limited because the probes are in the same subnet, and therefore, the corresponding probe carriers can be randomly allocated.
S150, correspondingly sending the probe working module mirror image corresponding to the probe type to the probe carrier, so that the probe carrier is correspondingly provided with the rapid installation probe working module.
After the scanning function corresponding to each probe carrier is determined, corresponding work module programs can be correspondingly sent to the probe carriers, so that the probe carriers can realize corresponding scanning tasks. In this embodiment, since the probe carrier has already completed installation of the container in the previous step and forms a container environment, it is only necessary to send the mirror image of the working module to the probe carrier, and the probe carrier can quickly complete installation of the corresponding working module.
Optionally, in this embodiment, the installation module may include: TCP or UDP messages used for scanning ports and directly used in a session layer; and a feedback module for receiving the feedback result at the application layer.
Generally, the scan port sets the scan condition for scanning through an application program. However, in this method, data of the application layer needs to be processed in the memory, and a corresponding TCP or UDP message is formed in the session layer. And sends the data to other devices in the subnet needing port scanning through a transmission layer, a network layer, a data link layer and a physical layer. Since in this embodiment the computing power of the container settings is fixed and limited. The data of the application layer is processed and converted into corresponding scanning messages, certain computing resources are occupied, and the scanning time is prolonged. Therefore, in this embodiment, a corresponding TCP or UDP packet may be generated in advance and encapsulated in the working module mirror image, so that the probe carrier may directly read the TCP or UDP packet into the memory, directly transfer the TCP or UDP packet to the session layer by using a corresponding thread, and send the TCP or UDP packet to other devices in the subnet where port scanning is required through the transport layer, the network layer, the data link layer, and the physical layer. Reducing the amount of data processing required to scan the port. The system resource consumption is reduced, and the purpose of rapidly finishing the port scanning is realized.
In addition, since the received scan result needs to be analyzed and judged preliminarily, the received scan result is suitable for being implemented by an application program. Therefore, in this embodiment, the probe operating module mirror may further include a feedback module that receives a feedback result at the application layer.
And S160, receiving the scanning result returned by the probe carrier.
And after the probe finishes the corresponding scanning task, sending the scanning result to a scanning management host in the subnet. And the scanning management host in the subnet uploads the asset checking server after receiving the scanning result. And the assets inside the enterprise can be checked and scanned.
In this embodiment, through a preset node, a probe carrier is selected according to a previous asset checking result and a currently determined activity state, a probe environment installation instruction is sent to the selected probe carrier, and after the probe carrier completes probe environment installation, a corresponding function module is correspondingly sent according to a pre-selected probe type, so that the probe carrier completes asset checking and safety scanning according to a corresponding function. The appropriate probe carrier can be selected according to the actual situation of the subnet, and the corresponding functional module is correspondingly sent according to the actual checking task situation, so that probes with different functions can be rapidly deployed, and rapid and accurate network asset checking and port safety scanning can be realized.
Example two
Fig. 2 is a schematic structural diagram of a probe distribution device based on network asset checking according to a second embodiment of the present invention, and referring to fig. 2, the probe distribution device based on network asset checking may include:
the probe carrier determining module 210 is configured to determine at least one probe carrier required by the current inventory check according to the previous asset check result, where each probe carrier corresponds to one probe type;
an active state determining module 220, configured to send an instruction for scanning an active host to the probe carrier, and determine whether the probe carrier is in an active state;
a container mounting instruction transmitting module 230, configured to transmit a container mounting instruction to the probe carrier in the active state, so that the probe carrier in the active state mounts a container;
the probe type determining module 240 is configured to determine a scanning load according to a previous asset checking result, and determine a probe type corresponding to the probe carrier according to the scanning load;
a work module image sending module 250, configured to correspondingly send a probe work module image corresponding to the probe type to the probe carrier, so that the probe carrier correspondingly mounts a quick-mount probe work module, where the probe work module image includes: a feedback module for scanning the port and directly using TCP or UDP message in the session layer and receiving the feedback result in the application layer;
and the receiving module 260 is used for receiving the scanning result returned by the probe carrier.
According to the probe distribution device based on the network asset checking, provided by the embodiment of the invention, through the preset nodes, the probe carrier is selected according to the previous asset checking result and the currently determined activity state, the probe environment installation instruction is sent to the selected probe carrier, and after the probe carrier completes the probe environment installation, the corresponding function module is correspondingly sent according to the type of the pre-selected probe, so that the probe carrier completes the asset checking and the safety scanning according to the corresponding function. The appropriate probe carrier can be selected according to the actual situation of the subnet, and the corresponding functional module is correspondingly sent according to the actual checking task situation, so that probes with different functions can be rapidly deployed, and rapid and accurate network asset checking and port safety scanning can be realized.
On the basis of the above embodiment, the probe carrier determination module includes:
and the selecting unit is used for selecting the host with a plurality of services in the previous checking result as a probe carrier.
On the basis of the above embodiment, the probe type determination module includes:
the quantity determining unit is used for determining the quantity of scanning operation systems and scanning ports according to the previous asset checking result;
and the distribution unit is used for determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length, and randomly distributing the corresponding probe carriers.
On the basis of the above embodiment, the allocation unit includes:
the scanning thread number determining subunit is used for determining the maximum scanning thread number of the probe carrier according to the system resources distributed by the container;
the port number determining subunit determines the number of the ports to be scanned simultaneously according to the maximum scanning thread number;
and the probe number determining subunit is used for determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A probe distribution method based on network asset checking is characterized by comprising the following steps:
determining at least one probe carrier required by the current inventory check according to the previous asset check result, wherein each probe carrier corresponds to one probe type;
sending an instruction for scanning an active host to the probe carrier, and determining whether the probe carrier is in an active state;
sending a container installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container;
determining scanning load according to the previous asset checking result, and determining the probe type corresponding to the probe carrier according to the scanning load;
correspondingly sending a probe working module mirror image corresponding to the probe type to the probe carrier so as to enable the probe carrier to be correspondingly provided with a rapid probe working module;
the probe work module mirror image includes: a feedback module for scanning the port and directly using TCP or UDP message in the session layer and receiving the feedback result in the application layer;
and receiving a scanning result returned by the probe carrier.
2. The method according to claim 1, wherein the determining of at least one probe carrier required for the current inventory check according to the previous asset check result comprises:
and selecting the host with a plurality of services in the previous checking result as a probe carrier.
3. The method of claim 1, wherein the determining a scanning load according to the previous asset inventory checking result and the determining the probe type corresponding to the probe carrier according to the scanning load comprise:
determining the number of scanning operation systems and scanning ports according to the previous asset checking result;
and determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length, and randomly distributing corresponding probe carriers.
4. The method of claim 3, wherein determining the number of scan operating system probes and scan port probes from the number of scan operating system and scan ports and the corresponding scan unit duration comprises:
determining the maximum scanning line number of the probe carrier according to the system resources distributed by the container;
determining the number of the ports to be scanned simultaneously according to the maximum scanning thread number;
and determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports.
5. A probe distribution device based on network asset checking is characterized by comprising:
the probe carrier determining module is used for determining at least one probe carrier required by the current inventory check according to the previous asset check result, and each probe carrier corresponds to one probe type;
the active state determining module is used for sending an instruction of scanning an active host to the probe carrier and determining whether the probe carrier is in an active state;
the probe carrier installation instruction sending module is used for sending a probe carrier installation instruction to the probe carrier in the active state so as to enable the probe carrier in the active state to install the container;
the probe type determining module is used for determining scanning load according to the previous asset checking result and determining the probe type corresponding to the probe carrier according to the scanning load;
a work module mirror image sending module, configured to send, to the probe carrier, a probe work module mirror image corresponding to the probe type, so that the probe carrier correspondingly mounts a quick-mount probe work module, where the probe work module mirror image includes: a feedback module for scanning the port and directly using TCP or UDP message in the session layer and receiving the feedback result in the application layer;
and the receiving module is used for receiving the scanning result returned by the probe carrier.
6. The apparatus of claim 5, wherein the probe carrier determination module comprises:
and the selecting unit is used for selecting the host with a plurality of services in the previous checking result as a probe carrier.
7. The apparatus of claim 5, wherein the probe type determination module comprises:
the quantity determining unit is used for determining the quantity of scanning operation systems and scanning ports according to the previous asset checking result;
and the distribution unit is used for determining the number of the probes of the scanning operation system and the scanning ports according to the number of the scanning operation system and the scanning ports and the corresponding scanning unit time length, and randomly distributing the corresponding probe carriers.
8. The apparatus of claim 7, wherein the allocation unit comprises:
the scanning thread number determining subunit is used for determining the maximum scanning thread number of the probe carrier according to the system resources distributed by the container;
the port number determining subunit determines the number of the ports to be scanned simultaneously according to the maximum scanning thread number;
and the probe number determining subunit is used for determining the number of the scanning operation system probes and the scanning port probes according to the number of the simultaneous scanning ports and the number of the scanning ports.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110290269.8A CN113067818B (en) | 2021-03-18 | 2021-03-18 | Probe distribution method and device based on network asset checking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110290269.8A CN113067818B (en) | 2021-03-18 | 2021-03-18 | Probe distribution method and device based on network asset checking |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113067818A true CN113067818A (en) | 2021-07-02 |
CN113067818B CN113067818B (en) | 2022-07-01 |
Family
ID=76561625
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110290269.8A Active CN113067818B (en) | 2021-03-18 | 2021-03-18 | Probe distribution method and device based on network asset checking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113067818B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
CN108833197A (en) * | 2018-04-10 | 2018-11-16 | 中国科学院信息工程研究所 | A kind of active probe method based on cloud and test platform |
CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
CN112084004A (en) * | 2020-09-02 | 2020-12-15 | 中国电力科学研究院有限公司 | Container detection and maintenance method and system for container application |
CN112084040A (en) * | 2020-09-28 | 2020-12-15 | 上海道客网络科技有限公司 | Container resource planning system and method based on application mirror image data identification |
-
2021
- 2021-03-18 CN CN202110290269.8A patent/CN113067818B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
CN108833197A (en) * | 2018-04-10 | 2018-11-16 | 中国科学院信息工程研究所 | A kind of active probe method based on cloud and test platform |
CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
CN109525427A (en) * | 2018-11-12 | 2019-03-26 | 广东省信息安全测评中心 | Distributed assets information detection method and system |
CN112084004A (en) * | 2020-09-02 | 2020-12-15 | 中国电力科学研究院有限公司 | Container detection and maintenance method and system for container application |
CN112084040A (en) * | 2020-09-28 | 2020-12-15 | 上海道客网络科技有限公司 | Container resource planning system and method based on application mirror image data identification |
Also Published As
Publication number | Publication date |
---|---|
CN113067818B (en) | 2022-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8260916B2 (en) | Network server and method of discovery of a network node | |
US7668513B2 (en) | Platform for enterprise wireless network management applications | |
US20020129127A1 (en) | Apparatus and method for routing a transaction to a partitioned server | |
US20120297059A1 (en) | Automated creation of monitoring configuration templates for cloud server images | |
US8797876B2 (en) | Identification of underutilized network devices | |
CN110677475A (en) | Micro-service processing method, device, equipment and storage medium | |
CN106657434A (en) | Method and device for checking IP address | |
CN105119993A (en) | Virtual machine deployment method and apparatus | |
US20240146818A1 (en) | Continuous scanning engine with automatic protocol detection | |
CN112416594A (en) | Micro-service distribution method, electronic equipment and computer storage medium | |
CN112087401A (en) | Method and device for realizing service quality in distributed storage | |
CN104484219B (en) | The method and apparatus of distributing policy in virtual platform | |
CN115499432A (en) | Family terminal computing resource management system and computing resource scheduling method | |
CN113067818B (en) | Probe distribution method and device based on network asset checking | |
Hammoudi et al. | Load balancing in the cloud using specialization | |
CN117254931A (en) | Port scanning method, device and scanning engine | |
CN116886286A (en) | Big data authentication service self-adaption method, device and equipment | |
US20230135240A1 (en) | Scanning engine with multiple perspectives | |
CN114025014B (en) | Asset detection method and device, electronic equipment and storage medium | |
CN113612648B (en) | Network element re-reproduction method, computer apparatus and storage medium | |
CN109451074B (en) | Server load balancing processing method based on portal protocol | |
CN111556043B (en) | Message processing method, device, system, equipment and readable storage medium | |
CN109391707B (en) | Domain name resolution method, device, equipment and storage medium | |
CN113709210A (en) | Device discovery method, device, system, electronic device and storage medium | |
CN106603473B (en) | Network security information processing method and network security information processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |