CN113783757B - Cross-network boundary device detection method, device, equipment and readable storage medium - Google Patents
Cross-network boundary device detection method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN113783757B CN113783757B CN202111323493.9A CN202111323493A CN113783757B CN 113783757 B CN113783757 B CN 113783757B CN 202111323493 A CN202111323493 A CN 202111323493A CN 113783757 B CN113783757 B CN 113783757B
- Authority
- CN
- China
- Prior art keywords
- cross
- network boundary
- network
- equipment
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 115
- 238000000034 method Methods 0.000 claims abstract description 41
- 239000000523 sample Substances 0.000 claims description 26
- 230000004044 response Effects 0.000 claims description 20
- 238000004458 analytical method Methods 0.000 abstract description 6
- 238000005206 flow analysis Methods 0.000 abstract description 6
- 238000010276 construction Methods 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
Abstract
The application discloses a method, a device, equipment and a readable storage medium for detecting cross-network boundary equipment, wherein the method comprises the following steps: sending a detection packet to a detected device in a preset network; obtaining a return result fed back by the detected equipment aiming at the detection packet; and if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment. According to the method, the device and the system, through the automatic detection of the cross-network boundary equipment, the boundary link which is constructed illegally and the boundary link which is not registered as required can be found, the behavior that illegal boundaries are constructed illegally is effectively deterred, the compliance of boundary construction is promoted, the return result corresponding to the detection packet is analyzed, the remote detection is realized, the cross-network boundary equipment is found, the flow analysis is not needed, and when the cross-network boundary equipment is determined, high-performance acquisition and analysis equipment does not need to be deployed in large quantity, so that the cost is reduced.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for detecting a cross-network boundary device.
Background
In various enterprises and public institutions, a plurality of mutually isolated private networks exist in an internal network architecture, and data exchange needs exist among the private networks and between the private networks and the internet, so that an inter-network data transmission technology needs to be adopted. The cross-Network transmission technology is diverse, such as a gateway, an optical gate and a switching platform for physical isolation, a Software Defined SDP (Software Defined Perimeter), a VPN (Virtual Private Network) for cross-Network authorized access, a traditional firewall and a switch device, and a wired/wireless router, etc. These cross-network boundary or external devices, i.e. cross-network boundary devices, are the most important entrances and ways for hackers to attack, and for information security, security management units and network management units need to have comprehensive records and management on the cross-network boundary devices.
The current method for recording and managing the cross-network boundary equipment is flow analysis. However, traffic analysis requires deployment of a large number of high-performance acquisition and analysis devices, resulting in very high deployment costs and difficulty in performing comprehensive analysis.
That is, the current method for detecting the cross-network boundary equipment has the problem of high cost.
Disclosure of Invention
The present application mainly aims to provide a method, an apparatus, a device and a readable storage medium for detecting a cross-network boundary device, and aims to solve the technical problem of high cost of the existing method for detecting the cross-network boundary device.
In order to achieve the above object, the present application provides a method for detecting a cross-network boundary device, where the method for detecting a cross-network boundary device includes the steps of:
sending a detection packet to a detected device in a preset network;
obtaining a return result fed back by the detected equipment aiming at the detection packet;
and if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment.
Optionally, the sending a probe packet to a device to be probed in a preset network includes:
acquiring an Internet Protocol (IP) section and/or an asset library of a preset network;
scanning the IPs in the IP section and/or the asset library one by one;
and sending a detection packet to each IP.
Optionally, the detecting packet is a port detecting packet, and if the returned result meets a preset determination condition of the inter-network boundary device, determining that the detected device is the inter-network boundary device includes:
if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected device is a cross-network boundary device.
Optionally, the detecting packet is a content detecting packet, and if the returned result meets a preset determination condition of the inter-network boundary device, determining that the detected device is the inter-network boundary device includes:
and if the return result contains the target content, determining that the detected equipment is cross-network boundary equipment.
Optionally, the target content comprises at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
Optionally, before sending the probe packet to the device to be detected in the preset network, the method includes:
acquiring cross-network boundary equipment characteristics of preset cross-network boundary equipment;
and constructing a detection packet based on the cross-network boundary equipment characteristics.
Optionally, after acquiring the cross-network boundary device characteristics of the preset cross-network boundary device, the method further includes:
and determining a preset cross-network boundary equipment determining condition based on the cross-network boundary equipment characteristics.
In addition, in order to achieve the above object, the present application further provides a device for detecting an inter-network boundary device, where the device for detecting an inter-network boundary device includes:
the device comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a detection packet to a detected device in a preset network;
an obtaining module, configured to obtain a return result fed back by the detected device for the detection packet;
and the determining module is used for determining the detected equipment as cross-network boundary equipment if the return result meets the preset cross-network boundary equipment determining condition.
Optionally, the sending module is further configured to:
acquiring an Internet Protocol (IP) segment and/or an asset library of a preset network;
scanning the IPs in the IP section and/or the asset library one by one;
and sending a detection packet to each IP.
Optionally, the probe packet is a port probe packet, and the determining module is further configured to:
if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected device is a cross-network boundary device.
Optionally, the detection packet is a content detection packet, and the determining module is further configured to:
and if the return result contains the target content, determining that the detected equipment is cross-network boundary equipment.
Optionally, the target content comprises at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
Optionally, the inter-network boundary device detecting apparatus further includes:
the acquisition module is used for acquiring cross-network boundary equipment characteristics of preset cross-network boundary equipment;
and the construction module is used for constructing the detection packet based on the cross-network boundary equipment characteristics.
Optionally, the inter-network boundary device detecting apparatus further includes:
and the generating module is used for determining a preset cross-network boundary equipment determining condition based on the cross-network boundary equipment characteristics.
In addition, to achieve the above object, the present application further provides a cross-network boundary device detection device, which includes a memory, a processor, and a cross-network boundary device detection program stored in the memory and executable on the processor, and when executed by the processor, the cross-network boundary device detection program implements the steps of the cross-network boundary device detection method described above.
In addition, to achieve the above object, the present application also provides a computer readable storage medium, which stores thereon a cross-network boundary device detection program, and when the cross-network boundary device detection program is executed by a processor, the cross-network boundary device detection program implements the steps of the cross-network boundary device detection method as described above.
Compared with the prior art that the cost is high because the cross-network boundary equipment is determined in a flow analysis mode, the method and the device send the detection packet to the detected equipment in the preset network; obtaining a return result fed back by the detected equipment aiming at the detection packet; and if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment. According to the method, the device and the system, through the automatic detection of the cross-network boundary equipment, the boundary link which is constructed illegally and the boundary link which is not registered as required can be found, the behavior that illegal boundaries are constructed illegally is effectively deterred, the compliance of boundary construction is promoted, the return result corresponding to the detection packet is analyzed, the remote detection is realized, the cross-network boundary equipment is found, the flow analysis is not needed, and when the cross-network boundary equipment is determined, high-performance acquisition and analysis equipment does not need to be deployed in large quantity, so that the cost is reduced.
Drawings
Fig. 1 is a schematic flowchart of a cross-network boundary device detection method according to a first embodiment of the present application;
FIG. 2 is a functional block diagram of a preferred embodiment of the present invention;
fig. 3 is a schematic structural diagram of a hardware operating environment according to an embodiment of the present application.
The implementation, functional features and advantages of the object of the present application will be further explained with reference to the embodiments, and with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart of a first embodiment of a cross-network boundary device detection method according to the present application.
The embodiments of the present application provide an embodiment of a cross-network boundary device detection method, and it should be noted that although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order different from that here. The cross-network boundary equipment detection method can be applied to a terminal or a personal computer. For convenience of description, the following omits to perform various steps of the subject description cross-network boundary device detection method. The cross-network boundary equipment detection method comprises the following steps:
and step S10, sending a detection packet to the detected equipment in the preset network.
In this embodiment, the preset network is a private network, such as a local area network, including internal networks of various enterprises and public institutions, and is a network restricted from performing data exchange with the internet; the detection packet is a data packet for detecting the cross-network boundary device, and the detection packet is transmitted by transmitting a request to the detected device.
The process of sending the probe packet to the device to be detected in the preset network is implemented based on an IP (Internet Protocol ), and specifically, the sending the probe packet to the device to be detected in the preset network includes:
step a, obtaining an Internet Protocol (IP) section and/or an asset library of a preset network.
In this embodiment, the IP is used for end-to-end data exchange between hosts, and the IP is composed of four groups, i.e., a, B, C, and D, and each group has a value ranging from 0 to 255, for example, for an IP:192.168.255.255, groups A, B, C and D are 192, 168, 255 and 255, respectively. For an IP segment, the IP segment consists of multiple IPs, e.g., 192.168.0.0 to 192.168.255.255.
For the asset library, the asset library records the equipment asset information in the preset network, and the equipment asset information comprises an equipment number, an equipment name, an equipment user number, an IP (Internet protocol) and the like.
And b, scanning the IPs in the IP section and/or the asset library one by one.
In this embodiment, in the detection process, generally, all devices in the preset network need to be detected, that is, the devices in the preset network are traversed, and the traversed devices are detected as detected devices. One device corresponds to one IP, and the process of traversing the devices in the preset network can be realized by scanning all IPs one by one.
And step c, sending a detection packet to each IP.
In this embodiment, the probe packets are of various types, specifically, the probe packets include port probe packets and content probe packets, where the determination process of the inter-network boundary device by the port probe packets is implemented based on the opening condition of ports or port combinations of the inter-network boundary device; the determination process of the cross-network boundary equipment through the content detection packet is realized based on the content of the returned result.
It should be noted that, when sending a probe packet to each IP, it is unknown whether a device to be detected corresponding to each IP is a cross-network boundary device or not, which can be determined by a port probe packet, or a content probe packet. Therefore, when sending a probe packet to each IP, it is necessary to send a port probe packet and a content probe packet to determine whether the detected device is a cross-network boundary device; or firstly sending the port detection packet to the detected equipment and then sending the content detection packet to the detected equipment; or firstly sending the content detection packet to the detected device and then sending the port detection packet to the detected device.
In the process of sending the port detection packet and the content detection packet to the detected device, after sending a detection packet and receiving a return result, it may be determined whether to continue sending another detection packet, that is, after determining that the detected device is a cross-network boundary device through a previous detection packet, the latter detection packet is not sent, for example, when sending the detection packet to each IP, a policy of sending the port detection packet to the detected device first and then sending the content detection packet to the detected device is used for detection, after sending the port detection packet to the detected device and receiving the return result, it may be determined that the detected device is a cross-network boundary device through the return result, and then the content detection packet is not sent to the detected device; if the detected device can not be determined to be the cross-network boundary device through the returned result, the content detection packet is continuously sent to the detected device, and whether the detected device is the cross-network boundary device is determined through the corresponding returned result.
And step S20, obtaining a return result fed back by the detected device aiming at the detection packet.
In this embodiment, a returned result of the detected device after receiving the detection packet is obtained, where corresponding to the detection packet, the returned result fed back by different detected devices may be different. It can be understood that different detected devices perform detection of the inter-network boundary device through the port detection packet and/or the content detection packet, and a return result obtained by detecting through the port detection packet is different from a return result obtained by detecting through the content detection packet.
And step S30, if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment.
In this embodiment, the returned result is used to determine whether the detected device is a cross-network boundary device, and when the returned result meets a preset cross-network boundary device determination condition, the detected device is determined to be a cross-network boundary device; and when the returned result does not meet the preset cross-network boundary equipment determining condition, determining that the detected equipment is non-cross-network boundary equipment.
Specifically, for the case that the return result is the port response packet and the detection packet is the port detection packet, if the return result meets the predetermined determination condition for the inter-network boundary device, determining that the detected device is the inter-network boundary device, including:
and d, if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected equipment is cross-network boundary equipment.
In this embodiment, a single port or a combined port of a device to be detected is detected by a port detection packet, and whether the single port or the combined port is in an externally open state is determined by a port response packet corresponding to the port detection packet, and if the single port or the combined port is in the externally open state, the device to be detected is determined to be an inter-network boundary device; and if the detected device is not in the external open state, determining that the detected device is a non-cross-network boundary device.
It should be noted that the basis for determining the inter-network boundary device is that the inter-network boundary device may open a single port or a combined port that is not opened by the non-inter-network boundary device, that is, determine whether the detected device is the inter-network boundary device by determining whether a port response packet corresponding to the single port or the combined port corresponding to the inter-network boundary device can be received. For example, it is known that a 1234 port is opened by a certain brand of inter-network boundary device, a syn packet of a TCP (Transmission Control Protocol) is sent to the 1234 port of device a to the IP of device a, and if an ack packet, which is a port response packet, is received, it is indicated that device a opens the 1234 port, that is, device a is an inter-network boundary device; for another example, it is known that a certain brand of inter-network boundary device simultaneously opens 1234 port, 2234 port, and 8080 port, sends a syn packet of TCP (Transmission Control Protocol) to IP of device a to 1234 port, 2234 port, and 8080 port of device a, and if a port acknowledgement packet, ack packet, is received, it indicates that device a opens 1234 port, 2234 port, and 8080 port, that is, device a is an inter-network boundary device.
For the case that the return result is the target content and the detection packet is the content detection packet, if the return result meets the preset determination condition of the inter-network boundary device, determining that the detected device is the inter-network boundary device, including:
and f, if the return result contains the target content, determining that the detected equipment is cross-network boundary equipment.
Wherein the target content comprises at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
In this embodiment, different target contents are determined at different positions in the returned result, where the title keyword is determined by a title in HTTP (Hyper Text Transfer Protocol) or HTTPs (Hyper Text Transfer Protocol over secure session Layer); the content keywords and the general keywords are determined by the title and the page content in HTTP or HTTPS; the SSL (Secure Sockets Layer) hint information is determined by the SSL response information in HTTPS.
It should be noted that the words include words, that is, the title keyword, the content keyword, and the general keyword include a title keyword, a content keyword, a general keyword, a title keyword, a content keyword, and a general keyword.
It can be understood that the target content is a basis for determining whether the detected device is a cross-network boundary device, and when the return result includes at least one of a title keyword, a content keyword, a general keyword and SSL hint information, the detected device may be determined to be a cross-network boundary device.
The title key includes title related information such as company name (or abbreviation) (chinese or english), device name (or abbreviation) (chinese or english), and product name (or abbreviation) (chinese or english), it should be noted that the inter-network boundary device can be determined by the title related information, for example, if the inter-network boundary device is manufactured and sold by "XX company", the detected device is determined to be the inter-network boundary device when "XX company" exists in the title. For example, the title is "XX company official website", then there is a company name- "XX company" in the title; also, if the title is "XX device details", then the title exists the product name- "XX device".
Wherein the content keywords comprise XX brand cross-web border device content keyword characteristics comprising words or terms that can be determined to describe XX brand cross-web border devices, such as an introductory content of XX brand cross-web border devices in the page content, which may be understood to explicitly specify the corresponding devices. For example, the introduction content is "the only network device for XX by the company", and the only network device for the company is the cross-network boundary device, so that the content keywords "only" and "network device" can be used to derive the detected device as the cross-network boundary device.
The general keywords include general keyword features capable of indicating that the device itself is a cross-network boundary device, such as "data exchange" and "network isolation" describing the functions of the device, that is, when the returned result includes "data exchange" or "network isolation", the detected device can be determined to be a cross-network boundary device.
The response information includes product-specific information such as company name (or abbreviation) (chinese or english) and product name (or abbreviation) (chinese or english), and is different from the title keyword in that the response information is content in the SSL, and the title keyword is content in the title.
Further, before sending the probe packet to the probed device in the preset network, the method includes:
d, acquiring cross-network boundary equipment characteristics of preset cross-network boundary equipment;
and e, constructing a detection packet based on the cross-network boundary equipment characteristics.
In this embodiment, before detecting the inter-network boundary device, characteristics of the inter-network boundary device need to be determined, so as to determine whether the detected device is the inter-network boundary device according to the characteristics. Specifically, the characteristics of the cross-network boundary equipment of the mainstream at home and abroad, namely the detection basis, are collected, and a characteristic library is established to store the characteristics of the cross-network boundary equipment, so that the characteristics are convenient to use in the detection process.
It is understood that, when detecting a cross-network border device, the cross-network border device feature is known, that is, the process of detecting the cross-network border device is to find a detected device in a preset network, where the cross-network border device feature exists, so that the cross-network border device feature actually includes a single port or a combined port of the cross-network border device, and header keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
It should be noted that, when acquiring the characteristics of the cross-network boundary device, it may be determined according to past experience which devices are cross-network boundary devices, and acquire the characteristics of the cross-network boundary devices determined according to the experience, and determine the cross-network boundary devices according to other various channels, for example, search is performed through a search engine, the characteristics of the cross-network boundary devices are acquired through channels such as related patent documents and academic papers, so as to acquire the cross-network boundary characteristics of the cross-network boundary devices as much as possible, thereby improving the accuracy of detecting the cross-network boundary devices.
After the cross-network boundary equipment characteristics are collected, constructing a detection packet, wherein a port detection packet is constructed through the cross-network boundary equipment characteristics related to a port; the content probe packet is constructed by content-dependent cross-network boundary device features.
After acquiring the cross-network boundary device characteristics of the preset cross-network boundary device, the method further includes:
and f, determining a preset cross-network boundary equipment determining condition based on the cross-network boundary equipment characteristics.
In this embodiment, before determining the inter-network boundary device through the returned result, the preset inter-network boundary device determination condition is determined through the inter-network boundary device characteristic, and it should be noted that the preset inter-network boundary device determination condition is that the returned result is a port response packet, or that the preset inter-network boundary device determination condition is that target content exists in the returned result.
Compared with the prior art that the cost is high because the cross-network boundary equipment is determined in a flow analysis mode, the method and the device send the detection packet to the detected equipment in the preset network; obtaining a return result fed back by the detected equipment aiming at the detection packet; and if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment. According to the method, the device and the system, through the automatic detection of the cross-network boundary equipment, the boundary link which is constructed illegally and the boundary link which is not registered as required can be found, the behavior that illegal boundaries are constructed illegally is effectively deterred, the compliance of boundary construction is promoted, the return result corresponding to the detection packet is analyzed, the remote detection is realized, the cross-network boundary equipment is found, the flow analysis is not needed, and when the cross-network boundary equipment is determined, high-performance acquisition and analysis equipment does not need to be deployed in large quantity, so that the cost is reduced.
In addition, the present application further provides a cross-network boundary device detecting apparatus, as shown in fig. 2, the cross-network boundary device detecting apparatus includes:
a sending module 10, configured to send a probe packet to a device to be detected in a preset network;
an obtaining module 20, configured to obtain a return result fed back by the detected device for the detection packet;
a determining module 30, configured to determine that the detected device is a cross-network boundary device if the returned result meets a preset cross-network boundary device determining condition.
Optionally, the sending module 10 is further configured to:
acquiring an Internet Protocol (IP) segment and/or an asset library of a preset network;
scanning the IPs in the IP section and/or the asset library one by one;
and sending a detection packet to each IP.
Optionally, the probe packet is a port probe packet, and the determining module 30 is further configured to:
if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected device is a cross-network boundary device.
Optionally, the probe packet is a content probe packet, and the determining module 30 is further configured to:
and if the return result contains the target content, determining that the detected equipment is cross-network boundary equipment.
Optionally, the target content comprises at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hints.
Optionally, the inter-network boundary device detecting apparatus further includes:
the acquisition module is used for acquiring the cross-network boundary equipment characteristics of the preset cross-network boundary equipment;
and the construction module is used for constructing the detection packet based on the cross-network boundary equipment characteristics.
Optionally, the inter-network boundary device detecting apparatus further includes:
and the generating module is used for determining a preset cross-network boundary device determining condition based on the cross-network boundary device characteristics.
The specific implementation of the cross-network boundary device detection apparatus in the present application is substantially the same as that of each embodiment of the cross-network boundary device detection method described above, and is not described herein again.
In addition, the application also provides cross-network boundary equipment detection equipment. As shown in fig. 3, fig. 3 is a schematic structural diagram of a hardware operating environment according to an embodiment of the present application.
It should be noted that fig. 3 is a schematic structural diagram of a hardware operating environment of the inter-network boundary device detection device.
As shown in fig. 3, the cross-network boundary device detecting device may include: a processor 1001, e.g. a CPU, a memory 1005, a user interface 1003, a network interface 1004, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Optionally, the inter-network boundary device detection device may further include an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like.
Those skilled in the art will appreciate that the configuration of the cross-web boundary device detection device shown in fig. 3 does not constitute a limitation of the cross-web boundary device detection device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 3, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a cross-network boundary device probe program. The operating system is a program for managing and controlling hardware and software resources of the cross-network boundary equipment detection device, and supports the operation of the cross-network boundary equipment detection program and other software or programs.
In the inter-network boundary device detection device shown in fig. 3, the user interface 1003 is mainly used for connecting a terminal and performing data communication with the terminal, for example, receiving user signaling data sent by the terminal; the network interface 1004 is mainly used for the background server and performs data communication with the background server; the processor 1001 may be configured to invoke the cross-network boundary device probing program stored in the memory 1005 and perform the steps of the cross-network boundary device probing method described above.
The specific implementation of the inter-network boundary device detection apparatus in the present application is substantially the same as each of the embodiments of the inter-network boundary device detection method described above, and is not described herein again.
In addition, an embodiment of the present application further provides a computer-readable storage medium, where a cross-network boundary device detection program is stored on the computer-readable storage medium, and when being executed by a processor, the cross-network boundary device detection program implements the steps of the cross-network boundary device detection method described above.
The specific implementation of the computer-readable storage medium of the present application is substantially the same as the embodiments of the foregoing cross-network boundary device detection method, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description, and do not represent the advantages and disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, a device, or a network device) to execute the method according to the embodiments of the present application.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all the equivalent structures or equivalent processes that can be directly or indirectly applied to other related technical fields by using the contents of the specification and the drawings of the present application are also included in the scope of the present application.
Claims (7)
1. A cross-network boundary device detection method is characterized by comprising the following steps:
sending a detection packet to a detected device in a preset network;
obtaining a return result fed back by the detected equipment aiming at the detection packet;
if the return result meets the preset cross-network boundary equipment determining condition, determining that the detected equipment is cross-network boundary equipment;
the detecting packet is a port detecting packet, and if the returned result meets a preset determination condition of the cross-network boundary device, determining that the detected device is the cross-network boundary device includes:
if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected device is cross-network boundary equipment; or the like, or a combination thereof,
the detecting packet is a content detecting packet, and if the returned result meets a preset determination condition of the cross-network boundary device, determining that the detected device is the cross-network boundary device includes:
if the return result contains target content, determining that the detected equipment is cross-network boundary equipment; the target content includes at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
2. The method as claimed in claim 1, wherein said sending probe packets to the probed device in the predetermined network comprises:
acquiring an Internet Protocol (IP) segment and/or an asset library of a preset network;
scanning the IPs in the IP section and/or the asset library one by one;
and sending a detection packet to each IP.
3. The method according to claim 1 or 2, wherein before sending the probe packet to the probed device in the predetermined network, the method comprises:
acquiring cross-network boundary equipment characteristics of preset cross-network boundary equipment;
and constructing a detection packet based on the cross-network boundary equipment characteristics.
4. The method of claim 3, wherein after collecting the cross-net boundary device characteristics of the preset cross-net boundary device, further comprising:
and determining a preset cross-network boundary equipment determining condition based on the cross-network boundary equipment characteristics.
5. A cross-network boundary device detection apparatus, characterized in that, the cross-network boundary device detection apparatus includes:
the sending module is used for sending a detection packet to a detected device in a preset network;
an obtaining module, configured to obtain a return result fed back by the detected device for the detection packet;
a determining module, configured to determine that the detected device is a cross-network boundary device if the returned result meets a preset cross-network boundary device determining condition;
the detection packet is a port detection packet, and the determining module 30 is further configured to:
if a port response packet corresponding to the port detection packet is received, determining that a single port or a combined port corresponding to the port response packet is in an externally open state, and determining that the detected device is a cross-network boundary device; or the like, or a combination thereof,
the detection packet is a content detection packet, and the determining module 30 is further configured to:
if the return result contains target content, determining that the detected equipment is cross-network boundary equipment; the targeted content includes at least one of: title keywords, content keywords, general keywords, and secure socket protocol SSL hint information.
6. A cross-network boundary device detection device, comprising a memory, a processor, and a cross-network boundary device detection program stored on the memory and executable on the processor, the cross-network boundary device detection program when executed by the processor implementing the steps of the cross-network boundary device detection method of any one of claims 1 to 4.
7. A computer-readable storage medium, having stored thereon a cross-web boundary device probing program which, when executed by a processor, implements the steps of the cross-web boundary device probing method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111323493.9A CN113783757B (en) | 2021-11-10 | 2021-11-10 | Cross-network boundary device detection method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111323493.9A CN113783757B (en) | 2021-11-10 | 2021-11-10 | Cross-network boundary device detection method, device, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113783757A CN113783757A (en) | 2021-12-10 |
| CN113783757B true CN113783757B (en) | 2022-10-28 |
Family
ID=78873685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111323493.9A Active CN113783757B (en) | 2021-11-10 | 2021-11-10 | Cross-network boundary device detection method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113783757B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578594A (en) * | 2006-12-29 | 2009-11-11 | 摩托罗拉公司 | Method and system for a context manager for a converged services framework |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10078811B2 (en) * | 2013-11-29 | 2018-09-18 | Fedex Corporate Services, Inc. | Determining node location based on context data in a wireless node network |
| CN111934946A (en) * | 2020-07-16 | 2020-11-13 | 深信服科技股份有限公司 | Network equipment identification method, device, equipment and readable storage medium |
| CN112260861A (en) * | 2020-10-13 | 2021-01-22 | 上海奇甲信息科技有限公司 | Network asset topology identification method based on flow perception |
| CN113315814B (en) * | 2021-05-08 | 2022-04-08 | 清华大学 | IPv6network boundary equipment rapid discovery method and system |
-
2021
- 2021-11-10 CN CN202111323493.9A patent/CN113783757B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578594A (en) * | 2006-12-29 | 2009-11-11 | 摩托罗拉公司 | Method and system for a context manager for a converged services framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113783757A (en) | 2021-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ndatinya et al. | Network forensics analysis using Wireshark | |
| EP2823624B1 (en) | Method and apparatus for identifying an application associated with an ip flow using dns data | |
| US10944721B2 (en) | Methods and systems for efficient cyber protections of mobile devices | |
| US7792994B1 (en) | Correlating network DNS data to filter content | |
| US10326730B2 (en) | Verification of server name in a proxy device for connection requests made using domain names | |
| KR101095447B1 (en) | Apparatus and method for preventing distributed denial of service attack | |
| US7474655B2 (en) | Restricting communication service | |
| KR101002421B1 (en) | Method for selectively permitting/blocking a plurality of internet request traffics sharing the public ip address and system for detecting and blocking internet request traffics sharing the public ip address | |
| US7584506B2 (en) | Method and apparatus for controlling packet transmission and generating packet billing data on wired and wireless network | |
| CN111526132B (en) | Attack transfer method, device, equipment and computer readable storage medium | |
| US20160277442A1 (en) | System and method for detection of targeted attack based on information from multiple sources | |
| CN114145004A (en) | System and method for using DNS messages to selectively collect computer forensics data | |
| US11496594B1 (en) | Regulation methods for proxy services | |
| Hsu et al. | A client-side detection mechanism for evil twins | |
| Valente et al. | Privacy and security in Internet-connected cameras | |
| Tsai et al. | WhatsApp network forensics: Discovering the communication payloads behind cybercriminals | |
| CN113783757B (en) | Cross-network boundary device detection method, device, equipment and readable storage medium | |
| JP2002342276A (en) | System and method for detecting network intrusion | |
| KR200382792Y1 (en) | System for detecting and dividing local IP of a client computer in inner network from outer network | |
| KR20170095704A (en) | Method and system for scanning vulnerability of the network printer | |
| KR101186873B1 (en) | Wireless intrusion protecting system based on signature | |
| Sengupta et al. | Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/3 | |
| KR101518469B1 (en) | Method for detecting a number of the selected devices of a plurality of client terminals from the internet request traffics sharing the public IP address and System for detecting selectively the same | |
| KR100717287B1 (en) | System for detecting and dividing local IP of a client computer in inner network from outer network | |
| KR101196325B1 (en) | Distributed denial of service attack search apparatus and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230420 Address after: 310000 room 2505, 25 / F, building 1, No. 352, BINKANG Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Xiling Information Technology Co.,Ltd. Address before: 310000 room 2505, 25 / F, building 1, No. 352, BINKANG Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Xiling Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Cross network boundary device detection method, device, device, and readable storage medium Effective date of registration: 20230513 Granted publication date: 20221028 Pledgee: Cultural and creative sub branch of Bank of Hangzhou Co.,Ltd. Pledgor: Hangzhou Xiling Information Technology Co.,Ltd. Registration number: Y2023330000907 |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 310000 room 2505, 25 / F, building 1, No. 352, BINKANG Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: HangZhou SecLead Digital Technology Co.,Ltd. Address before: 310000 room 2505, 25 / F, building 1, No. 352, BINKANG Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Xiling Information Technology Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231213 Granted publication date: 20221028 Pledgee: Cultural and creative sub branch of Bank of Hangzhou Co.,Ltd. Pledgor: Hangzhou Xiling Information Technology Co.,Ltd. Registration number: Y2023330000907 |