CN113965355A - SOC-based illegal IP (Internet protocol) provincial network plugging method and device - Google Patents

SOC-based illegal IP (Internet protocol) provincial network plugging method and device Download PDF

Info

Publication number
CN113965355A
CN113965355A CN202111137576.9A CN202111137576A CN113965355A CN 113965355 A CN113965355 A CN 113965355A CN 202111137576 A CN202111137576 A CN 202111137576A CN 113965355 A CN113965355 A CN 113965355A
Authority
CN
China
Prior art keywords
address
provincial
plugging
illegal
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111137576.9A
Other languages
Chinese (zh)
Other versions
CN113965355B (en
Inventor
车研明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unihub China Information Technology Co Ltd
Original Assignee
Unihub China Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unihub China Information Technology Co Ltd filed Critical Unihub China Information Technology Co Ltd
Priority to CN202111137576.9A priority Critical patent/CN113965355B/en
Publication of CN113965355A publication Critical patent/CN113965355A/en
Application granted granted Critical
Publication of CN113965355B publication Critical patent/CN113965355B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an illegal IP (Internet protocol) provincial network plugging method and device based on SOC (system on chip), wherein the method comprises the following steps: the security management platform collects log information reported by each network management asset system and comprehensively analyzes illegal IP; the security management platform accesses an intra-provincial IP address system, acquires the classification condition of intra-provincial IP addresses, compares the illegal IP with a network address allocation resource library, and distinguishes intra-provincial IP address classification; and the safety management platform calls an IP black hole intra-province plugging method to plug and test effectiveness. The method and the device block the IP address through one-key blocking, and realize the inaccessibility of the IP address and block the spread of bad information by issuing a blocking strategy to the provincial router.

Description

SOC-based illegal IP (Internet protocol) provincial network plugging method and device
Technical Field
The invention relates to the field of safety management platforms, in particular to an illegal IP (Internet protocol) in-province network plugging method and device based on SOC (system on chip).
Background
A Security management platform (SOC) is to convert the form of various data isolated analysis in the current Information system into intelligent association analysis, integrate various network devices, Security devices and system logs, and standardize the flow of IT (Information Technology Infrastructure Library, a framework based on industry best practice) in combination with IT service management business process. The safety management platform is a set of measurable unified service support platform which is established from four dimensions of monitoring, auditing, risk and operation and maintenance by taking IT assets as a basis, taking a service information system as a core and taking customer experience as a guide, so that various users can monitor the availability and performance of the service information system, analyze, audit and early-warn the configuration and events, measure and evaluate the risk and situation and standardize and instantiate the normalization of a safety operation and maintenance flow, and finally realize the continuous and safe operation of the service information system.
In the safety management process of an intra-provincial network and a metropolitan area network, irregular attacks are often carried out by illegal IP (Internet protocol) of an extra-provincial or international place, so that the processing pressure of data packets of a core router, a switch and a cloud resource server of the intra-provincial network is caused, the service rate of the whole provincial network is influenced, the potential safety hazard is caused to the quality of network contents, the root cause of a fault cannot be accurately positioned by operation and maintenance personnel of the provincial and urban network, and particularly, the efficiency is very low and the time is long in the process of processing equipment black hole IP pointing operation. Meanwhile, after the network illegal IP attack, the configuration and the distribution of the plugging can not be carried out in time at the speed of second level, the manual processing efficiency of personnel is low, the necessary network illegal IP plugging can not be carried out in time, the illegal IP is discarded, and the potential safety hazard of the network is further avoided.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides an illegal IP provincial network plugging method and device based on SOC.
In order to achieve the purpose, the invention adopts the following technical scheme:
in an embodiment of the present invention, an illegal IP provincial network blocking method based on SOC is provided, the method includes:
the security management platform collects log information reported by each network management asset system and comprehensively analyzes illegal IP;
the security management platform accesses an intra-provincial IP address system, acquires the classification condition of intra-provincial IP addresses, compares the illegal IP with a network address allocation resource library, and distinguishes intra-provincial IP address classification;
and the safety management platform calls an IP black hole intra-province plugging method to plug and test effectiveness.
Further, the collecting log information reported by each network management asset system by the security management platform and comprehensively analyzing the illegal IP comprises the following steps:
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
Further, the security management platform accesses the provincial IP address system, obtains the classification condition of the provincial IP addresses, compares the illegal IP with the network address allocation resource library, and distinguishes the classification of the provincial IP addresses, and the method comprises the following steps:
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
and comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification.
Further, the intra-provincial IP addresses are divided into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP distributed by an intra-provincial operator, and the second-class IP address is an illegal IP analyzed according to the safety management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
Further, the safety management platform calls an IP black hole intra-province plugging method to perform plugging and tests effectiveness, and the method comprises the following steps:
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
In an embodiment of the present invention, an illegal IP provincial network blocking device based on SOC is further provided, and the device includes:
the log information collection module is used for collecting log information reported by each network management asset system and comprehensively analyzing illegal IP;
the intra-provincial IP address classification module is used for accessing an intra-provincial IP address system, acquiring the classification condition of the intra-provincial IP addresses, comparing the illegal IP with a network address allocation resource library and distinguishing intra-provincial IP address classification;
and the IP black hole intra-provincial plugging module is used for calling an IP black hole intra-provincial plugging method to perform plugging and testing effectiveness.
Further, the log information collection module is specifically configured to:
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
Further, the intra-province IP address classification module is specifically configured to:
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
and comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification.
Further, the intra-provincial IP addresses are divided into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP distributed by an intra-provincial operator, and the second-class IP address is an illegal IP analyzed according to the safety management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
Further, the IP black hole intra-province plugging module is specifically configured to:
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
In an embodiment of the present invention, a computer device is further provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the above-mentioned SOC-based illegal IP in-province network blocking method is implemented.
In an embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program for executing the SOC-based illegal IP in-province network blocking method is stored.
Has the advantages that:
the invention blocks the IP address by one-key blocking, realizes the inaccessibility of the IP address by issuing a blocking strategy to the provincial router, blocks the propagation of bad information and reduces the network risk.
Drawings
Fig. 1 is a schematic flow chart of an illegal IP intra-provincial network blocking method based on SOC according to an embodiment of the present invention;
fig. 2 is a deployment location diagram of network blocking in the security management platform IP black hole province according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating the interconnection of a security management platform with a network management system in each network domain according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating an IP black hole intra-province network plugging process according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a page of a one-key-terminated IP address according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a decapsulated page of a type of IP address according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a blocking page of a class II IP address according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a decapsulated page for a type two IP address according to an embodiment of the invention;
fig. 9 is a schematic structural diagram of an illegal IP intra-provincial network blocking device based on SOC according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, which should be understood to be presented only to enable those skilled in the art to better understand and implement the present invention, and not to limit the scope of the present invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, the invention provides an illegal IP (Internet protocol) in-province network plugging method and device based on SOC (system on chip), which integrates and analyzes log information reported by each network management asset system to obtain an illegal IP; accessing an intra-provincial IP address system, acquiring the classification condition of intra-provincial IP addresses, comparing the illegal IP with a network address allocation resource library, and distinguishing intra-provincial IP address classification; calling an IP black hole intra-province plugging method, checking the use condition of a plugging prefix list of the existing province core router, confirming the use condition of a list serial number, organizing and arranging a plugging strategy to form a strategy issuing command statement, performing rapid command statement preview, performing issuing configuration, forming a log for subsequent analysis, realizing rapid plugging and avoiding network potential safety hazards.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Fig. 1 is a schematic flow chart of an illegal IP intra-provincial network blocking method based on SOC according to an embodiment of the present invention. As shown in fig. 1, the method includes:
s1, the security management platform collects the log information reported by each network management asset system, and comprehensively analyzes the illegal IP;
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
S2, the security management platform accesses the provincial IP address system to obtain the classification condition of the provincial IP addresses, and compares the illegal IP with the network address allocation resource library to distinguish the classification of the provincial IP addresses;
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification;
the intra-provincial IP addresses are divided into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP distributed by an intra-provincial operator, and the second-class IP address is an illegal IP analyzed according to the security management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
S3, the safety management platform calls an IP black hole intra-province plugging method to perform plugging and tests effectiveness;
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
For a clearer explanation of the above illegal IP provincial network blocking method based on SOC, a specific embodiment is described below, but it should be noted that the embodiment is only for better explaining the present invention and is not to be construed as an inappropriate limitation to the present invention.
Example (b):
in this embodiment, an IP black hole intra-province network plugging method is invoked to plug the deployment location shown in fig. 2. The specific plugging steps are as follows:
1. collecting IP information of a network management system in each network domain and the IP information of network resources managed by the system;
fig. 3 is an interconnection diagram of a security management platform and network management systems in network domains according to an embodiment of the present invention. As shown in fig. 3, the security management platform is used as an intra-provincial operator asset centralized security management system platform, and accesses a large number of service management systems, resource management systems, configuration management systems, and the like, for example: the system reports the IP information of the network resources of the system, including the IP information of the host, the interconnection address of the interface of the switch, the port address of the switch connected with the host, the NAT addresses of the network of the system exit firewall, the butt joint address of the Internet router, and the like, wherein the IP addresses and the MAC addresses are in one-to-one correspondence and are reported to a safety management platform through the interface, and the safety management platform divides and registers the reported IP information of the network resources in the host and the collected network equipment domain in the system.
2. Collecting network security logs, server operation logs, user access logs and service tracking use source address logs of all network management asset systems;
and the safety management platform collects log information reported by each network management asset system, comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with an address error or an abnormal address, and detects the illegal IP.
3. Access in-province IP address system
The safety management platform synchronizes the provincial IP address which is registered in the provincial IP address system to a database of the safety management platform in an increment synchronization mode every hour, wherein the provincial IP address comprises IP address service classification and service attributes; acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization; comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification;
the intra-provincial IP addresses are classified into a first-class IP address and a second-class IP address, and the first-class IP addresses are system interconnection and service IPs allocated by intra-provincial operators, such as: the address IP of the telecommunication user in Heilongjiang, the IP of the private line user and the like, wherein the second type of IP address is an illegal IP analyzed according to the security management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
4. Plugging according to the IP black hole provincial plugging flow
4.1 collect IP Block commands
And checking the use condition of the existing plugging prefix list, and confirming the use condition of the list column number and whether the address to be plugged exists or not.
Figure BDA0003282865950000101
Figure BDA0003282865950000111
Figure BDA0003282865950000121
Figure BDA0003282865950000131
4.2 IP black hole intra-provincial plugging process
Fig. 4 is a schematic diagram of a network blocking process in an IP black hole province according to an embodiment of the present invention. As shown in fig. 4, the specific plugging steps are as follows:
calling a plugging program, logging in a provincial core router, taking a first class of IP address distributed by an intra-provincial operator and a second class of IP address analyzed by a security management platform as parameters of an issued instruction, and finishing a plugging command by combining with the configuration of the provincial core router; checking the use condition of the existing blocking prefix list, confirming the use condition of the list column number, judging whether the address to be blocked exists or not, and judging whether the blocking IP exists or not but not opening an effective instruction; organizing and arranging a plugging strategy, forming a strategy issuing command statement, previewing a quick command statement, rapidly issuing a plugging command, and directing an illegal IP to NULL 0;
the plugging command is divided into internet exposed surface plugging and provincial plugging:
plugging exposed surfaces of the internet: judging whether plugging is performed, if yes, judging whether the plugging is performed on the internet, if yes, plugging is performed, otherwise, calling a provincial decapsulation program and calling an internet plugging program;
plugging in the whole province: and judging whether the plugging is carried out or not, if so, judging whether the plugging is a provincial plugging or not, if so, plugging, and otherwise, calling an internet decapsulation program and calling a provincial plugging program.
FIG. 5 is a diagram of a page of a one-key-terminated IP address according to an embodiment of the invention. The specific plugging operates on the page as shown in fig. 5.
5. IP address blocking test and deblocking
5.1 class I IP address blocking test
After the plugging task is successfully established, the test is performed according to the following table 1 (the user needs to log in the router for confirmation):
TABLE 1
Figure BDA0003282865950000141
Figure BDA0003282865950000151
If the results after the test are the same as the expected results in Table 1 above, the function is considered valid and correct.
5.2 decapsulation testing of class-one IP addresses
5.2.1 unpacking is first done on the page as shown in FIG. 6:
selecting a corresponding IP address from the plugging target, and then clicking a small lock behind the IP address to unseal;
5.2.2 after the decapsulation task is completed, the test is performed according to the following table 2 (requiring the user to log in the router for confirmation):
TABLE 2
Figure BDA0003282865950000161
Figure BDA0003282865950000171
If the results after the test are the same as the expected results in Table 2 above, the function is considered valid and correct.
5.3 Block test for class II IP addresses
5.3.1, plugging the IP address of the second class by using an Internet exposed surface plugging module, and mainly preventing the attack of the address of the province on the Internet exposed surface system of the Heilongjiang telecommunication.
Clicking an internet exposed surface blocking module on a page shown in fig. 7, clicking a new blocking task, inputting a blocking IP address in a popup window, and clicking for storage.
5.3.2 after completing the plugging task, performing the test operation according to the following table 3 (requiring the user to log in the router for confirmation):
TABLE 3
Figure BDA0003282865950000181
Figure BDA0003282865950000191
If the results after the test are the same as the expected results in Table 3 above, the function is considered valid and correct.
5.4 decapsulation testing of class II IP addresses
5.4.1 decapsulation is first performed on the page as shown in FIG. 8:
and selecting a corresponding IP address from the plugging target, and then clicking a small lock behind the IP address to unseal.
5.4.2 after the decapsulation task is completed, the test is performed according to the following table 4 (requiring the user to log in the router for confirmation):
Figure BDA0003282865950000192
Figure BDA0003282865950000201
Figure BDA0003282865950000211
TABLE 4
If the results after the test are the same as the expected results in Table 4 above, the function is considered valid and correct.
Based on the same invention concept, the invention also provides an illegal IP provincial network plugging device based on SOC. The implementation of the device can be referred to the implementation of the method, and repeated details are not repeated. The term "module," as used below, may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 9 is a schematic structural diagram of an illegal IP provincial network blocking device based on SOC according to an embodiment of the present invention. As shown in fig. 9, the apparatus includes:
a log information collection module 101, configured to collect log information reported by each network management asset system, and comprehensively analyze an illegal IP;
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
The intra-provincial IP address classification module 102 is used for accessing an intra-provincial IP address system, acquiring the classification condition of intra-provincial IP addresses, comparing illegal IP addresses with a network address allocation resource library, and distinguishing intra-provincial IP address classification;
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
and comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification.
The intra-provincial IP addresses are divided into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP distributed by an intra-provincial operator, and the second-class IP address is an illegal IP analyzed according to the security management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
The IP black hole intra-province plugging module 103 is used for calling an IP black hole intra-province plugging method to perform plugging and testing effectiveness;
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
It should be noted that although several modules of the SOC-based illegal IP in-province network blocking device are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module according to embodiments of the invention. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Based on the aforementioned inventive concept, as shown in fig. 10, the present invention further provides a computer apparatus 200, which includes a memory 210, a processor 220, and a computer program 230 stored on the memory 210 and operable on the processor 220, wherein the processor 220 implements the aforementioned SOC-based illegal IP provincial network blocking method when executing the computer program 230.
Based on the above inventive concept, the present invention further provides a computer readable storage medium storing a computer program for executing the above SOC-based illegal IP intra-provincial network blocking method.
According to the method and the device for plugging the illegal IP provincial network based on the SOC, the IP address is plugged through one-key plugging, the IP address is inaccessible by issuing a plugging strategy to the provincial router, the propagation of bad information is blocked, and the network risk is reduced.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
The limitation of the protection scope of the present invention is understood by those skilled in the art, and various modifications or changes which can be made by those skilled in the art without inventive efforts based on the technical solution of the present invention are still within the protection scope of the present invention.

Claims (12)

1. An illegal IP (Internet protocol) provincial network plugging method based on SOC (system on chip) is characterized by comprising the following steps:
the security management platform collects log information reported by each network management asset system and comprehensively analyzes illegal IP;
the security management platform accesses an intra-provincial IP address system, acquires the classification condition of intra-provincial IP addresses, compares the illegal IP with a network address allocation resource library, and distinguishes intra-provincial IP address classification;
and the safety management platform calls an IP black hole intra-province plugging method to plug and test effectiveness.
2. The SOC-based illegal IP in-provincial network plugging method as claimed in claim 1, wherein the step of collecting log information reported by each network management asset system by the security management platform and comprehensively analyzing the illegal IP comprises the steps of:
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
3. The SOC-based illegal IP Intra-provincial network plugging method of claim 1, wherein the security management platform accesses an Intra-provincial IP address system, obtains the classified condition of the Intra-provincial IP addresses, compares the illegal IP with a network address allocation resource base, and distinguishes the classified Intra-provincial IP addresses, comprising:
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
and comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification.
4. The SOC-based illegal IP in-province network plugging method according to claim 3, wherein the in-province IP addresses are classified into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP allocated by an in-province operator, and the second-class IP address is an illegal IP analyzed according to the security management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
5. The SOC-based illegal IP in-province network plugging method of claim 1, wherein the safety management platform calls an IP black hole in-province plugging method to perform plugging and test validity, and the method comprises the following steps:
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
6. An illegal IP provincial network plugging device based on SOC is characterized by comprising:
the log information collection module is used for collecting log information reported by each network management asset system and comprehensively analyzing illegal IP;
the intra-provincial IP address classification module is used for accessing an intra-provincial IP address system, acquiring the classification condition of the intra-provincial IP addresses, comparing the illegal IP with a network address allocation resource library and distinguishing intra-provincial IP address classification;
and the IP black hole intra-provincial plugging module is used for calling an IP black hole intra-provincial plugging method to perform plugging and testing effectiveness.
7. The SOC-based illegal IP Intra-provincial network blocking method according to claim 6, wherein the log information collection module is specifically configured to:
the safety management platform collects network safety logs, server operation logs, user access logs and service tracking use source address log information reported by each network management asset system;
the safety management platform comprehensively analyzes the state condition of the IP data packet, tracks the IP data packet with address error or abnormal condition and detects illegal IP.
8. The SOC-based illegal IP Intra-provincial network blocking method according to claim 6, wherein the Intra-provincial IP address classification module is specifically configured to:
the security management platform synchronizes the provincial IP address registered in the provincial IP address system to a database of the security management platform in an increment synchronization mode;
acquiring the classification condition of the provincial IP addresses by means of a mechanism for synchronizing the provincial IP address system and an IP address management system of a domestic public security organization;
and comparing the illegal IP with a network address allocation resource library to distinguish the intra-provincial IP address classification.
9. The SOC-based illegal IP in-province network plugging method according to claim 8, wherein the in-province IP addresses are classified into a first-class IP address and a second-class IP address, the first-class IP address is a system interconnection and service IP allocated by an in-province operator, and the second-class IP address is an illegal IP analyzed according to a security management platform; one class of IP addresses are used for carrying out provincial plugging by plugging the own service in the province, and the second class of IP addresses are used for carrying out internet exposed surface plugging.
10. The SOC-based illegal IP in-province network blocking method according to claim 6, wherein the IP black hole in-province blocking module is specifically configured to:
logging in a provincial core router, collecting a specified IP plugging command, checking the use condition of the existing plugging prefix list, confirming the use condition of the list column number and judging whether a plugging address exists or not;
creating a blocking address route release prefix, creating a blocking address black hole route, pointing illegal IP to NULLO, releasing a blocking address in BGP, forming a command statement sent by a blocking strategy and previewing, quickly sending blocking and testing effectiveness.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-5 when executing the computer program.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1-5.
CN202111137576.9A 2021-09-27 2021-09-27 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip) Active CN113965355B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111137576.9A CN113965355B (en) 2021-09-27 2021-09-27 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111137576.9A CN113965355B (en) 2021-09-27 2021-09-27 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip)

Publications (2)

Publication Number Publication Date
CN113965355A true CN113965355A (en) 2022-01-21
CN113965355B CN113965355B (en) 2023-07-28

Family

ID=79462424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111137576.9A Active CN113965355B (en) 2021-09-27 2021-09-27 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip)

Country Status (1)

Country Link
CN (1) CN113965355B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277251A (en) * 2022-09-23 2022-11-01 浙江鹏信信息科技股份有限公司 IP blocking method, system and medium based on FRR software routing cluster
CN116708293A (en) * 2023-08-07 2023-09-05 浙江鹏信信息科技股份有限公司 High concurrency route plugging system and method based on memory database

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140314215A1 (en) * 2008-09-08 2014-10-23 Invoca, Inc. Methods and systems for processing and managing communications
CN104702623A (en) * 2015-03-27 2015-06-10 携程计算机技术(上海)有限公司 IP lockout method and system
CN108234404A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 A kind of defence method of ddos attack, system and relevant device
CN113285952A (en) * 2021-05-26 2021-08-20 山石网科通信技术股份有限公司 Network vulnerability blocking method and device, storage medium and processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140314215A1 (en) * 2008-09-08 2014-10-23 Invoca, Inc. Methods and systems for processing and managing communications
CN104702623A (en) * 2015-03-27 2015-06-10 携程计算机技术(上海)有限公司 IP lockout method and system
CN108234404A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 A kind of defence method of ddos attack, system and relevant device
CN113285952A (en) * 2021-05-26 2021-08-20 山石网科通信技术股份有限公司 Network vulnerability blocking method and device, storage medium and processor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
夏凌云: "基于黑洞路由和微信企业号的园区网访问控制系统", 《计算机系统应用》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277251A (en) * 2022-09-23 2022-11-01 浙江鹏信信息科技股份有限公司 IP blocking method, system and medium based on FRR software routing cluster
CN116708293A (en) * 2023-08-07 2023-09-05 浙江鹏信信息科技股份有限公司 High concurrency route plugging system and method based on memory database
CN116708293B (en) * 2023-08-07 2023-10-31 浙江鹏信信息科技股份有限公司 High concurrency route plugging system and method based on memory database

Also Published As

Publication number Publication date
CN113965355B (en) 2023-07-28

Similar Documents

Publication Publication Date Title
US10356044B2 (en) Security information and event management
KR101883400B1 (en) detecting methods and systems of security vulnerability using agentless
US8516586B1 (en) Classification of unknown computer network traffic
CN111262879B (en) Firewall security policy opening method and device based on simulation path analysis
CN105450442A (en) Network topology checking method and system thereof
CN113965355A (en) SOC-based illegal IP (Internet protocol) provincial network plugging method and device
CN106533724B (en) Method, device and system for monitoring and optimizing Network Function Virtualization (NFV) network
US20190260663A1 (en) Deriving test profiles based on security and network telemetry information extracted from the target network environment
CN105227383A (en) A kind of device of network topology investigation
CN112636985B (en) Network asset detection device based on automatic discovery algorithm
CN110943984B (en) Asset safety protection method and device
CN114553537A (en) Abnormal flow monitoring method and system for industrial Internet
CN113407949A (en) Information security monitoring system, method, equipment and storage medium
CN114553471A (en) Tenant safety management system
CN114338068A (en) Multi-node vulnerability scanning method and device, electronic equipment and storage medium
CN110311927B (en) Data processing method and device, electronic device and medium
CN109150853A (en) The intruding detection system and method for role-base access control
US10445746B2 (en) Method for checking compliance of payment application in virtualized environment
CN113206761A (en) Application connection detection method and device, electronic equipment and storage medium
CN109474529B (en) Method for feeding back terminal network associated data
CN107104853B (en) Test bed system and test method for terminal safety management software
CN113301040B (en) Firewall strategy optimization method, device, equipment and storage medium
KR102156359B1 (en) A Method for Checking Vulnerability Diagnosis Command Execution through Sending Pre-Command and Its System
Owolafe et al. Analysis of Crypto-Ransomware Using Network Traffic
Yongle et al. A cooperative intrusion detection system based on autonomous agents

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant