CN114157637A - IPv6 address scanning method and device, computer equipment and storage medium - Google Patents
IPv6 address scanning method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114157637A CN114157637A CN202210120312.0A CN202210120312A CN114157637A CN 114157637 A CN114157637 A CN 114157637A CN 202210120312 A CN202210120312 A CN 202210120312A CN 114157637 A CN114157637 A CN 114157637A
- Authority
- CN
- China
- Prior art keywords
- address
- area
- ipv6
- detection
- scanned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to an IPv6 address scanning method, an IPv6 address scanning device, computer equipment and a storage medium. The method comprises the steps of dividing an address space by using a known IPv6 seed address, classifying each address area to be scanned according to the number of free dimensions from low to high, and generating all addresses of the area with the lowest number of free dimensions and the highest activity counter as detection addresses by each iteration; then, using RC5 algorithm to perform sequence randomization on the detection address space, generating a probe with region codes for a new address sequence and transmitting; and continuously receiving the response packets, recording the detection results, and updating the activity counter of the corresponding area according to the area identifier so as to adjust the detection direction of the next round of iteration. The method can scan the IPV6 address in the range of the Internet, and has higher hit rate and scanning efficiency compared with other IPv6 full-network scanning methods.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to an IPv6 address scanning method, apparatus, computer device, and storage medium.
Background
With the last block address of IPv4 assigned by INAN in 2011, it is announced that the internet will inevitably move to IPv 6. In October 2019, data shows that 30% of users access Google through IPv6 addresses, and that IPv6 plays an important role in future network development.
However, the development of IPv6 faces a great challenge, namely network scanning. Through network scanning, the system can carry out more comprehensive work on analysis of a network topology structure, IP address analysis, geographic positioning, network safety and the like. In IPv4 networks, the benefits of modern advances in hardware and computing power have made it possible to brute force internet full-network scanning. Unlike IPv4, however, the enormous address space of IPv6 has made past scanning tools significantly more time consuming. There is a need for a more efficient and less time consuming way to obtain more information.
Some existing IPv6 scanning methods, such as Encopy/IP, 6Gen, 6Tree, 6Hit and the like, provide some methods in the aspect of IPv6 address space scanning, but still have the problem of low detection efficiency.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an IPv6 address scanning method, apparatus, computer device and storage medium.
An IPv6 address scanning method, the method comprising:
an IPv6 seed address and a predetermined total resource threshold are obtained.
According to the IPv6 seed address, a spatial tree is obtained by utilizing a hierarchical splitting clustering algorithm; each node of the spatial tree represents an address area of the address space to be scanned.
Classifying each address area to be scanned from low to high according to free dimension, and setting the class with the lowest free dimension as a detection area; the resource number and the activity counter of each address area to be scanned are both set to be 0.
In each iteration, all addresses of the address area to be scanned with the highest activity counter in the detection area are preferentially generated as detection addresses.
Randomizing the sequence of the detection addresses by adopting an RC5 mode, generating probe packets according to the obtained random address sequence and sending the probe packets, and updating the resource quantity according to the quantity of the sent probe packets; the header of the probe packet includes a region code and a region identifier of an address region to be scanned.
And receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier.
Deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches a preset total resource threshold value, and stopping the iteration.
In one embodiment, obtaining a spatial tree by using a hierarchical splitting clustering algorithm according to the IPv6 seed address includes:
and generating a root node containing all seed sets according to the IPv6 seed address, and taking the root node as a current node.
For the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
In one embodiment, randomizing the sequence of the probe addresses by RC5, generating probe packets according to the obtained random address sequence and transmitting, and updating the resource number according to the number of transmitted probe packets includes:
randomizing the sequence of the detection addresses by adopting an RC5 mode for the detection addresses; a random address sequence is obtained.
And according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating the probe packet corresponding to the detection address in the random address sequence, and sending the probe packet.
Updating the number of resources according to the number of transmitted probe packets.
In one embodiment, receiving and decoding the response packet and updating the activity counter of the corresponding region according to the obtained region identifier includes
And continuously receiving the message, decrypting the received message, and judging whether the message is a correct response packet or not according to a decryption result.
When the response packet is correct, the response result and the area identifier are recorded, and the activity counter of the corresponding area is updated according to the area identifier so as to adjust the direction of the next round of iterative detection.
In one embodiment, the method wherein the sending of the probe packet and the receiving of the response packet are performed asynchronously.
An IPv6 address scanning apparatus, the apparatus comprising:
and the IPv6 seed address acquisition module is used for acquiring the IPv6 seed address and a preset total resource threshold.
The address space division module is used for obtaining a space tree by utilizing a hierarchical splitting and clustering algorithm according to the IPv6 seed address; each node of the space tree represents an address area to be scanned of the address space; classifying each address area to be scanned from low to high according to free dimension, and setting the class with the lowest free dimension as a detection area; the resource number and the activity counter of each address area to be scanned are both set to be 0.
The iterative scanning module is used for preferentially generating all addresses of an address area to be scanned with the highest activity counter in the detection area into detection addresses in each iteration; randomizing the sequence of the detection addresses by adopting an RC5 mode, generating probe packets according to the obtained random address sequence and sending the probe packets, and updating the resource quantity according to the quantity of the sent probe packets; the head of the probe packet comprises a region code and a region identifier of an address region to be scanned; receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier; deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches a preset total resource threshold value, and stopping the iteration.
In one embodiment, each node of the spatial tree represents an address region of the address space to be scanned.
The address space division module is further configured to generate a root node including all seed sets according to the IPv6 seed address, and use the root node as a current node; for the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
In one embodiment, the iterative scan module is further configured to randomize an order of the probe addresses by using an RC5 manner for the probe addresses; obtaining a random address sequence; according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating and sending the probe packet corresponding to the detection address in the random address sequence; updating the number of resources according to the number of transmitted probe packets.
The IPv6 address scanning method, apparatus, computer device, and storage medium described above, the method uses a known IPv6 seed address to partition an address space, and classifies each address area to be scanned according to the number of free dimensions from low to high, and each iteration preferentially generates all addresses of an area with the lowest number of free dimensions and the highest activity counter as probe addresses; then, using RC5 algorithm to perform sequence randomization on the detection address space, generating a probe with region codes for a new address sequence and transmitting; and continuously receiving the response packets, recording the detection results, and updating the activity counter of the corresponding area according to the area identifier so as to adjust the detection direction of the next round of iteration. The method can scan the IPV6 address in the range of the Internet, and has higher hit rate and scanning efficiency compared with other IPv6 full-network scanning methods. The method is used for detecting and mining IPv6 active addresses in the range of the Internet.
Drawings
FIG. 1 is a flowchart illustrating an IPv6 address scanning method according to an embodiment;
FIG. 2 is a diagram illustrating address areas to be scanned in another embodiment;
FIG. 3 is a schematic diagram of space division in another embodiment;
FIG. 4 is a schematic diagram of a region-generated probe address in another embodiment;
FIG. 5 is a schematic view of the structure of a probe in another embodiment;
FIG. 6 is a schematic diagram showing a probe transmission sequence in another embodiment;
FIG. 7 is a schematic diagram illustrating the workflow of an IPv6 address scanning method in one embodiment;
FIG. 8 is a block diagram of an IPv6 address scanning apparatus in one embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The IPv6 address space is typically mapped as a 32-dimensional high-dimensional vector with one dimension per half byte, i.e., 4 bits, and each dimension taking on an integer in the range of (0-15).
In one embodiment, as shown in fig. 1, there is provided an IPv6 address scanning method, including the steps of:
step 100: an IPv6 seed address and a predetermined total resource threshold are obtained.
Specifically, IPv6 seed addresses, a set of initially known active IPv6 addresses, which are typically available through network traffic collection, domain name records, and the like.
The predetermined total resource threshold is a predetermined number of probe packets.
Step 102: according to the IPv6 seed address, a spatial tree is obtained by utilizing a hierarchical splitting clustering algorithm; each node of the spatial tree represents an address area of the address space to be scanned.
Specifically, the address area to be scanned, obtained by the address control through area division, at least contains 1 IPv6 seed address.
Fig. 2 is a schematic diagram of generating an address area to be scanned. The address area to be scanned is composed of 2 seeds, and the first 31 dimensions of the two seeds are the same and are fixed dimensions; the final 32 nd dimension is the free dimension.
For a 32-dimensional address area to be scanned, if the value of the seed in a certain dimension is the same in the dimension, the dimension is the fixed dimension, otherwise, the dimension is the free dimension.
The division of the address space logically utilizes a seed set and a hierarchical splitting clustering algorithm to construct a tree structure, and the tree structure is named as a space tree. The space tree is constructed from the root to the leaf and from top to bottom in a layering mode, and for the current node, splitting is carried out according to the seed set of the current node to obtain child nodes. A schematic diagram of a spatial tree is shown in fig. 3.
Step 104: classifying each address area to be scanned from low to high according to the free dimension, and setting the class with the lowest free dimension as a detection area; the resource number and the activity counter of each address area to be scanned are both set to be 0.
Specifically, for each node in the spatial tree, an activity counter is corresponding, and the activity counter of the corresponding region is updated according to each region identifier.
Step 106: in each iteration, all addresses of the address area to be scanned with the highest activity counter in the detection area are preferentially generated as detection addresses.
Specifically, in the process of generating the probe address, the result obtained in the previous round of probe is used, i.e. the activity counter in each area is updated and ranked according to the size of the counter. In the current iteration, all addresses of the high-ranking region are preferentially generated as the detection addresses according to the region ranking aiming at the region of the current free dimension. Fig. 4 is an example of a probe address generated by node 65 in fig. 3.
Step 108: randomizing the sequence of the detection addresses by adopting an RC5 mode, generating and sending probe packets according to the obtained random address sequence, and updating the resource quantity according to the quantity of the sent probe packets; the header of the probe packet includes a region code and a region identifier of an address region to be scanned.
Specifically, fig. 6 shows that the probe address sequence is randomized according to the determined detection region, so as to ensure the reasonability of probe distribution.
For the probe packet probe sequence of the random sequence generated by the same iteration, excessive detection on a certain subspace is effectively guaranteed.
Step 110: receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier;
step 112: deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches the preset total resource threshold value, and stopping the iteration.
In the IPv6 address scanning method, the method uses a known IPv6 seed address to partition an address space, classifies each address area to be scanned according to the number of free dimensions from low to high, and generates all addresses of an area with the lowest number of free dimensions and the highest activity counter as probe addresses in each iteration; then, using RC5 algorithm to perform sequence randomization on the detection address space, generating a probe with region codes for a new address sequence and transmitting; and continuously receiving the response packets, recording the detection results, and updating the activity counter of the corresponding area according to the area identifier so as to adjust the detection direction of the next round of iteration. The method can scan the IPV6 address in the range of the Internet, and has higher hit rate and scanning efficiency compared with other IPv6 full-network scanning methods. The method is used for detecting and mining IPv6 active addresses in the range of the Internet.
In one embodiment, step 102 comprises: generating a root node containing all seed sets according to the IPv6 seed address, and taking the root node as a current node; for the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
Specifically, for seed addresses arranged according to size in a 32-dimensional address area to be scanned, from left to right, when two adjacent seed addresses appear to have different values in the same dimension for the first time, that is, the seed addresses are the first free dimension, and the address space begins to split.
In another embodiment, FIG. 3 shows an example of a spatial partition. Note that the spatial tree is only a logical schematic, and the runtime ultimately only retains the leaf nodes therein. For the current node, traversing the seeds contained in the current node, finding a first free dimension, and splitting the child node in the dimension; and adding child nodes to the spatial tree; and when the free dimension of one region is 1 or only 1 seed, stopping splitting, and obtaining the node which is a leaf node. And obtaining the space tree after the circulation is stopped.
The free dimension of the region is 1 or only the nodes of 1 seed are leaf nodes.
In one embodiment, step 108 includes: randomizing the sequence of the detection addresses by adopting an RC5 mode; obtaining a random address sequence; according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating and sending the probe packet corresponding to the detection address in the random address sequence; the number of resources is updated according to the number of transmitted probe packets.
Fig. 5 is a schematic structural diagram of a probe pack. The payload added to the header of the probe packet has 16 bytes. Wherein 4 bytes of 6Scan Fingerprint information (6 Scan Fingerprint) and 1 byte of Instance number (Instance ID) are used to confirm that the received packet is a response packet of the probe; a 1 byte time-to-live (TTL) determines the total number of hops passed to reach the destination; a 2-byte check code (Checksum Fudge) is used to ensure the correctness of the header information; a 4-byte Timestamp (Timestamp) recording time for calculating RTT; a 4-byte region Identifier (Regional Identifier) is used to update the activity counter.
In one embodiment, step 110 includes continuously receiving the message, decrypting the received message, and determining whether the message is a correct response packet according to the decryption result; when the response packet is correct, the response result and the area identifier are recorded, and the activity counter of the corresponding area is updated according to the area identifier so as to adjust the detection direction of the next round of iteration.
In one embodiment, the method wherein the sending of the probe packet and the receiving of the response packet are performed asynchronously.
Due to the regional coding, the sending of the probe packet and the receiving of the response packet can be carried out asynchronously, so that the sending rate and the detection efficiency of the probe are greatly improved.
In another embodiment, as shown in fig. 7, a flow chart of the operation of an IPv6 address scanning method is provided. Firstly, dividing an address space according to a seed address to obtain address areas to be scanned, then classifying each area from low to high according to free dimensionality, and generating all addresses of the area with the lowest free dimensionality and the highest activity counter into detection addresses in each iteration; then, using RC5 algorithm to perform sequence randomization on the detection address space, generating a probe with region codes for a new address sequence and transmitting; and continuously receiving the message, judging the legality of the message, recording a detection result for a correct response packet, and updating an activity counter of a corresponding area according to the area identifier so as to adjust the direction of the next round of iterative detection.
It should be understood that although the steps in the flowcharts of fig. 1 and 7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1 and 7 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 8, there is provided an IPv6 address scanning apparatus including: the device comprises an IPv6 seed address acquisition module, an address space division module and an iterative scanning module, wherein:
and the IPv6 seed address acquisition module is used for acquiring the IPv6 seed address and a preset total resource threshold.
The address space division module is used for obtaining a space tree by utilizing a hierarchical splitting and clustering algorithm according to the IPv6 seed address; each node of the space tree represents an address area to be scanned of the address space; classifying each address area to be scanned from low to high according to the free dimension, and setting the class with the lowest free dimension as a detection area; the resource number and the activity counter of each address area to be scanned are both set to be 0.
The iterative scanning module is used for preferentially generating all addresses of an address area to be scanned with the highest activity counter in the detection area into detection addresses in each iteration; randomizing the sequence of the detection addresses by adopting an RC5 mode, generating and sending probe packets according to the obtained random address sequence, and updating the resource quantity according to the quantity of the sent probe packets; the head of the probe packet comprises a region code and a region identifier of an address region to be scanned; receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier; deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches the preset total resource threshold value, and stopping the iteration.
In one embodiment, the address space dividing module is further configured to generate a root node including all seed sets according to the IPv6 seed address, and use the root node as a current node; for the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
In one embodiment, the iterative scan module is further configured to randomize an order of the probe addresses by using an RC5 method for the probe addresses; obtaining a random address sequence; according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating and sending the probe packet corresponding to the detection address in the random address sequence; the number of resources is updated according to the number of transmitted probe packets.
In one embodiment, the iterative scanning module is further configured to continuously receive the message, decrypt the received message, and determine whether the message is a correct response packet according to a decryption result; when the response packet is correct, the response result and the area identifier are recorded, and the activity counter of the corresponding area is updated according to the area identifier so as to adjust the detection direction of the next round of iteration.
In one embodiment, the sending of probe packets and the receiving of response packets in the iterative scanning module are performed asynchronously.
For the specific definition of the IPv6 address scanning device, reference may be made to the above definition of the IPv6 address scanning method, which is not described herein again. The modules in the IPv6 address scanning apparatus described above may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an IPv6 address scanning method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the method in the above embodiments when the processor executes the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method in the above-mentioned embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. An IPv6 address scanning method, the method comprising:
acquiring an IPv6 seed address and a preset total resource threshold;
according to the IPv6 seed address, a spatial tree is obtained by utilizing a hierarchical splitting clustering algorithm; each node of the space tree represents an address area to be scanned of the address space;
classifying each address area to be scanned from low to high according to free dimension, and setting the class with the lowest free dimension as a detection area; setting the resource quantity and the activity counter of each address area to be scanned to be 0;
in each iteration, all addresses of an address area to be scanned with the highest activity counter in the detection area are preferentially generated as detection addresses;
randomizing the sequence of the detection addresses by adopting an RC5 mode, generating probe packets according to the obtained random address sequence and sending the probe packets, and updating the resource quantity according to the quantity of the sent probe packets; the head of the probe packet comprises a region code and a region identifier of an address region to be scanned;
receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier;
deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches a preset total resource threshold value, and stopping the iteration.
2. The method of claim 1, wherein obtaining a spatial tree by using a hierarchical splitting clustering algorithm according to the IPv6 seed address comprises:
generating a root node containing all seed sets according to the IPv6 seed address, and taking the root node as a current node;
for the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
3. The method of claim 1, wherein randomizing the order of the probe addresses in an RC5 manner, generating probe packets according to the obtained random address sequence and transmitting the probe packets, and updating the resource amount according to the transmitted probe packet amount comprises:
randomizing the sequence of the detection addresses by adopting an RC5 mode for the detection addresses; obtaining a random address sequence;
according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating and sending the probe packet corresponding to the detection address in the random address sequence;
updating the number of resources according to the number of transmitted probe packets.
4. The method of claim 1, wherein receiving and decoding the response packet and updating the activity counter for the corresponding zone based on the obtained zone identifier comprises
Continuously receiving the message, decrypting the received message, and judging whether the message is a correct response packet according to a decryption result;
when the response packet is correct, the response result and the area identifier are recorded, and the activity counter of the corresponding area is updated according to the area identifier so as to adjust the direction of the next round of iterative detection.
5. A method according to any of claims 1 to 4, wherein the sending of probe packets and the receiving of response packets are performed asynchronously.
6. An IPv6 address scanning apparatus, the apparatus comprising:
an IPv6 seed address obtaining module, configured to obtain an IPv6 seed address and a predetermined total resource threshold;
the address space division module is used for obtaining a space tree by utilizing a hierarchical splitting and clustering algorithm according to the IPv6 seed address; each node of the space tree represents an address area to be scanned of the address space; classifying each address area to be scanned from low to high according to free dimension, and setting the class with the lowest free dimension as a detection area; setting the resource quantity and the activity counter of each address area to be scanned to be 0;
the iterative scanning module is used for preferentially generating all addresses of an address area to be scanned with the highest activity counter in the detection area into detection addresses in each iteration; randomizing the sequence of the detection addresses by adopting an RC5 mode, generating probe packets according to the obtained random address sequence and sending the probe packets, and updating the resource quantity according to the quantity of the sent probe packets; the head of the probe packet comprises a region code and a region identifier of an address region to be scanned; receiving and decoding the response packet, and updating the activity counter of the corresponding area according to the obtained area identifier; deleting the detected address area to be scanned from the space tree, adding 1 to the free dimension of the next detection area, and entering the next iteration until the number of the resources reaches a preset total resource threshold value, and stopping the iteration.
7. The apparatus according to claim 6, wherein the address space partitioning module is further configured to generate a root node including all seed sets according to the IPv6 seed address, and use the root node as a current node; for the current node, traversing the IPv6 seed address contained in the current node, finding out a first free dimension, splitting child nodes in the dimension, and adding the child nodes into a spatial tree; and when the free dimension of one child node is 1 or only 1 IPv6 seed address, stopping splitting to obtain the spatial tree.
8. The apparatus of claim 6, wherein the iterative scan module is further configured to randomize an order of the probe addresses by using an RC5 method for the probe addresses; obtaining a random address sequence; according to the random address sequence, inserting the region code and the region identifier of the address region to be scanned into the head of the probe packet, generating and sending the probe packet corresponding to the detection address in the random address sequence; updating the number of resources according to the number of transmitted probe packets.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210120312.0A CN114157637B (en) | 2022-02-09 | 2022-02-09 | IPv6 address scanning method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210120312.0A CN114157637B (en) | 2022-02-09 | 2022-02-09 | IPv6 address scanning method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114157637A true CN114157637A (en) | 2022-03-08 |
| CN114157637B CN114157637B (en) | 2022-04-22 |
Family
ID=80450037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210120312.0A Active CN114157637B (en) | 2022-02-09 | 2022-02-09 | IPv6 address scanning method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114157637B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4484261A (en) * | 1981-01-19 | 1984-11-20 | Texas Instruments Incorporated | Data processing system having interlinked fast and slow memory means and interlinked program counters |
| US20050278454A1 (en) * | 2003-03-28 | 2005-12-15 | Ssh Communications Security Corp | Method for preparing a decision tree for packet processing |
| CN111432043A (en) * | 2020-03-09 | 2020-07-17 | 清华大学 | Dynamic IPv6 address detection method based on density |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN113282805A (en) * | 2021-06-24 | 2021-08-20 | 中国人民解放军国防科技大学 | IPv6 address pattern mining method and device, electronic equipment and storage medium |
| CN113746947A (en) * | 2021-07-15 | 2021-12-03 | 清华大学 | IPv6 active address detection method and device based on reinforcement learning |
-
2022
- 2022-02-09 CN CN202210120312.0A patent/CN114157637B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4484261A (en) * | 1981-01-19 | 1984-11-20 | Texas Instruments Incorporated | Data processing system having interlinked fast and slow memory means and interlinked program counters |
| US20050278454A1 (en) * | 2003-03-28 | 2005-12-15 | Ssh Communications Security Corp | Method for preparing a decision tree for packet processing |
| CN111432043A (en) * | 2020-03-09 | 2020-07-17 | 清华大学 | Dynamic IPv6 address detection method based on density |
| US20210281543A1 (en) * | 2020-03-09 | 2021-09-09 | Tsinghua University | DYNAMIC Ipv6 ADDRESS PROBING METHOD BASED ON DENSITY |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN113282805A (en) * | 2021-06-24 | 2021-08-20 | 中国人民解放军国防科技大学 | IPv6 address pattern mining method and device, electronic equipment and storage medium |
| CN113746947A (en) * | 2021-07-15 | 2021-12-03 | 清华大学 | IPv6 active address detection method and device based on reinforcement learning |
Non-Patent Citations (3)
| Title |
|---|
| 朱正一等: "6Topo:一种测量IPv6网络拓扑的新方法", 《小型微型计算机系统》 * |
| 李果等: "基于种子地址的IPv6地址探测技术综述", 《电信科学》 * |
| 闫兴篡等: "网络拓扑发现算法综述", 《计算机工程与应用》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114157637B (en) | 2022-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475376B (en) | Method, apparatus, computer device and storage medium for processing test data | |
| US20220060961A1 (en) | Network channel switching method and apparatus, device, and storage medium | |
| CN106302546A (en) | The method and apparatus realizing server access | |
| EP1556993A2 (en) | Automatically generated cryptographic functions for renewable tamper resistant security systems | |
| CN108664395A (en) | Applied program testing method, device, equipment and storage medium | |
| Shahbar et al. | Benchmarking two techniques for Tor classification: Flow level and circuit level classification | |
| CN110955721B (en) | Block link point state maintenance method and device, computer equipment and storage medium | |
| CN112398969B (en) | IPv6 address dynamic detection method and device and computer equipment | |
| CN116633701B (en) | Information transmission method, apparatus, computer device and storage medium | |
| CN111367923A (en) | Data processing method, data processing device, node equipment and storage medium | |
| Reshmi et al. | Light weight cryptographic address generation (LW-CGA) using system state entropy gathering for IPv6 based MANETs | |
| CN114221929A (en) | Address translation method, apparatus, device, medium, and computer program product | |
| CN111275495A (en) | Advertisement putting monitoring method, device and system based on block chain | |
| CN114157637B (en) | IPv6 address scanning method and device, computer equipment and storage medium | |
| CN108389124B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN112367340B (en) | Intranet asset risk assessment method, device, equipment and medium | |
| CN111679963A (en) | User behavior data processing method, device, equipment and storage medium | |
| CN110460585B (en) | Equipment identity identification method and device, computer equipment and storage medium | |
| CN112637085B (en) | Flow recording method and device, computer equipment and storage medium | |
| CN114063606A (en) | PLC protocol fuzzy test method and device, electronic equipment and storage medium | |
| CN110336777B (en) | Communication interface acquisition method and device for android application | |
| CN114422164A (en) | Five-tuple table entry issuing device and method | |
| CN111522873A (en) | Block generation method and device, computer equipment and storage medium | |
| Gordon et al. | A matrix based ORAM: design, implementation and experimental analysis | |
| CN111061682A (en) | Data caching method, data reading method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |